[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
'Independent' Article : Spooks all set to hack it on the superhighway
- To: [email protected]
- Subject: 'Independent' Article : Spooks all set to hack it on the superhighway
- From: [email protected]
- Date: Mon, 2 May 1994 10:20:39 -0700
- Comments: This message is NOT from the person listed in the Fromline. It is from an automated software remailing service operating atthat address. Please report problem mail to <[email protected]>.
- Sender: [email protected]
Thought the following might be of interest to give some of the European
political perspective on encryption, reproduced without permission from
the UK 'Independent' newspaper 2/5/94 (anything between {} are my own
comments) :
Title : Spooks all set to hack it on the superhighway
[
On the right of the article, a pretty picture titled 'How E-mail helps
criminals avoid detection' - with boxes saying :
'Today when a user transmits messages in code on the Internet, the
international computer network, government intelligence services
cannot listen in.'
'The US has introduced the Clipper chip, a way of encrypting messages
while allowing government intelligence services access to transmissions.
This is possible through a "key" used to encrypt the message. The
government holds a duplicate key that allows it to decode transmissions.'
'Modern encryption cannot be cracked but if users are forced to use
the Clipper chip, intelligence services could then eavesdrop.'
'Europe is opposed to the Clipper chip because it fears that the FBI or
CIA could target European businesses. A suggested alternative is that
the "keys" to the coded messages could be deposited with a non-government
trusted third party' {Gee, yeah, that's a real improvement - me}
At the bottom of the picture, a set of small images titled 'Dangerous
traffic on the information superhighway', individually 'Terrorism',
'Drug trafficking', 'Neo-Nazi organisations', 'Pornography', 'Industrial
espionage', and 'Money laundering'. {Oddly enough, there's not the slightest
mention of 'Government privacy abuse', 'Governemnt oppression' and the
like... and I wish *I* knew how to send drugs by email :
uuencode -heinous_chemicals, maybe ?... As an aside, a British computer
magazine reported a couple of weeks ago that a government minister had
refused to ban the import of pornography over telephone lines (and hence
the Internet) as it would be unenforcable, even in plaintext ! - me}
]
>>> BEGIN ARTICLE
A ROW is brewing between Europe and America over US plans to allow intelligence
agencies to monitor information on computer channels. Washington believes
E-mail - electronic messages travelling at the speed of light on the
information superhighway - is a conduit for criminals and terrorists to
transmit messages without fear of detection.
The US plan for a Clipper chip, which lets intelligence agencies crack
encrypted computer messages, has raised fears amongst European businesses
that sensitive information would no longer be secret if it was vetted by
the CIA, the FBI, or GCHQ, the British Government's eavesdropping facility
{I would have thought it was *obvious* that it would no longer be secret
if it was being decoded by this lot... - me}.
E-mail is rapidly taking over from "snail-mail", as postal services are
dismissively known. There are 20 million users on the worldwide web of
computer networks known as Internet. But in 10 years it is predicted that
80 per cent of trade information will be sent by this method.
The Clinton administration, concerned that terrorists, money-launderers and
drug dealers will use E-mail to send encrypted information to assosciates,
wants to outlaw the use of private encryption on international computer
networks.
The global censorship plan has run up against opposition from European
and American businesses that use encryption to send sensitive information.
In a position paper to a consulate of European Union intelligence experts,
which has been obtained by the 'Independent', the European organisation
representing users of computer security has rejected the Clinton initiative
as "totally unacceptable".
The statement by the Information Security Business Advisory Group (Ibag),
warns European governments to ignore overtures from the US government
aimed at restricting access to the information superhighway to users who
use encryptions that the government agencies can decode.
The European position is that "industry needs to know when its sensitive
data has been compromised [by the security services or others]" and that
the US eavesdropping initiative will greatly reduce the benefits of the
information superhighway. Companies "will be restricted to a very
restricted list of 'approved' algorithms [encryption methods]" greatly
adding to business costs and making international cooperation difficult.
