Law Forum
  Law Books

Adverts from Google:

Encryption Law News UK

This page is not an attempt to provide a full history of encryption, just a collection of events, notes, references, etc which go to chart the history of cryptography law and its development in the UK.

Date Event
1976 Invention of Public Key Cryptography.

Or was it? It is now claimed by some that, as always, Public Key Cryptography was first invented in the UK. The claim and papers suggest that the invention was at the CESG. Unfortunately it is doubted that that organisation actually existed at that date. If this is true, then the papers are, in that respect at least, forgeries. It is more likely that the invention was at GCHQ in Cheltenham. Unfortunately our secrecy procedures still lead GCHQ to deny its own existence! One Cliff Cocks, claims that the coding marvel was originally a UK marvel, but kept secret for many years.

1994 The Export of Goods (Control) Order 1994
1995 The Dual-Use and Related Goods (Export Control) Regulations 1995 (No. 271, 1995)
26 Apr 97 New Scientist - 'Coded message plan 'too complex' by Mark Ward
21 Jan '98 Announcement of crypto mail product from Invisimail
11 Feb '98 GILC publish their new international crypto regulation survey at the GILC archive
1 July 1998 DTI publishes a white paper entitled Strategic Export Controls under which they propose to tighten the control of the export of dual use and other weapons. Encryption software (at least the 'weapons grade' software is listed as dual-use; that is it has civilian uses, but also can be used for military purposes - much like a bacon butty. This proposal which is liable to restrict further the export of encryption software is suspected to be the last desperate attempt to prevent the mass use of cryptography.

It clearly contravenes earlier announcements which linked the attempt to regulate encryption with a relaxation of export controls. Since this tactic of keeping a tight rein on exports is fundamental to the US policy, it can be assumed that yet again bad US policy has been imported.

How might it be that such export controls can be related to the control of the mass use of encryption? It is simple. Mass communication is international. It can also only become widespread if one system is used by many. I can manage one or two key systems. To be able to expect that I will be able to communicate securely with a person who is, in effect chosen at random, I have to have a reasonable expectation that we will both have access to the same software. The more that governments fragment the available market, the less is the opportunity I will have to communicate securely. If I cannot communicate securely with any sensible proportion of the people I do wish to write to, then I will use it less routinely, and much less overall.

The Wassenaar agreement is renegotiated. So far as encryption software is concerned the proposal is (we think!) that software under a certain strength is to be free of export control.
21 December 1998 The EU publishes a "Proposal for a Council Regulation (EC) setting up a Community regime for the control of exports of dual-use goods and technology" 98/C 399/01 at (Press here) to obtain the .pdf file.
July 99 The Electronic Communications Bill is published. The bill includes a part (Part III) dealing with the law enforcement powers thought to be required to deal with encryption. They are truly and deeply shameful.
Nov 1999 The Electronic Communications Bill is republished minus the Part which gave such powers to law-enforcement as would have been welcomed by the Stasi. The reprieve is only temporary, since the Home Secretary suggests that it will return next year as part of another Bill.
Dec 1999 The US government publishes regulations which, at last, do provide a substantial relaxation of their controls on the export of software. The result is still very subtle.
February 10 2000 The Labour Government published the RIP Bill, (and long may it do so). The regulation of Investigatory Powers Bill 2000 is available at, and explanatory notes are available at

A very quick, and superficial analysis of the Bill shows to concessions in the Bill. First, the officer seeking release of a key or decryption, must show reasonable cause to believe that the person subject to the request had it in his possession. Previously, it only had to appear to him that this might be the case.

Links to Encryption News Stories

Go The Twinkle story
No safety in numbers Sunday Times Sep 29 1999. by Ben Hammersley.

End of the Enigma: Quantum Computing will spell the end of conventional encryption, such as the codes broken at Bletchley Park.

The story has been described as 'complete bollox'.

New surveillance bill comes under fire Will Knight. Regulation of Investigatory Powers bill violates human rights law, say civil liberties campaigners ...
E-Spying Bill Called 'Escrow By Intimidation (02/10/00, 12:58 p.m. ET) By Madeleine Acey, TechWeb

The British government published a bill Thursday to update law enforcement's interception powers to include communications made via company networks and ISPs.

The legislation was immediately slammed as threatening human rights and labelled "key escrow through intimidation" ...

(BBC) UK publishes 'impossible' decryption law: "At issue is the burden of proof"
Go Home Office responses to criticism of RIP.


Please, please, note that a link to a site does not indicate approval or recommendation. We just found it and you might find it interesting, but must make your own judgement.

