28 June 1999

From: "Brian Gladman" <gladman@seven77.demon.co.uk>
To: "UK Crypto List" <ukcrypto@maillist.ox.ac.uk>
Subject: Encryption Controls - A Psychological Battle?
Date: Mon, 28 Jun 1999 18:02:16 +0100

From: David Swarbrick <david@swarb.demon.co.uk>
To: <ukcrypto@maillist.ox.ac.uk>
Sent: 24 June 1999 19:14 PM
Subject: Re: IOCA Consultation documents available


> .pdf stinks. It is a last resort for those too lazy to do a job
> properly, and it reeks of people saying how important they are.

Anyone who is seriously interested in dealing with issues in the crypto business will have to get used to dealing with a wide range of document formats.  But I agree with others that this is not the intended topic of this list although, as the discussion here suggests, it may well be interesting in its own right.  If so, is there already a list where this is or can be discussed and, if not, can we create a SEPARATE one?

I, for one, am pleased to see David Hendon post here once again but I would much prefer him to answer the issues raised by the PIU report (in which he played a major role) instead of diverting attention onto a discussion of document formats.

It is a disappointment that David now only seems to post when he has no responsibility for crypto and hence does not follow Nigel's efforts to take part in the debate.  We may disagree with Nigel but I would hope that we are all prepared to congratulate and support him in his efforts here to comment on what is going on.  As an ex civil servant I know how risky commenting on mailing lists can be since the very formation of this list was, in part, the result of the pressures I came under while still in MOD not to discuss crypto issues openly with Paul Leyland (then at Oxford) on sci.crypt.

As leader of the PIU study team, David played a major role in the work leading to the recent PIU report which killed off key-escrow.  This is a step forward of sorts which we should thank him for, but it is important to remember that crypto export controls are still with us. And, despite its remit, the PIU report offers absolutely no coverage here.  Moreover it is very easy to interpret the report as an attempt to divert attention from such controls since, not only are they not mentioned, but a highly misleading assertion is made that 'there is remarkably little international co-ordination' on encryption policy. Nigel made a half hearted attempt on this list to justify this statement but he  did not answer the following questions, I suspect because he is an honest and an honourable person who does not want to find himself defending the indefensible.

In fact there are now two outstanding 'Open Government' requests with the DTI that seek to find out more about a number of visits of David Aaron - the US Crypto Ambassador - to the UK. The DTI is dragging its feet on these and I believe that one or both of them are now with the Ombudsman.  If this evidence is eventually published it will show clearly that the Government (or, maybe, parts of the civil service) is being 'economical with the truth' here. The political stakes could hardly be higher given that this has happened in a document issued in the name of the Prime Minister, so it will be very interesting to see how the Ombudsman moves on this. 

I and many others on this list are very well aware of the full extent of the international coordination of crypto policy that goes on 'behind the scenes' but most will not speak out because it does not pay to alienate government when in industry. I don't have any such constraints and I am more than happy to reveal the full extent of crypto co-ordination if I have to in order to show that the government is lying in the PIU document.  I am very clear that this PIU statement was a lie but I do not yet know the extent to which those involved are implicated in this.  My advice to the UK government (they never take my advice but what the heck) is to come clean now before things get a great deal worse.  Watch this space.

Returning to the issue of government controls on crypto, what appears to be widely underestimated is the breadth and the depth of the effort being made by governments - especially the US - to prevent the spread of crypto.  Their fight at a technical level was lost almost a decade ago but the fight at a psychological level is still being very successfully waged to the point that there is almost no good crypto being used by 99.9....% of users despite the fact that there are no technical barriers standing in the way of this.

Even more interesting, there are no legal barriers to the deployment of good cryptographic protection either - although you would hardly believe this if you listened to the arguments now raging.  But the promotion of this debate is just a part of the psychological battle.

We can deploy 56 (or 64) bit crypto in:

By deploying 56 bit crypto in this way we would ensure that each application layer data stream was subject to protection by several different cryptographic systems using several different keys implemented in different ways in a range of different products.  The diversity of  protection provided by this approach would create added resistance to  attack in its own right and the end result would be a great deal stronger than the rather lame attempts made by major software suppliers to give us apparently strong protection in products that are a great deal weaker than the key lengths being used might lead us to expect.

All of this is both technically and legally possible but it is not happening because we have been duped into wanting the 'forbidden fruit' of longer keys that are always being put just beyond our reach by a new round of crypto export controls.

Many are puzzled by this move on the part of the US government since, at a technical level, these controls do not appear to make any sense since they do not prevent the use of 128 bit cryptography. But at a psychological level the impact of these controls is still massive since they serve two purposes, ONE of which is vital but covert:

And the latter is the real purpose of crypto export controls - they are NOT there to stop 128 bit crypto being deployed - they are there to create 'forbidden fruit' - all the time just beyond our reach - so that we draw conclusions from this with the result that NO CRYPTO IS DEPLOYED AT ANY STRENGTH.

It would be impossible to over-emphasise this part of my message:


And once this has been twigged, anyone who looks at the evidence of the last 20+ years with open eyes and an analytical mind will see this as an obvious truth.

So I call on all major companies involved in Internet products of all kinds:

to each implement high quality 56 bit DES in all their products.

Moreover, I call for telcos, ISPs, Banks, e-commerce companies and end users to stop complaining that DES is not good enough.   Deployed ubiquitously as I have suggested, as an all pervasive capability at all levels within  the global information infrastructure, this will offer far more effective protection that we will ever achieve by waiting for the 'forbidden  fruit' that is being so skilfully denied to us.

Most of all, however, once the  nature of 'the game' becomes widely understood it will no longer be worth playing.

         Brian Gladman

To: ukcrypto@maillist.ox.ac.uk
Subject: Encryption Controls - A Psychological Battle?
Date: Mon, 28 Jun 1999 22:03:50 +0100
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>

Brian, on export controls and keylength restrictions:

> MORE IMPORTANTLY, they create the ***perception*** that products at
> 56/64 bits are useless and not even worth deploying.

I have for years taken the view that give a choice between key escrow and 40-bit keys, we should choose the latter.

They simply preserve the status quo, namely that the government can open anybody's mail, but it cannot open everybody's mail.