From: Campaign Against Censorship of the Internet <cacib@liberty.org.uk> To: ukcrypto@maillist.ox.ac.uk Date: Tue, 10 Feb 1998 18:18:28 +0100 Subject: Key escrow announcement A source who is a lobbyist in a non-computer sector has just called me to say that Margaret Beckett will be announcing a (compulsory?) key escrow program next Tuesday. So far I don't have independent confirmation, although Nigel Hickson recently said here that he was expecting an announcement "soon". Here's hoping we can get it out before the gvt machine controls the spin. Regards, Malcolm Hutty. ----------------------------------------------------------------- Campaign Against Censorship Tel: 0171 589 4500 of the Internet in Britain Fax: 0171 589 4522 e-mail: cacib@liberty.org.uk Say NO to Censorship Web: http://www.liberty.org.uk/cacib ---------- Date: Wed, 11 Feb 1998 23:57:32 +0000 To: ukcrypto@maillist.ox.ac.uk From: T Bruce Tober <octobersdad@reporters.net> Subject: More rumours? -----BEGIN PGP SIGNED MESSAGE----- Free Life Commentary Editor: Sean Gabb Issue Number Ten Tuesday 10th February 1998, 11:20pm ========================== "Over himself, over his own mind and body, the individual is sovereign" (J.S. Mill, On Liberty, 1859) ========================== Next Week's British Encryption Ban by Sean Gabb Earlier this evening, I was given confidential information by someone close to a British Cabinet Minister. I am not in the habit of speaking to such people, let alone having them leak state secrets to me. But that is what happened. In publishing what I heard, I am now risking a prosecution under the Official Secrets Acts - or, more likely, being made to look ridiculous if what I predict does not happen. These risks being accepted, here is the leak. Next Tuesday, the 17th February 1998, the Department of Trade and Industry will announce plans to outlaw the use of strong encryption software within the United Kingdom. We are to be encouraged - and ultimately forced - to encrypt our e-mail only in ways that will allow the authorities to read it. My source was vague about the details of the scheme, saying that they had not yet been circulated to the full Cabinet. But I imagine that it will be more or less a reprint of the Conservative Government's public consultation paper of March 1997. This came to nothing because of the change of Government, and it was even hoped that Labour would have a more liberal policy on Internet regulation. However, Margaret Beckett, the Minister now responsible for trade and industrial policy, is neither bright nor forceful; and she was early captured by the officials who in theory are supposed to do her bidding. If next Tuesday's consultation paper differs at all from the last one, it will be only in matters of small detail and presentation. For this reason, it is probably safe to take the last paper as a guide to what we can expect. The Government will propose creating a network of what are called Trusted Third Parties, or TTPs. These are to be organisations licensed to provide encryption services to the public - that is, software, consultancy and other support. Because they have been licensed by the State, we are to be encouraged to believe that they really are trustworthy - that they are not distributing bad encryption software, or robbing their clients in other ways. But just in case we decide not to believe any of this, it will be made illegal for any unlicensed person to offer encryption services. Here, it is worth quoting from last year's consultation paper: The legislation will prohibit an organisation from offering or providing encryption services to the UK public without a licence. Prohibition will be irrespective of whether a charge is made for such services. The offering of encryption services to the UK public (for example via the Internet) by an unlicensed TTP outside of the UK will also be prohibited. For this purpose, it may be necessary to place restrictions on the advertising and marketing of such services to the public. Enacted into law, this would make it illegal for me to copy encryption software from my hard disk for a friend, and for computer magazines to include it on their free cover disks. It would also allow a strict supervision of the material and the links given access to by British sites on the World Wide Web. The paper never clarifies why we need TTPs in the first place, or why - their need granted - they can only be trusted if licensed by the State. But it does say a lot about law enforcement and national security. Or, to be more accurate, it does say a lot in the usual code about the need to fill in any last potholes on the road to a British police state. Starting with the Interception of Communications Act 1985, the British State has given itself powers of surveillance that a Third World dictator might envy. It can tap our phones on the word of a Minister. It can burgle our homes and leave recording devices behind on the word of a senior policeman. It can trawl through and inspect any records on us held by any organisation. It can do all this without our knowledge, and without any effective system of appeal and redress. The relevant laws are careful to describe the permissions for this as "warrants". But they really are no more than what in France before the Revolution were called Lettres du Cachet - things that our ancestors boasted did not and could not exist in the freer air of England. The spread of personal computers seemed likely at first to extend the scope of surveillance still further. This had until then been limited by cost. For all the theoretical risks, sending letters in sealed envelopes through the post has always been reasonably secure: the costs of interception can only be justified in exceptional cases. For the same reason, most private papers are safe. But the routing of an increasing amount of mail through the Internet promised to bring down the costs of surveillance to the point where everyone could be watched. The storage of records on computers connected to the Internet promised to make it possible for the authorities to spy on people by remote