LICENSING OF TRUSTED THIRD PARTIES
FOR THE PROVISION OF ENCRYPTION SERVICES
Public Consultation Paper
on
Detailed Proposals for Legislation
March 1997
FOREWORD
Ian Taylor MBE MP
Minister for Science & Technology
On 10 June 1996 I announced to Parliament that the Government
would be bringing forward proposals for the licensing and regulation
of Trusted Third Parties for the provision of encryption services.
I indicated then that a public consultation document on the Government's
proposals would be issued prior to the introduction of legislation.
I am pleased to be able to introduce this document to you now.
The proposals in this consultation document make a significant
contribution to the Government's overall strategy for building
the information society in the UK. The provision of secure electronic
commerce is a key issue for business and consumers and it is important
that we take positive steps to address it, if we are to ensure
that everyone in the UK exploits the full potential of information
and communication technologies.
The last 12 months have been a year of intense activity for Government.
February 1996 saw the launch of the Information Society Initiative
Programme for Business aimed at encouraging British business to
improve its competitiveness by using information and communication
technologies. December 1996 saw the full liberalisation of international
telecoms facilities in and out of the UK, and the launch of IT
for All - an exciting new programme aimed at bringing the benefits
of the information society within the reach of all UK citizens.
The Green Paper government.direct set out a vision for the electronic
delivery of Government services. Whilst the Education Department's
Superhighways Initiative continues to support a series of projects
designed to raise awareness of computer networks in education.
The UK is already a world leader in the telecommunications, broadcasting
and multi media industries. Business and consumers are therefore
well placed to take advantage of the opportunities on offer.
Despite this however, significant barriers to the take up of electronic
commerce still remain.
These proposals - aimed at facilitating the provision of secure
electronic commerce - are being brought forward against a background
of increasing concern, not about the technology, but about the
security of information itself. In a world where more and more
transactions are taking place on open electronic networks like
the Internet, there has been a growing demand from industry and
the public for strong encryption services to help protect the
integrity and confidentiality of information. These proposals
have been developed to address those concerns, but at the same
time are aimed at striking a balance with the need to protect
users and the requirement to safeguard law enforcement, which
encryption can prevent.
I believe that the proposals outlined in this paper achieve that
balance. Their success though will ultimately depend on their
widespread acceptance and use of Trusted Third Parties by the
business community. We are therefore looking to industry to work
with us in close partnership on this important issue.
I therefore urge you now to let us have your comments on this
document.
IAN TAYLOR
TABLE OF CONTENTS
FOREWORD
SECTION I: INTRODUCTION
SECTION II: GOVERNMENT POLICY FRAMEWORK
SECTION III: EUROPEAN UNION & OECD DEVELOPMENTS
SECTION IV: CRYPTOGRAPHY
SECTION V: TRUSTED THIRD PARTIES
SECTION VI: STRUCTURE OF THE PROPOSALS
Policy considerations
Legislative Headings
Licensing Regime
Licensing Criteria & Conditions
Exclusions
Prohibitions
Legal Access
Sanctions
Liability
Appeals and Tribunal
SECTION VII: MOVING AHEAD
ANNEX A Legal Recognition of Digital Signatures
ANNEX B Legal access to keys held by TTPs - International
Aspects 23
ANNEX C Explanation of Licensing Criteria
ANNEX D Glossary
ANNEX E Minimum Functional Requirements of an International
TTP
Architecture
ANNEX F Frequently asked Questions & Answers
THE LICENSING OF TRUSTED THIRD PARTIES
FOR THE PROVISION OF ENCRYPTION SERVICES
Consultation Paper on Proposals for Legislation
SECTION I: INTRODUCTION
- This consultation paper sets out the Government's policy proposals
for the licensing and regulation of Trusted Third Parties (TTPs)
to provide a range of information security services to their clients.
- These proposals stem from the Government's announcement of
10 June 1996 on the provision of encryption services on public
networks[1]. This announcement recognised the growing demand from
industry for strong encryption services to safeguard the integrity
and confidentiality of electronic information transmitted on public
telecommunications networks. It also recognised the need to balance
this demand with the requirement to preserve the ability of intelligence
and law enforcement agencies to fight serious crime and terrorism.
- Against this background the Government announced that it would
be bringing forward proposals for the licensing and regulation
of TTPs to provide a range of information security services to
their clients. It also indicated that formal consultation on
the Government's proposals would be undertaken by the Department
of Trade and Industry with all interested parties, prior to the
bringing forward of legislation. Since June 1996 the Department
of Trade and Industry, together with other government departments,
has been concentrating on the detail of the legislation required
to licence TTPs. This paper outlines the Government's proposals
and seeks comments on their suitability and scope. Following
this consultation the Government will make a further statement
indicating how the legislation is to be brought forward, and giving
further details of the intended regulatory regime.
- This paper comprises seven sections. Section I introduces
the paper. Section II outlines the overall policy framework within
which the Government's policy on TTPs has been developed. Section
III outlines international activity being considered by the European
Commission on information security, including the promotion of
TTPs. It also outlines discussions on similar issues taking place
within the OECD. Section IV discusses cryptography and the role
it has to play in securing the confidentiality and integrity of
data. Section V outlines the potential benefits of a TTP network
in the context of information security and indicates the range
of services that TTPs might provide. Section VI outlines the
structure of the Government's proposals and seeks comments on
the areas it considers necessary to cover as the basis for legislation.
Section VII highlights those issues on which the Government would
particularly welcome comments.
The annexes to this paper contain:
A paper on the legal recognition of digital signatures.
A paper on legal access to keys held by TTPs: International Aspects
An explanation of the proposed licensing criteria.
A glossary of terms.
A paper on the minimum functional requirements of an international
TTP Architecture.
Frequently asked Questions and Answers.
- Comments are invited on the issues set out in this consultation
paper by Friday 30 May 1997. It may not be possible to
take account of any responses received after this deadline given
the Government's wish to move ahead quickly with the introduction
of legislative proposals.
To obtain additional copies of this document, please ring
0171 510 0174 or fax 0171 510 0197, quoting DTI
reference: URN 97/669. You may access the document on
the Internet at: http://www.dti.gov.uk/pubs.
Comments should be sent in writing to Nigel Hickson at the
following address:-
Information Security Policy Group
Communication & Information Industries Directorate
Department of Trade & Industry
Room 224
151 Buckingham Palace Road
London SW1W 9SS
- Alternatively comments may be sent to the following e-mail
address:-
[ttp.comments@ciid.dti.gov.uk]
or faxed to 0171
931 7194
- The Government does not intend to respond to individual comments.
However, all comments received will be acknowledged and will
be taken into account when proposals for legislation are introduced.
- A summary of comments, subject to requests for confidentiality,
will be published prior to legislative proposals.
SECTION II: GOVERNMENT POLICY FRAMEWORK
- The Government's policy on TTPs and the provision of encryption
services for the protection of information transmitted electronically
should be viewed in the context of the Government's broader objectives
for building the information society in the UK.
- The Government's view is that new developments in information
and communication technologies offer exciting opportunities in
the UK. Advances in the computing, telecommunications and creative
sectors, combined with the world-wide explosion of electronic
commerce, are revolutionising the delivery and availability of
information and services. The Government wants to ensure that
everyone in the UK is able to benefit from these developments
and that they are able to play a part in the emerging information
society.
