Australian "Walsh" report exposes the hole in key escrow
 
            This report was finally obtained (after suing the Australian government under Freedom of Information laws) by Electronic Frontiers Australia. I haven't seen it yet; this is the first I'd heard that it is released. The first paragraph does its best to scare people, but the gist is all correct: if you escrow authentication keys, digital signatures don't work. If you don't escrow authentication keys, then key escrow doesn't work. John Gilmore Forwarded-by: Hal Abelson (I don't know the original source). By John Davidson Governments will be forced to completely undermine the emerging global electronic commerce system if they want to prevent it being used by criminals and for tax evasion, one of Australia's leading data security experts has warned. Professor William Caelli, head of the school of data communications at Queensland University of Technology, said yesterday that it was all but technically impossible to satisfy the competing needs of law enforcement and international trade. The difficulty was in allowing encrypted data passing along the Internet to be monitored by law enforcement agencies, while at the same time giving legal status to the digital signatures that will underpin electronic trade. A suppressed government report into encryption, written by a former deputy director-general of ASIO, Mr Gerard Walsh, has agreed with Professor Caelli. The Commonwealth should abandon as "doomed to failure" attempts to control encryption by keeping a copy of the passwords, or keys, in escrow, Mr Walsh told The Australian Financial Review yesterday. The field of cryptography is generally divided into encryption, where data is scrambled for confidentiality; and authentication, where an electronic document is scrambled or signed to prove who it came from for legal purposes. Policy under consideration in Australia, the US and the UK calls for a separation of the two key types, with law-enforcement agencies having some sort of access to all encryption keys while individual's authentication keys are kept strictly private. It is widely accepted that escrowing authentication keys would render them legally useless for signing documents. "If you ever allow people to get near authentication keys you'll corrupt the administration of justice," said Mr Walsh. The problem facing governments, according to Professor Caelli, is that it is technically impossible to separate the two key types, since they are both just very long numbers. The thinking with the most currency, known as "key tagging", involves adding extra data to the start or end of a digital key to identify what it would be used for. But key tagging can't work in a PC environment, Professor Caelli claims. PC operating systems don't have enough security to prevent users from simply taking the tag off an authentication key and adding it to an encryption key, thereby bypassing government attempts to escrow all encryption keys. If, as it was likely, a dual-key infrastructure proved impossible in a PC world, governments would either have to escrow all keys, rendering digital certification meaningless, or escrow no keys at all, rendering data surveillance totally ineffectual, he said. Mr Steve Orlowski, a leading Government expert on cryptography, acknowledged that it was now impossible to build a secure dual-key infrastructure, but said that it was "possible that someone could make a breakthrough". "We're encouraging research into that area so we'll be able to make the distinction," he said. The US National Institute of Standards and Technology recently made a worldwide plea for cryptography algorithms that can be used for authentication and not for encryption. Mr Walsh's report, commissioned by the federal government to look into how it must legislate to satisfy security and privacy needs in the face of strong cryptography, has only now come to light following a successful Freedom of Information action by Electronic Frontiers Australia. The 96 page report, Review of policy relating to encryption technologies, was due to be published in October last year, and called for a period of public discussion about cryptography issues. However, it was never released, and was only made available to the EFA this week with 20 paragraphs deleted. A second report prepared at the same time but with specific recommendations is still secret, however. According to Mr Walsh, trying to put the lid on encryption with key escrow would be "an exercise in futility" because it would miss the very target it was intended to catch: organised crime, money laundering operations and terrorists. These groups would either refuse to escrow their keys, or simply embed a further level of encryption in their messages, he said. He also said in the report that it would also be futile to try to regulate the length of crypto keys on a nation-by-nation basis because "the notion of fixed national borders is simply anachronistic" thanks to the Internet. "It's not in the interests of the community's rights to privacy, nor the needs of the business community, to . . . limit the strength of cryptography simply to catch the occasional minnow," he said. Law enforcement considerations should not automatically leapfrog privacy considerations, and the government would have to mount a "damned strong argument" every time it wanted to access someone's encryption keys, he said. Mr Walsh said he was uncertain why his report had been suppressed, given that anything that might have been controversial was restricted to the secret report he also submitted. "I wrote (the first report) in the clear expectation that it would be publicly released," he said.
participants (1)
- 
                 John Gilmore John Gilmore