Russell Square House

10-12 Russell Square

London WC1B 5EE UK

Tel: +44 (0) 171 331 2000

Fax: +44 (0) 171 331 2040

Email: feedback@fei.org.uk

Web Site: http://www.fei.org.uk/fei

 

 

 

 

 

Licensing of Trusted Third Parties

for the Provision of Encryption Services:

Detailed Proposals for Legislation

UK Government Consultation Paper

March 1997

 

 

 

FEI response

 

 

 

 

May 1997

 

 

A. Introduction and statement of general support

 

  1. In March 1997, the Department of Trade and Industry (DTI) issued a public consultation paper setting out detailed proposals for legislation on the licensing of trusted third party services for the provision of encryption services. This paper set out the response of The Federation of the Electronics Industry (FEI) to the consultation document
  2. The UK is now the fourth largest IT, electronics and communications (ITEC) consumer in the world, spending some £48 billion a year on IT, telecommunications, software and computer services. It also has the fifth largest ITEC industry, with a value of some £43 billion or 6.7% of total UK GDP.
  3. FEI is the UK’s leading trade association for the information technology, electronics, communications, defence, office equipment and office furniture industries. FEI currently represents around 70% of the UK electronics sector by revenue, from global leaders to specialised, high technology SME’s, including world class players in their field.
  4. We note that the DTI proposals:
  1. We welcome the publication of the consultative paper and the opportunity to respond. The FEI would also welcome the opportunity to discuss, at first hand with appropriate officials, any issues arising therefrom.
  2. The DTI proposals represent the first government attempt anywhere in the world to bring together in a single licensing regime the general issue of the regulation of trust services and the special issue of access to the decryption keys of encrypted intercepts. Although we have critical comments (set out in the following sections) on this and some of the details of the consultation paper, we support the broad thrust of its thinking, and the notion of the licensing of Trust Service Providers where a service is provided to the public. However it will be essential for any regulatory system that addresses these problems to be technology neutral: We consider there is a danger that overly-specific laws promoting a specific approach to cryptography could enshrine current technology and restrict innovative computing schemes. We would also be concerned if there was an adverse impact the development of the Information Society in the UK. We are convinced that the UK needs to be a leading player in the establishment of a Trust Services Infrastructure (TSI) for Europe and the World. In particular, we see a major role for Britain in pioneering a policy and regulatory approach that could be replicated in due course in most developed economies world-wide.
  3. The benefit for the UK, Europe and the World will be a Global Information Society based firmly on privacy and trust.

    4.  

  4. A TSI will enable and facilitate:

 

  1. A TSI will benefit all or most organisations, but will be especially valuable to innovative and fast-growing companies in the small and medium-sized enterprise (SME) sector - the main powerhouse in the UK and elsewhere for new jobs and economic growth. A TSI will create jobs directly too, as a new, regulated, market for trust services quickly develops - and if the UK is a leader in establishing this market, then UK service providers are likely to be well placed in what will turn out to be a massive global opportunity.
  2. For the TSI to be trusted and accepted by its potential users, we agree that that publicly offered services should be subject to a carefully-constructed licensing regime. Only through regulation of publicly offered Trust Services will their take-up be at its greatest.
  3. The remainder of our response is set out in the following sections:

    4. B. Comments on terminology and emphasis.
    C. Comments on technical assumptions for key restoration.
    D. Comments on the need for a global solution.
    E. Comments on the need for legislation on digital signatures.
    F. Comments on the definition of a "service".
    G. Comments on DTI's perceived benefits.
    H. Comments on specific questions posed in the consultation paper.
    J. Miscellaneous comments.

     

    B. Comments on terminology and emphasis

     

  4. Although the term "encryption service" is defined in the consultation paper, we believe that it is not only technically inaccurate but also very misleading:

 

