I think RIPE should formulate a position statement in this matter and send to Council of Europe and EC. I guess many ISPs would back a statement towards liberal use of cryptography to facilitate the growth of the Internet so that we don't all get into the position in France and Russia where cryptography is illegal, as I understand. The Internet society has already sent message to US government arguing against the clipper chip and I guess ISOC could also send such a message to the EC and the council. Any volunteers for a position statement ? Jon ? Frode --------------------------------------------------------------------------- Frode Greisen phone: +45 3582 8355 UNI-C direct dial in: +45 3183 2411 - 4356 Vermundsgade 5 fax: +45 3183 7949 DK 2100 Copenhagen, Denmark e-mail: frode.greisen@uni-c.dk --------------------------------------------------------------------------- On Fri, 6 Oct 1995, Jon Crowcroft wrote:
Hello All,
Yesterday I read in "Communications Week International" (issued 18 Sept 95) the article named "Euro-Clipper chip scheme proposed" by Damian Peachey.
Can somebody comment it more shurely that it is in article ?
it is likely that the EC will recommeond that the EU moves to a) no public domestic use of strong encryption b) escrow keys held by some EC agency
this is despite the fact that there are NO technical experts that I know of that agree that 1/ terrorists, drug dealers and dissemiantion of obscene material will be affected in the least, or wopuld partioculalry benefit from wide availability of commercial strong encryption ()seeing as they can get it for nothing or use phrasebook technology instead)
2/ Key escrow is inherently unsafe since the holders of the escrowed keys are not part of the users' audit mechanisms - furthermore, it is a potential invasion of the right to free and private speech, and represents a direct attempt to exert more (international) state control than is tolerable by almost all internation commerce.
There is a body of work that analyzes complete security systems (from banking for example) which shows that most (>90%) of security failures are due to breach of trust in the people chain, and not in the technology. [ref CACM Nov 94, Vol 37, No. 11, "Why Cryptosystems Fail", Ross Anderson] - see also various bboards about the differences between openly available technology (c.f. pgp) and secretly produced auth/privacy software (c.f. netscape - 3 failures to date). see also http://web.cnam.fr/Network/Crypto/
Most large commercial organisations that really need strong crypto will of course find ways around (e..g SWIFT use DES already for banking - I am sure that the large financial insitutes will get special permiossion to use 128bit or larger keys for RSA)
It is very sad that the EC has such incompetent technical advice.
At an IAB security workshop a while back on Internet security, a large number of US experts were very scathing about the US government attempt to enfoce clipper. There is only one 'security expert' on record as supporting i, and that is Dorothy Denning....in my opinion, her motives are extremely suspect.
For people from countries like yourself it has proved vital to have the ability to communicate privately and be highly assured that a governement cannot eavesdrop - I cannot understand why the EC which supports political changes that involve popular movements against governemnt to increase freedom, should see fit to try to introduce a policy and mechanism that decreases it.
The ACM (as chair of ACM SIGCOMM I suppose I should say this) has taken the official position in a policy statement that escrow is technically flawed, and should not be employed.
regards
jon crowcroft