control. The problem is the development of strong encryption software like pgp, and its growing popularity among millions of ordinary people who, though not criminals, have a strong regard for privacy. It allows us to keep our e-mail and private records secret to all but the most determined and expensive attacks. It gives to us the benefits of instant communication and mass data storage, but keeps the authorities - despite their new powers of surveillance - no better informed than in the old days of due process and envelope steaming. Therefore all the talk of Trusted Third Parties. The terms of their licences will require them to sell encryption software with keys that cannot be modified by their clients, and to collect and store copies of these keys for handing over to the authorities. Last year's document is full of promises about "strict safeguards" and the like. But the reality is this: The legislation will provide that the Secretary of State may issue a warrant requiring a TTP to disclose private encryption keys... or a body covered by that warrant. No mention of judicial involvement at the time, or judicial review afterwards - just more police state commands. We can ignore anything the Government parrots next week about law enforcement and national security - or, for that matter, child pornography and complex fraud. These really are just code words. If I were a criminal, or a terrorist, or a foreign spy, the last encryption software I would use would come from a Trusted Third Party. Strong encryption packages are available all over the Internet, or can pass from hand to hand on a single floppy disk. Nor would I worry much about laws against the transmission of data encrypted with unlicensed software. There are ways of keeping the authorities from even knowing that an Internet message contains encrypted data. Somewhere, I have an early version of a program called Steganography, created by Romana Machado. This takes an encrypted text and merges it into a graphics file. My version produces a visible degradation of picture quality. Almost certainly, the newer releases have solved this problem. Assuming I had them, and were sufficiently unpatriotic - neither applies in my case, let me add - I could e-mail this country's battle plans straight off to Saddam Hussain merged invisibly into a picture of my dog. GCHQ would never notice until the Scud missiles began landing on Cheltenham. No - the encryption ban will be aimed at us, the honest public. We are the people who tend to respect the law - or at least to be afraid of it enough to comply in most cases. It is our privacy that is to be stripped away. It is we who are to become like Winston Smith, living for every moment when the telescreens are not monitoring our facial expressions. Why this is desired I cannot say. But we are living though an age of withering trust in the common people. In this country, we are not trusted to possess guns for our self-defence - or indeed to carry carpet knives locked inside our cars. We are not trusted to choose and administer our own medicines, or to bring up our own children in the manner of our choice, or to decide whether or not oxtail soup might be bad for us. Plugging in the telescreens is only a logical next step. Normally, when I write on these issues, I work myself into a frenzy of pessimism. At the moment, though, I feel rather optimistic. Next Tuesday's proposals will cause an uproar. This will not come from the so-called civil liberties groups like Liberty - excepting a few small bodies like the Libertarian Alliance, they have all been taken over by New Labour apparatchiks who can be trusted to keep their mouths shut. It will come from the big business interests. British Telecom is the third or fourth largest telecommunications company in the world. If operates in more than 40 markets, often needing to provide its clients with very secure networks. In the City of London there are more representative offices of foreign banks than in the rest of the European Union combined. These have a taste for confidentiality. There are many other large interests - all paying billions in taxes, all likely to be very hostile to any scheme that will make them appear less useful to foreign clients. We have a Labour Government that still needs to establish itself in the public mind as a party friendly to business. These facts can surely be trusted to ensure the dropping of a scheme that would not merely turn the country into a full police state, but also do the greatest damage to British business since nationalisation. Or so I hope. ========================== Free Life Commentary is an independent journal of comment, published on the Internet. To receive regular issues, send e-mail to Sean Gabb at old.whig@virgin.net Issues are archived at <http://freespace.virgin.net/old.whig/> Contact Address: 25 Chapter Chambers, Esterbrooke Street, London, SW1P 4NN; Telephone: 0181 858 0841 If you like Free Life Commentary, you may also care to subscribe to my longer, hard copy journal, Free Life, subscription details for which can be obtained by writing to me at the above address. ========================== Legal Notice: Though using the name Free Life, this journal is owned by me and not by the Libertarian Alliance, which in consequence bears no liability of whatever kind for the contents. - -- Sean Gabb | "Over himself, over his own | E-mail: old.whig@virgin.net | mind and body, the individual| <http://freespace.virgin.net/old.whig/> | is sovereign" | Mobile Number: 0956 472199 | J.S. Mill, On Liberty, 1859 | -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQCVAwUBNOI4cDzmzFmU9IJVAQFOFAQAlLgKRAM6wTztCSVvUAAUY/g8k0iOKCGY 4s8O7c+axQUcf3e3RTxKbIPqoIeb81uIcKwv86havRuUsm2r2OHADuRBlWT7VgrR RKKCuuvrF19G4/hLTn7094NqUvnp5LAZpKOX7ITYQC/grQL8gnkd/xvpj55Z9oek idz0EU18xJo= =cNRU -----END PGP SIGNATURE----- tbt -- -- |Bruce Tober, octobersdad@reporters.net, Birmingham, England +44-121-242-3832| | Freelance PhotoJournalist - IT, Business, The Arts and lots more | |pgp key ID 0x94F48255. Website - http://www.homeusers.prestel.co.uk/crecon/ |