This seems like an interesting glimpse into the future of crypto banning around the world. France's ban on unapproved crypto has been well-publicized, but I hadn't heard until this message that Belgium has joined in. The reference to Belgium's wiretap law and "But little-known sections of the law state that all cryptograhic systems aimed at protecting privacy must not block these wiretaps" suggests that we ought to look _very_ closely at our own Wiretap Act (aka Digital Telephony) for similar language. (Many of us thought at the time DT was being debated--both weeks of the public debate--and then when it was passed that things would get real interesting when the "central office wiretappability" vanished with end-to-end encryption. Louis Freeh even said as much, that the issue of end-to-end encryption would have to be addressed once the Digital Telephony Act was passed.) With Internet phone systems (various) and easy integration of PGP, a la PGPhone, even the Little Italy businessmen may start to use encryption. Likewise, there are currently no laws (that I am aware of) forbidding encrypted telephones--indeed, the Clipper phones were just this, and they were available for general purchase. Granted, the gubment knew the algorithm and there _may_ (emphasis on the "may") have been backdoors allowing easy wiretapping. But there was no key escrow per se. So, when the $500 M to make digital switches "compliant" with DT is spent (and bear in mind it hasn't been allocated yet by Congress, to the best of my knowledge), and yet some future John Gotti is untappable because he's using Eric Blossom's crypto phone, what then? Anyway, here's the item about Belgium's law:
From: Jerome Thorel <thorel@imaginet.fr> Newsgroups: talk.politics.crypto,alt.privacy,alt.security.pgp Subject: Electronic locksmiths are watching you (Belgium's ban on PGP) Date: 26 Mar 1996 00:08:44 GMT ...
Some hot news about Belgium:
After reports in two Belgian newspapers (De Standaart and Le Soir), it turns out that Belgium had passed a law in late 1994 that formerly bans "non approved" encryption systems. This means that France is not alone to block domestic use and distribution of strong encryption systems, since a December 1990 law which came into effect in France in early 1993.
In its March 13 edition, French-speaking newspaper Le Soir ran a whole page survey about the fact that a 21 December, 1994 law oblige the telecom state-own company Belgacom to make any wiretap possible for law enforcement purposes. But little-known sections of the law state that all cryptograhic systems aimed at protecting privacy must not block these wiretaps. Crypto systems have to be "agreed" by the government's Institut Belge des postes et telecommunications (IBPT). The author of Le Soir's article, Alain Guillaume, speculates that this "agreement" means that encryption keys must be kept by IBPT.
"The idea is neither new nor surprising," Guillaume writes. "To stop criminals from hiding. (...) But does anyone believe that mafia gangs, crooks or terrorists will let their keys to IBPT's hands?"
=+= France enthrone key escrow =+=
At the same time, France is keen to give up his isolationist position. French telecom Minister François Fillon has prepared a kind of Telco Act "à la francaise" -- new regulations to prepare the end of France Telecom monopoly in 1998 -- in which encryption would be freed to allow the emergence of "efficient electronic commerce". Under the new rules, special "authorization" will no more be needed to use PGP-like tools, but every user would be obliged to let their keys in custody in so-called "trusted third parties" (TTPs) agencies, a kind of "electronic locksmith", or notary, alternative. The option smells quite the same as Sen. Leahy bill (Encrypted Communications Privacy Act of 1996, archived at http://www.epic.org/crypto/legislation/s1587.html), in which escrow agents would hold keys to help the police, with a court order, to intercept communications.
In France no one knows who will play the role of "key escrow agent", but sources said it may be some independent agencies. Independent? The governement will anyway have to approve them, and Mr Fillon said France will enthrone its first TTP "before the end of this year".
This bulletin and the British weekly Nature discovered last November that a group of 18 European nations were soon to adopt this alternative (http://www.freenix.fr/netizen/chiffre /nature-eurottp.html). The UK and Germany have declared themselves ready for such an alternative (see lambda bulletin 1.06). Belgium, with its new iron bullet, would be keen to follow. ------------------------------ Jerome Thorel. Free-lance reporter, Paris netizen's lambda bulletin (issue 2.05) http://www.freenix.fr/netizen/