Source: http://go2.guardian.co.uk/paper.html Thanks to IB The Guardian Online, Microfile, July 2, 1998 ANNOUNCING the most liberal national policy yet on the encoding of data sent over the Internet, the Irish government last week showed it has every intention of being an international centre for electronic commerce. Ireland listened to its many resident technology companies, rather than bowing to pressure from the US, which wants access to encrypted messages. Ireland places no restrictions on the use, import or export of encryption products. Individuals can choose to offer a plain text version of the encrypted document or hand over a key, if a search warrant is proffered. The document was released to coincide with the Irish visit of President Clintons Internet tsar, senior trade advisor Ira Magaziner, who hinted that his views on encryption diverge from those of his boss. "Within the next year, therell be such an availability of high-level encryption that the market will take over," he said. ----- Leads on getting this paper would be appreciated.
John Young wrote:
Source: http://go2.guardian.co.uk/paper.html
The Guardian Online, Microfile, July 2, 1998
access to encrypted messages. Ireland places no restrictions on the use, import or export of encryption products. Individuals can choose to offer a plain text version of the encrypted document or hand over a key, if a search warrant is proffered. The document was
I have a language problem. Does this mean that the authority depends on the honesty of the individual who hands over a plain text saying that it corresponds to the ciphertext or else how is the intent of the authority to obtain the true plain text to be achieved? M. K. Shen
Mok-Kong Shen wrote:
John Young wrote:
The Guardian article is probably not as good as the real thing :-) and so I've quoted excerpts from it here. The full document is on: http://www.irlgov.ie/tec/html/signat.htm (John, it would be better to quote the actual document on your page as the Guardian article is only a limited view.) Ira Magaziner was in negotiation with the Irish government over this and some meetings were held in secret. I am still trying to get all the facts on this one. <quote> · Users shall have the right to access strong and secure encryption to ensure the confidentiality, security and reliability of stored data and electronic communications. · Users shall have the right to choose any cryptographic method. · The production, import and use of encryption technologies in Ireland shall not be subject to any regulatory controls other than obligations relating to lawful access. · The export of cryptographic products is to continue to be regulated in accordance with the relevant EU Regulations and Decisions and Irish national legislation which reflect the Wassenaar Arrangement on Export Controls for Dual-Use Goods and Technologies and Conventional Arms. </quote> This one is worrying as the gobshites in the EC are capable of really banjaxing the situation. Since EU Directives are law when they are published, they could well cause a bit of legal conflict. Under EU legislation, at least one of my books could be banned. <quote> · In order to enable lawful access to encrypted data, legislation will be enacted to oblige users of encryption products to release, in response to a lawful authorisation, either plaintext which verifiably relates to the encrypted data in question or the keys or algorithms necessary to retrieve the plaintext. Appropriate sanctions will be put in place in respect of failure to comply. </quote> This seems to be carefully considered in that the user could be asked to prove the encrypted document contains the encrypted form of the plaintext. But the most important thing is that a search warrant would be required to force the user to give up the plaintext or the key. Surprisingly it could be interpreted so that the user only has to prove the link rather than giving up his or her key. <quote> 2. Electronic Signatures · Legislation will be enacted to facilitate the use of electronic signatures through the establishment of a framework for the authorisation of bodies to act as nationally accredited Certification Authorities. </quote> This is unusual - could this mean that each Irish citizen would have their own Cert/sig? Everyone who works in Ireland or avails of any state services seems to have an RSI number (just like the SS number in the US). They introduced mag strip cards for unemployment benefits a few years ago. I am currently working on an article about this proposal on crypto and will post it when I finish it. Regards...jmcc -- ******************************************** John McCormac * Hack Watch News jmcc@hackwatch.com * 22 Viewmount, Voice: +353-51-873640 * Waterford, BBS&Fax: +353-51-850143 * Ireland http://www.hackwatch.com/~kooltek ******************************************** -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAzAYPNsAAAEEAPGTHaNyitUTNAwF8BU6mF5PcbLQXdeuHf3xT6UOL+/Od+z+ ZOCAx8Ka9LJBjuQYw8hlqvTV5kceLlrP2HPqmk7YPOw1fQWlpTJof+ZMCxEVd1Qz TRet2vS/kiRQRYvKOaxoJhqIzUr1g3ovBnIdpKeo4KKULz9XKuxCgZsuLKkVAAUX tCJKb2huIE1jQ29ybWFjIDxqbWNjQGhhY2t3YXRjaC5jb20+tBJqbWNjQGhhY2t3 YXRjaC5jb20= =sTfy -----END PGP PUBLIC KEY BLOCK-----
John McCormac writes: [about Irish crypto legislation]
<quote> · In order to enable lawful access to encrypted data, legislation will be enacted to oblige users of encryption products to release, in response to a lawful authorisation, either plaintext which verifiably relates to the encrypted data in question or the keys or algorithms necessary to retrieve the plaintext. Appropriate sanctions will be put in place in respect of failure to comply. </quote>
This seems to be carefully considered in that the user could be asked to prove the encrypted document contains the encrypted form of the plaintext. But the most important thing is that a search warrant would be required to force the user to give up the plaintext or the key.