- The UK is already a world leader in telecommunications, broadcasting
and multimedia - benefiting from Government action to liberalise
the market and promote competition. Both business and consumers
are therefore well placed to take advantage of the opportunities
on offer. For example, many firms are already finding that their
ability to make effective use of new information and communication
technologies is crucial to their performance. Indeed the increased
use by British business of information technology over the last
decade has been a major factor in their improved competitive position
in global markets.
- Within this framework the Government has an important role
to play in providing leadership in certain key areas. These include:-
a) Creating the right regulatory framework so that industry and
the economy can flourish, while assuring proper protection for
the public.
b) Promoting appropriate use of new technologies - in schools
and colleges, museums and libraries, in the health service and
in all areas of public life.
c) Using information technology to improve efficiency in Government
and the effectiveness of the services it delivers to industry
and the public.
d) Acting as a catalyst for new developments, bringing people
together and working in partnership with the private sector and
local authorities to make things happen.
- The Government has adopted a national strategy for the information
society - the Information Society Initiative - which seeks
to include and enrol everyone in the UK through a number of complementary
initiatives applying across all sectors of society.
- IT for All - a programme which offers the public a wide
range of opportunities to try and more readily understand technologies.
- Programme for Business - where business and commerce
are provided with wide- ranging resources, support and funding
to help them thrive in the emerging information based economy.
- government.direct - a recent Green Paper which
sets out a vision for the electronic delivery of Government services,
making them more accessible, more available and easier to use.
- The Education Department's Superhighways Initiative
which supports a series of projects designed to raise awareness
of computer networks in education and show how they can best
enrich the delivery of education.
- The growth in electronic commerce offers great opportunities
for the business community and consumers. The Government recognises
however that it also brings with it significant risks. In particular,
the ability to conduct all kinds of transactions across open
information and communication networks like the Internet has led
to increasing concern about the security of the information itself.
In this context, businesses in particular have raised legitimate
concerns about the adequacy of security measures for protecting
the integrity and confidentiality of information transmitted on
public telecommunication networks. It is clear that increasingly
the concerns of users are not only about the availability of the
technology and its benefits, but about the level of trust that
both business and the public can place in such technology. These
concerns represent a significant obstacle to the continued take
up of electronic commerce in the UK. Hence the issue of how best
to facilitate the provision of secure electronic commerce has
become a key component of the Government's objectives for building
the information society.
- One of the most effective security tools for protecting the
integrity and confidentiality of information transmitted on open
electronic networks is cryptography. Over the last 2 years there
has been a growing demand from industry for strong encryption
services on communications networks and the Government recognises
that this can help solve some security problems. In developing
a policy in this area however the Government has to take many
different interests into account. For example, a significant
area for consideration in this context is how the spread and availability
of encryption technology will affect the ability of the authorities
to continue to fight serious crime and terrorism, and protect
UK economic well being and national security. In particular,
the Government considers it essential that the ability of security,
intelligence and law enforcement agencies to conduct effective
legal interception of communications under the Interception of
Communications Act 1985 is preserved in any policy proposals.
Another key area in developing this policy is the need to ensure
the privacy of individuals. That is why the Government is in
favour of developing a policy that will facilitate the use of
cryptography for everyone. The rights of individual privacy will
be strongly safeguarded by the technology made available, and
the tightly controlled legal access conditions that these proposals
wish to introduce.
- It is the need to strike a balance between the commercial
requirement for robust encryption services, with the need to protect
users, and the need to safeguard law enforcement and national
security requirements which led to an announcement by the Government
in June 1996 of its policy towards encryption services on public
networks. It is on the basis of the policy outlined then that
the detailed proposals outlined in this paper- for the introduction
of legislation to license TTPs wishing to provide a range of
encryption services to their clients - are now being brought forward.
- Whatever services TTPs provide, they must be trusted by their
clients. Indeed in a global trading environment there will have
to be trust of, and between, the various bodies fulfilling this
function. To engender such trust, TTPs providing encryption services
to the general public will be licensed. The licensing regime
will seek to ensure that organisations who wish to establish themselves
as TTPs will be fit for the purpose. It will aim to protect consumers
as well as to preserve the ability of the intelligence and law
enforcement agencies to fight serious crime and terrorism by establishing
procedures for disclosure to them of the encryption keys, under
safeguards similar to those which already exist for warranted
interception under the Interception of Communications Act 1985.
SECTION III: EUROPEAN UNION & OECD DEVELOPMENTS
- The Government's initiative on TTPs will be of much greater
significance for industry if similar developments take place in
the countries of our main trading partners. The development of
encryption services via TTPs requires compatible mechanisms in
other countries and the UK has been active in promoting the concept
through both bilateral and multilateral contacts. Within Europe
the main forum for discussion on such issues is the European Union,
in particular the European Commission where DG XIII has a small
unit dedicated to information security issues.
- In 1992 a Committee of Member States on information security
issues (known as SOG-IS) was established as a forum for Member
States to advise the Commission on the sort of initiatives that
might be appropriate in this field. This resulted in a programme
of work on information security including the adoption of the
ITSEC [2]criteria (first developed by the UK, France, Germany and
the Netherlands) and the first pilot projects involving the use
of Trusted Third Parties for digital signature services. In August
1994 the Commission Services began developing a proposal for a
further programme of work concentrating this time exclusively
on the development of Europe-wide network of Trusted Third Party
Services (ETS) for the provision of cryptographic key management
services (for both confidentiality and integrity).
- The Commission's proposal was the subject of lengthy debate
by Member State representatives, both in terms of the relative
role of the member States and the Commission in introducing such
pan-EU services and the law enforcement and national security
issues pertaining to confidentiality services. As a consequence,
and due to other priorities, the Commission's proposals have been
delayed. It is hoped however that there will be a policy announcement
in 1997. In the meantime the Commission is sponsoring work on
a number of pilot projects concerning Trusted Third Parties in
the ETS Preparatory Programme. Of the eight projects recently
funded by the Commission, UK companies are involved in seven.
The Government will be closely monitoring developments on these
projects to learn lessons for its own licensing regulations.
- It is recognised that complementary European Commision initiatives
on Trusted Third Parties would be appropriate to enable an EU wide network
of TTPs to be established. The Government has therefore, been
working closely with the European Commission on the scope and
content of applicable measures. The Government, in concert with
other European countries, has recommended that the Commission
adopt measures to demonstrate, trial and pilot TTP projects which
would underpin the EU wide development of encryption services
through TTPs.
- Information on any of the current TTP projects can be obtained
from David Herson (DG XIII/7) at the European Commission (e-mail
david.herson@bxl.dg13.cec.be
) or from the Commission Web site
at
www.cordis.lu/infosec/
- The other main international forum for the discussion of cryptographic
policy has been the Organisation for Economic Co-operation and
Development (OECD). The OECD has taken an interest in information
security issues for a number of years and in December 1995 hosted
a landmark conference between industry and Government. This conference
indicated that both international co-operation between Governments,
as well as close co-operation between government and industry,
would be key in developing acceptable and forward looking encryption
policies. The OECD therefore decided to establish an Expert Group
to look specifically at the development of cryptography guidelines
as a direct guide to national policy development in member countries.
