27 March 1998

From: "Yaman Akdeniz" <lawya@lucs-01.novell.leeds.ac.uk>
To: ukcrypto@maillist.ox.ac.uk
Date: Fri, 27 Mar 1998 10:24:49 GMT0BST
Subject: Police Access to Encrypted Messages - BNA Electronic Commerce an

Dear All,

The following piece is very interesting and mentions a secret policy 
paper which at least we were aware of when we released the initial 
warning with a Cyber-Rights & Cyber-Liberties (UK) press release 
which was followed by a Global Internet Liberty Campaign Statement on 
what has been reported in the media.

Now the following BNA report mentions an anonymous UK officialtalking 

about this internal paper. Comments by  David Hendon of DTI is 
also included in the coverage. Maybe David would like to explain us 
all about this internal policy paper which was issued to the EU 
ministers during the Birmingham summit.

Of course we will never be able to see that internal policy paper as 
there are no laws on Freedom of Information in this country but soon 
that will change as well!

All the best.



BNA Electronic Commerce and Law Report
March 25, 1998.


U.K. President of EU Kicks Off Debate
on Police Access to Encrypted Messages

BRUSSELS-The United Kingdom, in its capacity as the current holder of
the European Union presidency, has prepared a policy paper calling for
law enforcement authorities to have access to encrypted electronic
communications under certain circumstances. The document, submitted to
an EU police working group at the end of February, states that "where
an encryption key is used for confidentiality purposes, it may be
necessary for law enforcement agencies to have lawful access in
certain circumstances. This access may need to be either overt or
covert," a U.K. official told BNA, speaking on the condition of

Exactly which circumstances would require access have not been
determined, said the U.K. official.

The paper was drawn up after an informal meeting of EU justice and
home affairs ministers at the end of January when the ministers
concluded that there was a "need for possibilities of interception by
law enforcement authorities."

The U.K. paper is further evidence that, as in the United States,
there is a split between law enforcement agencies and industryrelated
government departments and industry itself over the encryption issue.

The British government also argued in the policy paper that under what
it calls a "backdoor key" approach, law enforcement agencies must be
allowed fast access to encrypted messages in order to combat the
increasingly sophisticated communications methods used by criminal
organizations and terrorists, the U.K. official said.

But another official, David Hendon of the U.K.'s Department of Trade
and Industry, said it would be wrong to surmise that the United
Kingdom is about to pursue a mandatory key escrow policy. "Of course
to be 100 percent sure of getting keys, you would need to have
mandatory escrow. But we don't think this is realistic or
in any way attainable and so it would be wrong to make a connection
that the U.K. is about to announce such a thing-which, to be clear, we
are not," said Hendon.

Hendon explained that the paper's reference to "overt" and "covert"
does not imply a call for "back door keys." By overt, he said, "we
were referring to a search warrant that is served on the owner of a
PC," for example. "By covert, we were referring to encryption related
to interception of realtime communications.

Obviously in this case, if the suspect knows his communications are
being bugged, he won't say anything that helps the investigators."
This, said Hendon, is a significant point because U.K. law does not
permit interceptions to be used as evidence. Rather, an interception
enables evidence gathering. Covert access is also necessary in
terrorism investigations because the goal there is to step the
terrorist act before it occurs, he said.

Rift With E Commerce Boosters. "There seems to be
widespread support among the member states for the report," added the
anonymous U.K. official. She also stated that some European Commission
officials would like to think that the U.K. "was out on a limb with
this approach," but they were wrong.

Indeed, both Telecommunications Commissioner Martin Bangemann and
Internal Market Commissioner Mario Monti have argued over the course
of the past year that there is no need for a system where law
enforcement agencies must be given a key to encryption codes.

"If the current trend continues there will likely be a showdown in the
EU with those in favor of promoting a single market for electronic
commerce against access to encryption codes versus those who believe
law enforcement agencies need to have access to encryption," said the
U.K. official.

As part of research compiled before presenting the report, the
Netherlands conducted a survey on the status of encryption legislation
and the socalled "trusted third party" concept where the keys are
deposited with a neutral body. Twelve of the 15 EU member states
responded and some of the results, which the U.K. presidency used in
its report, were as follows:

* One member state (France) has a law requiring the public or
companies to surrender encryption keys to crime detection or state
security services while the United Kingdom and the Netherlands require
this only under certain circumstances.

* In five member states (Spain, the United Kingdom Sweden, the
Netherlands, and France) there is either new or revised legislation
under discussion.

* In four member states (the United Kingdom, Denmark, the Netherlands,
and Greece) trusted third parties (TTPs) are in use.

*No experience in any member state has been  gained from the TTPs by
crime detection and state security services.

Yaman Akdeniz <lawya@leeds.ac.uk>
Cyber-Rights & Cyber-Liberties (UK) at:


Read CR&CL (UK) Report, 'Who Watches the Watchmen'