[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Australian "Walsh" report exposes the hole in key escrow
This report was finally obtained (after suing the Australian government
under Freedom of Information laws) by Electronic Frontiers Australia.
I haven't seen it yet; this is the first I'd heard that it is released.
The first paragraph does its best to scare people, but the gist is all
correct: if you escrow authentication keys, digital signatures don't work.
If you don't escrow authentication keys, then key escrow doesn't work.
John Gilmore
Forwarded-by: Hal Abelson (I don't know the original source).
By John Davidson
Governments will be forced to completely undermine the emerging global
electronic commerce system if they want to prevent it being used by
criminals and for tax evasion, one of Australia's leading data
security experts has warned.
Professor William Caelli, head of the school of data communications at
Queensland University of Technology, said yesterday that it was all
but technically impossible to satisfy the competing needs of law
enforcement and international trade.
The difficulty was in allowing encrypted data passing along the
Internet to be monitored by law enforcement agencies, while at the
same time giving legal status to the digital signatures that will
underpin electronic trade.
A suppressed government report into encryption, written by a former
deputy director-general of ASIO, Mr Gerard Walsh, has agreed with
Professor Caelli.
The Commonwealth should abandon as "doomed to failure" attempts to
control encryption by keeping a copy of the passwords, or keys, in
escrow, Mr Walsh told The Australian Financial Review yesterday.
The field of cryptography is generally divided into encryption, where
data is scrambled for confidentiality; and authentication, where an
electronic document is scrambled or signed to prove who it came from
for legal purposes.
Policy under consideration in Australia, the US and the UK calls for a
separation of the two key types, with law-enforcement agencies having
some sort of access to all encryption keys while individual's
authentication keys are kept strictly private.
It is widely accepted that escrowing authentication keys would render
them legally useless for signing documents.
"If you ever allow people to get near authentication keys you'll
corrupt the administration of justice," said Mr Walsh.
The problem facing governments, according to Professor Caelli, is that
it is technically impossible to separate the two key types, since they
are both just very long numbers.
The thinking with the most currency, known as "key tagging", involves
adding extra data to the start or end of a digital key to identify
what it would be used for.
But key tagging can't work in a PC environment, Professor Caelli
claims. PC operating systems don't have enough security to prevent
users from simply taking the tag off an authentication key and adding
it to an encryption key, thereby bypassing government attempts to
escrow all encryption keys.
If, as it was likely, a dual-key infrastructure proved impossible in a
PC world, governments would either have to escrow all keys, rendering
digital certification meaningless, or escrow no keys at all, rendering
data surveillance totally ineffectual, he said.
Mr Steve Orlowski, a leading Government expert on cryptography,
acknowledged that it was now impossible to build a secure dual-key
infrastructure, but said that it was "possible that someone could make
a breakthrough".
"We're encouraging research into that area so we'll be able to make
the distinction," he said.
The US National Institute of Standards and Technology recently made a
worldwide plea for cryptography algorithms that can be used for
authentication and not for encryption.
Mr Walsh's report, commissioned by the federal government to look into
how it must legislate to satisfy security and privacy needs in the
face of strong cryptography, has only now come to light following a
successful Freedom of Information action by Electronic Frontiers
Australia.
The 96 page report, Review of policy relating to encryption
technologies, was due to be published in October last year, and called
for a period of public discussion about cryptography issues.
However, it was never released, and was only made available to the EFA
this week with 20 paragraphs deleted.
A second report prepared at the same time but with specific
recommendations is still secret, however.
According to Mr Walsh, trying to put the lid on encryption with key
escrow would be "an exercise in futility" because it would miss the
very target it was intended to catch: organised crime, money
laundering operations and terrorists.
These groups would either refuse to escrow their keys, or simply embed
a further level of encryption in their messages, he said.
He also said in the report that it would also be futile to try to
regulate the length of crypto keys on a nation-by-nation basis because
"the notion of fixed national borders is simply anachronistic" thanks
to the Internet.
"It's not in the interests of the community's rights to privacy, nor
the needs of the business community, to . . . limit the strength of
cryptography simply to catch the occasional minnow," he said.
Law enforcement considerations should not automatically leapfrog
privacy considerations, and the government would have to mount a
"damned strong argument" every time it wanted to access someone's
encryption keys, he said.
Mr Walsh said he was uncertain why his report had been suppressed,
given that anything that might have been controversial was restricted
to the secret report he also submitted.
"I wrote (the first report) in the clear expectation that it would be
publicly released," he said.