Ibag recently informed the senior officials group on information security
that the planned US-style restrictions, or the even stricter French
system under which those using cyphers must disclose the keys to the
authorities, are "totally unacceptable" to industry.
The European group has proposed that companies deposit the keys to their
encryption cyphers with "trusted third parties" rather than with governments.
With this system, when intelligence agencies want to tap messages, the
company will have to be notified. {Unless, of course, they just bribe the
'trusted third party', break in, require the key for 'national security'
reasons, or whatever... - me}
Chriss Sund, a computer-security expert, said companies faced real dangers
of economic espionage by governments. "There was a general instinct among
companies to distrust the French", {8-)} he said, who use government
controls on encryption "to their advantage". {like the others won't, I'm
sure... - me}
Stephen Dorrill, an expert on the intelligence services, claims that the
US proposal is designed to facilitate industrial espionage.
"GCHQ, which has been co-operating hand-in-glove with the US for the past
fifty years, {UK-USA agreements, etc - me} finds itself caught in the middle
of this US-EU dispute. Britain will eventually have to square co-operation
on intelligence and encryption across the Atlantic with the demands of its
European partners."
Under the US initiative, use of computer or voice encryption that cannot
readily be hacked into by the security services of cooperating governments
will be deemed suspicious and worthy of surveillance. {Well, they can
surveil all they like if they can't break it... - me}
These users will be denied access to the information superhighway. {Quite
how this would be implemented is unexplained, but presumably would require
mandatory use of Tessera chips. Still, of course, completely useless against
superencipherment... - me}
The US has decided to replace private encryption with the Clipper chip.
{Now, I don't know whether they've heard this from US government sources,
or whether they're interpreting it that way, or whether they just don't
know what they're talking about, but if it's the former, then the general
tone of the article with it's "decision" to "replace" private encryption
might indicate the US government is taking a more candid stand with its
opposite numbers in Europe than it's giving to the people back home -me}
This enables government agencies to listen in on conversations and
decode data flows at will {wot, no warrants ? - me}. How European
governments intend to tackle the problem of terrorists and other
criminals using encryption to stay ahead of the law is not known, but
there has traditionally been a close working relationship National
Security Agency in the US and the GCHQ in Britain. {i.e. 'Buy the new
secure British Telecom ClipperPhone, available now from all good
high-street consumer electronics stores...' - me}
The clash over encryption could have serious implications for the
development of the information superhighway, which has
been hailed in Brussels and Washington as a way of increasing
competitiveness and delivering a boost to the economies of the
industrialised world {that they've been working hard to trash for
the last fifty years - me}.
If European businesses are blocked from using the US information
superhighway because they will not bow to US pressure, the EU
may be forced to develop its own independent system, adding to
the cost and hastening the division into three rival trading blocs,
{Oceania, Eurasia and Eastasia, whoops, wrong book - me} the US,
the EU and Asia.
>>> END ARTICLE
So, I'm not really sure how to take this article (other than my first
though : 'Thank "Bob" I'm out of here in nine months'). On the one hand,
it appears that the US and EU may well be at each other's throats
(IMHO, the best place for them) over the actual implementation of
the 'escrow', but on the other the European organisations seem quite
happy with the idea of giving their keys away as long as they go to a
'trusted third party'.
But.... there are certain advantages from this point of view.. aside from
the fact that it's just as useless as Clipper, since you can just
superencipher with a secret key, if you generate the keys yourself rather
than having them generated for you, you could always give them an
invalid key ('Whoops, silly me, wrong floppy disk'), then if they did
want to crack your encryption they'd have to come round for a visit
to get the real key and demonstrate that they'd attempted to tap you. I
have no intention of giving my keys to anyone, but if they're going
to attempt to implement some kind of pseudo-escrow system, I'd rather
this than the Clipper approach.
The best news, I guess, is that European businessses want to use encryption,
so it looks like a ban would be difficult to enforce. The worst news is the
general tone of the article, attempting to link the use of secure encryption
to terrorists and drug dealers, and like I said, it would be interesting
to know where they got their comments on the US government's plans from,
'cause they sure don't match what's been put out for domestic consumption...