  1. Although we acknowledge the vital need for law enforcement access to decrypted messages, we would prefer to see this subject regarded as an important special issue to be dealt with within a general discussion of a TSI rather than the central theme it often appears to be in the paper.
  2. A good example of how law enforcement access seems central to DTI's thinking, to the exclusion of more general issues, can be found in paragraphs 86 to 89 of the paper, where liability arrangements are proposed only in the context of confidentiality. A complete discussion of liability would also cover loss or misuse by service providers of keys used for non-confidentiality services such as timestamping and the certification of keys for digital signatures.
  3. Much the same arguments apply to the term "Trusted Third Party". Although we accept that, in this case, the term is technically accurate, it is too closely associated with past proposals for key escrow systems. The term also fails to convey the importance of the role that such organisations will play in the establishment of privacy and trust in the Global Information Society. We suggest that a more marketable term - perhaps "Trust Service Provider" - should be used. That is the term we shall use generally in this response.
  4. Our final comment on terminology relates to the terms "key recovery" and "key escrow", which the consultation paper uses interchangeably. These two techniques are distinct and are based on different principles. A key escrow mechanism requires the sharing of a secret between a user and a third party; a key recovery mechanism makes no such requirement. We think that it is important for the terms to be used correctly, with the expression "message decryption key restoration" or simply "key restoration" used to cover both escrow and recovery.

    5.  

     

    C. Comments on technical assumptions for key restoration

     

  5. The consultation paper seems to take as axiomatic that:

None of these axioms is valid.

  1. In an interactive scenario (for example, between a web browser and web server) - and, increasingly, interactive scenarios rather than store-and-forward implementations will be the dominant paradigm - the two ends of the transaction can exchange an encryption key (by Diffie-Hellman negotiation, for example) without needing to call on the services of a third party. Such two-party negotiation is convenient, widely used, and secure and can be expected to be the method of choice in almost all commercial applications.
  2. In a store-and-forward implementation (for example, e-mail) one method of key establishment depends on the receiver's public key certificate being published in a directory. There is no technical requirement for the certificate authority signing the certificate, or for the directory service provider, to know the private value of any public key appearing in the certificate. Indeed, many product implementations take care to ensure that the private key is securely held so that it can never be shared or otherwise revealed. A smart card system, for example, will tend to include mechanisms to generate the private key randomly on the card in such a way that it cannot be later extracted into the outside world.
  3. Even if service providers somehow knew the values of the private keys of their clients, and were thus able to give them up against a warrant, then the conditions of Annex E of the consultation paper would still not be fully met. This is because the transmitted data would include the message decryption key wrapped only with the public key of the recipient. Requirement 6 (... both incoming and outgoing communications ...) would not be met - only incoming communications would be accessible under warrant. Service providers would be unable to meet the full requirements of law enforcement agencies - and they would be unable, either, to provide an adequate key restoration service to their subscribers.
  4. If key restoration meets the requirements of Annex E by being "balanced" then it always depends on the sender's specially-engineered encryptor including in the transmitted stream some extra protocol elements whose sole purpose is key restoration. This is true for key recovery schemes (such as IBM SecureWay Key Recovery) and for key escrow schemes (such as the Jefferies/Mitchell/Walker - or "Royal Holloway" - scheme).
  5. The legislation establishing the regulatory regime and any new laws on warranted access each need to reflect this fact - as do any new UK export control rules. This can be done by recognising that a full-function key restoration capability depends on a framework which includes conformant product implementations and the availability of a whole range of trust services - not just the holding of keys by service providers. It should also be recognised that key escrow implementations and key recovery implementations are both able to meet the key restoration requirements of users and the warranted access requirements of law enforcers.
  6. There also needs to be an understanding of the services that service providers will be able to offer law enforcement agencies. For example, the following five "law enforcement services", offered by service providers to law enforcement agencies, all have different characteristics:

This list is probably not complete - other services may be offered which, like these five, also achieve legal access in accordance with the OECD Guidelines and Annex E.

  1. The consultation paper is not explicit, but the assumption seems to be that law enforcement service 1 will be mandated. Such an assumption may unduly limit a user's choice of technology and the way in which trust services are offered and by restricting the technology prevents the UK from using innovative technology as it comes to the market.

    2. Which key restoration services are offered to trust service subscribers will be determined by their preferences and the market. Our discussion here applies only to the service offered by service providers to law enforcement agencies.

  2. Finally, and also importantly, UK export control rules must not distinguish between key escrow and key recovery implementations; provided a product contains mechanisms which are globally acceptable and difficult to circumvent, which produce valid key restoration parameters on transmission and which check key restoration parameters for validity on receipt, and provided the product meets the requirements of Annex E, then export should always be made easy.

