[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Australian "Walsh" report exposes the hole in key escrow




This report was finally obtained (after suing the Australian government
under Freedom of Information laws) by Electronic Frontiers Australia.
I haven't seen it yet; this is the first I'd heard that it is released.

The first paragraph does its best to scare people, but the gist is all
correct:  if you escrow authentication keys, digital signatures don't work.
If you don't escrow authentication keys, then key escrow doesn't work.

	John Gilmore

Forwarded-by: Hal Abelson (I don't know the original source).
     
     By John Davidson 
     
     Governments will be forced to completely undermine the emerging global 
     electronic commerce system if they want to prevent it being used by 
     criminals and for tax evasion, one of Australia's leading data 
     security experts has warned. 
     
     Professor William Caelli, head of the school of data communications at 
     Queensland University of Technology, said yesterday that it was all 
     but technically impossible to satisfy the competing needs of law 
     enforcement and international trade. 
     
     The difficulty was in allowing encrypted data passing along the 
     Internet to be monitored by law enforcement agencies, while at the 
     same time giving legal status to the digital signatures that will 
     underpin electronic trade. 
     
     A suppressed government report into encryption, written by a former 
     deputy director-general of ASIO, Mr Gerard Walsh, has agreed with 
     Professor Caelli. 
     
     The Commonwealth should abandon as "doomed to failure" attempts to 
     control encryption by keeping a copy of the passwords, or keys, in 
     escrow, Mr Walsh told The Australian Financial Review yesterday. 
     
     The field of cryptography is generally divided into encryption, where 
     data is scrambled for confidentiality; and authentication, where an 
     electronic document is scrambled or signed to prove who it came from 
     for legal purposes. 
     
     Policy under consideration in Australia, the US and the UK calls for a 
     separation of the two key types, with law-enforcement agencies having 
     some sort of access to all encryption keys while individual's 
     authentication keys are kept strictly private. 
     
     It is widely accepted that escrowing authentication keys would render 
     them legally useless for signing documents. 
     
     "If you ever allow people to get near authentication keys you'll 
     corrupt the administration of justice," said Mr Walsh. 
     
     The problem facing governments, according to Professor Caelli, is that 
     it is technically impossible to separate the two key types, since they 
     are both just very long numbers. 
     
     The thinking with the most currency, known as "key tagging", involves 
     adding extra data to the start or end of a digital key to identify 
     what it would be used for. 
     
     But key tagging can't work in a PC environment, Professor Caelli 
     claims. PC operating systems don't have enough security to prevent 
     users from simply taking the tag off an authentication key and adding 
     it to an encryption key, thereby bypassing government attempts to 
     escrow all encryption keys. 
     
     If, as it was likely, a dual-key infrastructure proved impossible in a 
     PC world, governments would either have to escrow all keys, rendering 
     digital certification meaningless, or escrow no keys at all, rendering 
     data surveillance totally ineffectual, he said. 
     
     Mr Steve Orlowski, a leading Government expert on cryptography, 
     acknowledged that it was now impossible to build a secure dual-key 
     infrastructure, but said that it was "possible that someone could make 
     a breakthrough". 
     
     "We're encouraging research into that area so we'll be able to make 
     the distinction," he said. 
     
     The US National Institute of Standards and Technology recently made a 
     worldwide plea for cryptography algorithms that can be used for 
     authentication and not for encryption. 
     
     Mr Walsh's report, commissioned by the federal government to look into 
     how it must legislate to satisfy security and privacy needs in the 
     face of strong cryptography, has only now come to light following a 
     successful Freedom of Information action by Electronic Frontiers 
     Australia. 
     
     The 96 page report, Review of policy relating to encryption 
     technologies, was due to be published in October last year, and called 
     for a period of public discussion about cryptography issues. 
     
     However, it was never released, and was only made available to the EFA 
     this week with 20 paragraphs deleted. 
     
     A second report prepared at the same time but with specific 
     recommendations is still secret, however. 
     
     According to Mr Walsh, trying to put the lid on encryption with key 
     escrow would be "an exercise in futility" because it would miss the 
     very target it was intended to catch: organised crime, money 
     laundering operations and terrorists. 
     
     These groups would either refuse to escrow their keys, or simply embed 
     a further level of encryption in their messages, he said.
     
     He also said in the report that it would also be futile to try to 
     regulate the length of crypto keys on a nation-by-nation basis because 
     "the notion of fixed national borders is simply anachronistic" thanks 
     to the Internet. 
     
     "It's not in the interests of the community's rights to privacy, nor 
     the needs of the business community, to . . . limit the strength of 
     cryptography simply to catch the occasional minnow," he said. 
     
     Law enforcement considerations should not automatically leapfrog 
     privacy considerations, and the government would have to mount a 
     "damned strong argument" every time it wanted to access someone's 
     encryption keys, he said. 
     
     Mr Walsh said he was uncertain why his report had been suppressed, 
     given that anything that might have been controversial was restricted 
     to the secret report he also submitted. 
     
     "I wrote (the first report) in the clear expectation that it would be 
     publicly released," he said.