lambda 3.07

Decembre 11, 1997

LA LOUPE - search


French crypto policy under fire
The EC approved the draft policy, but the lack of transparency was denounced by EU partners, French corporations, and the Parliament

Phil Zimmermann recovered
PGP Inc. was to marry a key recovery advocate

Telco networks under fierce scrutiny in France
Abuse of minors using the net could worsen the verdict

SHORT-CIRCUITS
XS4ALL says no to police tap
Europe's safety plan
EPIC vs Net Sheperd
News from the GILC


the

french cypher

under fire

France expects to be the first industrial nation to adopt encryption-backed Trusted Third Party legislation by the end of this year. The draft law has been submitted to the European Union's consultative Commission in Brussels (EC), and the EC apparently gave its approval for the law at the end of october.

But lambda has learned that an "observation" letter was sent by the EC to the French government. The letter says the French draft law contains some sections that, "may hinder the free flow of encryption products" in the 15-members European Union as well as other European countries that have economic ties with the EU, like Switzerland and Norway.

Meanwhile, lambda obtained some confidences in EC circles explaining that the Dutch government said the actual French draft is "unacceptable". Such reports have also been published in a Communications Week International's article. The Dutch have protested because they think the EC should not have approved the French draft on the grounds that it breaches open market principles. But Com-Week wrote that the EC succeeded to convince the French to drop some discriminatory measures -- ie, earlier drafts forbade foreign capital to hold a majority stake in French TTPs (lambda 2.13) -- but such TTPs still have to be in French territory.

 

Some useful abstracts : English - French

 

Meanwhile, French industry groups broke the diplomatic silence on December 5th. The Association of Unix and Open Systems Users (AFUU), along with the Business Software Alliance Europe and the American Chamber of Commerce in France published a communique in which they say the draft policy "is in contradiction with the goals of the Prime Minister and may weaken France's position towards its commercial partners".

These groups have not been consulted by the government (and thus had no access to the decrees), and they demand more transparency. The lack of an "open debate" was also criticized by a Parliament's consultative commission (CSSPPT), which had access to the draft decrees. The commission demands a "complete revamp" of the decrees. This is the first time the French Parliament dares to criticize the government's encryption policy.


Phil Z
revovered

Privacy advocate Philip Zimmermann has been under fierce pressure these days. The recent takeover of the company he co-founded, PGP Inc, by Network Associates (formerly known as Mc Afee Associates) has put him in an uncomfortable position -- for a while, that is.

Wired News revealed last week that Network Associates was a member of the Key Recovery Alliance (KRA), a group of businesses often used by the Clinton administration and the FBI to say that key escrow encryption has the support of corporate America. Key recovery allows people to recover encryption keys if lost, but is also a political arm for the US government to allow a lawful access to encrypted communication.

But on December 8, Network Associates finally said that it will withdraw from the KRA. Says Gene Hodges, director of product management at Network Associates, to Wired News: "The reason for our withdrawl is simply that we want people to understand that Network Associates' position and PGPs position is to encourage the government and industry to move towards a policy that allows export of strong cryptography without mandatory key recovery. KRA is not demanding [mandatory key recovery] but people at times hold up a long list of members as an example of industry getting behind that policy. ... We have no problem with the techncial thinking that the people at KRA are doing, but we want to make it clear that we hope that is not the direction government policy goes."

One can easily understand the critical situation of Phil Zimmermann in that case. He emerged as one of the most advocate for "encryption of the masses" since the free release of his PGP software. The lambda bulletin has presented him as the "digital privacy guru" (lambda 2.06) because he considers encryption as a powerful means to avoid government snooping and to facilitate democracy through freedom of speech. He told Wired staff, "I think that the responsiveness of Network Associates to our suggestions about this particular issue is indicative of how things will go in the future."

But even the smartest guru can fail to predict the unpredictable. For example, he and his company faced similar critics recently for the release of PGP for Business Security, because the software includes key recovery possibilities. "I designed that in such a way to place it under customer control," Phil Zimmermann argued. "Ours is the most progressive [implementation of key recovery] because it requires the consent of both parties. I think that's pretty good."

But one can also wonder who could prevent a businessman to consider this "option" as a mandatory measure, for security and recovery purposes, as some firms impose electronic badges to monitor employees' moves in corporate areas... And it's child's play to use sniffer programs to detect and delete "non-productive" applications, such as PC games and/or private copies of PGP or other encryption tools.


