[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

LSE UK crypto politics conference




I went to the conference in London on Monday organised by PI (Privacy
Intl.) and GILC (Global Internet Liberty Campaign.)  Speakers were
DTI representatives, Whit Diffie, Phil Zimmermann, Ross Anderson, Carl
Ellison, IBM UK representative, a few people from LSE (London School
of Economics, who hosted the conference).

I don't take notes, but here's a list of points I considered
interesting.  If you want details on any issues I can give more detail
as required.  If anyone else reading went and did take notes they
might be able to attribute quotes a little more accurately.  I
understand there's supposed to be an audio transcript on the web
http://www.privacy.org/pi/conference/dti might be a good place to look.

Government Presentation of proposal

1) David Hendon and Nigel Hickson from DTI presented the DTIs arguments.
They argued that this is a green paper only, the government has
changed, the document was partly the views of the previous government
and partly the views of the DTI.  This I viewed as an attempt to
deflect criticisms, as they could not specify what has changed, and
were not planning to change the document.  (The new government have
not looked at the issue at all).  The labour party had a much more
reasonable policy they published before they got in power; but it
remains to be seen whether they will stick to this or whether the
CESG/GCHQ will lobby them to adopt GAK/TTPs etc., which are in the
CESGs interests.

They claimed to not want to escrow signature keys, but only to escrow
encryption keys.  (The wording in the document clearly states that
they wish to escrow all keys as a condition of being a TTP).  They
said they had many comments on this issue.  (Clearly the only use for
escrowing signature keys is to allow forgeries.  Why would the
government want to forge messages from citizens?  To provide law
enforcement access they only need access to private encryption keys.)

The DTI said much of licensing requirements for TTPs were modelled
after banking regulations.

Architectural and Technical

2) Ross Anderson gave the example of the health service's experience
with CESG/GCHQ foisting flawed cryptography solution CASM on it
(complete with key escrow and secret algorithm Red Pike).  The BMA
(British Medical Assoc), and even DoH (Dept of Health) rejected this
`offer'.  Ross is a computer security advisor to the BMA.  He also
debunked many of the lies spread by GAK proponents, and gave a potted
history of the behind the scenes GAK activities in the UK and Europe.
He also said that CASM was now the laughing stock of Europe in the
crypto community, and that in response the CESG had allocated a new
project manager and given CASM a cosmetic name change to CLOUD COVER.

3) Whit Diffie argued about the importance of privacy in the
information society.  Explained how PK crypto removed the previous
problems with centralised key distribution services.

4) Phil Zimmermann gave his usual talk about the ethical case for free
use of crypto.  Civil rights workers, resistance fighters against
governments with poor civil rights records, etc.  Also made the point
that the backdoor into crypto the DTI appeared to be pushing would
allow the current government to abuse it's power to stay in
government.

Legal and Commercial

5) Peter Sommer, LSE made some points on legal topics digital signature
legislation, etc.

6) Carl Ellison, Cybercash argued against the centralised trust model,
and against X509.  Arguing instead for distributed trust models
particulary Rivest's SDSI and his own work on distributed trust.  Carl
argued that trust should represent permissions, and be administered by
the interested parties.  (eg your bank gives you a key with permission
to draw money from your bank account, not some government licensed
TTP).

7) IBM (in the form of Peter Dare, IBM UK) sold out to GAK.  Peter
Dare's presentation started with a list of things he liked about the
DTI proposal, then a few minor criticisms (very respectfully put), and
as a punchline to his talk presenting IBM GAKware (forget the product
name) and his talk finished with a sales pitch for this product.  At
the end of which Whit Diffie shouted out from the audience can Carl
Ellison have equal time for a cybercash sales pitch!

International

8) John Dryden representing the OECD gave a presentation of the OECD
guidelines.  (T-shirt and jeans odd the rest of the government and
business types wore suits.)  He explained the guidelines as a
significant relaxation.  The guideline referring to key escrow was
changed to a `may' escrow keys rather than a `should' escrow keys.
Said most of the time spent during the OECD SOGIS discussions was
spent arguing about key escrow.  He considered the guidelines a
significant step forward.  The guidelines are non-binding
recommendations.  He said 28 countries signed up, which should
indicate that their countries representatives found the guidelines
consistent with national laws.

9) Alistair Kelman, visiting position at LSE

Made the point (as several others had) that a general principle should
be that trust should mirror existing user trust relationships.  People
do not trust government, nor the sort of large organisations the DTI
is clearly envisaging as suitable TTPs.  He argued that GPs (General
Practitioners, family doctors) would be suitable candidates as trusted
members of the local community.  Kelman also seemed to be arguing that
keys should handed to the user, and not generated by the user.  I
queried him about this afterwards, as it is clearly a bad security
model, and he said he considered it a usability issue, generating keys
being too difficult for the user.  I don't agree, the usability is a
matter to be solved by good software, not by centralising key
generation.

