New Scientist (UK): Hand Over Your Keys

[Matthew Gaylor]

"The Home Secretary says these powers are necessary for catching drug
dealers and paedophiles."

Pubdate:  Jan 13, 2001
Source: New Scientist (UK)
Page: 51
Copyright: New Scientist, RBI Limited 2001
Contact: letters at newscientist.com
Website: http://www.newscientist.com/
Author: Caspar Bowden

HAND OVER YOUR KEYS

Protecting privacy could soon be more difficult in Britain than anywhere in
the world, warns Caspar Bowden. Internet users may end up with fewer civil
rights than terrorists

[a review of]
"Crypto" by Steven Levy, Viking, $24.95, ISBN 0670859508

SINCE the Second World War, international communications have been hoovered
up from undersea cables and microwave links, and increasingly from computer
networks and mobile phones. Sorted and sanitised, they become the
intelligence reports intended for the eyes only of government ministers. In
Britain, the agency that performs this work is Government Communications
Headquarters (GCHQ) in Cheltenham, Gloucestershire.

It was here in 1969 that the mercurial scientist James Ellis invented
"public key" cryptography, a revolutionary code that allows secret
communication without sharing a secret key. As a direct consequence,
Britain acquired a new law last year that compels the surrender of computer
passwords, even by people not suspected of any crime. It means two years in
jail if you refuse, and another five if you breach a secrecy order and
complain publicly.

The story of what's brought us to this extraordinary state of affairs is
told in Crypto. Written from an American viewpoint, it relegates GCHQ to an
appendix and begins instead with the independent rediscovery of public key
cryptography in 1975 by Whitfield Diffie, a Stanford computer scientist.
Ever since, Diffie has championed the public's right to use it to protect
individual privacy.

How is it possible to devise a code that does not require the sender's
choice of key to be shared with the receiver of the message? The answer,
realised by both Ellis and Diffie, is for the receiver to construct a kind
of puzzle that the sender uses to scramble messages in a way that cannot be
reversed unless you know the trick of the puzzle. GCHQ worked out the
details (which involve enormous prime numbers) a few years before Diffie
and others in the US. But it was the Americans who were granted patents on
the underlying mathematics.

These algorithms are now fundamental to Internet security and e-commerce.
Before you enter a credit-card number on the Web, there should be a padlock
in the corner of your browser to tell you that all transactions to the
website are now scrambled. In that case, all the computers of the US
National Security Agency (NSA) will not be able put the pieces back
together again.

Whitehall's confederacy of dunces simply did not know what to do with this
invention. Not only did it let the American patents go unchallenged, it
also kept the achievements of the GCHQ scientists an official secret until
1998. The US successfully prevented the proliferation of these techniques
for more than a decade, using export controls, until a computer program
called Pretty Good Privacy (PGP) found its way onto the Internet in 1991.
Its author, Phil Zimmerman, was arrested for "munitions smuggling", and
prolonged Kafkaesque investigations made him an Internet folk hero.
Ironically, he was motivated by worries about computer networks becoming
embedded in society, and the totalitarian consequences if these were
systematically exploited for surveillance.

Last year, Britain belatedly abandoned an Orwellian scheme for "key
escrow", which would have meant the prior deposit of everyone's keys with
government. But now it has the Regulation of Investigatory Powers (RIP) Act
2000. Any public authority can demand keys, and can even keep this a secret
by using a gagging order "to protect investigative methods". The only
redress will be through a complaints tribunal that can hear secret evidence
which cannot be cross-examined. These powers are due to be activated in
October 2001, when the next general election should be safely out of the way.

The RIP Act can also require Internet service providers to install "black
boxes" that relay Internet wiretaps direct to the MI5 building, home of the
British security service. The Home Secretary says these powers are
necessary for catching drug dealers and paedophiles. But this will leave
every Internet user with fewer civil rights and safeguards than are now
enjoyed by terrorist suspects or asylum seekers (and for this Home
Secretary that is saying something). Even more staggeringly, a leaked
submission from the police and intelligence agencies to the Home Office
recently revealed that they aspire to a seven-year computerised archive
logging all phone calls, e-mails and web browsing. When online, this
amounts to surveillance of your stream of consciousness without a warrant.

Crypto is a well-researched book. Its one flaw is its exclusively American
perspective, which means that it overlooks the most repressive Internet
legislation anywhere in the world: the RIP Act 2000.

Caspar Bowden is director of the
Foundation for Information Policy Research

**************************************************************************
Subscribe to Freematt's Alerts: Pro-Individual Rights Issues
Send a blank message to: freematt at coil.com with the words subscribe FA
on the subject line. List is private and moderated (7-30 messages per month)
Matthew Gaylor, 2175 Bayfield Drive, Columbus, OH 43229
(614) 313-5722     Archived at http://www.egroups.com/list/fa/
**************************************************************************