The Expert Group met four times in 1996 and in December agreed
a draft paper on Cryptography Guidelines for OECD consideration.
This paper is currently being considered by member countries
and will hopefully be issued as an OECD Recommendation to member
countries in late Spring 1997.
- In terms of content, and with regard to OECD confidentiality,
the paper outlines eight key principles which any national encryption
policy (including industry's development of products) should observe.
These are Trust in Cryptographic Methods (vital if they
are to be used), Choice of Cryptographic Methods (allowing
the user to chose from a variety of systems), Market Driven
Development of Cryptographic Methods (noting that it is primarily
for the market, rather than Governments, to bring forward solutions),
Standards for Cryptographic Methods (which should be promulgated
in an open way), Protection of Privacy and Personal Data
(the importance of individual privacy), Lawful Access (outlining
the Government's right to legally access data -whether or stored
or in transmission - and encryption keys), Liability (which
the TTP must take on) and International Co-operation (stressing
the need for countries to work together on global, rather than
national, solutions).
- The OECD exercise has gained considerable public exposure
and the Government hopes that the guidelines, when published,
will make a major contribution to the goal of developing global
encryption services of direct benefit to business whilst safeguarding
individual privacy and the national security concerns of member
countries.
- In addition to activities within the EU and OECD, a number
of other fora and groups are also working on related encryption
initiatives. In Europe, the Council of Europe has recently developed
guidelines on Computer Crime, specifically noting the adverse
role cryptography could have in hampering investigations. In
the context of standards, both regional and global groupings are
producing encryption standards. In Europe ETSI[3] are developing
a specific standard for Trusted Third Parties while SC27 (part
of ISO[4]) are developing a specific standard for digital signature
and encryption methods. In addition, the UN (through UNCITRAL)
and the American Bar Association (ABA) are developing, and the
EU considering the development of, digital signature guidelines.
- Individual countries both in and outside Europe are also developing
their own national approaches. Whilst the US, France and the
UK are perhaps unique in having policies on Trusted Third Parties
involving key escrow, Germany has introduced a draft Digital Signature
Law, Canada is developing a Federal Public Key Infrastructure,
and Australia is developing a national Public Key Authentication
Framework.
SECTION IV: CRYPTOGRAPHY
- Cryptography is the art or science of keeping a message secure.
It can be used to hide its information content, establish authenticity,
prevent undetected modification, prevent repudiation, and/or prevent
unauthorised use.
- Cryptography can be used to protect the confidentiality of
data, such as financial data or personal records, whether it is
in storage or in transit. Cryptography can also be used to verify
the integrity of data by revealing whether it has been altered
and identifying the person or device that sent it. These techniques
are critical to the development and use of national and global
information and communications networks and technologies, as well
as the development of electronic commerce.
- The development of information and communications technologies
that allow vast quantities of data to be transmitted, copied and
stored quickly has promoted a growing concern for the protection
of privacy and confidentiality of data. Effective cryptography
is therefore an essential tool in a network environment for protecting
the privacy of personal information and the secrecy of confidential
business information.
- Encryption uses a mathematical algorithm to encrypt data in
order to render it unintelligible to anyone who does not possess
certain secret information (cryptographic key) necessary for decryption
of the encrypted data. Traditionally the secret cryptographic
key needs to be agreed in advance of any communication. The secret
key is used to both encrypt and decrypt the message. The security
of this type of encryption lies in protecting the key; divulging
it would allow anyone to decrypt the message. Therefore great
care needs to be taken to protect the key, and therein lies the
difficulty of adopting such a system for widespread use - how
to protect the key and at the same time, distribute it to those
you wish to communicate with.
- In the mid 1970s a new development in cryptography introduced
the "public key" concept, which allows parties to exchange
encrypted data without communicating a shared secret key in advance.
Rather than sharing one secret key, this concept uses two keys:
a "public key" that can be disclosed to the public
and used to encrypt data, and a corresponding "private
key" that is kept secret and used to decrypt the data.
Another important use of public key cryptography is "digital
signature", which is used to verify the integrity or the
sender or data. In this case, the private key is used to sign
a transmission, while the corresponding public key is used to
verify a signature.
- Public key cryptography offers the benefits of confidential
transmissions and digital signature in an open network environment
in which parties do not know one another in advance, and without
the need to share secret key information. The Government believes
this is vital for electronic commerce between trading partners
who may, of course, not know each other.
- For a public key system to work in the public domain, not
only must the public key be freely accessible, but also the user
must have a reliable way of verifying the authenticity of public
keys. Such an infrastructure, for managing and certifying public
keys, can be based on a hierarchy or network of certificate authorities
or Trusted Third Parties. A TTP would be a trusted source
of information about the keyholder in the form of a "public
key certificate". The certificate could be used to verify
certain information exchanged over a network.
- However, the widespread use of cryptography raises other important
issues, and cryptography policy should, therefore, balance a number
of varied interests. In addition to its role in the operation
of electronic commerce, cryptography has implications for the
protection of privacy, intellectual property, business and financial
information, as well as law enforcement and national security.
- A critical issue presented by cryptography is the possible
conflict between privacy and law enforcement. While the use of
cryptography is important for the protection of privacy, it can
also be put to improper use such as hiding the illegal activities
of criminals and terrorists. Consequently, there is a requirement
to establish appropriate mechanisms for lawful access to encrypted
information. In the UK, security, intelligence and law enforcement
agencies can lawfully intercept communications under certain conditions
in accordance with the Interception of Communications Act 1985
(IOCA). Unfortunately, the use of cryptography has the potential
to seriously hamper this important law enforcement tool, by making
legally intercepted messages unreadable, to the detriment of all
law abiding citizens. Private parties may also have legitimate
reasons and a legal basis to obtain access to encrypted information.
For instance, an employee who has encrypted files may resign without
leaving information concerning the private key, or the death of
an individual may require a Solicitor to have access to their
encrypted information. In all of these circumstances TTPs can
enable legitimate access to the keys to unlock such information.
- Legal access can be achieved by making use of a key escrow/recovery
system. Key recovery allows authorised persons (for example users,
officers of an organisation and law enforcement authorities) under
certain conditions, to decrypt messages with the help of cryptographic
key information, held in escrow, and supplied by one or more trusted
parties. In such cases legal access is to the private confidentiality
key.
- Another important issue is the fact that cryptographic products
and technology are also subject to export controls. The UK, and
all EU member states, are bound by the Council Regulation (EC)
No. 3381/94 linked to the Council Decision No. 941/942 CFSP. The
introduction of these TTP proposals will hopefully lead to relaxed
export licensing procedures for cryptographic products used with
TTPs.
SECTION V: TRUSTED THIRD PARTIES
- A TTP can be described as an entity trusted by other entities
with respect to security related services and activities. A TTP
would be used to offer value added services to users wishing to
enhance the trust and business confidence in the services they
receive, and to facilitate secure communications between business
trading partners. TTPs need to offer value with regard to integrity
or confidentiality and assurance of the services and information
involved in the communications between business applications.
A user in the UK, under these proposals, would be free to choose
their own TTP.