    3.  

  3. We now comment on specific paragraphs of the consultation paper.

    4. Paragraph 37:

    Legal access can be achieved by making use of a key escrow/recovery system. Key recovery allows authorised persons (for example users, officers of an organisation and law enforcement authorities) under certain conditions, to decrypt messages with the help of cryptographic key information, held in escrow, and supplied by one or more trusted parties. In such cases legal access is to the private confidentiality key.

    Key recovery and key escrow are different techniques. Key recovery does not require any information to be "held in escrow".

     

    Paragraph 46:

    In terms of Key Recovery the proposed legislation is concerned solely with legal access to private encryption keys (which are used to protect the confidentiality of information) required by the authorities in connection with the lawful interception of communications (i.e. information on the move) or for lawful access to data stored and encrypted by the clients of licensed TTPs. There is, of course no intention for the Government to access private keys used for only integrity functions. Legal access to encryption keys will be permitted through serving warrants on TTPs.

    We repeat our assertion that "private encryption keys" will not typically be held by service providers and that, even if they were, this alone would not meet the requirements of Annex E. What is needed for legal access are message decryption keys - these can be restored effectively and reliably using a product- and services-based framework that implements either key escrow or key recovery.

    When encrypted data is stored (as opposed to being transmitted), there is no requirement at all for the involvement of a Key Provider in the management of the keys used for encryption - except of course for key restoration. Key restoration services will only be relevant to stored data when the product performing the encryption is specially engineered to prepare key restoration parameters for storage with the encrypted data.

    We fully endorse the notion that signature keys should never be restorable.

     

    Paragraph 47:

    The Government recognises that further legislation may be required in the future to enable the appropriate authorities to obtain private encryption keys other than those held by licensed TTPs.

    The advantage of a product- and services-based framework is that, in a key recovery implementation especially, it can enable legal access to message decryption keys even when the user has no explicit agreement at all with a trust service provider. (Although an implicit agreement may exist - "hardwired" into a shrink-wrapped product, for example.) An approach which embraces such a framework now may make unnecessary any further legislation in the future.

     

    Paragraph 78:

    It is envisaged that a warrant would require a TTP to disclose, in a timely manner, cryptographic key material to a central repository (acting on behalf of an agency). It is envisaged that it should take no more than an hour for a TTP, once presented with a validated warrant request, to deposit the appropriate client encryption key(s) with the central repository. The procedures and methods to enable such timely disclosure will be determined between the licensed TTP and the central repository. The costs of obtaining a warrant and serving it on a TTP, as well as the direct costs of the TTP complying with such a request, shall be borne by the appropriate agency. Costs of implementing and maintaining the technical capabilities for legal access shall, however, be borne by the TTP.

    The assumption here seems to be that law enforcement service 1 will be offered. For other law enforcement services we expect that the timeliness requirement would have to be modified. For example, a service provider might be allowed an hour to prepare the service upon receipt of a warrant, thereafter responding within a few seconds to each specific request under the warrant.

    Where legal access is required under warrant to stored encrypted data, then we expect that the time constraints would be much more relaxed.

     

     

    D. Comments on the need for a global solution

  4. The consultation paper says:

    5. 9. The Government's policy on TTPs and the provision of encryption services for the protection of information transmitted electronically should be viewed in the context of the Government's broader objectives for building the information society in the UK.

    The FEI believes the UK is increasingly part of a world-wide economy and that the Information Society will be global in character. Unless they can compete effectively on a world-wide basis, UK businesses will not be successful. Clearly, Parliament can only legislate for the UK, but there should nevertheless be a recognition that economic success will be achieved in a world context and not just in Britain.

  5. Further it comments on the Government role stating that:

    6. 12. Within this framework the Government has an important role to play in providing leadership in certain key areas. These include:-

    a) Creating the right regulatory framework so that industry and the economy can flourish, while assuring proper protection for the public.

    b) Promoting appropriate use of new technologies - in schools and colleges, museums and libraries, in the health service and in all areas of public life.

    c) Using information technology to improve efficiency in Government and the effectiveness of the services it delivers to industry and the public.

    d) Acting as a catalyst for new developments, bringing people together and working in partnership with the private sector and local authorities to make things happen.

