I went to the conference in London on Monday organised by PI (Privacy Intl.) and GILC (Global Internet Liberty Campaign.) Speakers were DTI representatives, Whit Diffie, Phil Zimmermann, Ross Anderson, Carl Ellison, IBM UK representative, a few people from LSE (London School of Economics, who hosted the conference). I don't take notes, but here's a list of points I considered interesting. If you want details on any issues I can give more detail as required. If anyone else reading went and did take notes they might be able to attribute quotes a little more accurately. I understand there's supposed to be an audio transcript on the web http://www.privacy.org/pi/conference/dti might be a good place to look. Government Presentation of proposal 1) David Hendon and Nigel Hickson from DTI presented the DTIs arguments. They argued that this is a green paper only, the government has changed, the document was partly the views of the previous government and partly the views of the DTI. This I viewed as an attempt to deflect criticisms, as they could not specify what has changed, and were not planning to change the document. (The new government have not looked at the issue at all). The labour party had a much more reasonable policy they published before they got in power; but it remains to be seen whether they will stick to this or whether the CESG/GCHQ will lobby them to adopt GAK/TTPs etc., which are in the CESGs interests. They claimed to not want to escrow signature keys, but only to escrow encryption keys. (The wording in the document clearly states that they wish to escrow all keys as a condition of being a TTP). They said they had many comments on this issue. (Clearly the only use for escrowing signature keys is to allow forgeries. Why would the government want to forge messages from citizens? To provide law enforcement access they only need access to private encryption keys.) The DTI said much of licensing requirements for TTPs were modelled after banking regulations. Architectural and Technical 2) Ross Anderson gave the example of the health service's experience with CESG/GCHQ foisting flawed cryptography solution CASM on it (complete with key escrow and secret algorithm Red Pike). The BMA (British Medical Assoc), and even DoH (Dept of Health) rejected this `offer'. Ross is a computer security advisor to the BMA. He also debunked many of the lies spread by GAK proponents, and gave a potted history of the behind the scenes GAK activities in the UK and Europe. He also said that CASM was now the laughing stock of Europe in the crypto community, and that in response the CESG had allocated a new project manager and given CASM a cosmetic name change to CLOUD COVER. 3) Whit Diffie argued about the importance of privacy in the information society. Explained how PK crypto removed the previous problems with centralised key distribution services. 4) Phil Zimmermann gave his usual talk about the ethical case for free use of crypto. Civil rights workers, resistance fighters against governments with poor civil rights records, etc. Also made the point that the backdoor into crypto the DTI appeared to be pushing would allow the current government to abuse it's power to stay in government. Legal and Commercial 5) Peter Sommer, LSE made some points on legal topics digital signature legislation, etc. 6) Carl Ellison, Cybercash argued against the centralised trust model, and against X509. Arguing instead for distributed trust models particulary Rivest's SDSI and his own work on distributed trust. Carl argued that trust should represent permissions, and be administered by the interested parties. (eg your bank gives you a key with permission to draw money from your bank account, not some government licensed TTP). 7) IBM (in the form of Peter Dare, IBM UK) sold out to GAK. Peter Dare's presentation started with a list of things he liked about the DTI proposal, then a few minor criticisms (very respectfully put), and as a punchline to his talk presenting IBM GAKware (forget the product name) and his talk finished with a sales pitch for this product. At the end of which Whit Diffie shouted out from the audience can Carl Ellison have equal time for a cybercash sales pitch! International 8) John Dryden representing the OECD gave a presentation of the OECD guidelines. (T-shirt and jeans odd the rest of the government and business types wore suits.) He explained the guidelines as a significant relaxation. The guideline referring to key escrow was changed to a `may' escrow keys rather than a `should' escrow keys. Said most of the time spent during the OECD SOGIS discussions was spent arguing about key escrow. He considered the guidelines a significant step forward. The guidelines are non-binding recommendations. He said 28 countries signed up, which should indicate that their countries representatives found the guidelines consistent with national laws. 9) Alistair Kelman, visiting position at LSE Made the point (as several others had) that a general principle should be that trust should mirror existing user trust relationships. People do not trust government, nor the sort of large organisations the DTI is clearly envisaging as suitable TTPs. He argued that GPs (General Practitioners, family doctors) would be suitable candidates as trusted members of the local community. Kelman also seemed to be arguing that keys should handed to the user, and not generated by the user. I queried him about this afterwards, as it is clearly a bad security model, and he said he considered it a usability issue, generating keys being too difficult for the user. I don't agree, the usability is a matter to be solved by good software, not by centralising key generation. Civil Rights and Privacy 10) Simon Davies, PI argued that case for commonality of interests between business and privacy issues. 