Options for Cryptographic Electronic Security

Donate for the Cryptome archive of files from June 1996 to the present

21 August 1999
This is a translation by JYA of Section 8 of "Encryption and cryptosystems in electronic surveillance: a survey of the technology assessment issues," by Dr. Franck Leprévost - Technische Universität Berlin, Part 3 of the European Parliament-sponsored report, "Development of Surveillance Technology and Risk of Abuse of Economic Information," April 1999: http://cryptome.org/dst-3.htm. Section citations are to the full report. (Translation using Systran.)

8. Suggested options

The recommendations (section 4.5, p. 21-22)[below] of the preceding report [ 35 ] continues to us to be appropriate. We suggest here certain additional options to the European Parliament.
A. - To engage experts to prepare, on a regular schedule or according to events, technical documents for publishing by the Community authorities. As an example, it would be desirable, on the one hand to examine the integration of the remarks (not-exhaustive) given in 5.4 [below], and on the other hand to follow conferences on AES, IEEE-P1363 and P1363A, relating to cryptography with secret key and public key, and to observe the experimental projections concerning the capabilities of quantum processors.
B - Take into account the potential legal risks incurred by European telephonic industries (from groups of users who could be offended that security provided in telephones does not systematically correspond to promised security). European authorities should encourage European telephone operators to:
- update their implementation of the COMP128 authentication algorithm,
- clearly specify the effective level of security of their implementation of the A5 encryption algorithm.

C - Take into account:
- launching of worldwide advertising for Pentium III provided with a PSN (Processor Serial Number) of the leader (more than 80%) on the market of the microprocessors for the PC,
- risks of exploitation for purposes of electronic monitoring of the PSN,
- concern on this very precise subject expressed by the highest American authorities themselves; to see the declaration [ 15 ] of the 25/1/1999 of Mr. Al Gore, Vice-president of the United States,
- risks of clonings of the PSN, and risks of their inadequacy to the electronic trade, and thus of the consecutive risk of deceleration of this new industry, in particular in Europe
- the appropriate committees of the European Parliament would have:
- to ask for information from the American public agencies, particularly the NSA and FBI, on their role in the creation of the PSN developed by Intel Corporation,
- in parallel, to commission a group of independent technical experts to very precisely evaluate the risks of this product: electronic monitoring, falsification of PSN, etc. This group should complete its report as soon as possible.

Based on the first results of these steps, and if necessary, the appropriate committees of the European Parliament should be organized to evaluate legal measures to prevent installation of microprocessors provided with PSN (or identical functionalities) in the computers intended for European citizens, companies and organizations. We strongly emphasize that the suggestions above do not blame a precise company, but are motivated by the characteristics of a product which, potentially, and in the absence of fast action at community level, can be essential in the next months as an industrial standard de facto in Europe.
D. - With regard to Category 5, part 2 of the Wassenaar Arrangement, treated in section 7 of this report, we recall the following facts:
- Owing to the fact that algorithms with secret key or with public key are accessible freely, for example via Internet, and taking into account remark 7.4, and of consequences 7.5, it appears that the restrictions on export do not constitute, in any way, a serious handicap for the criminal and terrorist organizations. In addition, by the example of the United States, the law enforcement agenices can work efficiently, even when powerful cryptographic products are freely used.
- On the other hand, taking into account 7.6, they [restrictions on encryption products] constitute a very important brake for the European companies of computer security and with the development of the industry of the international electronic trade.
- the French government, in agreement with the President of the Republic, decided on 19/1/1999 at the conclusion of the interdepartmental committee devoted to the company of information ([ 5 ]), to liberalize the use of cryptography from 40 bits to 128 bits to provide a higher security threshold freely usable. It seems that this evolution is only one first stage for a total liberalization of the use of cryptography on the French territory. Hitherto, the regulation of France with regard to cryptography was among most strict at the international level.
- the Echelon network is most probably able to intercept, decode and process the data transmitted with the products put on the market meeting the criteria pointed out in 7.2.

Consequently, the European Parliament should quickly discuss liberalizing the use of cryptography throughout the whole of the European Community.
E - The Committee should proivde the EC a more detailed report on the implications of the risks of electronic monitoring of Wassenaar Arrangement. It is noted already that item the 5.B.1.b.1 (one of the part devoted to telecommunications) of Wassenaar Arrangement subjects to control certain equipment employing digital techniques ATM (Asynchronous Transfer Mode). This technology of transfer of data is much more difficult (but however not impossible, to see [ 32 ], share 2) to supervise electronically than those exchanged in traditional mode TCP/IP. Ii would be also very useful to determine if the products authorized with export allow effective answers to TEMPEST (see 2.7 and the introduction to 3): indeed, the utility of the encryption is very limited if, in addition, one can read data emissions before encrypting, or after decryption, by way of their electromagnetic radiation.

