Encryption Law News UK
This page is not an attempt to provide a full history of encryption, just a collection of events, notes, references, etc which go to chart the history of cryptography law and its development in the UK.
||Invention of Public Key Cryptography.
Or was it? It is now claimed by some that, as always, Public Key Cryptography was first invented in the UK. The claim and papers suggest that the invention was at the CESG. Unfortunately it is doubted that that organisation actually existed at that date. If this is true, then the papers are, in that respect at least, forgeries. It is more likely that the invention was at GCHQ in Cheltenham. Unfortunately our secrecy procedures still lead GCHQ to deny its own existence! One Cliff Cocks, claims that the coding marvel was originally a UK marvel, but kept secret for many years.
||The Export of Goods (Control) Order 1994
||The Dual-Use and Related Goods (Export Control) Regulations 1995 (No. 271, 1995)
|26 Apr 97
||New Scientist - 'Coded message plan 'too complex' by Mark Ward
|21 Jan '98
||Announcement of crypto mail product from Invisimail
|11 Feb '98
||GILC publish their new international crypto regulation survey at the GILC archive
|1 July 1998
||DTI publishes a white paper entitled Strategic Export Controls under which they propose to tighten the control of the export of dual use and other weapons. Encryption software (at least the 'weapons grade' software is listed as dual-use; that is it has civilian uses, but also can be used for military purposes - much like a bacon butty. This proposal which is liable to restrict further the export of encryption software is suspected to be the last desperate attempt to prevent the mass use of cryptography.
It clearly contravenes earlier announcements which linked the attempt to regulate encryption with a relaxation of export controls. Since this tactic of keeping a tight rein on exports is fundamental to the US policy, it can be assumed that yet again bad US policy has been imported.
How might it be that such export controls can be related to the control of the mass use of encryption? It is simple. Mass communication is international. It can also only become widespread if one system is used by many. I can manage one or two key systems. To be able to expect that I will be able to communicate securely with a person who is, in effect chosen at random, I have to have a reasonable expectation that we will both have access to the same software. The more that governments fragment the available market, the less is the opportunity I will have to communicate securely. If I cannot communicate securely with any sensible proportion of the people I do wish to write to, then I will use it less routinely, and much less overall.
||The Wassenaar agreement is renegotiated. So far as encryption software is concerned the proposal is (we think!) that software under a certain strength is to be free of export control.
|21 December 1998
||The EU publishes a "Proposal for a Council Regulation (EC) setting up a Community regime for the control of exports of dual-use goods and technology" 98/C 399/01 at http://europa.eu.int/eur-lex/en/oj/1998/c_39919981221en.html (Press here) to obtain the .pdf file.
||The Electronic Communications Bill is published. The bill includes a part (Part III) dealing with the law enforcement powers thought to be required to deal with encryption. They are truly and deeply shameful.
||The Electronic Communications Bill is republished minus the Part which gave such powers to law-enforcement as would have been welcomed by the Stasi. The reprieve is only temporary, since the Home Secretary suggests that it will return next year as part of another Bill.
||The US government publishes regulations which, at last, do provide a substantial relaxation of their controls on the export of software. The result is still very subtle.
|February 10 2000
||The Labour Government published the RIP Bill, (and long may it do so). The regulation of Investigatory Powers Bill 2000 is available at http://www.publications.parliament.uk/pa/cm199900/cmbills/064/2000064.htm, and explanatory notes are available at http://www.publications.parliament.uk/pa/cm199900/cmbills/064/en/00064x--.htm.
A very quick, and superficial analysis of the Bill shows to concessions in the Bill. First, the officer seeking release of a key or decryption, must show reasonable cause to believe that the person subject to the request had it in his possession. Previously, it only had to appear to him that this might be the case.
Links to Encryption News Stories
||The Twinkle story
|No safety in numbers
||Sunday Times Sep 29 1999. by Ben Hammersley.
End of the Enigma: Quantum Computing will spell the end of conventional encryption, such as the codes broken at Bletchley Park.
The story has been described as 'complete bollox'.
|New surveillance bill comes under fire
||Will Knight. Regulation of Investigatory Powers bill violates human rights law, say civil liberties campaigners ...
|E-Spying Bill Called 'Escrow By Intimidation
|| (02/10/00, 12:58 p.m. ET) By Madeleine Acey, TechWeb
The British government published a bill Thursday to update law enforcement's interception powers to include communications made via company networks and
The legislation was immediately slammed as threatening human rights and
labelled "key escrow through intimidation" ...
|(BBC) UK publishes 'impossible' decryption law:
||"At issue is the burden of proof"
||Home Office responses to criticism of RIP.
Please, please, note that a link to a site does not indicate approval or recommendation. We just found it and you might find it interesting, but must make your own judgement.
Below is a mess These are other - unsorted sites:
Review of Privacy on the Line The Politics of Wiretapping and Encryption by: Whitfield Diffie + Susan Landau.
publisher: The MIT Press 1998
_Privacy on the Line_ is a history of surveillance and cryptography in the United States. It touches on the technology involved, but focuses more on the legal and political events and trends. Opening with an excellent introduction to cryptography for the novice, it continues with a history of cryptography policy since the Second World War.
Many books on privacy do little more than assert -- or dismiss -- the claims of national security and law enforcement. _Privacy on the Line_ takes a serious look at both. A long chapter on national security covers the history of communications and signal intelligence and the role cryptography plays in them. A chapter on law enforcement introduces wiretaps and pen registers and other forms of surveillance.
After this "digression", Diffie and Landau return to the history of privacy in the United States. They trace the legal and political protections for and threats to privacy, from the Bill of Rights, through the Second World War, the McCarthy era, and the Vietnam war period, up to the present. This is followed by a chapter more specifically on
wiretapping, covering the history of its regulation and abuse -- the introduction of the telegraph, the _Olmstead_ and _Nardone_ cases, Hoover and the FBI, organized crime, Title III, "domestic national security", Watergate, and the Foreign Intelligence Surveillance and Electronic Communications Privacy Acts. Chapters on communications and
cryptography present the most recent events and the current situation.
The first covers the Digital Telephony saga and the debate about the effectiveness of wiretaps and the extent to which they are being hindered by technological advances. The second covers PGP, Clipper and key escrow,
the NSA and NIST and their relationship, and international developments in cryptography policy.
A final chapter argues that technological advances have on the balance put law enforcement and national security in a stronger position, not a weaker one, and that even with wiretapping the effects are mixed. Diffie and Landau conclude that "government efforts to keep honest citizens from using cryptography to protect their privacy continue.
Such efforts are unlikely to achieve what governments claim to want, but very likely to cause serious damage to both business and democracy in the process."
_Privacy on the Line_ is an accessible general introduction to a topic of increasing prominence. I recommend it to anyone who wants a balanced introduction to the history and current status of communications privacy. And those already familiar with the subject may find new insights in its analysis.
Following an initial consultation that occurred towards the end of the summer of 1997, the Canadian federal government, through Industry Canada, published a discussion paper, entitled:
Setting a Cryptography Policy Framework for Electronic Commerce
Statement on Canadian Cryptography Policy
Much easier to read, both in the words used, in its clarity, and in
the HTML markup.
Yahoo index of encryption software
Two Doves Counselling
| Faulty Flipper