Home Affairs Select Committee Report 1999 into e-commerce and the regulation of encryption. This document is well worth reading in full. It contains the first substantial criticism of policy making in the UK from a source in authority. The History and Process of development of UK Encryption Policy from the Baltimore Library. An excellent analysis of the involvement of security service interests in the development of British encryption policy.
The Queen's Speech 1998
UK Crypto list archive

The Internet, Encryption, and The Law Privacy Tools Home page Overview of Certification Systems: X.509, CA, PGP and SKIP Updated to February 1998
Campaign Against Censorship of the Internet in Britain FBI speech by Director Louis Freeh for a contrary view suporting the need for the control of encryption. the GILC Crypto Archive
RSA FAQ UK Cryptography proposals by Yaman Akdeniz A useful discussion of the 1997 proposals. Australian Privacy law links Includes how to get PGP 5.00
The Internet, Encryption, and The Law Encryption Policy Resources Page Ross Andersons Cryptography page
International PGP 5 site Supercrypt CDT Cryptography Policy Issues Page
Data Privacy Tools Home Page Export restrictions information For info on US crypto export rules
Brian Gladman's Page with some AES algorithm timings and source code. Excellent. Robert Guerra's page of cryptography links.
The Walsh Report This is the Australian Report on Cryptography policy which was published in an informatively edited version. Here is the
Cambridge Security Seminar Group Meetings Schedule.
The Risks if Public Key InfrastructuresCarl Ellison and Bruce Schneier
Cryptome Home Page A good general US site on cryptography and its regulation Why Cryptosystems Fail by Ross Anderson. Ross consistently produces material of the very highest quality. If only someone could explain to me how to decrypt a .gz file. The EPIC 1999 report (June 1999)
US Export Administration Regulations 1999 The history of Non-Secret Encryption by J H ELLIS The Possibility of Secure Non-Secret Digital Encryption J. H. Ellis, January 1970
Computer Security Resource Clearinghouse WWW Server Encryption Key Recovery
Go The Godzilla crypto tutorial, by Peter Gutman. An excellent work, and probably the best available on-line. Takes no prisoners.
Go Towards A European Framework for Digital Signatures And Encryption (1975)

Below is a mess These are other - unsorted sites:

Book review

Review of Privacy on the Line The Politics of Wiretapping and Encryption by: Whitfield Diffie + Susan Landau.
publisher: The MIT Press 1998

_Privacy on the Line_ is a history of surveillance and cryptography in the United States. It touches on the technology involved, but focuses more on the legal and political events and trends. Opening with an excellent introduction to cryptography for the novice, it continues with a history of cryptography policy since the Second World War.

Many books on privacy do little more than assert -- or dismiss -- the claims of national security and law enforcement. _Privacy on the Line_ takes a serious look at both. A long chapter on national security covers the history of communications and signal intelligence and the role cryptography plays in them. A chapter on law enforcement introduces wiretaps and pen registers and other forms of surveillance.

After this "digression", Diffie and Landau return to the history of privacy in the United States. They trace the legal and political protections for and threats to privacy, from the Bill of Rights, through the Second World War, the McCarthy era, and the Vietnam war period, up to the present. This is followed by a chapter more specifically on wiretapping, covering the history of its regulation and abuse -- the introduction of the telegraph, the _Olmstead_ and _Nardone_ cases, Hoover and the FBI, organized crime, Title III, "domestic national security", Watergate, and the Foreign Intelligence Surveillance and Electronic Communications Privacy Acts. Chapters on communications and cryptography present the most recent events and the current situation.

The first covers the Digital Telephony saga and the debate about the effectiveness of wiretaps and the extent to which they are being hindered by technological advances. The second covers PGP, Clipper and key escrow, the NSA and NIST and their relationship, and international developments in cryptography policy.

A final chapter argues that technological advances have on the balance put law enforcement and national security in a stronger position, not a weaker one, and that even with wiretapping the effects are mixed. Diffie and Landau conclude that "government efforts to keep honest citizens from using cryptography to protect their privacy continue.

Such efforts are unlikely to achieve what governments claim to want, but very likely to cause serious damage to both business and democracy in the process."

_Privacy on the Line_ is an accessible general introduction to a topic of increasing prominence. I recommend it to anyone who wants a balanced introduction to the history and current status of communications privacy. And those already familiar with the subject may find new insights in its analysis.

Following an initial consultation that occurred towards the end of the summer of 1997, the Canadian federal government, through Industry Canada, published a discussion paper, entitled:

Setting a Cryptography Policy Framework for Electronic Commerce

Statement on Canadian Cryptography Policy

Much easier to read, both in the words used, in its clarity, and in the HTML markup.

Yahoo index of encryption software

Two Doves Counselling | Faulty Flipper

Copyright and Database Rights: David Swarbrick 2012
18 October 2013 158 18 October 2013