26 March 1998
Date: Thu, 26 Mar 1998 05:28:24 -0500 From: John R T Brazier <Prunesquallor@compuserve.com> Subject: Computing Article: Banks & Keys Recovery To: <firstname.lastname@example.org> Dear All, 26th March Issue of Computing (computingnet.co.uk), lead article below. Also on the front page the Post Office is starting up as a digital signature certifier. Cheers, John B ----------------------------------------- Banks slam snoops Major users split over government's attempt to regulate cyberspace Europe's banks have rejected a controversial key recovery encryption scheme on the eve of an expected government announcement imposing the policy on the UK, writes Dan Sabbagh. Computing has learned that the European Committee on Banking Standards (ECBS) - a powerful consortium of financial institutions - has filed a submission with the European Commission arguing against key recovery. The committee's stance is backed by the UK's banks, which are represented by industry body APACS. It is understood that the submission, which will not be made public, says that many European banks are 'fundamentally opposed' to the introduction of statutory regulations for key recovery in Europe. Financiers, it maintains, 'cannot see any benefit for European banks and their customers'. Key recovery schemes require individuals and companies that use encryption to deposit a copy of their encryption keys with a 'trusted third party'. These keys are then made avail- able to law enforcement agencies, on production of a warrant, allowing them access to encrypted private transmissions. The Department of Trade and Industry is thought to be close to unveiling a key recovery scheme for UK encryption users in the face of opposition from civil liberties campaigners and a growing number of corporates, including Microsoft. The ECBS' argument has been broadly endorsed by NatWest. Tim Jones, managing director of retail banking services at NatWest, said: 'Key recovery is a brutal and expensive way to achieve law enforcement.' Jones said that he believed there were simpler ways to allow access to encrypted data. He added that, in his opinion, medium-strength encryption - 64-bit DES - should not necessitate key recovery because codes could be cracked 'with a couple of Crays and a following wind'. Steve Thomas, head of security at APACS, outlined the objections of Europe's banks. 'If key recovery is so good for business, as its supporters argue, then we don't need a statutory framework to introduce it. Giving up any keys to a third party must reduce the security of any system,' he said.