-----------
Exclusive story
netizen 006 - 16 nov 1995
Newsgroups release : talk.politics.crypto, alt.security.pgp, alt.security, alt.privacy, fr.network.internet
Follow-up of the Sept 28 Nature's Article
-----------
Here is some confirmations that Europe is planning a back-door security for information networks. The news broke last september that the European Commission was soon to release some recommendations with a European-wide panel of experts concerning the regulation of strong encryption. The idea of Trusted Third Parties is really on the air -- this is kind of electronic notary centers where you would soon be forced to give a copy of your encryption keys.
New light comes from the recent issue of the Paris-based Intelligence Newsletter (Le Monde du Renseignement in French*). It says that French and UK are very enthusiastic about the idea. But, the newsletter says, "Germany ... would like to see a multilateral TTP set up with a centralized, Europe-wide system to manage the keys. But the German option has been rejected by London and Paris which refuse to consider 'an escrow key managed from Brussels'."
In that report, the UK's DTI (Dept of Trade & Industry) is quoted as saying that it "does not envisage a European-wide TTP," adding: "We would expect that a number of TTPs might emerge -- at least one for each individual countries -- and operate internationally by bilateral/multilateral agreements."
But who will keep your keys? Private locksmiths. Don't laugh. The idea
of giving private agencies the power to watch over your shoulder
(exactly, to let the govt step in the back-door) is really under way. I
personnaly made a request, as a reporter, to the DTI's Telecommunication
Division. The division, along with the Cheltenham-based Communications
Establishment Security Group (related to the GCHQ I presume?), is
representing HMGovt in the SOG-IS group, a 18-countries consultative
european body. The division gave the official and public statement as
follows:
"The UK recognises that a balance must be struck between the legitimate requirements of industry, commerce and individuals for arange of cryptographic services [ such as digital signature, confidentiality and file retrieval) with the national security needs of the authorities in fighting terrorism and serious crime.
"In considering the type of mechanism that would allow such a balance to be struck officials have naturally considered the possibilities that Trusted Third Parties using key escrow arrangements offer. In such arrangements the Trusted Third Parties (which could be commercial bodies operating in competition with each other) could hold the encryption keys of their clients and release them to the national authorities (eg the Police or Customs and Excise) under strictly controlled conditions. Key escrow, while offering interesting opportunities, may of course only be one of the methods of arriving at the balance referred to above. The UK Government has not yet decided on this or on any other option.
... "It is too early to say whether the UK would decide to change it's existing regulations, but it may be that a TTP solution would have several distinct advantages to users that would lead to widespread voluntary adoption. Currently tnere are no legal restrictions regarding the use of cryptography."
*yep, I forgot to mention that Intelligence Newsletter is partially online. Warning : That's not a free service, except some archives (quite old).