Ian Brown has posted a list of other responses on the Web. Any comments, corrections to danny@spesh.com
Consultation Paper published
in March 1997
by the Department of Trade & Industry - an Information Society
Initiative
1. The second part of this paper sets out our comments on the issues listed in Section VII of the Consultation Paper.
We should however like to begin with three general points. These can
be summarised thus:
First point: a) As to the first of these observations: we understand the proposed TTP system as being intended to serve two purposes: one, as a support for those who make use of encryption for legitimate commercial (and perhaps also private) purposes: and, second, as a deterrent to the use of encryption for the furtherance of crime.
We doubt that the proposed system would be effective for either purpose.
The Paper says (para.42) that "TTPs will allow UK Business to take advantage of secure electronic trading". We find it difficult to think of reasons why those who use encryption in the course of business would want to make use of TTPs’ services. To do so would create a security risk by giving the capacity to decrypt information to others outside the control of the sender and intended receiver, thereby increasing the number of those with access to it, without, as we see it, any material corresponding benefit.
In our view. the very great majority of encryption users would not want to give any outsider information which could allow access to their encrypted material, however apparently trustworthy the outsider. They would rely on contractual arrangements with those with whom they wanted to communicate and which did not require the disclosure of their keys to anyone else.
Use of the TTP system would, we suggest, give rise to a security risk which could be of a significant kind. The TTP’s arrangements for preventing access to its records by any but authorised staff would need to be highly effective - and, if the system was used to any significant extent, the value of the stored information could be great, making it an attractive target for organised crime, perhaps with substantial resources at its disposal; and breach of a system’s security would not only give access to information but could give the intruder the power to alter and forge messages.
TTPs’ defences against security breaches would need to start with their procedures for verifying the identity of key depositors. Unless they made rigorous identity checks, fraudulent depositors would be able to use them for endorsement of false identities, another potentially profitable avenue for misuse of the system. Rigorous identity checking is expensive: passports and other documents usually used to prove identity may be false or forged, and thorough personal enquiries is needed.
To overcome the disadvantage of the security risk which the TTP system would pose for users, it would, we suggest, have to offer very substantial benefits to encourage its use. We find it difficult to see what these could be.
For example, the Paper says (para. 36) that "Private parties may also have legitimate reasons and a legal basis to obtain access to encrypted information. For instance, an employee who has encrypted files may resign without leaving information concerning the private key, or the death of an individual may require a solicitor to have access to their encrypted information" which may require resort to a TTP. We find this difficult to accept: surely no organisation would allow an employee to encrypt information in such a way that it was inaccessible to the organisation other than through the employee; and it seems to us improbable that an individual would be so perverse as to arrange his or her affairs in such a way that his or her personal representative could get access to information which the deceased wanted him to have only by resorting to a TTP.
The Paper also says (Annex F) that an advantage of the TTP system will be that "Secure communications between unknown parties. without the need to depend on either expensive or multiple solutions will become common place and thus lead to increased confidence and use of the information society." We question the assumption underlying this assertion that there is a demand of any significant extent for a secure system for communications between people who are unknown to each other. In our view. the great majority of situations in which people want to exchange information in confidence involve two or more participants each of which is known to at least one, if not all, of the others. We find it difficult to think of situations in which people unknown to each other might need to communicate confidentially in such a way as to make the use of a TTP desirable, or indeed practicable.
The reluctance to use TTPs would, in our view, apply eyen more strongly to those using encryption for illegal purposes. The Paper does not provide a convincing explanation of how the TTP system would deter the use of encryption in the furtherance of crime. Annex F asks the question why, if the system is not to be mandatory, will "crooks and terrorists" not use something else, and puts forward as an answer that "Criminals will often make use of whatever technology is conveniently available to them". It goes on to state that "We expect TTPs to have a major role in conveying secure electronic communications, especially where a payment for legitimate services is involved." This does not seem to us to answer the question: it seems obvious that "crooks and terrorists" will use "something else" to avoid handing over keys to anyone who might in turn hand them over to the law enforcement authorities and we do not see how the existence of the TTP regime will discourage, let alone prevent, it.
Second point: b) this relates to electronic signatures, or authentication of documents. Rightly, the Consultation Document does not propose that keys used for "integrity functions" - which we take to cover keys used solely to indicate documents’ authenticity and their senders’ identity - should have to be deposited with TTPs. However. one of the questions asked in the Paper is whether legislation to introduce "some form of rebuttable presumption" for the recognition of electronic signatures would be useful.
As we have said, we think that it would be. Large numbers of commercial trans-actions are already carried out in reliance on electronic "signatures", for example, contractual offers and acceptances made by fax or other electronic medium, and many users of these systems have contractual arrangements for this purpose. However, the status of documents "signed" in this way is uncertain, particularly where the law requires a particular document to be signed, or a type of transaction to be recorded in writing.
Some form of legislative recognition of the validity of an electronic "signature" which was the result of an agreed procedure would be helpful to commerce; and also a clarification of the law on how requirements for writing might be complied with in electronic communications.
We do not believe that this need be a "massive undertaking" or that it need involve "reviewing all existing legislation", as para. 51 of the Paper says. A general presumption could be set up without difficulty, and the various situations where the law imposes particular requirements could be dealt with piecemeal, starting only with the more obvious and widely applicable situations.
Third point: c) We understand that the Government see Trusted Third Party services as being provided by telecommunications companies. If our doubts about the viability of the TTP system are unfounded and there is a demand for TTP services, we think that, though telecommunications companies may want to provide them. it would be wrong to confine eligibility to companies of this kind and that the legislation introducing the system should be designed so as to enable others to qualify. Solicitors’ firms with commercial clienteles might want to be able to provide these services and the same could apply to accountancy firms.
