IP: Council of Europe proposes to outlaw strong encryption

[David Farber <farber () central cis upenn edu>]

According to an article in `Communications Week International', the
34-nation Council of Europe has agreed to outlaw strong encryption
products which do not make keys available to governments.


The article, `Euro-Clipper chip scheme proposed', is on the front page
of the magazine's issue 151, dated 18th September, which arrived in my
mail this morning.


It relates that the policy was approved on the 8th September at
Strasbourg by the Council, and coincides with an attempt by the
European Commission to propose a pan-European encryption standard. The
Council - unlike the Commission - has no statutory powers to enforce
its recommendations. However, Peter Csonka, the chairman of the
committee that drafted the document (and an administrative officer at
the Council's division of crime problems) says that `it is rare for
countries to reject Council of Europe recommendations'.


The proposal would make telecomms operators responsible for decrypting
traffic and supplying it to governments when asked.  It would also
`change national laws to enable judicial authorities to chase hackers
across borders'.


Opposition to this measure was expressed by Mike Strezbek, VP
responsible for European telecomms at JP Morgan, who said that his
organisation `will challenge any attempt to limit the power of our
network encryption technologies very strongly'.


Czonka said that the Council had given consideration to business
interests but had tries to strike a balance between privacy and
justice. However, `it remains possible that cryptography is available
to the public which cannot be deciphered,' his document says. `This
might lead to the conclusion to put restrictions on the possession,
distribution, or use of cryptography.'


Apparently another international organisation, the OECD, has called a
conference of its members in December to devise a strategy on
encryption.


I for one will be making clear to my MP that his stand on this issue
will determine how I cast my ballot at the next election. I note that
John Major stated in a 1994 parliamentary written reply to David Shaw
MP that the government did not intend to legislate on data encryption.
I am disppointed that government policy has changed to the point of
supporting the Council of Europe, and that this change has sneaked
through during the parliamentary recess.


Ross Anderson