Interesting People mailing list archives
IP: Europe Plans to Resist "Unworkable" US Cryptography
From: David Farber <farber () cis upenn edu>
Date: Sat, 20 Sep 1997 07:33:25 -0400
Date: Sat, 20 Sep 1997 16:06:38 +0900 To: farber () cis upenn edu From: ajp () glocom ac jp (Adam Peake) CommunicationsWeek International 19 September 1997 18:17:33 BST Europe Plans to Resist "Unworkable" US Cryptography Policies By Kenneth Cukier for CWI EXCLUSIVE Europe will use privacy and free trade laws to resist cryptography policies promoted internationally by the US. And initial results of European trials designed to test the practicability of storing users' private encryption keys in so-called "trusted third party" (TTP) databases suggest such systems may in any case be unworkable, according to European Commission officials. The trials have cast doubt on the systems' scalability, cost and legality writes Kenneth Cukier for CommunicationsWeek International. Full story at URL <http://www.totaltele.com/> (as you are probably in a bit of a hurry, here's the full story, please post as you think fit with regards copyright. Adam) Europe Plans to Resist "Unworkable" US Cryptography Policies By Kenneth Cukier for CWI 19-SEP-97 EXCLUSIVEEurope will use privacy and free trade laws to resist cryptography policies promoted internationally by the US. And initial results of European trials designed to test the practicability of storing users' private encryption keys in so-called "trusted third party" (TTP) databases suggest such systems may in any case be unworkable, according to European Commission officials. The trials have cast doubt on the systems' scalability, cost and legality writes Kenneth Cukier for CommunicationsWeek International. Ulrich Sandl, responsible for cryptography policy at the German Ministry of Economics, said that the use of trusted third party systems may be illegal in Germany or Europe as a whole. "There is a real prospect that [products based on] the US policy is a violation of our privacy laws, with severe consequences," he told a conference of European officials, cryptographers and industry executives in Brussels. This combination of legal and technological factors, said an EC official, will mean the EC will "not endorse" key recovery in a report to be distributed at a Council of Commissioners meeting on 1 October by commissioners Martin Bangemann and Mario Monti, the heads of Directorate General XIII for telecoms matters and DG XV for internal market and data protection respectively. The official, like seven others interviewed for this article, asked not to be named, citing the controversial nature of the issue. "I am under terrible internal pressure here," said one source. The report's existence is public knowledge. Detlef Eckert, an adviser at DG XIII, said at the conference that it will recommend policies be transparent, free of bureaucratic burdens for users, and promote the free-flow of products within Europe, but he declined to discuss whether the matter of key recovery is treated. The report, an EC "communication," is expected to call on Europe to develop cryptography policies that are driven by consumer choice rather than law enforcement concerns, according to people from national governments, industry, and the EC who are familiar with the document. It will also urge EC nations to develop uniform legal recognition for digital signatures. Significantly, the EC's paper does not oppose key recovery (likely to be referred to as "key escrow" in the final draft) outright, since France is pursuing such a policy and the UK is undecided over the matter. Instead, it calls for "effective and proportionate" policies, diplomatic wording meant to underscore that a key recovery policy is neither, said an EC official. The communication would represent the most concrete sign that Europe intends to resist US policy designed to create a system of international accords on key recovery for law enforcement. It comes alongside the US' unexpected lurch towards heavy domestic and international encryption controls by Congress and the Federal Bureau of Investigation. Although a communication is a low-level policy paper, it is often used as the first step towards developing formal policies. Officials say it is meant to rally Europe to resist key recovery policies. And they say that France's cryptography laws, if enacted, pose free-trade concerns since they stipulate only French-controlled entities can run national TTPs, which may force a showdown at the EC. The paper is also significant because it diverges dramatically from an unpublished EC report, due in September 1996, that was said to lean heavily in favor of crypto restrictions. And it completely contradicts a Council of Europe declaration in September 1995 that sought to outlaw cryptography without law enforcement access (CWI, 18 September 1995). The Council of Europe, an intergovernmental organization separate from the EU, has no powers to enforce recommendations. The EC's reluctance to support key recovery is partly motivated by the results of tests involving TTPs (CWI, 17 February). Four separate projects have proven TTPs are technical, commercial and legal failures, said an EC official. The X.509-style directory system has a hierarchical rather than network structure, making it difficult to deploy on a mass basis. The TTPs' expenses have also encountered cost overruns from initial projections. Matt Blaze, one of the world's leading cryptographers and a researcher at AT&T in Murray Hill, New Jersey, concurs with the EC's findings. "On a large scale, they [key recovery systems] break-down completely. Some key recovery policies don't even work on a small scale," he said. The only publicly-available TTP operating in the US today uses technology from Trusted Information Systems Inc. and is run by Oakland, California-based SourceFile, a subsidiary of FileSafe Corp. SourceFile president Tom Morehouse acknowledges that his system has yet to be stretched to the point where any scalability problems would become apparent: "We are getting ready to test [the system] with a large number of customers, but we feedback Information : info () total emap com URL: http://www.totaltele.com
Current thread:
- IP: Europe Plans to Resist "Unworkable" US Cryptography David Farber (Sep 20)