- Typically, a TTP will be an organisation, licensed by the
DTI, which will provide encryption services to a wide range of
bodies across all sectors. The use of a TTP is dependent on the
fundamental requirement that it is trusted by the entities it
serves to perform certain functions. A TTP can also assure the
user of the trustworthiness of another user to the extent that
they are who they claim to be.
- In practice, TTPs could exist in both public and private domains,
at the local, national and international level. TTPs should have
trust agreements arranged with other TTPs to form a network, thus
allowing a user to communicate securely with every user of every
TTP with whom his TTP has an agreement. The proposed legislation
is solely concerned with licensing those TTPs offering services
to business and the public and not intra-company TTPs. TTPs,
as noted above, are required to interwork and therefore a key
management architecture is required to facilitate both the cross
certification of keys and legal access requirements. The minimum
functional requirements the Government considers suitable for
such an international TTP architecture are outlined at Annex E.
- Some of the commercial and business benefits of a Licensed
TTP solution are:-
- TTPs are being licensed to protect the consumer - Users
will need to be protected from sub-standard TTPs. Users must
also be assured of a TTPs trustworthiness, technical ability,
financial stability, confidentiality of operations and ability
to take legal liability for their actions.
- TTPs will be able to offer interoperability of secure services
hitherto unavailable - While encryption products are available
in the UK domestic market, interoperability between different
products is not possible. A lack of standards for algorithms and
interfacing, coupled with the high burden of key management has
created a fragmented market. Today's encryption market is thus
very costly. Passing the key management to TTPs and building products
to a common architecture will allow access to cryptography for
everyone with a PC. Encrypted communications, therefore, will
no longer be limited to Governments and larger organisations.
- TTPs will allow UK Business to take advantage of secure
electronic trading- The wide availability of cryptography
will allow more paper based transactions to be conducted electronically.
Time stamping, non repudiation, confidentiality, authentication
and integrity are all necessary to install trust in the electronic
age and to allow electronic contracts to take the place of paper
ones.
- TTPs will also be able to offer Data recovery Services
- At present, if encryption keys are lost, stolen or deliberately
withheld by disaffected employees then the information will remain
encrypted and may be lost to its owner for ever. TTPs will be
in a position to offer recovery of the keys to their clients as
they will store (or escrow) the keys.
- TTP Encryption policy will help UK manufacturers to export
robust encryption within their products - Products that are
designed to operate within a TTP environment will be subjected
to simpler export licence procedures, thus allowing them to be
exported with minimum restrictions. This increased availability
will stimulate a greater demand for encryption products both in
the UK and foreign markets. UK companies should be in a good position
to take advantage of this.
- Use of licensed TTPs is voluntary - those wishing to do
otherwise are at liberty to do so - The market will decide
if it wants to use TTP services and not Government. The Government
believes that the benefits of this scheme will far outweigh any
others. Of course those wishing to use any other cryptographic
solutions can continue to do so, but they will not be able to
benefit from the convenience, and interoperability of licensed
TTP services.
- UK taking lead in very important area - Many countries
are currently trying to develop a cryptographic policy. Many countries
agree with the UK that widespread use of cryptography must not
be to the detriment of law enforcement requirements. The Government
believes that this scheme is the best way to achieve this balance
and that other countries may also see the benefits and follow
the UK lead.
- Help to increase the Volume of electronic trading -
Transactions over the Internet are forecast to reach as much as
£22 billion by 2005. Some research suggests that the Internet
will take 5 -10% of all retail traffic by 2000. Various barriers
(lack of security products and standards, and poor interoperability)
may impede this growth. The introduction of TTPs should help in
this respect.
SECTION VI: STRUCTURE OF THE PROPOSALS
POLICY CONSIDERATIONS
- The policy considerations for HMG which have determined the
scope and content of the proposed legislative headings which follow
are outlined below:-
Positive Licensing regime
The Government believes that the positive (and individual)
licensing of TTPs (i.e. the body being licensed before
the service can be provided) is critical in allowing the initial
assessment, monitoring and regulation of a TTP that would meet
the requirements of consumer protection, trust in the market and
security, intelligence and law enforcement access. Consumer
trust and acceptance are paramount as it is anticipated that licensed
TTPs will form the back bone of the Public Key Infrastructure
in the UK which, in itself, is a critical requirement for the
growth of secure electronic communication. Such licensing arrangements
will, therefore, also apply to TTPs solely providing public key
certification services.
- The Government has considered other routes such as negative
licensing (where bodies would be free to provide encryption services
unless they breached pre-set licensing conditions) and accreditation
arrangements. These alternative routes were not, however, considered
adequate to facilitate the necessary degree of consumer protection
or trust. Either arrangement could, in the Government's view,
lead to the presence of unsuitable or incompetent TTPs, thus
significantly damaging the infant TTP market.
Voluntary use of TTPs
- The legislation is directed solely towards the provision
of encryption services to subscribers in the UK and
not the use of encryption.
Organisations offering or providing encryption services to the
public in the UK, including those providing or advertising such
services from outside the UK, will be required to be licensed.
(The Government is also considering whether UK based bodies which
provide encryption services solely to clients outside of the UK
should also require licensing). Users, however, will remain
at liberty to choose whether to make use of TTPs, or to make other
arrangements for their encryption requirements.
Key recovery from licensed TTPs.
- In terms of Key Recovery the proposed legislation is concerned
solely with legal access to private encryption keys (which are
used to protect the confidentiality of information) required by
the authorities in connection with the lawful interception of
communications (i.e. information on the move) or for lawful access
to data stored and encrypted by the clients of licensed TTPs.
There is, of course no intention for the Government to
access private keys used for only integrity functions. Legal
access to encryption keys will be permitted through serving warrants
on TTPs.
- The Government recognises that further legislation may be
required in the future to enable the appropriate authorities to
obtain private encryption keys other than those held by licensed
TTPs.
Exclusions (e.g. intra-company TTPs)
- The TTP legislation will not require intra-company
TTPs (i.e. organisations supplying encryption services to their
own employees or those within their own Group [5] of companies) or
similar closed user groups, to be licensed. However, if within
such a closed community an intra-company TTP wishes to extend
its services beyond the members of the group or, if it wishes
to interoperate with a licensed TTP, a licence will be required.
- Encryption services as an integral part of another service
(such as in the scrambling of pay TV programmes or the authentication
of credit cards) are also excluded from this legislation.
- The Government invites views on whether the suggested scope
of an exclusion from licensing for intra-company TTPs is appropriate
in this context.
Electronic signatures
- Various national and international bodies are currently considering
a number of issues concerning the legal recognition of electronic
signatures. For example, a note on the recommendations contained
in a recent report by the Society for Computers and Law on digital
information and the requirements of form generally is at Annex
A. In the UK, research has shown that uncertainty as to the
legal effect of using electronic commerce is seen by the business
community as a considerable barrier to its development. In particular,
there is uncertainty as to whether a requirement in law for a
signature can be met using electronic technology. The Government
is currently considering how best to ensure that requirements
of form laid down in statute law can be met electronically. This
is likely to be a massive undertaking as it involves reviewing
all existing legislation to identify those cases where use of
electronic technology would not meet legal requirements of form.
