5 October 1999. Thanks to Axel Horns, EU-Crypto.
Source:
http://europa.eu.int/rapid/start/lastdocs/guesten.htm
| DN: SPEECH/99/122 Date: 1999-10-05 |
SPEECH/99/122
Member of the European Commission for Enterprise and Information Society
Trust and Security in Electronic Communications: The European Approach
Information Security Solutions Europe (ISSE 99) Welcome Address
Berlin, 4 October 1999
1. INTRODUCTION
Ladies and gentlemen,
To start with, I would like to congratulate The European Forum for Electronic Business and Teletrust for organising this conference. A comprehensive European event on security held on a yearly basis was much needed in Europe. I therefore wish that ISSE will become a major event in Europe when it comes to discussing information security issues, not only amongst the converted, but also, and hopefully increasingly, the laymen.
The very launch of this event, and the broad audience it attracted on its first edition, already demonstrates a few things:
2. WHY IS CRYPTOGRAPHY SO IMPORTANT?
Cryptographic technologies are at the heart of information security. A few years ago, cryptography was still an arcane topic restricted to a closed circle of people in the known. It is only recently, with the growth of the Internet, that cryptography and on-line security has made it to the headlines.
Why? Simply because cryptography is the preferred, if not only, means to ensure authenticity and confidentiality in electronic communications. Without it, there will be no safe electronic communications.
The bottom line is: no security, no trust, no notable shift towards commercial and financial transactions on the Internet! And all the impressive forecasts we have seen regarding the growth of electronic commerce will remain pie in the sky.
With close to 200 million Internet users, there is already, today, a strong market basis for security products and services. This is clearly indicated by the multiplication and the impressive growth figures of cryptographic companies. For the time being, the security market largely remains a corporate one. This is no surprise since business-to-business activities carried out over proprietary networks still account for over 85% of the total electronic commerce market.
But the security market will only really explode once it becomes a mass market.
The odds are, that the Internet will be everywhere in Europe in a matter of five years or so. We can expect half of the European population to be hooked on the Internet by 2005. Not only that there will be a computer connected to the Internet in half of Europe's homes. But access terminals become increasingly diversified and include, not only the computer, but increasingly the digital TV set-top box, the personal assistant or the mobile phone, and very soon cars and even home appliances.
But then again, who will routinely shop on-line if the credit card number cannot be transmitted safely? If there is no guarantee that the orders placed will be not fed into a marketing database to create a highly detailed buyer's profile?
The same applies to simply surfing the Net. For how much longer will Internauts accept to leave footprints on every Web site they visit, allowing outsiders to track down their every move and interest? How many people will be discouraged from getting on-line by the fear of loosing their privacy?
This means that all along the chain of Internet services, there is an essential need for security features.
Since the technology is there, this doesn't seem to be a problem, only a breath-taking business opportunity for the cryptographic industry. But actually no! The situation can be compared to telecommunications services in Europe: Their growth is directly linked to the creation of a fully liberalised and coherent EU-wide market. Take mobile phones for example: The GSM technology may be great, but there wouldn't be 100 million GSM users in Europe today if it hadn't been for a comprehensive EU policy.
In the same spirit, we are now working towards an Internal Market for cryptography.
3. WHAT DOES THE COMMISSION DO ABOUT IT?
More and more EU-based companies, including a growing number of SMEs, now think in terms of a Europe-wide market. This means that, at a time when companies increasingly rely on electronic communications to carry out their day-to-day business, incompatible national solutions in the field of cryptography create impediments that lessen the benefits of the Internal Market. Not to mention the problems creates for the cryptographic industry itself, whether it concerns, for instance:
The Commission has addressed these issues in a pragmatic way, establishing a distinction between authentication and confidentiality, even though they both rely on the same cryptographic technologies.
For authentication, we have tabled a draft Directive on electronic signatures which will secure the Internal Market for certificates and certification services. The aim is to have the European rules transposed into the national legislation of the 15 EU Member States by the end of the year 2000
Things get more sensitive when it comes to confidentiality. The scrambling of electronic communications has raised some legitimate public security concerns. Hence some reflections on how to ensure lawful access to encrypted data.
Most of the proposed schemes have proved impracticable, a view the Commission has expressed in a policy paper in October 1997. This has been confirmed by the findings of EU-funded research projects in the field of cryptography.
