BEGIN ARTICLE A ROW is brewing between Europe and America over US plans to allow intelligence agencies to monitor information on computer channels. Washington believes E-mail - electronic messages travelling at the speed of light on the information superhighway - is a conduit for criminals and terrorists to
Thought the following might be of interest to give some of the European political perspective on encryption, reproduced without permission from the UK 'Independent' newspaper 2/5/94 (anything between {} are my own comments) : Title : Spooks all set to hack it on the superhighway [ On the right of the article, a pretty picture titled 'How E-mail helps criminals avoid detection' - with boxes saying : 'Today when a user transmits messages in code on the Internet, the international computer network, government intelligence services cannot listen in.' 'The US has introduced the Clipper chip, a way of encrypting messages while allowing government intelligence services access to transmissions. This is possible through a "key" used to encrypt the message. The government holds a duplicate key that allows it to decode transmissions.' 'Modern encryption cannot be cracked but if users are forced to use the Clipper chip, intelligence services could then eavesdrop.' 'Europe is opposed to the Clipper chip because it fears that the FBI or CIA could target European businesses. A suggested alternative is that the "keys" to the coded messages could be deposited with a non-government trusted third party' {Gee, yeah, that's a real improvement - me} At the bottom of the picture, a set of small images titled 'Dangerous traffic on the information superhighway', individually 'Terrorism', 'Drug trafficking', 'Neo-Nazi organisations', 'Pornography', 'Industrial espionage', and 'Money laundering'. {Oddly enough, there's not the slightest mention of 'Government privacy abuse', 'Governemnt oppression' and the like... and I wish *I* knew how to send drugs by email : uuencode -heinous_chemicals, maybe ?... As an aside, a British computer magazine reported a couple of weeks ago that a government minister had refused to ban the import of pornography over telephone lines (and hence the Internet) as it would be unenforcable, even in plaintext ! - me} ] transmit messages without fear of detection. The US plan for a Clipper chip, which lets intelligence agencies crack encrypted computer messages, has raised fears amongst European businesses that sensitive information would no longer be secret if it was vetted by the CIA, the FBI, or GCHQ, the British Government's eavesdropping facility {I would have thought it was *obvious* that it would no longer be secret if it was being decoded by this lot... - me}. E-mail is rapidly taking over from "snail-mail", as postal services are dismissively known. There are 20 million users on the worldwide web of computer networks known as Internet. But in 10 years it is predicted that 80 per cent of trade information will be sent by this method. The Clinton administration, concerned that terrorists, money-launderers and drug dealers will use E-mail to send encrypted information to assosciates, wants to outlaw the use of private encryption on international computer networks. The global censorship plan has run up against opposition from European and American businesses that use encryption to send sensitive information. In a position paper to a consulate of European Union intelligence experts, which has been obtained by the 'Independent', the European organisation representing users of computer security has rejected the Clinton initiative as "totally unacceptable". The statement by the Information Security Business Advisory Group (Ibag), warns European governments to ignore overtures from the US government aimed at restricting access to the information superhighway to users who use encryptions that the government agencies can decode. The European position is that "industry needs to know when its sensitive data has been compromised [by the security services or others]" and that the US eavesdropping initiative will greatly reduce the benefits of the information superhighway. Companies "will be restricted to a very restricted list of 'approved' algorithms [encryption methods]" greatly adding to business costs and making international cooperation difficult. Ibag recently informed the senior officials group on information security that the planned US-style restrictions, or the even stricter French system under which those using cyphers must disclose the keys to the authorities, are "totally unacceptable" to industry. The European group has proposed that companies deposit the keys to their encryption cyphers with "trusted third parties" rather than with governments. With this system, when intelligence agencies want to tap messages, the company will have to be notified. {Unless, of course, they just bribe the 'trusted third party', break in, require the key for 'national security' reasons, or whatever... - me} Chriss Sund, a computer-security expert, said companies faced real dangers of economic espionage by governments. "There was a general instinct among companies to distrust the French", {8-)} he said, who use government controls on encryption "to their advantage". {like the others won't, I'm sure... - me} Stephen Dorrill, an expert on the intelligence services, claims that the US proposal is designed to facilitate industrial espionage. "GCHQ, which has been co-operating hand-in-glove with the US for the past fifty years, {UK-USA agreements, etc - me} finds itself caught in the middle of this US-EU dispute. Britain will eventually have to square co-operation on intelligence and encryption across the Atlantic with the demands of its European partners." Under the US initiative, use of computer or voice encryption that cannot readily be hacked into by the security services of cooperating governments will be deemed suspicious and worthy of surveillance. {Well, they can surveil all they like if they can't break it... - me} These users will be denied access to the information superhighway. {Quite how this would be implemented is unexplained, but presumably would require mandatory use of Tessera chips. Still, of course, completely useless against superencipherment... - me} The US has decided to replace private encryption with the Clipper chip. {Now, I don't know whether they've heard this from US government sources, or whether they're interpreting it that way, or whether they just don't know what they're talking about, but if it's the former, then the general tone of the article with it's "decision" to "replace" private encryption might indicate the US government is taking a more candid stand with its opposite numbers in Europe than it's giving to the people back home -me} This enables government agencies to listen in on conversations and decode data flows at will {wot, no warrants ? - me}. How European governments intend to tackle the problem of terrorists and other criminals using encryption to stay ahead of the law is not known, but there has traditionally been a close working relationship National Security Agency in the US and the GCHQ in Britain. {i.e. 'Buy the new secure British Telecom ClipperPhone, available now from all good high-street consumer electronics stores...' - me} The clash over encryption could have serious implications for the development of the information superhighway, which has been hailed in Brussels and Washington as a way of increasing competitiveness and delivering a boost to the economies of the industrialised world {that they've been working hard to trash for the last fifty years - me}. If European businesses are blocked from using the US information superhighway because they will not bow to US pressure, the EU may be forced to develop its own independent system, adding to the cost and hastening the division into three rival trading blocs, {Oceania, Eurasia and Eastasia, whoops, wrong book - me} the US, the EU and Asia.
END ARTICLE
So, I'm not really sure how to take this article (other than my first though : 'Thank "Bob" I'm out of here in nine months'). On the one hand, it appears that the US and EU may well be at each other's throats (IMHO, the best place for them) over the actual implementation of the 'escrow', but on the other the European organisations seem quite happy with the idea of giving their keys away as long as they go to a 'trusted third party'. But.... there are certain advantages from this point of view.. aside from the fact that it's just as useless as Clipper, since you can just superencipher with a secret key, if you generate the keys yourself rather than having them generated for you, you could always give them an invalid key ('Whoops, silly me, wrong floppy disk'), then if they did want to crack your encryption they'd have to come round for a visit to get the real key and demonstrate that they'd attempted to tap you. I have no intention of giving my keys to anyone, but if they're going to attempt to implement some kind of pseudo-escrow system, I'd rather this than the Clipper approach. The best news, I guess, is that European businessses want to use encryption, so it looks like a ban would be difficult to enforce. The worst news is the general tone of the article, attempting to link the use of secure encryption to terrorists and drug dealers, and like I said, it would be interesting to know where they got their comments on the US government's plans from, 'cause they sure don't match what's been put out for domestic consumption...