14-Jul-96
Mr I Taylor
Department of Trade and Industry
123 Victoria Street
London


Dear Mr Taylor,


New British Encryption Policy


Recently I discovered via Internet that the government is proposing a
new encryption policy for Britain. In itself this is welcome, however
many of the details outlined in what I have seen make the mistake of
adopting a top down approach, completely unsuitable to modern
telecommunications networks. I wish to comment on what I have read and
also wish to take place in the consultation exercise mentioned in your
paper entitled, "Paper on regulatory intent concerning use of
encryption on public networks". This was posted on Internet.

Your paper fails to make a distinction between "corporate users" and
"individual citizens" as far as copies of keys are concerned. It then
goes on to say that "Trusted" Third Parties will be "welcomed by IT
users".

As an individual citizen, IT user and corporate user I do not welcome
the idea of placing my encryption keys with anyone. There are a number
of reasons for this, but these boil down to the fact that a copy of my
house keys are not kept with a bank, network operator or trade
association.


INADEQUATE CONSULTATION

My first point is to note with very great concern that I only found
out about this paper because an individual spent time placing your
paper on various Internet Newsgroups. If your "consultation" is to
actually be a consultation then it must engage with those who know
about and use encryption. "Consultation" with DTI cronies is not true
consultation. The people you should be trying to reach are likely to
read Newsgroups like alt.security.pgp or talk.politics.crypto.  It
appears that you made no effort to make contact with these people, a
major flaw.

I also note that your paper does not contain an E-mail address, fax
number or postal address for sending in comments about it. This is
hopefully just an oversight.


TRUST AND "TRUSTED" THIRD PARTIES

Your paper talks about the paramount importance of trust in the
security of communication. This is indeed a vital issue. However, in
order to achieve this trust it is completely unnecessary to have
"Trusted" Third Parties with copies of everyone's encryption keys. The
decentralised "Web of Trust" outlined in the PGP manuals (ref 1) is a
suitable way of achieving this trust using open methods, where people
trust the people they wish to trust. This approach is closer to the
way people and modern computer systems work than a centralised system,
which harks back to the days of mainframe computers.


LAW AND ORDER - ARE "TRUSTED" THIRD PARTIES USEFUL?

Your paper then goes on to make what is becoming a regular point about
preserving the ability of the intelligence and law enforcement
agencies to fight serious crime and terrorism, by establishing
procedure for the disclosure of encryption keys. This point is bogus.
Serious criminals (I include terrorists under this heading) are not as
stupid as this statement implies. I cannot envisage a serious criminal
using an encryption system they know the government can read to
transmit sensitive information. A minor criminal yes, but not a
serious criminal.

In the case of terrorists it is also debatable how much information
they exchange by interceptable means. Presumably a terrorist cell has
a list of targets (transmitted by secure means) and simply needs a
message which means, "attack target 6." This message might be,
"David's cat is sick." Such a message can be transmitted by means of a
small advertisement in the "Daily Telegraph", a public message in a
Newsgroup, the telephone or any one of many ways. No encryption is
necessary, or even desirable.

Given the limited success against serious criminals in the UK, I
conclude that they are already operating largely in this sort of way
and allowing the intelligence agencies to decrypt any message they
feel like will not aid materially in fighting serious crime.


KEY MANAGEMENT AND COMMERCE

Your paper Talks about "Trusted" Third Parties facilitating
communications between people in a regular trading relationship (such
as a bank and customer) and those who have no previous relationship.
In the former case the people in the regular trading relationship have
no need to use a "Trusted" Third Party, as they will have copies of
each other's keys.

In the latter case the "Trusted" Third Party is another complication
in forming trust. Do both parties trust the "Trusted" Third Party? If
there is not a mutual "Trusted" Third Party, how is trust established?
The only solution to this problem, while retaining "Trusted" Third
Parties, is for all "Trusted" Third Parties to effectively be the same
party. No doubt in time the government would be asked to take on this
role to simplify matters. In time, given the international nature of
telecommunications, governments would be superseded by a suitable
body, for example the United Nations. Even if the government or UN do
not become involved this sounds rather a Stalinist approach,
especially from a government that claims to be in favour of
competition.

These problems are avoided by adopting a decentralised key management
system, where people trust those who they want to trust. Certainly
amongst the last people I would trust to keep my encryption keys safe
would be a bank, computer network company, trade association, the
government or the United Nations.