- Two separate issues which need to be considered are how the
identity of the signatory of a document and the integrity of a
document may be proved in legal proceedings in the UK. These
issues may arise where a digital document is admissible in court
and where digital signature satisfies relevant legislation. Parties
to encrypted documents may be able to agree between themselves
as a matter of contract law that they will accept a certificate
by their TTP as to these matters in any action against each other
over the contract. This would not however bind a third party
and would not necessarily assist if the validity of the contract
were challenged.
- The Government would welcome views on whether this legislation
should establish a rebuttable presumption in any proceedings that
a document has been signed by the person or persons named in a
certificate issued by a licensed TTP who has provided encryption
services in relation to that document. A similar presumption
could also apply to the certification by a licensed TTP of the
integrity of a document. This would have the effect of placing
the burden of proof on a person wishing to challenge the identity
of a signatory of a document or the integrity of a document.
- The Government invites views on whether, in the short
term, it would be sufficient for business to rely on agreements
under contract regarding the integrity of documents and identification
of signatures; or whether it would be helpful for legislation
to introduce some form of rebuttable presumption for the recognition
of signed electronic documents.
Convention on key exchange to underpin TTP legislation
- Although the legislation will require foreign TTPs offering
or providing encryption services to clients in the UK to have
a registered base in the UK (which will allow for the licensing
of non-UK bodies with no trading presence in the UK), there will
be no provision requiring UK clients to use a UK licensed TTP.
They are, and will be, free to register with foreign TTPs. It
will therefore be necessary (for law enforcement purposes) to
establish arrangements with other countries for the exchange of
keys. The UK Government believes that these arrangements will
be on the basis of dual legality i.e. whereby the criteria for
access is satisfied in both countries. The keys held by UK licensed
TTPs will not, under this legislation, be permitted to be disclosed
to the authorities of other countries unless such requests satisfy
UK law and are authorised by the competent UK authority. A fuller
description of such arrangements is at Annex B.
Licensing Criteria & Conditions
- It is intended that the licensing conditions, as opposed to
the criteria on which licences will be granted, will not be prescribed
in the legislation.
LEGISLATIVE HEADINGS
- The legislation will provide that bodies wishing to offer
or provide encryption services to the public in
the UK will be required to obtain a licence. The legislation
will give the Secretary of State discretion to determine appropriate
licence conditions.
- The DTI has been chosen as the initial authority for the licensing,
in view of its experience in licensing telecommunications operators.
Further consideration will be given to whether the on-going enforcement
task in relation to these licences will also be handled by the
DTI, or whether it will be delegated. The legislation will include
provisions to allow both licensing and on-going enforcement to
be delegated to a responsible designated body. More detail about
the structure of the regulatory arrangements will be included
in the further statement referred to in paragraph 3 above.
- The duration of licences will be a minimum of five years.
Licence fees will be payable both on the grant of a licence and
annually thereafter to meet the cost of their issuing and enforcement.
- The Government invites views on the appropriateness
of these arrangements for the licensing and regulation of TTPs.
Licensing Criteria & Conditions
- As noted above the DTI or a designated body will be responsible
for determining, and enforcing compliance of TTPs with, the licensing
conditions. DTI will consult with other government departments
and organisations on the practical, legal or technical details
as necessary.
- Before the Licensing Authority will deem an organisation fit
to receive a licence to provide encryption services, it will need
to be satisfied as to, inter-alia:-
- competence and trustworthiness of information security personnel
- competence and trustworthiness of directors
- competence of information security management
- technical assurance of IT security equipment used for key
management and storage
- adherence to quality standards and procedures
- adequate liability cover
- ability to meet legal access conditions
- the TTP's business plan and longevity of interest in market
- isolation of TTP function from other business functions
- interface requirements to other Licensed TTPs
- structure and ownership
- Annex C outlines in more detail the thinking behind
the above criteria and seeks comments and suggestions on their
appropriateness. A register of the holders of TTP licences, and
the licences issued should be publicly available.
- The licence conditions will include such conditions as are necessary
to ensure continued adherence to the licensing criteria. THis may
include-:
- provision of quality services to public
- demonstration of co-operation to authority under legal access
conditions
- adequate co-operation with other licensed TTPs
The exact scope of licensing conditions applied to a TTP will
depend, inter-alia, on the encryption services being provided.
- The Government seeks views on the proposed conditions.
Exclusions
- Encryption that is used solely in the protection of a business
service (e.g. in pay TV systems or in payment systems), or encryption
services that are provided only to the employees of the service
provider or those in the same group of companies (see footnote [5])
are outside the scope of this legislation.
- For example, a home banking service offered by a bank to its
clients, which included a cryptographic functionality designed
to protect the banking transaction between a client and the bank,
would not be covered by this legislation. However, if the bank
wished to extend the cryptography's functionality and allow client
to client communications, then this service would be covered
by the legislation, and the bank would need to apply for a licence.
Another example, of an excluded service, would be the key management
and certification services that might be offered by providers
to credit card companies to authenticate the users of their cards.
- Similarly, an employer offering cryptographic protection between
its employees, (whatever the functionality) would not be covered
by this legislation. However should it decide to extend the protection
service to its suppliers, then it would require a licence.
- In many cases such "intra-group" TTPs are likely
to seek a license given their need to interoperate with organisations
outside their own organisation, or with clients of a licensed
TTP.
- The Government invites comments on whether specific
exemptions for particular organisations offering encryption services
may be appropriate, depending on the nature of services offered.
- The Government also invites comments on whether it is
thought desirable to licence the provision of encryption services
to businesses and citizens wholly outside the UK.
- The legislation will prohibit an organisation from offering
or providing encryption services to the UK public without
a licence. Prohibition will be irrespective of whether a charge
is made for such services. The offering of encryption services
to the UK public (for example via the Internet) by an unlicensed
TTP outside of the UK will also be prohibited. For this purpose,
it may be necessary to place restrictions on the advertising and
marketing of such services to the public.
- The legislation will be framed so as to give existing providers
of encryption services time to obtain licences, as TTPs, before
the prohibitions outlined above come into effect.
- For the purposes of this legislation the terms public
and encryption services will encompass the following meanings:
- Public will be defined to cover any natural
or legal person in the UK.
- Encryption services is meant to encompass any service,
whether provided free or not, which involves any or all of the
following cryptographic functionality - key management, key recovery,
key certification, key storage, message integrity (through the
use of digital signatures) key generation, time stamping, or
key revocation services (whether for integrity or confidentiality),
which are offered in a manner which allows a client to determine
a choice of cryptographic key or allows the client a choice of
recipient/s.
- The legislation will also prohibit a UK licensed TTP from
contracting with any non licensed TTP for the purposes of carrying
out encryption services. In order to build up a TTP network it
may be necessary from time to time for UK licensed TTPs to recognise
non-licensed bodies from other countries where no licensing regime
exists. In such cases recognition should not be given to an unlicensed
body until the UK licensed TTP is satisfied that such recognition
would not put at risk its ability to meet any of its obligations
under this, or other, legislation, or international obligations
(such as those concerning data protection).