Member States are now increasingly sharing this view. The French government in particular has pledged to lift all restrictions to the use and supply of encryption products.
Notwithstanding these developments, the Commission, under the Amsterdam Treaty, will work with Member States to ensure that, in a liberalised domestic environment, public safety will be fully guaranteed.
What would then remain are export controls:
We hope Member States will soon come to an agreement on the new Dual Use Regulation, which aims to lift almost all controls on intra-Community shipments of encryption products.
4. WHAT ELSE CAN WE DO?
Finally, I would like to focus on two other crucial issues. The first issue concerns the European cryptographic industry. It is a strong industry, it has state-of-the-art technology, and it has therefore the potential to impose itself on world markets. It would certainly highly benefit from improved regulatory conditions, but there is another major obstacle to its expansion.
Currently, the desktop computing market is dominated by a few systems. This wouldn't be a problem in itself if those weren't proprietary systems. Building security solutions for systems when one has no access to the source code is certainly a major challenge. In fact, it means that there is a whole range of security products which European industry cannot supply.
The solution to this problem certainly lies in non-proprietary and open source systems. This is the key to unlocking the potential of the desktop computing security market. This would also clearly be in the end users' interest. Not only would users enjoy a wider choice of security solutions, but they would also have a greater safety guarantee.
How can governments, and in particular the Commission, contribute to promoting non-proprietary systems?
Let me share with you my views on a second issue. I said earlier that the explosion of the cryptography market is pending a widespread take-up of the Internet by the wider public and SMEs. Awareness is one requirement, to which I hope ISSE will contribute. The other is trust!
In many other sectors of the economy, consumer trust is achieved through quality labels, for instance for foodstuff, toys or electric appliances. These can be industry-led or based on government rules; they can be attributed nationally or at European level.
If security devices are to enter every home, they would certainly benefit from labels demonstrating that they are in conformity with quality requirements. This would greatly enhance consumer trust and confidence by allowing consumers to immediately identify safe information security products and services.
5. CONCLUSION
Ladies and gentlemen,
What I wanted to do today is to demonstrate that the Commission is fully committed to the development of Internet security. I also wanted to show that, whether you are suppliers or users, we are trying hard to understand your needs. Finally, I wanted to get a few messages across and point at a few directions which we must further investigate. Let me wrap them up in a few words:
1. Security is the key to securing users trust and confidence, and thus to ensuring the further take-up of the Internet. This can only be achieved if security features are incorporated in Internet services and if users have sufficient safety guarantees.2. Securing the Internal Market is crucial to the further development of the European security market, and thus of the European cryptographic industry. This requires an evolution of mentalities: Regulation in this field transcends national borders. Let's "think European".
3. European governments and the Commission now have a converging view on confidentiality. We see this in Council, in Member State policies and in the constructive discussions we have. We must take this debate further and focus of the potential of encryption to protect public security rather than mainly seeing it as a threat to public order.
4. Finally, the promotion of open source systems in conjunction with technology development is certainly one important step towards unlocking the potential of the desktop security market for the European cryptographic industry.
I wish you all a great conference.