     

  6. There is an important role for Government not acknowledged in this list - building a world wide infrastructure to support the global economy. The UK Government needs to support UK companies in doing business globally as well as in doing business in the UK.
  7. Britain must offer leadership, but must do so in a way that allows the rest of the World to catch up without damaging companies operating from the UK. There is a danger that making the system too restrictive too early in Britain would give unfair advantage to competitors elsewhere. The playing field must be fair and level.
  8. The legislation must be framed in such a way that it could act as a template for other jurisdictions. If the UK wants to offer global leadership in this area then the first test must be: if all developed countries implemented laws as close as possible to the UK law, then would the resultant global picture be consistent? The second test must be: are there cultural, procedural, legal or other inhibitors in other developed countries which would make UK law difficult to transplant relatively unchanged?

    9.  

  9. In particular, even though licensing regimes may be formally established on a national basis, in practice there must quickly be established a "virtual, global" regime. This means that a provider wanting to offer services to more than one country should find it very easy - or, ideally, trivial - to obtain a licence for every country after the first. This will require mutual recognition and cross-licensing agreements between countries. We see the European Union and the Organisation for Economic Co-operation and Development playing an important role here. And, if the UK leads the way, then UK-based service providers can only benefit. If however the legislation is overly prescriptive, it could result in UK companies being penalised

    10.  

  10. It is accepted that a single global picture will inevitably be subject to political constraints. For example, a country which has abolished the death penalty may refuse to co-operate with law enforcement officials in another country in decrypting the messages of a suspect who stands in risk of being executed. And mainstream democratic countries may not be too anxious to encourage trust service provision at all in other sorts of country. But this should not stop the attempt towards consistency.
  11. In respect of Para 45 which states:

    12. 45. The legislation is directed solely towards the provision of encryption services to subscribers in the UK and not the use of encryption. Organisations offering or providing encryption services to the public in the UK, including those providing or advertising such services from outside the UK, will be required to be licensed. (The Government is also considering whether UK based bodies which provide encryption services solely to clients outside of the UK should also require licensing). Users, however, will remain at liberty to choose whether to make use of TTPs, or to make other arrangements for their encryption requirements.

    We can see difficulties is enforcing the law against organisations which offer unlicensed offshore services to the UK, particularly if their advertising is confined to Internet (and such advertising could be very effective), unless a virtual global licensing regime is implemented.

    Also as we explain in section 1, we believe that the phrase "encryption services" is misleading.

     

     

    E. Comments on the need for legislation on

    digital signatures

     

  12. While we strongly support the legislative ideas set out in the consultation paper, we are also convinced that other new laws will also be necessary. We have in mind especially the acceptability of digital signatures as evidence in civil proceedings. Although we recognise that this will be an exceptionally difficult undertaking, affecting the fundamental basis of contract law, we remain convinced that it is an issue which cannot be ducked.
  13. We note that separate legislation may be needed for Scotland, where contract law differs from England and Wales - and we also note that such legislation might have to be delegated to a future Scottish Parliament.

    14.  

  14. Paragraph 52 of the consultation document says:

    15. 52. Two separate issues which need to be considered are how the identity of the signatory of a document and the integrity of a document may be proved in legal proceedings in the UK. These issues may arise where a digital document is admissible in court and where digital signature satisfies relevant legislation. Parties to encrypted documents may be able to agree between themselves as a matter of contract law that they will accept a certificate by their TTP as to these matters in any action against each other over the contract. This would not however bind a third party and would not necessarily assist if the validity of the contract were challenged.

    The discussion in this paragraph of the consultation paper is generally sound, with one exception. Whether or not a document is encrypted is irrelevant to any determination with regard to the acceptability of a digital signature. The same problems arise with a digitally signed document whether or not it is encrypted.

    The argument on digital signatures needs to be extended to other integrity-based trust services, for example time stamping, notarisation and proof of intellectual property ownership. This is a complex issue as Annex A makes clear. In the time available for preparation of this response it was not possible to elucidate a full discussion of the issues. The FEI is keen to discuss this matter further.

    We would support moves to deal with this issue in an EU context. The UK could bring the matter forward during its Presidency in the first half of 1998.

