United Kingdom

For years, people in the UK (and most other countries) have laughed at the draconian political situation relating to crypto in the US.

Not anymore. It would appear that the UK government has decided to making the UK the technological laughing stock (well, next to France). This is happening in two ways:

1. Linking legal recognition of Digital Signatures with TTP's and mandatory key escrow. This ones really funny; to have your digital signatures recognised in a court of law, your encryption key has to be escrowed. They can't mandate that your Signature key is escrowed, because this would not allow for non-repudiation (anyway, they don't particularly want to fake signatures, just have surreptitious access to your messages and data).



2. Further limiting the export of crypto from the UK. Currently, the UK implements the Wassenaar Agreement, but the UK implementation of the agreement doesn't cover intangible distribution of cryptographic software. So, distributing crypto via the web or e-mail is OK. This is changing :-( The government has launched a whitepaper which outlines the government plans. I think that they are most succinctly summarised by a message to UKCrypt mailing list from Ross Anderson. The proposals could make it illegal to verbally discuss cryptographic techniques with non-uk nationals!

Who has ever claimed that UK citizens wouldn't benefit from a constitution which protects the subjects rights? Oh well, at least the import and use of cryptography isn't restricted yet.

Existing Legislation

We already have a law Police and Criminal Evidence Act, 1984 which says in section 19, subsection 4:

The police don't consider this sufficient power, so a new law is due soon which clarifies and extends these powers.

The bad news is that the ScramDisk program may soon not be exportable from the UK. Hopefully, by that time the program will be so well disseminated that the law will not effect the availability of this software.

Also, on the subject of UK crypto policy, has anybody noticed how the Labour Partys pre-election crypto pledge has changed ?

United States

The current situation in the US is well documented; vendors can only ship products out of the US with an Export License from the Bureau of Export Administration. Basically, the ITAR regulations just implement the Wassenaar Arrangement. This Export License will generally only be given if the encryption strength is <=40 bits, which is insufficient for virtually all purposes, or so says Blaze, Diffie, Rivest, Schneier, Shimomura, Thompson & Wiener in the report Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security (here).

The First Amendment protects US citizens freedom of speech, so the American government has no power to stop a company from printing out the source code to a program and export this in paper from. The same source code cannot be exported in electronic form. How is that for crazy? The following extract from a message posted to UKCrypto mailing list sums up my feelings wonderfully:

First, speech which comes out of our mouths or gets written on paper has generally been considered "speech" in the legal sense where someone is expressing an idea. Clearly, bombing a abortion clinic as political "speech" (and it is clearly political speech in the sense that the bombing is expressing a anti-abortion/pro-life political idea). What is illegal is not the idea, but the method used to express the idea.

That the bombing itself was illegal does not make the message less of a "speech". It is still an expressed idea.

Second, if I write, in a message, a prose description of an encryption algorithm, and included C code with it (just a code fragment, certainly not compilable as-is), the NSA and the FBI would still feel that they can prosecute me under ITAR, and they will claim that this is not speech. Therefore, this argument that it is functional in the sense that a compiler can automatically convert my E-Mail into a machine is ridiculous; the government has no intention of leaving it as just a context-sensitive law. They want to ban every single spread of cryptography they don't like (non-GAK).

Actually the First Amendment isn't the only 'constitutional thorn' in the US governments side. The Fifth Amendmant covers self-incrimination. Could revealing a cryptographic key = self-incrimination and thus be covered by the Fifth amendment? An even more obscure point (from the UK Crypto mailing list):

"A cryptographic key need not have testimonial content. A key can be any word, phrase, or a series of randomly chosen digits. However, one can imagine a cryptographic key that has been given an incriminating, testimonial content by making it a word or phrase that confesses to a crime. Many seldom-enforced statutes[16] enable one to confess to a crime in one's cryptographic key, thereby triggering potential criminal liability and therefore the protection of the Fifth Amendment"

If it is the case (or claimed by the defendant) that the passphrase is a (true) confession to a crime, would this invoke any protection against self-incrimination under UK law? The difficult case is when the crime of which the prosecution seeks evidence in the encrypted data, is much more serious than the crime confessed to in the passphrase (e.g. "I dropped litter in Trafalgar Square on dd/mm/yy").

That constitution is a real pain for the US Government, isn't it? Maybe that's why Bill Clinton made the amazing statement 12/08/93 (see the Quotes section).