Legal Access
- The legislation will provide that the Secretary of State may
issue a warrant requiring a TTP to disclose private encryption
keys (protecting the confidentiality of information) of a body
covered by that warrant. Under such legal access arrangements,
there will be safeguards broadly similar to those in the Interception
of Communications Act 1985, under which a Secretary of State may
issue a warrant requiring the interception of communications
- For the purposes of legal access, a central repository [6]might
be nominated or established by the UK authorities. The purpose
of this central repository will be to act as a single point of
contact for interfacing between a licensed TTP and the security,
intelligence and law enforcement agencies who have obtained a
warrant requiring access to a client's private encryption keys.
The central repository would, therefore, be responsible for serving
the warrant (whether by physical or electronic means) on the TTP
and distributing the encryption key to the appropriate agency.
- It is envisaged that a warrant would require a TTP to disclose,
in a timely manner, cryptographic key material to a central repository [6]
(acting on behalf of an agency). It is envisaged that
it should take no more than an hour for a TTP, once presented
with a validated warrant request, to deposit the appropriate client
encryption key(s) with the central repository. The procedures
and methods to enable such timely disclosure will be determined
between the licensed TTP and the central repository. The costs
of obtaining a warrant and serving it on a TTP, as well as the
direct costs of the TTP complying with such a request, shall be
borne by the appropriate agency. Costs of implementing and maintaining
the technical capabilities for legal access shall, however, be
borne by the TTP.
- In order to comply with the above legal access provision,
TTPs will be required:-
- to have the ability to deliver cryptographic key material
by secure electronic means to a central repository on receipt
of a validated warrant.
- to demonstrate the ability to recognise a duly authorised
warrant [7]served by the central repository, and to comply only with
such a warrant.
- to be responsible for facilitating all measures necessary
for legal access.
- to keep auditable records of legal access requests.
- at all times, not to deliberately or negligently jeopardise
the integrity of any legal access request, or to disclose the
identity of the target of such a request.
- In addition to disclosure under the Legal Access provisions
noted above the TTP may also release the private encryption key
of the client under contractual arrangements between the two parties.
Such arrangements may, for example, ensure that keys which have
been used to encrypt company files can be released when the user
leaves the employ of the client company. Other arrangements allowing
third party access by a solicitor, or other persons, may also
be agreed between the parties in certain circumstances.
- The Government seeks views on whether secure electronic
methods for the delivery of electronic warrants by the central
repository and the subsequent delivery of keys by the TTP should
be introduced.
- The Government also seeks views on whether the legislation
specifically needs to refer to other forms of legal access including
a civil court order for access to cryptographic keys used to protect
information relating to civil matters such as bankruptcy.
Sanctions
- It is recognised that in order for business and the public
to have trust in TTPs, some forms of sanction will be required
against those either not complying with the conditions of the
licence or, more seriously, providing encryption services without
a valid licence. On the latter, we intend that it will be a
criminal offence for a body to offer or provide licensable encryption
services to the UK public without a valid licence. We consider
- again on grounds of consumer confidence - that it may also be
appropriate for the legislation to make it a specific criminal
offence for a licensed TTP deliberately to disclose a client's
private encryption key (or for an employee of such a TTP to do
so), other than pursuant to any legal requirement, or permission
of the client, to do so. There are, however, existing provisions
(including the Data Protection Act and the Computer Misuse Act)
which would, in some circumstances, already apply to the disclosure
of a client's private encryption key in this respect.
- The Government seeks views on whether deliberate (and
perhaps wilfully negligent) disclosure of a client's private encryption
key should be a specific criminal offence, or whether existing
civil and criminal sanctions would suffice.
- Other types of sanction will be necessary for non-compliance
by TTPs with other licence conditions. Such sanctions may include
fines, specific orders issued by the regulator, and (in extremis)
withdrawal of a licence.
Liability
- TTPs will be liable for the protection of the private encryption
keys of clients at all times while they are in their possession.
They will also be liable for the protection of hierarchical keys
upon which the secrecy of client keys or system keys are dependant.
In the event of loss or disclosure (whether deliberate or accidental)
of keys the TTP will be required to have in place adequate arrangements
to compensate any loss suffered by its clients or clients of other
TTPs. The TTP will be required to demonstrate, to the satisfaction
of the Licensing Authority, that such arrangements have been made.
TTPs will also have vicarious liability for acts of their employees.
- In order to ensure adequate consumer protection the Government
is minded to impose a form of strict liability on TTPs in relation
to the compromise or disclosure of a client's private encryption
key. A TTP would be strictly liable if such a key was disclosed
other than by agreement with its client (but see paragraph 88
for circumstances in which the authorities have legally obtained
the key). The client would only have to establish disclosure and
not responsibility for such disclosure. It would be a defence
for the TTP to show that the client itself was responsible for
the loss or compromise of his own private keys (whether those
for integrity or confidentiality). Since the TTPs would have strict
liability, the Government also proposes to limit the amount of
compensation payable by TTPs to the client if disclosure (or compromise)
of the key was established by the Court.
- As the concept of fault (i.e. of either the TTP or another
party (e.g. the central repository) is not an issue in such proceedings
there would also be - in cases of a judgement against a TTP -
an automatic referral to a Tribunal (established under the legislation).
It would then be for the Tribunal to determine whether there
had been legal access under warrant to the key, and, if so, whether
the responsibility for the disclosure (or compromise) lay with
the central repository or the security, intelligence or law enforcement
agencies. If so, the Tribunal would order recompense to the
TTP for the loss it had paid the TTP client and would publish
its findings accordingly. Liability cover and compensation above
the minimum level will be at the discretion of the TTP and its
clients and will be dealt with by individual contract. These
arrangements, we believe, balance the rights of the TTP clients
to compensation for loss caused by disclosure of their private
encryption keys, against protection of TTPs from unlimited liability.
- The Government invites comments on whether the principle
of strict liability (as described above) is appropriate in these
circumstances.
- Careful consideration will be needed of the extent to which
decisions taken about the granting of licences and their enforcement
and amendment should be appealable. The Government sees merit,
in terms of increasing the industry's confidence in the regulatory
process, for some form of appeals body to be created which is
independent of the parts of the Government responsible for licensing
and enforcement.
- The Government seeks views on whether, in principle,
an independent appeals body (such as a Tribunal, separate from
that referred to below) should be created.
- A Tribunal would also be established, which would deal both
with references from the Courts under the strict liability procedures
(described above) and applications from the clients of TTPs who
believe that their keys may have been subject to legal access.
As with the similar Tribunal established under IOCA, the Tribunal's
function would be to ascertain whether warranted access had taken
place and, if so, whether any contravention of the legislation
had occurred.
- The Government seeks views on whether the above duties
of an independent Tribunal are appropriate.
Location of TTPs
- All organisations wishing to be licensed in the UK as TTPs
will be required to register a UK address (if they do not already
have one). This address is necessary to ensure compliance with
the legal access conditions, Regulatory Orders and other sanctions.
It will not be necessary for the escrowed keys themselves to be
held in the UK, but only that they are delivered to the UK.
SECTION VII: Moving Ahead
- The Government invites comments on this paper until 30
May 1997 (see Introduction for information on where
to send comments). In particular the Government would like to
receive views on:-
Paragraph 50 - Whether the suggested scope of an exclusion
from licensing for intra-company TTPs is appropriate in this context.
