Licensing of Trusted Third
Parties for the Provision of
Encryption Services
Prof. Simon Rogerson
Director
srog@dmu.ac.uk
Dr. N Ben Fairweather
Research Fellow
nbf@dmu.ac.uk
This document should be read in conjunction with the DTI document ( !"$# %&(')!""*+"$, -$"*./
) of March 1997.
Introduction
We agree that it is vital everyone has the opportunity to benefit from the evolving information technologies and that this implies a need for secure electronic commerce facilities. The primary focus of the proposal appears to be sustaining the commercial supplier-client relationship in an IT-dependent world which might limit public acceptance and confidence in the TTP concept.
The proposals for government agency access appear quite lose. If the collection of intelligence is made too easy then there is a danger that agencies will invade the privacy of people going about their lawful but unconventional business when there is no grounds for suspicion other than being unconventional.
Comments Relating to Specific Paragraphs
Section II: Government Policy Framework
Paragraph 10 - In certain situations where repressive governments operate the use of encryption may well be essential in forming an effective political opposition.
Paragraph 14 - Personal data must be capable of transmission without interception by third parties who wish to abuse that data. There must also be consideration of the legitimacy of the transmission.
Paragraph 17 - The issue of trust is fundamental to these proposals. There are doubts about the degree of trust placed in TTPs if they enable security services to gain access to data that is highly sensitive. It could be argued that licensing is not primarily to establish trust but makes encryption illegal that cannot be breached by intelligence service. There is certainly a need to have a mechanism in place that independently monitors "legal" intervention.
There is a need to have clear definition of what is meant by fit for purpose. Consumers protection must encompass both direct and indirect consumers.
Section III: European Union & OECD Developments
Paragraph 24 - Global security will be as strong as the weakest national approach.
International agreement regarding TTPs is essential so that a minimum acceptable global standard is established in TTP protocol and data exchange. Key principles are an
Paragraph 25 - Individual privacy and national security concerns can be in significant conflict. There needs to be greater safeguards regarding key escrow and warrants if both are to be enabled.
Section V: Trusted Third Parties
Paragraph 39 - TTPs should have some degree of responsibility in ascertaining who is going to use their service and for what purpose.
Paragraph 42 - There is a need to define the criteria to be used to measuring trustworthiness
Section VI: Structure of the Proposals
Policy considerations.
Paragraph 43 - Consumers and the general public need to be made aware of the issues related to TTPs and encryption so that they can make value judgements about trust and acceptance. An awareness programme should be part of the final implementation of this proposal.
Paragraph 45 - The licensing of organisations outside the UK is fraught with difficulty given the existence of the Internet.
Whilst users will be at liberty to make alternative arrangements to TTPs this might present immediate and reasonable grounds for criminal suspicions under these proposals. Paragraph 46 - There will be growing concern regarding the access to private keys if warrants are easy to obtain by government agencies.
Paragraph 47 - The suggestion of possible legislation to cover obtaining encryption keys other than those held by licensed TTPs infers that the safeguard of being permitted to use encryption technology from non-licensed sources is short term and probably worthless. Paragraph 49 - It is difficult to see why certain services, in principle are different. If there should be absolute privacy in these cases why should there be less in others?
Paragraph 57 - Licence conditions should be open for public inspection. There should be a public directory of TTPs and their performance and standing.
Paragraph 59 - There should be a well defined review mechanism covering TTP performance.
Paragraph 60 - Positive and individual licensing can be expected to have a highly inhibitory effect on the development of this industry.
Paragraph 64 - Whilst co-operation under legal access conditions is recognised it must not be capitulation. TTPs have a legal duty to the public not to provide access to
authorities unless they are sure they are legally obliged to do so. TTPs must be protected from undue pressure in such situations.
Paragraph 68 - With the increasing use of outsourcing and contracting the distinction between an employer and its suppliers is becoming blurred. There are many cases now of colleagues working alongside each other where some are employed directly and others via an agency under contract. Thus the meaning of "cryptographic protection between its employees" needs to be clarified.
Paragraph 75 - TTPs should register its association with TTPs in other countries be they licensed or otherwise.
Paragraph 76 - What are the provisions for the delegations of warrant issuing powers? What are the safeguards against them being used in inappropriate circumstances?
Paragraph 77 - A central repository will be highly sensitive in terms of potential security breaches and the distribution of keys to inappropriate agencies.
Paragraph 78 - The deadline of one hour effectively prevents challenges to the validity of warrants. If there are to be serious safeguards against the abuse of systems, there must be time for challenging of the validity of warrants. There may well be grounds for
restricting access of encrypted data to a subset which relates specifically to the
investigation in hand. The provision of the keys under a warrant must account for this. In practice it may be extremely difficult to limit access in this way.
Paragraph 83 - Whilst the suggestion of inappropriate disclosure of encryption keys being a criminal offence is welcomed the central repository and one hour rule restricts the offence to non-government agency disclosures. This limits individual privacy protection and undermines public confidence.
Paragraph 87 - The amount of compensation, once liability is proven, should be at the discretion of the Court.
Paragraph 92 - An alternate method would be that TTPs are required and enabled to ascertain the validity of warrants themselves. They would have substantial commercial interest in making sure that keys were not released on invalid warrants.