UK Crypto Policy

Cryptome DVDs. Donate $25 for two DVDs of the Cryptome collection of 47,000 files from June 1996 to January 2009 (~6.9 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, cryptome.info, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,100 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost.

24 January 1998

To: ukcrypto@maillist.ox.ac.uk
Subject: More on Labour crypto policy ...
Date: Sat, 24 Jan 1998 11:32:48 +0000
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>

Over the last few weeks, crypto policy insiders have been talking to a
number of people in industry, floating a proposed policy and testing
the response. I heard about this policy from multiple sources in
confidence; recently I received a non-confidential version.

It appears to be much the same as the previous government's policy
except that CAs which license signing keys only won't have to escrow
private keys. CAs will be licensed and signatures uttered with keys
certified by them will have legal force. This is clearly the carrot.

But it's actually a stick. As a recent discussion on this list pointed
out, there are already millions of contracts made by email with the
signature being no more than an ascii name at the bottom. So a strict
interpretation of this policy would compel everyone who does business
via email to start using digital signature software.

The catch is that the readily available products such as PGP combine
signature and encryption functions, and no-one is going to redesign
their products for the poxy little UK market, which accounts for maybe
5% of software sales. But if businessmen are compelled to sign email
contracts using signature keys which, as they are also decryption
keys, must be escrowed, then these signatures will not be valid in
Germany as the German digital signature law expressly bars signatures
made with an escrowed key.

It looks like Hickson and his friends in the West Country and just
digging themselves, and New Labour, deeper and deeper into the mire.

What's to be done?

Well, there are many ways in which this madness might be averted. Our
most recent contribution is the Global Trust Register, a CA which we
have implemented in a manner which will in practice be impossible for
governments to control. 

For details see:

http://www.cl.cam.ac.uk/Research/Security/Trust-Register/index.html

Ross