Source: http://www.eema.org/isse/Program2.htm
ISSE Conference Programme
| Day 1 - Monday 4th October |
Day 2 - Tuesday 5th October |
Day 3 - Wednesday 6th October |
ISSE Conference - Day
One
Monday 4th October 1999
| 09.30 - 13.00 | Opening Plenary Chairman's introduction and opening remarks Why do we need this conference? Norbert Pohlmann, Chairman, Managing Director CEO, KryptoKom GmbH, Germany Welcome address European IT-security market Erkki Liikanen, Commissioner for Enterprise & Information Society, European Commission Keynote address New beginings in the Crypto-policy Werner Mueller, Minister of Economics and Technology, Germany An overview of international regulations and approaches to PKI / CA Michael S. Baum, Vice President of Practices and External Affairs, VeriSign, USA |
| 10.45 - 11.30 | Coffee Break E-commerce, E-business, E-banking: Chances for Europe? Carlo Schupp, Senior Product Manager (E-Trust & Security Products), S.W.I.F.T, Belgium European contribution to a global Public Key Infrastructure Henry Minassian, Managing Director, GlobalSign, Belgium Cryptography in use: International expectations and limits Jacques Stern, Professor, ENS, France |
| 13.00 - 14.30 | Lunch |
| 14.30 - 17.40 | TECHNICAL TRACK |
| Session 1 | Cryptography & Protocols Chair: Bart Preneel, K.U.Leuven, Belgium Elliptic Curve Cryptography Burt Kaliski, Chief Scientist, RSA Laboratories, USA The Cryptographic Holy Grail: Provable Security James L.Massey, Cylink Corporation, USA and Lund University, Sweden Playing Hide and Seek with Stored Keys Nicko van Someren, CTO, nCipher Corporation Ltd, UK AES and The Next Generation of Cryptographic Algorithms Bart Preneel, K.U.Leuven, Dept.Electrical Engineering-ESAT / COSIC, Belgium |
| 14.30 - 17.40 | INFRASTRUCTURE TRACK |
| Session 1 | Security Standardisation Chair: Wolfgang Schneider, GMD, Germany IETF Security Standardisation Stephen Kent, CTO, GTE CyberTrust, USA From Elliptic Curves to Common Criteria: ISO SC27 Security Standardisation Walter Fumy, Siemens AG, Germany (SC27 Chairman) Panel Discussion: Security Standardisation Fritz Bauspieß, CEO, Secorvo GmbH, Germany Walter Fumy, Siemens AG, Germany (SC27 Chairman) Burt Kaliski, Chief Scientist, RSA Laboratories, USA Stephen Kent, CTO, GTE Cybertrust, USA Xuejia Lai, Senior Researcher, Entrust Technologies Europe, Switzerland |
| 14.30 - 17.40 | APPLICATION TRACK |
| Session 1 | Smart Cards Chair: Philippe Maes, Gemplus, France The Mobil Card Reader Holger Reif, Security Expert, Sonera Smartring GmbH, Germany Internet banking based on smart cards and PKI technologies Jari Nyholm, IT Security Manager, MeritaNordbanken, Security Department, Sweden Corporate Cards Gerhard Wiehler, Director Systems Strategy, Siemens AG, Germany Smart-Card Suitability for Public Key Implementations and AES Candidates Helena Handschuh, Cryptographer, Gemplus, France |
| 14.30 - 17.40 | LEGAL TRACK |
| Session 1 | Role of the Public Authorities in setting the
Framework Chair: Simon Corell, iD2 Technologies, Sweden Authentication and Security: the EU Approach Detlef Eckert, Head of Unit, European Commission, DGXIII - Information Society: Telecommunications, Markets, Technology, Brussels Towards a Global Framework for Authentication and Security Naoshi Shima, Vice President, NEC Corporation, Japan Panel Discussion: IT-Security Market / Export Restrictions Nigel Hickson, Department for Trade and Industry (DTI), UK Stefan Röver, CEO & board spokesman, Brokat Infosystems AG, Germany Hubertus Soquat, Federal Ministry of Economics and Technology, Germany |
| 17.40 | Day One Close |
ISSE Conference - Day
Two
Tuesday 5th October 1999
| 09.30 - 13.00 | General Session Chair: Ulrich Sandl, Federal Ministry of Economics and Technology, Germany E-business Security Without Boundaries Matthias Kaiserswerth, Group Manager Network System & Security Research, IBM Corporation, USA Data Security and Privacy in global enterprises Alfred Büllesbach, Data Protection Officer, DaimlerChrysler, Germany Crypto-policy and technological developments for global markets Brian O'Higgins, Executive Vice President & CTO, Entrust IT-Security Policy in Japan Office of IT Security Policy, MITI, Japan |
