On lun 01 sept 1997 à 11:18:10AM -0700, Tim May wrote:
I'm extremely skeptical that France will truly liberalize crypto use by its citizen-units. Rather, I expect they will just be falling in line with the OECD/Wasenaar/New World Order "trusted third party" key recovery approach
That's probably true. Given the recent history on the subject in France, I doubt they would do a 180 degree turn...
Does anyone think this means: "Hey, use whatever crypto program you want. Use something SDECE cannot break!"?
Update, SDECE is now called DGSE ;-) Besides, they are our CIA, and therefore not supposed to act within France. But I guess the DST (the french FBI) would handle matters like that. So far France doesn't have a (known) equivalent of the NSA. A department controlled by the prime minister (the SGDN) handles the authorization process for crypto usage, and is assisted for technical issues by the SCSSI (which usually says "no way" for strong cryto). Now, the army has also its own cryto units, and they have quite knowledgeable people... (have a look at http://www.dmi.ens.fr/equipes/grecc/, and all these "ingenieurs de l'Armement" which are linked a way or another to this lab)
Given the monopoly France Telecom has on Internet access, I'd expect a "solution" that involves FT issuing keys, or something equally brain dead as that.
It's not entirely true that FT has a monopoly. They do have a monopoly on the phone lines, yes, which means of course that they can (and do) dictate their own terms to any french internet provider. This won't last forever, as starting january 1st this monopoly will end. This means anybody will be free to switch to another phone provider (and yes, there will be a few of them, which have installed networks, and which currently can only offer phone services to compagnies, say to link to physical locations in France, and are eager to enter the market targeting individuals). Furthermore, it is untrue to say "FT=french governement". Actually, most senior officials at FT wanted the company to be sold to private interests, because they felt they would defend their dominant position better this way. The new governement stopped the process, but anyway FT has its own agenda, which may differ from the gov vues. Of course, this doesn't mean anything good to the end customer, the average french guy who would like to use the internet. FT is catching up on the subject, but they did everything to slow down the internet progression in France, fearing it would dammage their "minitel", which generates high revenues.
(I gave an invited talk on crypto anarchy at a conference in Monaco a few years ago, and spoke to several France Telecom representatives. They made it quite clear that France was not going to tolerate independent ISPs, and that France Telecom would administer any crypto ever to be used by the populace. Maybe this policy has changed, but I doubt it. Whatever France's charms, open debate is not one of them.)
You said everything when saying "a few years ago". I guess they woke up on these issues, and now their key problem is more "how to keep making the huge profits we make currently on the phone when we will have competitors next january". Somehow internet and use of crypto aren't that important in respect to that, even if anybody with half a brain can see how everything is connected. Besides, I will give you an example which illustrate how sometimes FT can be driven by market law rather than gov interests. A few months ago, they started to sell cell-phone cards, with a prepaid amount of time on it. these were anonymous, (they wouldn't ask for an ID or anything), and everything went fine for a couple of weeks, until somebody in the police realized they wouldn't be able to link calls like that to a poor soul. So FT got an order from the govt, and now they ask for an ID when purchasing. Now, I don't know if any of the other 2 cell-phone operators in France offer the same kind of card. I think they don't, unfortunatly, but if they decide to do so, it would take more than a phone call from the governement to make them comply with the police concerns. Well, I hope so...
I'll bet 1000 francs that this will not mean citizens can use PGP openly. (I know some Frenchies who are already using PGP, of course.)
The thing is, currently many individuals use it, for e-mail or file encryption, and I seriously doubt that anybody would be prosecuted just for that. But they (LEAs, gvt, you name it) know that it's a Damocles sword they can use at will. And they want to keep it that way. Unlike in the US, it's rather difficult to challenge a law in France, the way Berstein or Karn or Junger are doing. Therefore the current situation is unlikely to change in the near future.
The new decree in France follows a 1996 telecommunications regulation law, which opened the way to liberalisation of encryption software but which has so far not led to publication of any details of how the measures could be applied.
Well, mainly because they don't know themselves how to enforce their laws. Or simply to interpret them.
One wag put it this way: "Any Frenchman may apply for a permit to use strong cryptography. The same way any Frenchman may apply for a permit for an Exocet missile."
Old technology. We know better ;-) <serious> you don't want to apply for a permit. You just use it. And if later LEAs targets you as a drug dealer, you will get 20 years for drug offences and 3 more months for crypto use. So as an individual, you don't care, but by doing things this way cryto won't be widespred soon, and large corporations or companies won't "just use it" the way a single guy will. Don't misunderstand me, it sucks, but at least when you are in France you don't expect to wake up in front of a SWAT. F. -- Fabrice Planchon (ph) 609/258-6495 Applied Math Program, 210 Fine Hall (fax) 609/258-1735