     

     

    F. Comments on the definition of a "service"

     

  15. The consultation paper sets out to regulate the provision of services. We have a number of concerns about the definition of a "service".
  16. Current thinking on quality management identifies service providers and subscribers within an organisation, and develops complex notions of "customer" based processes, service level agreements and so on. But, however useful such an approach may be, and however successful it is in driving business transformation, the fact remains that the "suppliers" and "customers" within an organisation are not typically separate legal entities.

    17. Viewed from outside the organisation there is often no legally-recognisable service provision at all.

     

  17. This problem can perhaps be best understood by considering an electronic mail system within a company - and for simplicity we will assume that the system is so basic that it involves no cryptographic functions at all. The IT department will sign up to service level agreements for performance of the system, will apologise when the system becomes unavailable, will send out questionnaires monitoring user satisfaction and will do other things that a competent service provider would do. But the fact remains that employers do not, in law, provide services to employees. (The converse is the true position - employees provide services to employers.) The service level agreement is not an enforceable contract between the company and its workers. If the performance doesn't match up the employees can't sue. Rather, the e-mail system is an employer's resource which happens to make more useful to the employer the service (for example, working for 37 hours a week) that the employee provides.

    18.  

  18. The argument is the same when the e-mail system is extended by including cryptography. Each e-mail user will now have a digital signature key pair, and will perhaps use other keys which will enable key restoration, but there still is no "service" that the law could recognise.
  19. And the argument can be extended even further. Not only are employees of the company not offered a service in the legal sense, neither are contract workers, employees of supplier companies, and so on.

    20. If there is no service provision, there is clearly nothing that can be licensed or regulated.

     

  20. We also have a concern with the definition of a "service" in the consultation paper:

    21. 74. For the purposes of this legislation the terms public and encryption services will encompass the following meanings:

    · Public will be defined to cover any natural or legal person in the UK.

    · Encryption services is meant to encompass any service, whether provided free or not, which involves any or all of the following cryptographic functionality - key management, key recovery, key certification, key storage, message integrity (through the use of digital signatures) key generation, time stamping, or key revocation services (whether for integrity or confidentiality), which are offered in a manner which allows a client to determine a choice of cryptographic key or allows the client a choice of recipient/s.

     

  21. We would wish to see a more precise definition of "encryption service" (or "trust service" as we would prefer it to be called). In particular, what the subscriber does with cryptographic keys is irrelevant - so there should be no reference to the user being able to choose a key, and no reference at all to recipients. A better definition might be:

"A trust service" is one in which either:

 

  1. This definition, and the services excluded from licensing, would then depend on a further definition of the term "subscriber". A permanent or contract employee, supplier company, and so on, would not be considered a subscriber by virtue of those relationships. (They may be subscribers by virtue of other relationships - for example a licensed service provider may offer discounted trust services as an employee benefit.) A customer would not necessarily be regarded as a subscriber if the main objective of the contract was to provide the customer with goods or services unrelated to trust services. By extension, a consortium of companies built mainly for purposes other than the delivery of trust services would not contain any "subscribers" even though communication internal to the consortium relied on trust functionality. A closed user group, exempt from licensing, can be defined by the absence of "subscribers" within it.
  2. The definition is also useful in understanding how a trust infrastructure internal to a company or closed user group should be treated when it cross-certifies with the licensed infrastructure. The consultation paper proposes that this single action would require the whole of the internal infrastructure to become licensed. The analysis argued for here would come to an opposite conclusion.
  3. Two things might happen in such a cross-certification:
    1. The private key of the internal infrastructure would be used to sign the public certificate of the licensed provider.
    2. The licensed provider would certify the root public key of the internal infrastructure.

Action 1 could take place at any time, without the approval, or even the knowledge, of the licensed provider. No licensing regime could sensibly prohibit such an action. When the action is complete, every user of the internal infrastructure would be able to authenticate every user in the licensed infrastructure.

Action 2 is no different in principle from a licensed provider certifying a key that is not a root key - the difference is that the licensed provider has a corporate, rather than an individual, subscriber and that a group of users, instead of a single user, becomes fully part of the licensed infrastructure, authenticatable to every user of the licensed infrastructure.

 

G. Comments on DTI's perceived benefits

 

  1. We comment in this section on the benefits that DTI perceives for the proposals, and which are set out in paragraph 42 of the consultation paper thus:

Para 42. Some of the commercial and business benefits of a Licensed TTP solution are:-

 

  1. This benefit is well stated, but applies mainly to users who, at the inception of the regulatory regime, do not already have existing satisfactory trust relationships.