We think that it would be a grave mistake to design the new structure so as to confine the availability of TTP status to telecommunications companies.
----------------
Our answers to the Section VII questions follow.
Answers to questions in Section VII, "Moving ahead"
2. Our answers to these questions assume that a TTP system will be introduced
but
should not be taken as qualifying in any way the doubts which we have
expressed about its viability.
Questions
Paragraph 50 - whether the suggested scope of an exclusion from licensing for intra-company TTPs is appropriate in this context.
We see no reason why intra-company communications should be subject to the regulatory structure. Groups of companies should be entitled to devise their own codes and attempting to regulate in-house communications of this kind seems to us to verge on a breach of civil rights.
Paragraph 54 - whether, in the short term, it would be sufficient for business to rely on agree-ments under contract regarding the integrity of documents and identification of signatures; or whether it would be helpful for legislation to introduce some form of rebuttable presumption for the recognition of signed electronic documents.
We have dealt with this issue in the first part of our response.
Paragraph 60 - the appropriateness of the proposed arrangements for the licensing and regulation of TTPs.
If a TTP svstem is to be introduced, the proposed arrangements seem to us appropriate.
Paragraph 65 - where views are sought on the proposed conditions.
The licensing criteria and conditions seem to us appropriate but we think that a further criterion should be added: that the prospective TTP's proposed procedure for verifying the identity of key depositors must be adequate: that is, in this situation, of a high standard.
Paragraph 70 - what, if any, specific exemptions for particular organisations offering encryption services would be appropriate depending on the nature of services offered?
We agree with the exclusions proposed in paras. 66 - 69. However, in our view, firms regulated by professional bodies should also be exempt provided that the TTP services they offer are available solely to their clients i.e. those for whom they are providing other professional services to which the TTP services are incidental.
Paragraph 71 - whether it is thought desirable to licence the provision of encryption services to businesses and citizens wholly outside the UK?
It might, in theory, be desirable to license these services on a reciprocal basis - on the principle of home state regulation, with reciprocal home state regulation by other countries - but we doubt that this would be feasible in practice because of the elusiveness of electronically provided services.
Paragraph 81 - should secure electronic methods for the delivery of electronic warrants by the central repository and the subsequent delivery of keys by the TTP be introduced?
We think that secure methods for the delivery of warrants, whether by electronic or other means, and for the subsequent delivery of keys by the TTP, are vital.
Paragraph 82 - does the legislation specifically need to refer to other forms of legal access including a civil court order for access to cryptographic keys used to protect information relating to civil matters such as bankruptcy?
A trustee in bankruptcy, or liquidator, administrator, or administrative receiver of a company should be able to obtain access to any private key of the bankrupt or company.
As to the issue of warrants requiring disclosure of private encryption
keys, we are unhappy with the proposal that the Secretary of State should
have issuing powers. In our view, the appropriate bodies to regulate the
issue of warrants for all purposes are the courts. We suggest that
s.55 of the Drug Trafficking Act 1994 provides an appropriate model. This
gives power to a circuit judge to order the production of material which
may be relevant to an investigation into drug trafficking, on the application
of a constable or officer of H. M. Customs and Excise. If it is thought
necessary, power to
apply to the court could also be given to the Secretary of State or
anyone authorised by him.
Section 55 sets out criteria for the making of an order by a judge, which specify, among other matters, who an order may be made against; and when it may be applied for. It provides for one very important factor which paras. 76-80 of the Consultation Paper do not mention: the person against whom the order may be made (i.e. the TTP here) must normally be given seven days in which to produce the material or give access to it, which thus gives time for that person to apply to the court for the order to be rescinded. A procedure of this kind is, in our view, essential as a protection against abuse. In order to prevent abuse of the delay, s.58 of the Act makes it an offence to make any disclosure which is likely to prejudice an investigation into drug trafficking, where an order under s.55 has been made or applied for. A similar anti-tip off protection could be incorporated in relation to TTPs.
The question of appeals and tribunal, referred to in paragraph 90, does not arise if the courts are given powers to issue warrants since an appeal procedure is already in place.
Paragraph 84 - should deliberate (and perhaps wilfully negligent) disclosure of a client's private encryption key be a specific criminal offence, or would existing civil and criminal sanctions suffice?
We are against the creation of new criminal offences unless it is clear that existing sanctions do not cover the mischief concerned. We suggest that the Data Protection Act 1984, the Computer Misuse Act 1990, and the Interception of Communications Act 1985 should be reviewed to see whether they would, individually or together, provide adequate protection against disclosure by TTPs of users’ encryption keys.
We question the use of the term "wilfully negligent". It is not, as far as we know, an accepted legal term. Further we question whether "wilful" negligence can mean anything other than "deliberate" negligence and thus whether the term means anything different from "deliberate". Possibly the proper term would be "reckless" which has an accepted legal meaning.
We do not know what the "civil sanctions" which are referred to are but presume that they are the types of liability covered by the next question.
Paragraph 89 - whether the principle of strict liability (as described) is appropriate in these circumstances?
It seems to us that there is a strong argument for strict civil liability for loss caused by unlawful disclosure of users’ keys - the consequences of disclosure could be disastrous for the code user and TTPs should have to provide very good protection indeed against unlawful disclosure of keys.
Paragraph 91 - whether, in principle, an independent appeals body (such as a Tribunal, separate from that referred to below) should be created ?
As we have said, the power to issue warrants should be given to the courts. This would dispense with any question of a new appeals body.
Paragraph 93 - whether the proposed duties of an independent Tribunal are appropriate.
See our comments on paragraph 91.
Annex C - would mandatory ITSEC formal evaluation be appropriate?
We do not regard ourselves as qualified to answer this question.