Appended by Cryptome
Excerpted from:
An Appraisal of the Technologies of Political Control
4. RECOMMENDATIONS

(i) All surveillance technologies, operations and practices should be subject to procedures to ensure democratic accountability and there should be proper codes of practice to ensure redress if malpractice or abuse takes place. Explicit criteria should be agreed for deciding who should be targeted for surveillance and who should not, how such data is stored, processed and shared. Such criteria and associated codes of practice should be made publicly available.
(ii) All requisite codes of practice should ensure that new surveillance technologies are brought within the appropriate data protection legislation.
(iii) Given that data from most digital monitoring systems can be seamlessly edited, new guidance should be provided on what constitutes admissible evidence. This concern is particularly relevant to automatic identification systems which will need to take cognizance of the provisions of Article 15, of the 1995 European Directive on the Protection of Individuals and Processing of Personal Data.
(iv) Regulations should be developed covering the provision of electronic bugging and tapping devices to private citizens and companies, so that their sale is governed by legal permission rather than self regulation.
(v) Use of telephone interception by Member states should be subject to procedures of public accountability referred to in (i) above. Before any telephone interception takes place a warrant should be obtained in a manner prescribed by the relevant parliament. In most cases, law enforcement agencies will not be permitted to self-authorise interception except in the most unusual of circumstances which should be reported back to the authorising authority at the earliest opportunity.
(vi) Annual statistics on interception should be reported to each member states' parliament. These statistics should provide comprehensive details of the actual number of communication devices intercepted and data should be not be aggregated. (This is to avoid the statistics only identifying the number of warrants, issued whereas organisations under surveillance may have many hundreds of members, all of whose phones may be subject to interception).
(vii) Technologies facilitating the automatic profiling and pattern analysis of telephone calls to establish friendship and contact networks should be subject to the same legal requirements as those for telephone interception and reported to the relevant member state parliament.
(viii) The European Parliament should reject proposals from the United States for making private messages via the global communications network (Internet) accessible to US Intelligence Agencies. Nor should the Parliament agree to new expensive encryption controls without a wide ranging debate within the EU on the implications of such measures. These encompass the civil and human rights of European citizens and the commercial rights of companies to operate within the law, without unwarranted surveillance by intelligence agencies operating in conjunction with multinational competitors.
(ix) The Committee should commission a more detailed report on the constitutional issues raised by the National Security Agency (NSA) facility to intercept all European telecommunications and the impact this supervisory capacity has on a) any existing

21

constitutional safeguards protecting individuals or organisations from invasion of privacy such as those extant for example in Germany, b) the political, cultural and economic autonomy of European member states. This report should also cover the social and political implications of the EU/FBI proposals made to operate a global telecommunications surveillance network as discussed above. This report should also analyze the financial and constitutional implications of the proposals and provide an update of the work undertaken so far and the status of political approval.
(x) Relevant committees of the European Parliament considering proposals for technologies which have civil liberties implications for example the Telecommunications Committee in regard to surveillance, should be required to forward all relevant policy proposals and reports to the Civil Liberties Committee for their observations in advance of any political or financial decisions on deployment being taken.
(xi) All CCTV surveillance schemes operating in public spaces and especially in residential areas should be governed by a comprehensive Code of Practice which encompasses:- a) a purpose statement covering the key objectives of the scheme; b) a consideration of the extent to which the scheme falls within the scope of Data Protection legislation; c) the responsibilities of the owner of the scheme and those of local partners; d) the way the scheme is to be effectively managed and installed; e) the principles of accountability; f) the availability of public information on the scheme and the principles of its operation in residential areas; g) the formal approaches to be used to assess, evaluate and audit the performance of both the scheme and the accompanying Code of Practice; h) mechanisms for dealing with complaints and any breaches of the Code including those of security; i) detailing the extent of any police contacts or use of the scheme; and j) the procedures for democratically dealing with proposals of technological change. It is suggested that the Civil Liberties Committee formally consider adopting the model Code of Practice for CCTV, produced by the Local Government Information Unit (LGIU) in London (A Watching Brief, 1996).

5.4. Technical reading of the document COM (97) 503 of the DG XIII of the European Commission. The document [ 12 ] specifies the needs at the European Community level for protecting electronic communications. It also relates to electronic signatures and methods for confidential electronic communications. We suggest here modifications to the technical appendices I (Digital Signature) and II (Symmetric and asymmetric encryption) of this document.
Appendix I.- It would be desirable to avoid quoting examples like MD2 and MD5. Indeed, because of the conflicts in the first case, and of the pseudo-conlicts in the second, were emphasized. It would be also desirable to replace SHA by SHA-1 (based on work [ 14 ]), and to write RIPEMD-160 (based on work [ 7 ]) instead of RIPEM 160. One or the other of these suggested modifications is to replace, where that is possible, functions MD2, MD4 and MD5.
Appendix II Symmetric encryption systems.
Annexe II. Symmetric encryption systems.- It would be desirable to avoid quoting an examples like OF and SAFER. We suggest preserving IDEA, which does not have until now any serious weakness, and restrain quoting candidates for the second round of AES.
Annexe II. Asymmetric encryption systems.- Again, with regard to the examples, it would be desirable to be more precise, e.g. by taking again the approach in the course of standardization given to the beginning of 5.1.
Appendix II Systems security.- We suggest removing the last sentence of the second paragraph: "In a symmetric system like OF gold IDEA, keys of 56 to 128 bits provide similar protection to a public 1,024-bit key ". This assertion is completely erroneous.