 

 

  1. The main reason for a fragmented UK market for encryption products has been the attitude of government up to now to the non-government use of cryptography, together with export control policies in countries where products are developed - particularly the United States. Key management presents few "burdens".

    2.  

  2. Neither the development of a TSI, however important such a development is, nor mandatory licensing of service providers, will address the issue of standardisation of algorithms and interfacing. Instead, when the general use of key restoration solutions encourages governments to change attitudes and relax export rules, the market will quickly resolve any standards issues.

·

 

  1. It is possible to take some advantage of secure electronic trading without the development of trust services. There can be no doubt, however, that the availability of services makes the advantages significantly greater. The main business beneficiaries will be SME's; larger organisations have options for establishing trust with their business partners and with each other that do not depend on public service provision.
  2. A longer example list of trust services might include:
    1. digital signature;
    2. key exchange; and
    3. key restoration;

 

  1. It is not clear that licensing considerations are the same for all these services.

·

 

  1. Key restoration for stored data is without doubt an important service and will certainly be offered to subscribers, but the mechanism is not as simple as the paper assumes.
  2. As we have explained, the most convenient way of exchanging confidentiality keys, even between two strangers, often does not need the intervention of a third party; for stored data, where there is only one user and therefore no exchange of keys at all, then it is certainly the case that no other party is required for the simple operation of encryption.

    3.  

  3. It is likely that users will choose to be able to invoke key restoration services for stored encrypted data, but will do so by implementing a product- and services-based framework which gives effective and reliable key restoration through mechanisms which complement encryption functions, rather than simply exploiting mechanisms for key exchange. Key restoration services will only be relevant to stored data when the product performing the encryption is specially engineered to prepare key restoration parameters for storage with the encrypted data.

 

·
  1. We have a difficulty with the phrase "products designed to operate within a TTP environment". Our hope and expectation is that simpler (and, we hope, trivially simple) export licence procedures will apply, without discrimination between key escrow and key recovery implementations, to all products which contain mechanisms which are difficult to circumvent, which produce valid key restoration parameters on transmission, which check key restoration parameters for validity on receipt, and which meet the requirements of Annex E.
  2. If our expectation is met, then we agree that this will indeed stimulate demand in the UK and elsewhere, to the benefit of UK companies.

 

 

  1. We expect that there will be a significant and growing market for trust services. We fully endorse the policy that use of trust services should be voluntary.

 

  1. We applaud the lead that the UK is taking and we are confident that other countries will wish to learn from the UK experience.

 

  1. As we explain in the introduction to this response, we are convinced that the establishment of a TSI is crucial for the development of the Global Information Society.

    2. H. Comments on specific questions posed in

    the consultation paper

     

  2. Paragraph 50 - Whether the suggested scope of an exclusion from licensing for intra-company TTPs is appropriate in this context.

    3. We argue that companies do not provide services for their employees - so there is no "service" to be excluded from licensing. The same principle applies in closed user groups whose main function is not trust services.

     

  3. Paragraph 54 - Whether, in the short term, it would be sufficient for business to rely on agreements under contract regarding the integrity of documents and identification of signatures; or whether it would be helpful for legislation to introduce some form of rebuttable presumption for the recognition of signed electronic documents.

    4. We argue in section 4 that it is imperative to introduce, for the medium and long term, legislation which would address the legal acceptability of digital signatures. In the very short term it may be acceptable to rely generally on written contracts, and many organisations - especially the larger ones - may be content with such an arrangement indefinitely but this is a matter that should be carried forward in an EU context.

     

  4. Paragraph 60 - The appropriateness of the proposed arrangements for the licensing and regulation of TTPs.

With five reservations, we would be willing to accept an initial regulatory regime as proposed. We hope that the Government would wish to keep the arrangements under constant review so that difficulties in the scheme's implementation could be quickly addressed.

Our reservations are:

  2. Paragraph 65 - Where views are sought on the proposed conditions.

With three reservations, we believe that the proposed conditions will implement the right level of rigour and consumer protection.

