[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

'Independent' Article : Spooks all set to hack it on the superhighway

Thought the following might be of interest to give some of the European
political perspective on encryption, reproduced without permission from 
the UK 'Independent' newspaper 2/5/94 (anything between {} are my own
comments) :

Title : Spooks all set to hack it on the superhighway

 On the right of the article, a pretty picture titled 'How E-mail helps
 criminals avoid detection' - with boxes saying :

'Today when a user transmits messages in code on the Internet, the 
 international computer network, government intelligence services
 cannot listen in.'

'The US has introduced the Clipper chip, a way of encrypting messages
 while allowing government intelligence services access to transmissions.
 This is possible through a "key" used to encrypt the message. The 
 government holds a duplicate key that allows it to decode transmissions.'

'Modern encryption cannot be cracked but if users are forced to use
 the Clipper chip, intelligence services could then eavesdrop.'

'Europe is opposed to the Clipper chip because it fears that the FBI or
 CIA could target European businesses. A suggested alternative is that
 the "keys" to the coded messages could be deposited with a non-government
 trusted third party' {Gee, yeah, that's a real improvement - me}

 At the bottom of the picture, a set of small images titled 'Dangerous
 traffic on the information superhighway', individually 'Terrorism',
 'Drug trafficking', 'Neo-Nazi organisations', 'Pornography', 'Industrial
 espionage', and 'Money laundering'. {Oddly enough, there's not the slightest
 mention of 'Government privacy abuse', 'Governemnt oppression' and the 
 like... and I wish *I* knew how to send drugs by email : 
 uuencode -heinous_chemicals, maybe ?... As an aside, a British computer 
 magazine reported a couple of weeks ago that a government minister had 
 refused to ban the import of pornography over telephone lines (and hence
 the Internet) as it would be unenforcable, even in plaintext ! - me}

A ROW is brewing between Europe and America over US plans to allow intelligence
agencies to monitor information on computer channels. Washington believes
E-mail - electronic messages travelling at the speed of light on the
information superhighway - is a conduit for criminals and terrorists to
transmit messages without fear of detection.

The US plan for a Clipper chip, which lets intelligence agencies crack
encrypted computer messages, has raised fears amongst European businesses
that sensitive information would no longer be secret if it was vetted by
the CIA, the FBI, or GCHQ, the British Government's eavesdropping facility
{I would have thought it was *obvious* that it would no longer be secret
if it was being decoded by this lot... - me}.

E-mail is rapidly taking over from "snail-mail", as postal services are
dismissively known. There are 20 million users on the worldwide web of
computer networks known as Internet. But in 10 years it is predicted that
80 per cent of trade information will be sent by this method.

The Clinton administration, concerned that terrorists, money-launderers and
drug dealers will use E-mail to send encrypted information to assosciates,
wants to outlaw the use of private encryption on international computer

The global censorship plan has run up against opposition from European
and American businesses that use encryption to send sensitive information.
In a position paper to a consulate of European Union intelligence experts,
which has been obtained by the 'Independent', the European organisation
representing users of computer security has rejected the Clinton initiative
as "totally unacceptable".

The statement by the Information Security Business Advisory Group (Ibag),
warns European governments to ignore overtures from the US government
aimed at restricting access to the information superhighway to users who
use encryptions that the government agencies can decode.

The European position is that "industry needs to know when its sensitive
data has been compromised [by the security services or others]" and that
the US eavesdropping initiative will greatly reduce the benefits of the
information superhighway. Companies "will be restricted to a very
restricted list of 'approved' algorithms [encryption methods]" greatly
adding to business costs and making international cooperation difficult.

Ibag recently informed the senior officials group on information security
that the planned US-style restrictions, or the even stricter French
system under which those using cyphers must disclose the keys to the
authorities, are "totally unacceptable" to industry.