| 10.45 - 11.30 | Coffee Break |
| 19.00 | Delegate Hospitality Evening |
| Day Two | TECHNICAL TRACK |
| 11.30 - 12.40 | |
| Session 2 | Advanced IT-Security Concepts Chair: Matt Landrock, Cryptomathic A/S, Denmark Security Frameworks: Combining Cryptography and Trust Michael Willett, Consultant, IBM Corporation, USA High Performance and Public Key Hardware Alex van Someren, CEO, nCipher, UK |
| 12.40 - 14.20 | Lunch |
| 14.20 - 16.15 | |
| Session 2 | Session 2 continued Fifth Framework EU Programme Andrea Servida, European Commission, DGXIII "IPsec - The Technology for VPN's" Kai Martius, Senior Consultant, secunet Security Networks AG, Germany |
| 15.30 - 16.15 | Coffee |
| 16.15 - 18.00 | |
| Session 3 | Emerging Technologies Chair: Helmut Reimer, TeleTrusT e.V., Germany Biometrics: The New Security Peter Horst Riedel, Marketing Director, Dialog Communication Systems BioTrusT - Investigation of the Acceptance and Use of Biometric Identification Procedures Richard Roth, Professor, University of Applied Sciences Gießen-Friedberg, Germany Semiconductor Technology for Security Mechanisms: Biometrics and Encryption Brigitte Wirtz, Senior Engineer, Infineon Technologies, Germany |
| Day Two | INFRASTRUCTURE TRACK |
| 11.30 - 15.30 | |
| Session 2 | PKI Chair: Antonio Lioy, Politecnico di Torino, Italy The Development Path Towards a Trusted Digital Society Berthold Stukenbroeker, Managing Director, D-Trust GmbH, Germany The Handling of PKI Requirements Ian Walker, Technical Director Europe, Entrust Technologies Europe |
| 12.40 - 14.20 | Lunch |
| The Emerging Role of Meta Directory and PKI within Secure
E-commerce Rudiger Ebach, Sales & Marketing Manager, ISOCOR, Germany & Austria How Smart Cards and PKI will change security in the next decade Werner Weick, CTO, Utimaco SafeWare AG, Germany |
|
| 15.30 - 16.15 | Coffee |
| 16.15 - 18.00 | |
| Session 3 | Certification Authorities Chair: Peter Landrock, Cryptomathic A/S, Denmark Choosing a CA Service Provider Bill Osborne, General Manager, Certificates Online, Baltimore, Australia Where do you want to use your certificates? Torben P. Pedersen, Cryptomathic A/S, Denmark The Role of Smart Cards in the Context of Certification Authorities Bernd Kowalski, Head of TeleSec, Deutsche Telekom AG, Germany |
| Day Two | APPLICATION TRACK |
| 11.30 - 15.30 | |
| Session 2 | E-commerce, E-business, E-banking Chair: Matthew Bowcock, Baltimore Technologies plc, Ireland Economics of Public Key Infrastructure Charles Goldfinger, Managing Director, Global Electronic Finance Management S.A., Belgium Identrus - a Global Public Key Infrastructure for E-business Mark Stirland, Principal Consultant, Electronic Commerce Security, Barclays UK |
| 12.40 - 14.20 | Lunch |
| Multi-function Authentication Services inn E-commerce Daniel Lancien, European Customer Support Director, ActivCard Europe SA EDIFACT Security Ulrike Korte, Senior Consultant for New Technologies, Informatik Cooperation, Germany |
|
| 15.30 - 16.15 | Coffee |
| 16.15 - 18.00 | |
| Session 3 | Applications of Digital Signature Chair: Johannes Ueberberg, debis IT Security Services, Germany SPHINX: Secure Exchange of Documents via E-mail Albrecht Rosenhauer, Referent, BSI, (GISA, German Information Security Agency), Germany Secure Online Applications in the Public Sector - e-Government and e-Health Case Studies Michael Hulsman, Product Manager, Brokat Infosystems AG, Germany Securing Applications in the Demostene Project Fabio Maino, Politec. di Torino |
| Day Two | LEGAL TRACK |
| 11.30 - 16.15 | |
| Session 2 | Electronic Signatures I Chair: Detlef Eckert, European Commission Signed Electronic Documents - Legal Possibilities Per Furberg, District Court Judge, Lagerlöf & Leman Advokatbyra, Sweden Role of "Secure Viewers" in achieving Trustworthy Digital Signature Jan Bosveld, Product Manager, Utimaco Safeware Belgium n.v. |
| 12.40 - 14.20 | Lunch |
| International Panel on Electronic Signature Laws To be announced, MITI, Japan Michael Baum, Vice President of Practices and External Affairs, VeriSign, USA Christina Hultmark, Professor, Goteborg University, Sweden Teresa Peters, Director, Electronic Frontier Foundation Europe Richard Schlechter, European Commission, DGXIII Heinz Thielmann, GMD, Germany |