Our reservations are:

 

  1. Paragraph 70 - What, if any, specific exemptions for particular organisations offering encryption services would be appropriate depending on the nature of services offered?
    2.

    With the closed user group exclusions we have defined, we believe that the legislation must apply to all organisations offering trust services to the public. Ideally there should be no exemptions.

    The inclusion of the stated exemptions in the consultation paper unfortunately lends credence to the theory that the main concern of the paper is legal access - exemptions are offered where only integrity is at issue.

     

  2. Paragraph 71 - Whether it is thought desirable to licence the provision of encryption services to businesses and citizens wholly outside the UK?
    3.

    We recommend that the licensing regime should embrace even UK service providers who offer services only outside the UK.

    But we would like to see a "virtual, global" regime anyway - so that a UK company, having obtained a licence in the UK, would find it trivial to be licensed for every other country in which it chooses to offer services. So, even if the company had no plan or intention of ever offering services in the UK, it might willingly apply for a UK licence to ease becoming licensed for its real preferred market.

     

  3. Paragraph 81 - Should secure electronic methods for the delivery of electronic warrants by the central repository and the subsequent delivery of keys by the TTP be introduced?

    4. Yes, and the encryption techniques used to implement these secure electronic methods should be exempt from any possibility of interception - that is, key restoration mechanisms must be shown to be inoperative on links between a service provider and a law enforcement agency. (Technically, one way of doing this would be to use a key restoration architecture that allowed for the possibility of a residual part of the key to be restored by exhaustive techniques, and to set the length of the residual very high.)

    We have serious concerns about the notion of a "central repository". We recommend that a warrant should be electronically delivered by its issuer, not by a central repository. On receipt of a warrant, a service provider should deliver law enforcement services directly to the law enforcement agent named in the warrant. This enhances auditability and prevents the accumulation of key restoration parameters in a single vulnerable location.

    As we explain in section 2 above, we do not believe that the key restoration service can be regarded as being as simple as "delivery of keys". So a central repository is probably unworkable anyway.

     

  4. Paragraph 82 - Does the legislation specifically need to refer to other forms of legal access including a civil court order for access to cryptographic keys used to protect information relating to civil matters such as bankruptcy?

    5. Yes, but once again we assert that key restoration is not as simple as "access to cryptographic keys".

     

  5. Paragraph 84 - Should deliberate (and perhaps wilfully negligent) disclosure of a client's private encryption key be a specific criminal offence, or would existing civil and criminal sanctions suffice?

    6. The legislation should create a new specific criminal offence, which should cover the deliberate or wilfully negligent disclosure of any key held by a service provider, or the deliberate or wilfully negligent use of any such key, except in accordance with the provider's security policy as defined in the licence. This would cover not only the disclosure of key restoration keys ("law enforcement service 1" as defined in section 2) but also the disclosure of keys used by the service provider to sign certificates. It would also cover, for example, the invocation outside of policy of any other law enforcement services (for example, services 2 to 5 as identified in section 2), and the issuance of a certificate outside of policy.

     

  6. Paragraph 89 - Whether the principle of strict liability (as described ) is appropriate in these circumstances?
    7.

    Liability needs to apply not just to key restoration functionality but to all trust services. A service provider must be liable, for example, for issuing a certificate, or for cross-certifying with another provider, outside of policy.

    It must be possible under the licensing rules for providers to enter into contracts with subscribers which set a higher level of liability than the licensing rules require.

     

  7. Paragraph 91 - Whether, in principle, an independent appeals body (such as a Tribunal, separate from that referred to below) should be created ?

    8. Yes.

     

  8. Paragraph 93 - Whether the proposed duties of an independent Tribunal are appropriate.
    9.

    There needs also to be a method of resolving disputes on trust services issues which are unconnected with key restoration.

     

  9. Annex C - Would mandatory ITSEC formal evaluation be appropriate?
    10.

    No. ITSEC evaluations have not been embraced by users outside government. They are expensive and take too long. There is hardly any international mutual recognition.

     

    J. Miscellaneous comments

     

    We comment here on various miscellaneous paragraphs and appendices in the consultation paper.

     

  10. Paragraph 27. Individual countries both in and outside Europe are also developing their own national approaches. Whilst the US, France and the UK are perhaps unique in having policies on Trusted Third Parties involving key escrow, Germany has introduced a draft Digital Signature Law, Canada is developing a Federal Public Key Infrastructure, and Australia is developing a national Public Key Authentication Framework.