11) David Banisar, EPIC talked about the history of the US clipper series, and raised the topic of digital telephony bill (where the government requested access to first 1% and then reduced simultaneous wiretaps). Following up from this someone from the floor claimed that the telephone networks are tappable without the phone company (BT, British Telecom's) cooperation. Indeed the person making this claim (who claimed comprehensive experience and knowledge of phone routing hardware) said that BT would not even be aware that the tap had taken place. Several others in the audience confirmed this was the case. Whit Diffie said that he had not heard this claim, and that it was not the case to his knowledge in the US. The person making the claim said that he knew the switches used in the US were the same (and quoted the switch model), and so he didn't see why not. The question was raised as to why digital telephony was necessary at all with this type of phone switch being used in the US. Law Enforcement 12) The guy from NCIS (National Criminal Intelligence Service) didn't turn up because he had to go to hospital due to an eye problem. The chair, Prof Ian Angell, LSE suggested this might have been due to looking through too many keyholes :-) Panel and Open Discussion Panel: Carl Ellison, legal advisor to GLIC (forget name), Nigel Hickson DTI, someone from TIS (?) who spoke too quitely. Chair was Caspar Bowden, Scientists for Labour. Most of the panel session consisted of arguments directed at the DTI and questions for Nigel Hickson representing the DTI. Hickson had made jokes about the hostility he was expecting. He appeared quite competent at avoiding answering questions directly where this suited him. Each panelist was given the opportunity to summarise their position. Nigel Hickson claimed the main motivation for the proposal was to encourage user and business confidence in digital signatures for business purposes, and thereby to promote electronic commerce. He used this as justification for the banning of un-licensed TTPs. Several comments from the floor that it would be better to let the market decide, and to allow unlicensed certification authorities, key servers etc to continue unmolested, and in competition with GAKked government licensed services. Hickson also claimed key escrow was a small part of their consideration. (I'm sure it's true that this is the part they wish to downplay as this is the part which causes the majority of resistance.) The question was raised as to whether the DTI understood that the TTP system could be trivially bypassed by the criminals it was supposedly designed to catch. An example given was that anyone wishing to bypass could use the sigature key helpfully certified by the TTP to authenticate non escrowed keys they generated outside the TTP system. The point that there were many other subliminal channels was raised also. Nigel Hickson acknowledged this, but said in defence that some criminals are stupid, that criminals must talk to non-criminals. Someone put it to Hickson "What is the worst thing that could possibly happen if the government did nothing?" ie what if the government didn't legislate anything, ie why doesn't the government get the fuck out of the way so that business can get on with commerce unimpeded. Several business people put it to the DTI that they didn't need any `help', and that the regulations had held up electronic commerce for too long already. Several people argued that business is most interested in authentication, and not in confidentiality. So for business purposes (which what after all the DTI claim is the main reason for the paper, and the DTI being after all the `Department of Trade and Industry' and having a mandate to further the interests of UK businesses), they could achieve what they wanted without bringing escrow into the argument at all, as they have acknowledged that they will now not be requiring copies of secret part of signature keys. People argued against the high cost of becoming a TTP. The point was raised that it should be SME (Small to Medium-sized Enterprises) which are encouraged in electronic commerce. Also that many internet innovations start as small or even one man consultancies. Several asked whether the paper should be re-written as a result of comments before being presented to the new government, as the comments if listened to would remove most of the current content. Also the question was asked as to whether the deadline for comments could be extended beyond end of May. No substantive answer was given to either of these two questions. My conclusions The DTI didn't really clarify their position much, most of the contentious stuff (mandatory licensing, key escrow, financial barriers to becoming a TTP) there were no substantive replies to from the DTI, other than that they were collating the comments. They said they would present the Labour science minister/labour government with the green paper unmodified together with the comments. (And one presumes a few spooks from GCHQ/CESG will get the opportunity to present the four horsemen/spook special interest perspective). The only clear statement I noticed the DTI spokespersons make was that they wouldn't hold the private halves of signature keys. On the positive side, the labour statement on encryption prior to coming to office was no where near as draconian as the DTI paper. Anyway, we'll see. Adam -- Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`