|
| 15.30 - 16.15 | Coffee |
| 16.15 - 18.00 | |
| Session 3 | Electronic Signatures II Chair: Detlef Eckert, European Commission To be announced Frank Baygual, FESTE, Spain Panel Discussion: Digital Signature in Europe: Application in the Notary’s Office- Riccardo Genghini, Notary, Italy |
| 18.00 | Day Two Close |
ISSE Conference - Day Three
Wednesday 6th October 1999
| Day Three | TECHNICAL TRACK |
| 09.00 - 12.40 | |
| Session 4 | Open Source Linux as a secure platform for firewall solutions Bernhard Weiss, Consultant, KryptoKom, Germany Panel Discussion: Open Source David Aucsmith, Intel, USA Andreas Bogk, CCC e. V., Germany Werner Koch, GUUG e. V., Germany Andy Müller-Maghun, Chaos Computer Club, Germany |
| Coffee | |
| Session 5
|
Standardisation Initiatives Chair: Per Kaijser, Siemens AG, Germany European Electronic Signature Standardisation Initiative Hans Nilsson, Manager Professional Services, iD2 Technologies, Sweden PKCS #15 and Achieving Credential Portability With Smart Cards Magnus Nystrom, RSA Laboratories, USA |
| Day Three | INFRASTRUCTURE TRACK |
| 09.00 - 12.40 | |
| Session 4 | Structure & Application of Digital Certificates Chair: Frank Jorissen, Utimaco SafeWare AG, Belgium Significance of Attributes in Digital Signature Applications Karl-Adolf Hoewel, DATEV eG, Germany Attribute Certificates Simon Laing, Technical Director, Baltimore Technologies Pty Ltd, Australia Qualified Certificates Stefan Santesson, CEO, Accurata Systemsakerhet AB, Sweden |
| Coffee | |
|
|
Why is Time-stamping necessary in a Public Key Infrastructure? Denis Pinkas, IT senior consultant, Bull S.A., France Cross Certification for inter and Intra PKI Operations Michael Herfert, Security Engineer, GMD - Institute for Telecooperation Technology, Germany, |
| Day Three | APPLICATION TRACK |
| 09.00 - 12.40 | |
| Session 4 | Enterprise IT-Security Solutions Chair: Paul Meadowcroft, Baltimore Technologies plc, UK Deploying Enterprise Secure E-Mail John Hughes, Director of European Business Development, Entegrity Solutions, UK Strategy and Implementation of a PKI Rollout in an International Company Martin Glaesser, Siemens AG, Germany Operational Issues in Implementing a Cross Corporate PKI Bob Carter, Managing Director, Inter Clear Services Ltd, UK |
| Coffee | |
|
|
Security Modules in R/3 Sachar Paulus, Consultant, Secude GmbH, Germany Corporate Cryptographic Infrastructure Danny Groeneveld, Information Security Architect ABN AMRO Bank, The Netherlands. |
| Day Three | LEGAL TRACK |
| 09.00 - 12.40 | |
| Session 4 | Data Protection and Privacy Chair: Alfred Büllesbach, DaimlerChrysler, Germany International Regulation Models - case study: data protection in telecommunication Sven Mors, Telecommunications and Media Expert, Berlin Data Protection Commissioner, Internet Task Force of the Article 29 Group, Germany User Control over Personal Web Data Rüdiger Grimm, Head of Research Group "Marketplace Internet", GMD, Institute of Telecooperation, Germany Legal Challenges for a "Data Protection-Friendly" Technological Infrastructure Christopher Kuner, Attorney-at-law, Morrison & Foerster LLP, Belgium |
| Coffee | |
| Session 5
|
Evaluation of Security Solutions Chair: Helmut Kurth, IABG, Germany Case Study : How to Implement the BS7799 Information Security Management Framework and Get the Certificate Sari Torkkola, Product Manager, Instrumentointi Oy, Finland Generic Security Target and according Formal Security Policy Model for Smart Cards with Signature Functionality, Results and Applications Markus Ullmann, Head of Department: Basic Conditions for IT-Security, BSI, Germany |
| 12.40 - 14.20 | Lunch |
| 14.20 - 15.50 | Closing Plenary Chair: Norbet Pohlmann, Kryptokom GmbH, Germany Privacy & development of technology Marc Rotenberg, Director, EPIC, USA Information Market Europe & IT-security Charles Lowe, General Manager, eGovernment, BT Markets Division, BT, UK Closing note Olavi Kongas, Chief Information Officer, Ministry of Finance, Finland. |
| 15.50 | Conference Close |