    11. The United States policy is not restricted to key escrow and includes key recovery as an option.

     

  11. Paragraph 41. In practice, TTPs could exist in both public and private domains, at the local, national and international level. TTPs should have trust agreements arranged with other TTPs to form a network, thus allowing a user to communicate securely with every user of every TTP with whom his TTP has an agreement. The proposed legislation is solely concerned with licensing those TTPs offering services to business and the public and not intra-company TTPs. TTPs, as noted above, are required to interwork and therefore a key management architecture is required to facilitate both the cross certification of keys and legal access requirements. The minimum functional requirements the Government considers suitable for such an international TTP architecture are outlined at Annex E.

    12. This argument is technically flawed.

    A TSI is established by cross-certification of providers' verification keys. When two service providers cross-certify, they each digitally sign the verification key of the other. In principle there is no limit to the complexity of the network which can be established by repeated pairwise linkages of this sort. A subscriber will be able to communicate securely not only with the subscribers of service providers cross-certifying directly with his or her own provider, but also with all subscribers in the whole network. The relationships of service providers in the TSI are not simply bilateral; they are hierarchical, multilateral and complex.

    Any "interworking" of service providers is purely static - once cross certification is complete, and until the certificates expire or need to be revoked, the only action required of each provider is the careful guardianship and prevention against misuse of its signature key.

    The TSI is a network built from cross-certification of verification keys. It has no direct application for key restoration, and effective and reliable legal access - especially if it is to meet the requirements of Annex E of the consultation paper - does not require a key management scheme to be intrinsic to key restoration. (This last statement is in principle true for both key escrow and key recovery systems, although in practice is more likely to be relevant to key recovery.)

    We accept that the requirements of Annex E are valid and complete, but assert that they describe the characteristics of a product and services framework rather than an international TSI architecture. For practical application the framework probably requires a TSI to exist, but it places no special constraints on the nature of the TSI.

     

  12. Paragraph 55. Although the legislation will require foreign TTPs offering or providing encryption services to clients in the UK to have a registered base in the UK (which will allow for the licensing of non-UK bodies with no trading presence in the UK), there will be no provision requiring UK clients to use a UK licensed TTP. They are, and will be, free to register with foreign TTPs. It will therefore be necessary (for law enforcement purposes) to establish arrangements with other countries for the exchange of keys. The UK Government believes that these arrangements will be on the basis of dual legality i.e. whereby the criteria for access is satisfied in both countries. The keys held by UK licensed TTPs will not, under this legislation, be permitted to be disclosed to the authorities of other countries unless such requests satisfy UK law and are authorised by the competent UK authority. A fuller description of such arrangements is at Annex B.

    13.  

    If warrants are to be served electronically, we would argue against the need for providers to have a UK registered address. We have argued earlier for a different approach to law enforcement services, in particular urging that is should be wider than what we have called "law enforcement service 1". Bilateral (or, ideally, multilateral) arrangements must take account of whatever law enforcement service is offered in each country.

     

  13. Paragraph 75. The legislation will also prohibit a UK licensed TTP from contracting with any non licensed TTP for the purposes of carrying out encryption services. In order to build up a TTP network it may be necessary from time to time for UK licensed TTPs to recognise non-licensed bodies from other countries where no licensing regime exists. In such cases recognition should not be given to an unlicensed body until the UK licensed TTP is satisfied that such recognition would not put at risk its ability to meet any of its obligations under this, or other, legislation, or international obligations (such as those concerning data protection).

The prohibition should relate explicitly to cross-certification, not to making a contract. There should be a legal requirement which mandates every licensed service provider to cross-certify with as many other licensed providers as are necessary to ensure that there is only one public licensed infrastructure in the world. When considering cross-certification with an unlicensed provider, a licensed provider should be required to take into account the integrity of the whole global licensed infrastructure as well as any national or international legal obligations.

 

May, 1997

Enquiries regarding this response should be addressed to:

C W Binns

FEI

Russell Square House

10 -12 Russell Square

London WC1B 5EE

Tel: 0171 331 2021

Fax 10171331 2042

Email cbinns@fei.org.uk