Paragraph 54 - Whether, in the short term, it would
be sufficient for business to rely on agreements under contract
regarding the integrity of documents and identification of signatures;
or whether it would be helpful for legislation to introduce some
form of rebuttable presumption for the recognition of signed electronic
documents.
Paragraph 60 - The appropriateness of the proposed arrangements
for the licensing and regulation of TTPs.
Paragraph 65 - Where views are sought on the
proposed conditions.
Paragraph 70 - What, if any, specific
exemptions for particular organisations offering encryption services
would be appropriate depending on the nature of services offered?
Paragraph 71 - Whether it is thought desirable to licence
the provision of encryption services to businesses and citizens
wholly outside the UK?
Paragraph 81 - Should secure electronic methods
for the delivery of electronic warrants by the central repository
and the subsequent delivery of keys by the TTP be introduced?
Paragraph 82 - Does the legislation specifically need
to refer to other forms of legal access including a civil court
order for access to cryptographic keys used to protect information
relating to civil matters such as bankruptcy?
Paragraph 84 - Should deliberate (and perhaps wilfully
negligent) disclosure of a client's private encryption key be
a specific criminal offence, or would existing civil and criminal
sanctions suffice?
Paragraph 89 - Whether the principle of strict liability
(as described ) is appropriate in these circumstances?
Paragraph 91 - Whether, in principle, an independent
appeals body (such as a Tribunal, separate from that referred
to below) should be created ?
Paragraph 93 - Whether the proposed duties of
an independent Tribunal are
appropriate.
Annex C - Would mandatory ITSEC formal evaluation be
appropriate?
96. The Government will need to consider the comments received
and, in some cases, discuss them with their originators. A summary
of comments will be published prior to the introduction of legislative
proposals, subject to requests for confidentiality.
Annex A:
Legal Recognition of Digital Signatures
- The emergence of electronic commerce will, to a large extent,
be determined by the market both in term of the availability
of technology and the trust business has in it. Governments can,
however, help to facilitate secure communications by helping to
provide the appropriate regulatory and legal infrastructures.
Apart from the licensing of Trusted Third Parties, which the
proposed legislation will deal with, Governments may also wish
to ensure that electronic communications, especially when used
for electronic contracts, can be legally recognised. Although
electronic "partners" may well be prepared to contract
with one another on the basis of "trust" (as many organisations
do already) there is a perception that some form of legislation
should underpin the basis of this electronic communication. For
example, if there were a dispute on the alteration, or disclosure
of a message, recourse to the courts may well be appropriate.
- In recognition of the possible need to introduce new, or amend
existing, legislation to allow for the recognition of digital
transactions, and particularly digital signatures, the Government
has welcomed the work of the Society for Computers and Law. The
group, co-ordinated and facilitated by the Commercial Law Unit
at Queen Mary and Westfield College has examined whether current
English legislation may prevent electronic contracts being enforced;
and - if so - what steps might be taken to address the issue.
It was recognised that Scottish law, which is different in some
respects, would have to be, and is being, looked at separately.
- The Group has now made the Government aware of their findings
on both of the above counts. To answer the first question the
Group analysed those terms in legislation which pertained to the
transmission of electronic information. They thus considered
whether the existing usage of words such as "information",
"document", "recording", "writing"
and "signature" had meanings, in their legislative context,
which could extend to digital electronic information. Basically,
they found that all the above terms, and others, could be extrapolated
to cover electronic information apart from the terms "signatures",
"writing" and (more obviously) "physical writing".
These latter terms, they suggested, had meanings which generally
pertained to the "physical " world of documents and
ledgers, rather than to the electronic one. Thus they suggested
that by altering, or perhaps extending the general meaning of
these words, it would be possible for future legislation to be
electronic proof (so to speak). For existing legislation,
however, the Group concluded that piecemeal change would probably
be more appropriate. This being based on the vast amount of exiting
law which has references to "writing" and "signatures"
in, and the realisation that some of this body of law may actually
require physical actions (such as a signature in writing
for some legal processes).
- In light of these findings, DTI, and other interested parties,
may now wish to consider whether these measures, or any others
should be taken forward. Introducing changes to the above terms
through the use of the Interpretation Act (as recommended by the
Group) is a complex matter and would, necessarily require primary
legislation. Government will also no doubt consider whether,
and if so how, the further (and perhaps even more difficult)
task, of examining the current legislation - to see where the
terms "signature" and "writing" need amending,
can be taken forward.
- These are complex issues and cannot be rushed. Such changes
will possibly help to underpin secure electronic commerce for
a long time to come. We cannot afford therefore to get it wrong.
- The picture is further complicated by the fact that electronic
commerce is global in nature. The contracting parties will -
possibly in the majority of cases - not both be in this country
and therefore the law of a different jurisdiction may also be
relevant. In recognition of this a number of different bodies
(both public and private) as well as different Governments, are
contemplating issues of digital signature recognition. Perhaps
the most important is the work being undertaken by the United
Nations Commission on International Trade Law (known as UNCITRAL).
The latter set up a working party 1995 to try and develop a "Model
Law" which would aid members in developing compatible and
broadly similar legislation. This being on the simple basis that
issues such as dispute resolution, may be easier to handle where
legislation is broadly similar, rather than totally different.
The "Model Law" has now been published and has already
formed the basis of legislation in a number of US States. The
Group's recommendations, noted above, is also broadly compatible
with the UNCITRAL approach. Work at the UN, however, does not
stop with the Model Law. A new working group of UNCITRAL has
now been commissioned to look at the process of using digital
signatures. They will be exploring such issues as the role, and
responsibilities of Certification agents, and how the legal certainty
of a signature relates to the technological process being used
to sign data.
- Another initiative has come forward from the American Bar
Association (ABA) who have produced their own legal guidelines
on both the use and recognition of digital signatures. The European
Commission has also recently initiated a number of studies of
the legal recognition of digital signatures perhaps as a forerunner
to the emergence of guidelines of their own.
- The DTI, and other interested Government Departments, will
take note of these developments in considering what steps we need
to take.
Annex B:
LEGAL ACCESS TO KEYS HELD BY TRUSTED THIRD PARTIES:
INTERNATIONAL ASPECTS
1. If the UK and other countries adopt a system of Trusted Third
Parties (TTPs) providing confidentiality services including encryption
on a key escrow basis, it will be open to encryption users to
register with a TTP abroad. Unless workable arrangements are in
place for the authorities to gain access to keys escrowed with
TTPs in other countries, criminals may choose to register with
TTPs abroad in order to evade national legislation providing for
access to keys held by TTPs licensed in their own country.
2. Direct access to TTPs by foreign authorities would raise a
number of concerns, for example:
- the host country might be concerned that access to certain
encrypted data might be detrimental to its national security and
economic wellbeing;
- in the law enforcement domain, keys might be sought in connection
with the investigation of offences abroad which would not be serious
enough to justify interception or key access under the host country's
own legislation;
- any indication that key access might be inadequately controlled
could undermine the confidence of the public and industry in the
integrity and security of TTPs.
3. To meet these concerns the host country's authority would need
to have full information on the foreign authority's case for seeking
disclosure of keys, in order to enable a decision to be taken
on whether or not to serve a warrant on the TTP.