Civil Rights and Privacy

10) Simon Davies, PI argued that case for commonality of interests
between business and privacy issues.

11) David Banisar, EPIC talked about the history of the US clipper
series, and raised the topic of digital telephony bill (where the
government requested access to first 1% and then reduced simultaneous
wiretaps).

Following up from this someone from the floor claimed that the
telephone networks are tappable without the phone company (BT, British
Telecom's) cooperation.  Indeed the person making this claim (who
claimed comprehensive experience and knowledge of phone routing
hardware) said that BT would not even be aware that the tap had taken
place.  Several others in the audience confirmed this was the case.
Whit Diffie said that he had not heard this claim, and that it was not
the case to his knowledge in the US.  The person making the claim said
that he knew the switches used in the US were the same (and quoted the
switch model), and so he didn't see why not.  The question was raised
as to why digital telephony was necessary at all with this type of
phone switch being used in the US.

Law Enforcement

12) The guy from NCIS (National Criminal Intelligence Service) didn't
turn up because he had to go to hospital due to an eye problem.  The
chair, Prof Ian Angell, LSE suggested this might have been due to
looking through too many keyholes :-)

Panel and Open Discussion

Panel: Carl Ellison, legal advisor to GLIC (forget name), Nigel
Hickson DTI, someone from TIS (?) who spoke too quitely.  Chair was
Caspar Bowden, Scientists for Labour.

Most of the panel session consisted of arguments directed at the DTI
and questions for Nigel Hickson representing the DTI.  Hickson had
made jokes about the hostility he was expecting.  He appeared quite
competent at avoiding answering questions directly where this suited
him.

Each panelist was given the opportunity to summarise their position.
Nigel Hickson claimed the main motivation for the proposal was to
encourage user and business confidence in digital signatures for
business purposes, and thereby to promote electronic commerce.  He
used this as justification for the banning of un-licensed TTPs.
Several comments from the floor that it would be better to let the
market decide, and to allow unlicensed certification authorities, key
servers etc to continue unmolested, and in competition with GAKked
government licensed services.

Hickson also claimed key escrow was a small part of their
consideration.  (I'm sure it's true that this is the part they wish to
downplay as this is the part which causes the majority of resistance.)

The question was raised as to whether the DTI understood that the TTP
system could be trivially bypassed by the criminals it was supposedly
designed to catch.  An example given was that anyone wishing to bypass
could use the sigature key helpfully certified by the TTP to
authenticate non escrowed keys they generated outside the TTP system.
The point that there were many other subliminal channels was raised
also.  Nigel Hickson acknowledged this, but said in defence that some
criminals are stupid, that criminals must talk to non-criminals.

Someone put it to Hickson "What is the worst thing that could possibly
happen if the government did nothing?"  ie what if the government
didn't legislate anything, ie why doesn't the government get the fuck
out of the way so that business can get on with commerce unimpeded.
Several business people put it to the DTI that they didn't need any
`help', and that the regulations had held up electronic commerce for
too long already.

Several people argued that business is most interested in
authentication, and not in confidentiality.  So for business purposes
(which what after all the DTI claim is the main reason for the paper,
and the DTI being after all the `Department of Trade and Industry' and
having a mandate to further the interests of UK businesses), they
could achieve what they wanted without bringing escrow into the
argument at all, as they have acknowledged that they will now not be
requiring copies of secret part of signature keys.

People argued against the high cost of becoming a TTP.  The point was
raised that it should be SME (Small to Medium-sized Enterprises) which
are encouraged in electronic commerce.  Also that many internet
innovations start as small or even one man consultancies.

Several asked whether the paper should be re-written as a result of
comments before being presented to the new government, as the comments
if listened to would remove most of the current content.  Also the
question was asked as to whether the deadline for comments could be
extended beyond end of May.  No substantive answer was given to either
of these two questions.

My conclusions

The DTI didn't really clarify their position much, most of the
contentious stuff (mandatory licensing, key escrow, financial barriers
to becoming a TTP) there were no substantive replies to from the DTI,
other than that they were collating the comments.  They said they
would present the Labour science minister/labour government with the
green paper unmodified together with the comments.  (And one presumes
a few spooks from GCHQ/CESG will get the opportunity to present the
four horsemen/spook special interest perspective).  The only clear
statement I noticed the DTI spokespersons make was that they wouldn't
hold the private halves of signature keys.

On the positive side, the labour statement on encryption prior to
coming to office was no where near as draconian as the DTI paper.

Anyway, we'll see.

Adam
-- 
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`