The European group has proposed that companies deposit the keys to their
encryption cyphers with "trusted third parties" rather than with governments.
With this system, when intelligence agencies want to tap messages, the
company will have to be notified. {Unless, of course, they just bribe the
'trusted third party', break in, require the key for 'national security'
reasons, or whatever... - me}

Chriss Sund, a computer-security expert, said companies faced real dangers
of economic espionage by governments. "There was a general instinct among
companies to distrust the French", {8-)} he said, who use government
controls on encryption "to their advantage". {like the others won't, I'm
sure... - me} 

Stephen Dorrill, an expert on the intelligence services, claims that the
US proposal is designed to facilitate industrial espionage.

"GCHQ, which has been co-operating hand-in-glove with the US for the past
fifty years, {UK-USA agreements, etc - me} finds itself caught in the middle
of this US-EU dispute. Britain will eventually have to square co-operation
on intelligence and encryption across the Atlantic with the demands of its
European partners."

Under the US initiative, use of computer or voice encryption that cannot
readily be hacked into by the security services of cooperating governments
will be deemed suspicious and worthy of surveillance. {Well, they can
surveil all they like if they can't break it... - me}

These users will be denied access to the information superhighway. {Quite
how this would be implemented is unexplained, but presumably would require
mandatory use of Tessera chips. Still, of course, completely useless against
superencipherment... - me}

The US has decided to replace private encryption with the Clipper chip. 
{Now, I don't know whether they've heard this from US government sources,
or whether they're interpreting it that way, or whether they just don't 
know what they're talking about, but if it's the former, then the general 
tone of the article with it's "decision" to "replace" private encryption 
might indicate the US government is taking a more candid stand with its 
opposite numbers in Europe than it's giving to the people back home -me}
This enables government agencies to listen in on conversations and
decode data flows at will {wot, no warrants ? - me}. How European 
governments intend to tackle the problem of terrorists and other
criminals using encryption to stay ahead of the law is not known, but
there has traditionally been a close working relationship National
Security Agency in the US and the GCHQ in Britain. {i.e. 'Buy the new
secure British Telecom ClipperPhone, available now from all good
high-street consumer electronics stores...' - me}

The clash over encryption could have serious implications for the
development of the information superhighway, which has
been hailed in Brussels and Washington as a way of increasing 
competitiveness and delivering a boost to the economies of the
industrialised world {that they've been working hard to trash for
the last fifty years - me}.

If European businesses are blocked from using the US information
superhighway because they will not bow to US pressure, the EU
may be forced to develop its own independent system, adding to
the cost and hastening the division into three rival trading blocs,
{Oceania, Eurasia and Eastasia, whoops, wrong book - me} the US,
the EU and Asia.


So, I'm not really sure how to take this article (other than my first
though : 'Thank "Bob" I'm out of here in nine months'). On the one hand, 
it appears that the US and EU may well be at each other's throats 
(IMHO, the best place for them) over the actual implementation of 
the 'escrow', but on the other the European organisations seem quite 
happy with the idea of giving their keys away as long as they go to a 
'trusted third party'.

But.... there are certain advantages from this point of view.. aside from
the fact that it's just as useless as Clipper, since you can just 
superencipher with a secret key, if you generate the keys yourself rather 
than having them generated for you, you could always give them an 
invalid key ('Whoops, silly me, wrong floppy disk'), then if they did 
want to crack your encryption they'd have to come round for a visit
to get the real key and demonstrate that they'd attempted to tap you. I
have no intention of giving my keys to anyone, but if they're going
to attempt to implement some kind of pseudo-escrow system, I'd rather 
this than the Clipper approach. 

The best news, I guess, is that European businessses want to use encryption,
so it looks like a ban would be difficult to enforce. The worst news is the
general tone of the article, attempting to link the use of secure encryption
to terrorists and drug dealers, and like I said, it would be interesting
to know where they got their comments on the US government's plans from,
'cause they sure don't match what's been put out for domestic consumption...