Forwarded From: Fearghas McKay <fm@mids.org>
Originally From: Yaman Akdeniz
http://news.bbc.co.uk/hi/english/sci/tech/newsid_289000/289139.stm
Tuesday, March 2, 1999 Published at 17:18 GMT
Encryption key would lock up criminals
Dr Ross Anderson: "Big business can look after itself."
By Internet Correspondent Chris Nuttall
Cyber-criminals would be caught if the government introduced a system
where the keys to coded e-mail were voluntarily lodged with licensed
authorities, according to the UK National Criminal Intelligence Service
(NCIS).
NCIS was one of the groups appearing before the House of Commons on
Tuesday.
"Criminals are lazy, greedy and they make mistakes," John Abbott, NCIS
Director General told the Trade and Industry Select Committee, which is
hearing witnesses on electronic commerce issues.
"We are able to capitalise on this and we anticipate that a licensing
scheme would allow us to have some successes," said Mr Abbott.
Civil liberties campaign
Civil liberties groups are campaigning against "key escrow" - the term
used for lodging codes with a third party. They do not want it included in
a forthcoming Electronic Commerce Bill.
A long-awaited consultation paper on the bill from the Department of Trade
and Industry (DTI) is expected in the next few days.
Opponents argue the proposed voluntary licensing system where Trusted
Third Parties (TTPs) would hold the keys to encrypted data being sent over
the Internet would never be used by criminals.
But an NCIS spokesman, who declined to be identified, told the hearing
that just as criminals used telephones at every level for their
activities, so some would use the TTPs.
"We would prefer to have a mandatory licensing system because that would
be more inclusive," said Mr Abbott.
"I do recognise that we are moving into new territory, and this would not
be a complete answer, and if all that is on offer is a voluntary scheme
then that is better than no scheme at all."
Real time access
The Chief Investigations Officer of HM Customs & Excise, Richard Kellaway,
told the hearing that real-time access was needed to encrypted data. Mr
Abbott added that it was no use knowing three days afterwards where a
consignment of drugs had been exchanged.
He admitted that key escrow would not solve the problem of crimes being
committed on an international scale over the Internet.
"But I would urge the government to lead. Law enforcement agencies
throughout the world are extremely concerned with developments. We
anticipate the problem will grow over time and certainly the G8 law
enforcement forum are constantly discussing this and looking for ways
forward."
Business concerns
Businesses, as well as civil liberties campaigners, have voiced concern at
the possible proposals on key escrow, and the Post Office stated its
opposition at the hearing.
Jerry Cope, its managing director for strategy, said there were two areas
of concern: "If people feel this system makes them less secure then they
will not want to use it. We need to instil confidence.
"Then there is the additional cost of regulation and if it is greater than
in France or Ireland then business will go elsewhere. It is as easy to
send e- mail from London to Manchester via Paris as it is direct from
London to Manchester."
Mr Cope said there had been a lack of dialogue between business and law
enforcement agencies and he suggested a possible compromise. Agencies
would bear the additional costs of being able to extract information from
TTPs and would only exercise their powers when there was a threat to
national security.
The Post Office will announce later this month that it is launching a
Trusted Third Party service called ViaCode.
Red flag
The final witness of the day, a leading encryption expert, Dr Ross
Anderson of Cambridge University, compared key escrow to the red flag that
had to be waved in front of the first motor cars to warn people of danger.
A week after the requirement was removed, there was the first road traffic
fatality. But no-one would suggest we go back to the red flag today and
the assumption is made by the police that 99% of those on the road are
good guys, he said.
He added that the police had a long way to go with computers to match
their current knowledge of the motor car. They had often had to call in
outsiders such as himself to help with encryption cases.
"There are many, many ways of attacking computer systems and inevitably
TTPs are going to be compromised," he said. "The role of government should
be protecting the consumer - big business can look after itself."
He said the best way forward in terms of legislation was the Australian
approach that simply recognised that electronic signatures had the same
force as manuscript signatures.
"Key escrow would have to be global to achieve its stated purpose, and
there is now no prospect of this," he said in an additional written
submission to the committee.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 17:30:16 1999