impunity and makes it easier for law-enforcement agents to catch them. But opponents counter that allowing a third party to have copies of the keys dramatically reduces the security of any encryption scheme.
Heated Debate
The prospect of less privacy in Europe has provoked some heated controversy among European companies and individuals alike. No official encryption scheme for Europe has yet been released, but this hasn't dampened speculation on what form a European key-escrow system might take. Last September, the Council of Europe (CoE), an EU body on which many of the European Commission's (EC's) members also have a seat, published a series of recommendations
on criminal procedural law that discussed the use of key-escrow encryption in Europe.
The 57-page document, bureaucratically titled "Draft Recommendation No. R (95) Concerning Problems of Criminal Procedural Law Connected with Information Technology," recommends, in part, that law-enforcement agents should have the power to search computer systems and seize data "under similar conditions as under traditional powers of search and seizure." It goes on to say that computer systems to which the one in question is "connected by means of a network" should also be subject to searches and their data seized. Further, it calls for reducing "the negative effects of the use of cryptography on the investigation of criminal offenses." It also says such efforts should not affect the legitimate use of encryption "any more than strictly necessary."
Public-key encryption (aka the D-H algorithm) was invented in 1976 by Whitfield Diffie and Martin Hellman to resolve the problem of key exchanges in private-key encryp
tion. In private-key encryption, the weakest point is key exchanges. They can be done only face to face, and even then you can't make sure the exchanged information doesn't get into the wrong hands.
Public-key encryption relies on each party's having two separate keys. The first is a public key, which its owner publishes freely. The second is kept secret by its owner. A third, the session key, is generated and exchanged each time a new message or data stream is undertaken. Each session key is applicable only to the specific event for which it was generated.
The U.S. National Security Agency (NSA) has developed a plan for a key-escrow system using the Clipper chip. The Clipper chip is the generic term for the family of key-escrow encryption chips. Its newer sibling, the so-called Capstone chip, was designed to cover digitized voice, data, fax, EFT (electronic funds transfer), EDI (Electronic Data Interchange), and network communications.
In the Clipper system, a D-H-algorithm-variant public-k
ey algorithm called the escrow key generates the session key. Secure Hash Standard (SHS) functions are then used on the plain text to generate a 160-bit message digest that serves as a digital signature to authenticate messages according to the Digital Signature Standard (DSS).
To encrypt the message using the session key and the escrow key's serial number as the encrypted message's header, the Clipper chip uses the so-called Skipjack algorithm, which is classified as top secret. The U.S. government's plan foresees the escrow keys and an electronic serial number programmed into each chip. Each escrow key is split into two 80-bit-long sections. Each of those is held by one of two TTPs. When law-enforcement agencies want to wiretap a phone line, they look at the electronic serial number in the encrypted message's header to determine the correct keys to obtain from the TTPs.
Clipper Interest Grows
John Droge, vice president for program development at Mykronx (Torrance, CA), manufac
turer of the Clipper chip, reports an increasing amount of interest from foreign companies and governments. "We are working very closely right now with companies representing England, France, Germany, Spain, Sweden, Switzerland, Argentina, Taiwan, Australia, and Canada," he says.
When the U.S. government in 1993 proposed that public and private encryption be standardized with the Skipjack algorithm, public comment was solicited. While acknowledging that the vast majority of comments from the public were negative, the U.S. government continues its efforts to make Skipjack/Clipper the voluntary standard of encryption.
Meanwhile, in Europe, the CoE claims to "recognize the importance of both personal privacy and the need for secure business transactions on the Net." The CoE's recommendations cite the need for striking a balance between a citizen's right to use encryption with the needs of law-enforcement agencies. Although the recommendations don't actually come right out and call explicitly for rest
rictions, they do come close to it.
Restrict Use of Cryptography
In paragraph 175, the CoE's report suggests that the need of law-enforcement agencies is superior to that of the public at large. In fact, it's superior enough, it advises, that it might be necessary to place "restrictions on the possession, distribution, or use of cryptography."
The CoE, which includes all of Europe's 34 democracies, has no power over the EU or its member countries. CoE recommendations are not binding on the EC, but they are regarded highly and most often are adopted. Furthermore, because of the unanimous nature of the CoE vote, it's likely that the recommendations will be adopted by the EU.
Legislation to restrict the use of encryption varies widely among European national governments. In a recent paper on the subject ("Crypto in Europe -- Markets, Law and Policy"), Ross Anderson, a senior associate in computer and communications security at Cambridge University's computer laboratory, notes
that "the country taking the hardest line is France." In France, Anderson explains, cryptographic equipment is listed as the second-most-dangerous category of munitions (out of eight such categories). Any use of cryptography requires authorization from the prime minister. In addition, the French definition of cryptographic equipment includes software.
Anderson, who writes extensively on cryptography, notes that in Germany there are no legal restraints on the domestic use of cryptography. In addition, Dirk Heuze, chief of the country's information security agency, BSI (Bundesamt für Sicherheit in der Informationstechnik), recommends that companies sending data over the Internet should encrypt it. Anderson also reports that Germany's interior minister sees encryption as a precondition for the acceptance of electronic communication.
"The U.K. is mildly liberal at present," Anderson's paper notes. Prime Minister John Major stated in 1994 that "the government does not intend to legislate data enc
ryption." But more recently, the U.K.'s Department of Trade and Industry said that the government has not yet decided either for or against key escrow.
Critics of key-escrow systems emphasize that there will always be ways to overcome the scheme and that the people most likely to do so are the ones law enforcers wish to spy on. Lawbreakers, for example, could use very strong encryption and then wrap those encrypted messages within the approved encryption so it appears to comply. One thing is certain: As electronic commerce grows, the privacy-versus-security debate will grow as well.
Bruce Tober is a U.K.-based freelance writer. You can contact him on the Internet at
octobersdad@crecon.demon.co.uk
or on BIX at
editors@bix.com
.
Europe: Who Holds the Keys?