SAFEGUARDS AGAINST MISUSE

Your paper then continues the law and order theme by talking about
safeguards on releasing encryption keys similar to those which already
exist. However your proposals are completely at variance with the law
surrounding the securing of information in private houses. This
attempt to treat computerised information in a completely new way to
the established principles of law is very worrying.

I can make my house as strong as I like. This might include very
strong reinforcement of the house exterior. I can fit any lock I like
to the house and there is no requirement for me to place copies of the
keys with a "Trusted" Third Party. The same is true of cabinets within
the house that contain papers. The authorities can obtain a warrant to
attempt to enter my house and any measures I take would probably not
prevent them in the end. However the level of protection is up to me.
A warrant does not guarantee the authorities access to any
information, it is worrying that you intend to change this principle.

The authorities can attempt to recover information stored on a
computer in exactly the same way. They can obtain a warrant and
attempt to seize the computer. Having done so, especially with modern
operating systems, there is every likelihood that the information will
be stored in clear in a swap file or "deleted" temporary file. There
is no need for a general power to decrypt messages in transit.


HOW LONG WILL IT BE VOLUNTARY?

I note your statement that, "It is not the intention of the Government
to regulate the private use of encryption." However, it is clear that
serious criminals will not use "Trusted" Third Parties to store copies
of their keys. Therefore I envisage that this professed intention will
not last very long. It is all a matter of trust and I do not believe
the statement. It may be true today, but will not be true tomorrow.


MAJOR PROBLEMS WITH THE SYSTEM

Your paper neglects to mention several very important aspects of a
system where various groups have easy access to all the messages
people send. It is my view that such a system is an extremely serious
threat to democracy and the well being of the country.

Political parties of all shades believe that they are right and they
are acting in the national interest. Therefore the party that happens
to be in power will have a great interest in spying on their
opponents. Watergate is only one example of this and it happens in the
UK. If we elect a party that has the power to read all their
opponent's communications this will undoubtedly be the last political
party we elect.

The "Trusted" Third Parties will also be extremely vulnerable to
subversion by many other bodies, for example insurance companies. Such
companies will have a great interest in communications to and from
Doctors. Their wealth will facilitate obtaining the relatively small
number of Doctor's keys from the "Trusted" Third Parties.  These keys
will be used in decrypting messages of interest. Unlike messages sent
by post there is no labour intensive steaming open of envelopes in
such a process. A computer simply copies the message, decrypts it,
scans it for interesting keywords and notes interesting messages for
humans to look at. This is a new possibility which increasing computer
power and "Trusted" Third Parties make possible.


PRACTICAL PROBLEMS

Release of keys has a number of practical pitfalls. If a key is
released, how long will this release be for? Will the key "self
destruct" after a court appointed time? If not how can someone,
perhaps falsely investigated, be sure that their key has been
destroyed and is no longer available to the authorities? Computerised
information is notoriously persistent.

What sanction will a citizen have against those who gain information
by illegally released keys? There should be very serious legal and
financial sanctions against the authorities if they misuse the very
considerable power they would have with such a system. Long terms of
imprisonment and high fines should be automatic to ensure officials
are less likely to make "mistakes".

What compensation by the "Trusted" Third Party, including
consequential loss, will be available to a person, or business, whose
key is accidentally released to an opponent?

Will a person be able to check the integrity of their key with the
"Trusted" Third Party?


CHANGED BALANCE OF POWER

Since the use of telecommunications started before the First World War
the intelligence agencies have become lazy. They have grown used to
sucking anything they like off radio waves, telephone and telex
networks. This used to be a labour intensive process, which struck the
right balance between the individual and the state. However, recently
the power of the state has increased greatly, especially with the
introduction of computers to telecommunications. Interception is no
longer a labour intensive process.

Politicians have completely failed to protect citizens from this
increasing state power. It is ironic that this has taken place in the
UK while a political party that professes to wish to reduce the power
of the state has been in power. Due to the failure of politicians of
all political parties, individuals have started to reinstate the
levels of privacy they once had, by the use of encryption. This has
caused the intelligence agencies to call for access to all encryption
keys. They have used all sorts of bogus arguments in their attempts to
keep their new found power. They should not be allowed to get away
with it.


Encryption is not a threat to democracy, the country or civilisation
as we know it. On the contrary, it restores the position citizens have
been in until recently. The real threat to society is allowing the
state unfettered access to all communications.

Your proposals should reflect the true threats to society, at the
moment they do not. I look forward to being consulted regarding this
proposed policy and your answers to the points I have raised.



		Yours sincerely,
					David Hansen