It says "lawful authorisation" not "search warrant". That means that sometime later they can go back and pass another law that says that "lawful authorisation" for forcing one to reveal one's plaintext or keys is something much less stringent than a search warrant. Most proposed US crypto regulations have similar weasel-words. -- Eric Murray Chief Security Scientist N*Able Technologies www.nabletech.com (email: ericm at lne.com or nabletech.com) PGP keyid:E03F65E5
Eric Murray wrote:
John McCormac writes:
[about Irish crypto legislation]
<quote> · In order to enable lawful access to encrypted data, legislation will be enacted to oblige users of encryption products to release, in response to a lawful authorisation, either plaintext which verifiably relates to the encrypted data in question or the keys or algorithms necessary to retrieve the plaintext. Appropriate sanctions will be put in place in respect of failure to comply. </quote>
This seems to be carefully considered in that the user could be asked to prove the encrypted document contains the encrypted form of the plaintext. But the most important thing is that a search warrant would be required to force the user to give up the plaintext or the key.
It says "lawful authorisation" not "search warrant".
That means that sometime later they can go back and pass another law that says that "lawful authorisation" for forcing one to reveal one's plaintext or keys is something much less stringent than a search warrant. Most proposed US crypto regulations have similar weasel-words.
Yep Eric, I think that most people have jumped the gun here on this one. These are not the actual regulations. They are only part of a framework proposal so the eventual legislation could be lightyears removed from these principles. (In fact given that most of the discussions between Ira Magaziner and the Irish government were carried out in secret, I think that the eventual legislation will be riddled with loopholes. Guess we may have become the 51st state and we didn't even know. :-) ) The problem is that most of the journos who wrote about it are relatively clueless on the crypto aspect of things. There was some input from Electronic Frontier Ireland (Irish version of EFF) on the principles so that is a good thing. Regards...jmcc -- ******************************************** John McCormac * Hack Watch News jmcc@hackwatch.com * 22 Viewmount, Voice: +353-51-873640 * Waterford, BBS&Fax: +353-51-850143 * Ireland http://www.hackwatch.com/~kooltek ******************************************** -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAzAYPNsAAAEEAPGTHaNyitUTNAwF8BU6mF5PcbLQXdeuHf3xT6UOL+/Od+z+ ZOCAx8Ka9LJBjuQYw8hlqvTV5kceLlrP2HPqmk7YPOw1fQWlpTJof+ZMCxEVd1Qz TRet2vS/kiRQRYvKOaxoJhqIzUr1g3ovBnIdpKeo4KKULz9XKuxCgZsuLKkVAAUX tCJKb2huIE1jQ29ybWFjIDxqbWNjQGhhY2t3YXRjaC5jb20+tBJqbWNjQGhhY2t3 YXRjaC5jb20= =sTfy -----END PGP PUBLIC KEY BLOCK-----
participants (4)
-
Eric Murray -
John McCormac -
John Young -
Mok-Kong Shen