Will Britain Crack the Code?

Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-years collection of 46,000 files from June 1996 to June 2008 (~6.7 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,000 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost.

30 April 1998
Source: http://www.the-times.co.uk/news/pages/Times/frontpage.html?2379533

The (London) Times Online, April 29, 1998

Ray Hatley on spooks, hacks and cryptic messages

Will Britain crack the code?

Just days after Labour came to power a year ago, Nigel Hickson was summoned to Downing Street to discuss the nation's security. "Nigel who?" you might ask, but in the strange and secretive world of cryptography - where spooks meet hacks and priceless information disappears into the ether - Hickson may be as powerful as Peter Mandelson.

He breaks cover at the InfoSecurity '98 show - at London's Olympia today and tomorrow - in hot debate about encryption and Internet security with a platform of security industry gurus. The big question is: Should governments have the power to restrict or monitor the transmission of coded messages?

Some governments have already banned encryption on the grounds that in the wrong hands it is a threat to national security, allowing criminals or terrorists a safe channel of communication. But in those countries there is already evidence that commerce relying on confidential communications, including credit card transactions, has been damaged.

Hickson, who is head of the information security policy unit at the Department of Trade and Industry, will be the key figure when the British Government comes to take a decision on this tricky subject. He was not prepared to comment on the Government's plans to restrict cryptography, although he agreed that one item on the agenda was the system known as Key Escrow, by which those wishing to use encrypted communications would have to lodge a key to their code with a Government-appointed agency.

A DTI spokesman said there would be no announcements at the exhibition, a disappointment for opponents of cryptographic restrictions who feel a decision is overdue.

Phil Zimmerman, the writer of the encryption package PGP (Pretty Good Privacy), and Hickson's principal debating opponent this week, says: "When making public policy decisions about new technologies for a government, I think one should ask oneself which technologies would best strengthen the hand of a police state. Then, do not allow the government to deploy those technologies. This is simply a matter of good civic hygiene."

Some governments, including those of Israel, France, Russia and China, have banned encryption entirely, and US President Bill Clinton recently took the unprecedented step of restricting the export of cryptographic software. But Zimmerman said: "Today, human rights organisations all over the world are using PGP to protect their people overseas. Amnesty International uses it. It is used to protect witnesses who report human rights abuses in the Balkans, Burma, Guatemala and Tibet. PGP and other cryptographic techniques are vital to the continuing existence of these and other similar organisations."

In its simplest form, an encrypted message is one that can only be read by the intended recipient, as a secret key is required to make the message readable. In the hands of terrorists, cryptographic techniques could allow for illicit communications which cannot be broken by the security services.

A Key Escrow system would certainly allow the Government to monitor transactions, but many people believe the Government is incapable of providing a secure environment to hold the keys. Bruce Tober, author of Bloor Research's new report on Internet Security Issues and Solutions for Small and Medium Enterprises (to be released this summer), said: "I believe that law enforcement agencies have enough tools at their disposal to bring successful investigations and prosecutions, without having to restrict the use of encryption."

Andy Campbell, of electronic security experts Reflex Magnetics, said: "Credit card transactions need to be secure, and without encryption it is hard to see a way secure communications could be established. If the Key Escrow agency was compromised, then the entire world of e-commerce could, and probably would, collapse overnight. It would be impossible to trust legitimate electronic communications. The only communications to remain secure would be those using an illegal form of encryption."

The chances of governmental success are slim. Some would say they have already failed because uncontrolled high-level cryptography is easily available from the public domain. There is some evidence to show that restricting the export of cryptographic software has slowed its commercial use, but as the people who are using these packages are not talking about it, it would be virtually impossible to make an informed comment. The Government can control the legitimate and law-abiding companies who wish to use cryptography to protect their assets and their customers' privacy, but it will be impossible to control the criminals, who will simply do as they please.

Governments worldwide are concerned that terrorist groups could use encryption to defeat the efforts of law enforcement agencies. Certain terrorist groups are, indeed, becoming increasingly proficient in the use of computer technology; but it is hardly likely that an active terrorist group would place its cryptographic keys in the hands of a government escrow service.

Restrictions on the export of cryptographic software are also working from a false premise. Given time, freely available information and a reasonably skilled programmer, any terrorist organisation could develop its own implementation of commonly used cryptographic algorhythms without the need to conform to government regulations.

Zimmerman, speaking in the US, said: "Knowledge of cryptography is becoming so widespread that export controls are no longer effective at controlling the spread of this technology. People everywhere can and do write good cryptographic software. We import it here but cannot export it, to the detriment of our software industry."

For details on Infosecurity '98, held today and tomorrow at London's Olympia, phone 01844 262728 or browse http://www.infosec.co.uk