Hopefully, the Bernstein & Junger cases will clarify the position in the US; these case challenges the right of the American Government to stop the Professors from exercising their rights in an electronic form. An e-mail from Cindy Cohn, Head Counsel for Bernstein excellent comments on the shortcomings of the Junger ruling.

The US Crypto policy is having rocks thrown at it from all angles. Large companies in America disagree with the policy, University Professors disagree with the policy, even branches of the government say that the policy (here) and more specifically the technology behind the policy (Key Escrow) is fundamentally flawed. But Reno & Freeh (SP?) like the technology, so it must be good....

The day that the NSA/GCHQ gives all of its keys up for escrow to, say for example, the Bank of America (or England :-)), is the day that I will endorse Key Escrow as a workable solution. If the damn government can't trust the technology, why should I?

Controlling Crypto

The US government has used and continues to use a number of mechanisms to control the proliferation, use and effectiveness of cryptography:

1. The Wassenaar Arrangement (detailed below). This stops crypto being spread to other countries and thus a "crypto-standard" being formed.
2. Key escrow. Clipper is the very well known and very unsuccessful standard that the government tried convincing businesses to use. Businesses refused because of security concerns.
3. Preferential export treatment for companies that promise to include key-recovery techniques in future products.
4. Trying to influence standard bodies to include GAK features. A message from Peter Gutmann to the Cryptography mailing list outlines how GAK was added to the IETF Public Key Infrastructure (PKI) standard.
5. The "private doorbell" initiative, announced by Cisco 12/07/98. This includes adding network tapping mechanisms in router & switches. This is like having the ability to tap phones at a telephone exchange. This doesn't protect users whos data passes over a network where the network manager is corrupt. Does the government believe that criminals won't use secondary encryption to prevent monitoring?

Other countries

The situation is not perfect in many other countries, see the following link for details of other countries controls on Crypto.

General Issues

Why was the program produced?

Why was PGP produced? Why not? If we honestly believed that strong cryptography was going to cost lives or threaten national security, we would have been morally and ethically obliged to not develop or release the package. But the truth is, there has not been a convincing argument from any political or lawmaking group as to why strong cryptography shouldn't be produced, used, distributed and sold.

I personally like the 'keys' analogy. We don't have to give the Government copies of our home and work door keys, so why should we afford them the same privilege with the keys to our data? The police are welcome to access my data with a valid court order in the same way that they can enter my house with a valid search warrant.

I also like Phil Zimmerman's 'postcard' argument. When people send letters they use envelopes to ensure a level of security, they don't send letters without envelopes because they don't have to. Sending letters within an envelope is considered acceptable because everyone does it. Everyone should have the right to use strong crypto.

The real reason that the American (and UK?) government are opposed to strong-crypto is that they are provided with far too much intelligence from monitoring communications to allow the proliferation of strong crypto, which would make there job necessarily harder. Read Puzzle Palace / For the Presidents Eyes Only if you don't believe me!

Both myself and the Author of the program are IT professionals without criminal records (not even driving endorsements!). We are neither "law breakers" nor "anarchists" - we just believe that privacy should be a right and that strong crypto should be accessible to anybody who wants it.

Echelon

The governments of UK, US, New Zealand, Australia and Canada are part of a pact known as The UK/USA Pact. This pact is "secret", but one of the products of this pact, "Echelon" has been recently officially recognised in an EU report.

Echelon is a global monitoring system run by the UK/USA members. It is thought that virtually every electronic signal transmitted across national boundaries between any of the member nations is monitored and searched against a dictionary. Echelon also monitors any other countries transmissions via satellites; it is thought that every satellite orbiting the earth has an American counterpart which grabs a copy of all data and transmits it to the NSA in Maryland. Wow.

The Wassenaar Arrangement

This international agreement has been signed by a number of countries and is aimed to stop the proliferation of arms. Cryptographic source code is considered a munition in the context of this agreement. The Wassenaar Arrangement thus has the wonderful side effect of slowing distribution (and therefore use) of cryptography.

If strong crypto were to be used throughout the world, would Echelon be as useful?

For information the 33 countries represented in Wassenaar are:

Argentina, Australia, Austria, Belgium, Bulgaria, Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Luxembourg, Netherlands, New Zealand, Norway, Poland, Portugal, Republic of Korea, Romania, Russian Federation, Slovak Republic, Spain, Sweden, Switzerland, Turkey, Ukraine, United Kingdom and United States.