France

'TELCO NETWORKS' UNDER SCRUTINY

 

In November the French Parliament discussed a government-sponsored bill dealing with "prevention and crackdown of assaults on minors". Both chambers, the Assembly and the Senate, decided to amend the Penal Code to take into consideration the use of "telecommunications networks, including the Minitel and the Internet", if someone is convicted of crimes to minors.

The bill says the use of a network will be considered as an "aggravating circumstance", which will worsen the verdict from 5 to 7 years in jail, and from 500,000 FF to 700,000 FF in fees. In the case of the crime of "transmitting images" related to child pornography, the use of telecom networks could aggravate the prison sentence from 1 year to 3 years.

"That's nonsense", said Sebastien Canevet, a jurist from the cyber-rights association IRIS. "That means it's more prejudiciable to assault somebody online than in the street. Iris is opposed to these special laws, which will put civil liberties in danger while not contribute to an efficient crackdown on pedophilia."

The law may be voted next month

 


COURT-CIRCUITS

XS4ALL say no

The Dutch provider decided last month not to cooperate with the police, who wanted to monitor one of Xs4all Internet account, including e-mail box, Web, newsgroups and online chat habits. "XS4ALL has informed the Ministry that in its view the instruction lacks any adequate legal basis. The company's refusal makes it liable for a penalty but XS4ALL is hoping for a trial case to be brought in the near future so that a court can make a pronouncement", the company said in a communique. Xs4all has already considered freedom of speech and privacy as a baseline for their activity (see lambda 3.03, April 1997).

© xs4all Internet

 

Europe's Decent Plan

As this bulletin reported last October (lambda 3.06), the European Commission released guidelines, soon to be discussed by the Union's 15 governments, regarding illegal or harmful content on the Internet. It urges the creation of a pan-european network of hot-lines to monitor such content, along with some self-regulation shemes and the use of rating and filtering technologies. See the file

 

EPIC vs Net Sheperd

Net Shepherd Family Search is a web-based search engine, self-styled "the world's first family-friendly Internet search site ... designed to make the Internet a friendlier, more productive place for families. This is achieved," the ad goes on, "though filtering out web sites judged by an independent panel of demographically appropriate Internet users, to be inappropriate and/or objectionable to average user families." EPIC tried to locate information about 25 schools; 25 charitable and political organizations; 25 educational, artistic, and cultural institutions; and 25 concepts that might be of interest to young people ("Christianity," the "Bill of Rights" and "eating disorders.", etc.) "In every case in our sample, we found that the family-friendly search engine prevented us from obtaining access to almost 90 percent of the materials on the Internet containing the relevant search terms", the EPIC concluded.

 

GILC Alert News

 

The Global Internet Liberty Campaign released its 1.02 Newsletter, in which it presents some recent news regarding net censorship and privacy issues.

Abstracts:

* The organisation was invited at a United Nations seminar on November 14th, concerning "The Role of the Internet With Regard to the Provisions of the International Convention on the Elimination of All Forms of Racial Discrimination (ICEAFRD)."

* The International Freedom of Expression Exchange Clearing House, twelve world-wide human rights organization, have challenged Internet censorship in many member nations of the Asia-Pacific Economic Cooperation (APEC). In a jointly signed letter, the human rights organizations criticized China, Indonesia, Malaysia, Japan, Australia, Singapore, the United States, Philippines, and Thailand for attempting "to control the free flow of information and free expression on the Internet in their respective countries."

* CDA II

The GILC invites all US citizens to protest to Senator Dan Coats (R, Indiana) about his bill called S.1482, dubbed "CDA-II" by civil liberties activists. The bill seeks to prohibit ISPs from distributing material that could be considered as "harmful to minors" (under 17). Violators will be imprisoned for six months with a $50,000 fine (see the full bill). The CDA, invalidated last July by the Supreme Court regarding the First Amendment, used the word "indecent". Coats is one of the CDA's proponent.

- Senator Dan Coats, 404 Russell Senate Office Building, Washington, D.C. 20510 (202) 224-5623.
- Senator Patrick Leahy (one of the 15 senators that voted against the CDA): senator_leahy@leahy.senate.gov

 


Suggest I Home