4. It has been suggested that some of these concerns might be
met if, rather than permitting the release of encryption keys
at the request of a foreign authority, international arrangements
provided for the passing of plain text of decrypted material.
5. Provision of plain text may be adequate where the need is for
decryption of stored material seized for evidential purposes.
Arrangements for the provision of plain text in such cases might
be pursued through:
- bilateral agreements, or;
- (where plain text is required for evidential purposes) agreements
based on existing arrangements for mutual judicial cooperation.
6. However, the provision of plain text is unlikely to be practical
where the need is for urgent decryption of intercepted communications
or decryption of stored data to provide time critical operational
intelligence. In these cases arrangements for the release of keys
to the requesting authority would be required.
Arrangements for key access
7. Arrangements for lawful key access need to:
- create an enforceable obligation on TTPs to disclose keys
when required to do so;
- protect TTPs from any criminal or civil liability which might
arise from the disclosure of keys.
8. These aims would need to be achieved by national legislation
in the state which has jurisdiction over the TTP's actions. If
it is accepted, as argued in paragraphs 2 4 above, that there
should not be a system of automatic recognition of warrants from
foreign authorities, then the legislation would need to provide
for the issue of a national warrant by the competent authority
in the "receiving" [8] state, within an agreed framework
of arrangements for international cooperation. It is recognised
that this sort of procedure will introduce some delays into the
process of obtaining keys, but these should be considerably less
than those which would arise from the provision of plain text.
Criteria
9. The criteria for granting a key access request from another
state might be:
- the request has been made by a recognised competent authority
in the "requesting"[9] state (this might be an executive
or a judicial authority according to the law of the requesting
state);
- the request discloses information which satisfies the competent
authority in the receiving state that the release of keys is required
for the prevention or investigation of serious criminal offences,
or in the interests of the national security or economic wellbeing
of the requesting state;
- the request satisfies the competent authority in the receiving
state that release of the requested keys would not adversely affect
the national security or economic interests of the receiving state
or any friendly state;
- the receiving authority is satisfied that there are adequate
arrangements in the requesting state for ensuring that keys are
held securely, not used for purposes other than those disclosed
in the request, and are destroyed when no longer required.
Form of agreement
10. The international arrangements could be provided for either
by bilateral agreements or a multilateral convention. The commitments
created by any convention should ideally be the minimum necessary
to achieve the desired effect:
- states would be required to have legislation in place to enable
them to consider requests for key access from other states which
are parties to the convention;
- the competent authority to determine a request from another
state should be a matter for national legislation;
- the authority in the receiving state should not be required
to agree to any request unless the criteria of its national law
on key access are fulfilled;
- a refusal by a competent national authority to comply with
a request from another state should not be reviewable by any international
tribunal.
Annex C:
Explanation of Licensing criteria
- Competence of information security personnel.
It will be necessary to ensure that TTP security personnel
are competent, suitably qualified, trusted & have successfully
completed a recognised security vetting procedure.
- Competence of directors.
Checks will need to be undertaken to ensure that the background
and other business interests of directors would not compromise
the trust placed in a TTP.
- Competence of information security management.
TTPs will need to demonstrate that their system security policy
is suitable for TTP operations and consistent with information
security standards (such as BS 7799).
- Technical assurance of IT security equipment used for key
management and storage.
Evaluation of the security system and IT security products
will need to be undertaken, for example UK ITSEC, although formal
evaluation by an independent third party may not be the sole evaluation
procedure.
The Government seeks comments on whether mandatory ITSEC
formal evaluation would be appropriate
- Adherence to quality standards and procedures.
e.g. ISO 9000.
- Assessment of business plan and longevity of interest in market.
TTPs will need to demonstrate that their interest in providing
a TTP service is not short term. They will also need to demonstrate
that adequate procedures are in place to ensure the integrity
and confidentiality of all information, in the event that the
TTP withdraws such services.
- Isolation of TTP function from other business functions.
Many organisations may wish to operate as TTPs while continuing
other business interests. A TTP may need, therefore, to demonstrate
that the TTP function is isolated from its other business functions.
- Interface requirements to other Licensed TTPs.
In order to achieve widespread interoperability, TTPs will
be required to operate to common interface requirements.
- Company structure and ownership.
Checks will be made to ensure that those who own, or effectively
control, an organisation, are suitable candidates for ownership
of a TTP.
Glossary of Terms
The following terms are described for information only and are
not intended to be interpreted as legal definitions:
Authentication: The verification of a claimed identity.
Central Repository: Government department or agency set up by
Government to act as a point of contact for
interfacing between a TTP and the appropriate law
enforcement agency.
Confidentiality: The prevention of the unauthorised disclosure of
information.
Cryptographic key: Is a parameter used with a cryptographic algorithm
to transform, validate, authenticate, encrypt or
decrypt data.
Cryptography: The art or science of keeping messages secure.
Digital Signature: Data appended to a message that allows a recipient
of the message to prove the source and integrity of
the message.
Dual Legality: A legal request from a foreign agency must satisfy
legal access conditions in both the requesting
country and the country being asked.
Encryption Algorithm: A mathematical function used to change plaintext
into ciphertext (encryption) or vice versa
(decryption).
Integrity: Prevention of the unauthorised modification of
information.
Key escrow / recovery A capability that allows authorised persons, under
certain prescribed conditions, to decrypt
ciphertext with the help of information supplied by
one or more trusted parties.
Key management: The process of generating, storing, distributing,
changing, and destroying cryptographic keys.
Key revocation: Notification that a public cryptographic key is no
longer valid.
Private key: The private (secret) part of a cryptographic key
pair. Knowledge of which should be strictly
limited.
Public key certificate: Public key information of an entity, signed by a
trusted entity to certify the integrity of the
public key.
Public Key Infrastructure Supporting infrastructure, including non-technical
(PKI): aspects, for the management of public keys.
Public key: The public (i.e. non secret) part of a
cryptographic key pair. This key is widely known
and no secrecy should be attached to it.
Time stamping: An electronic equivalent of mail franking.
Trusted Third Party An entity trusted by other entities with respect to
(TTP): security related services and activities.
Annex E:
Minimum Functional Requirements for an International TTP Architecture
1. The framework should provide benefits to the legitimate
user. It must support electronic business transactions in terms
of integrity, authenticity and confidentiality.
This is important in order to encourage widespread acceptance
and justify any costs for users.
2. It should provide for both national and international working.
Use of a local TTP would be encouraged; in some countries it
might be mandatory.
3. It should use well known techniques and thus be public and
unclassified.
It is recognised that well known techniques are essential for
broad initial acceptance and for subsequent confidence by users,
although there is no direct national security reasons for insisting
upon this. Any truly international system cannot, by definition,
rely upon classified parts. This does not, however, automatically
exclude the system from use in protecting classified information.
4. It should support all forms of electronic communication.
One-way communications, such as e-mail, must be included, but
any proposal must be suitable for all forms of communication.
5. It should be compatible with different laws and regulations
of participating countries concerning interception, use, supply
and export.
The need for licences or other forms of authorisation is unaltered,
although a successful system should aim to make licensing arrangements
easier for all concerned.
6. It should provide access under warrant (or other legally-constituted
form of authority) to the data specified in the warrant, which
includes both incoming and outgoing communications.
The warrant would be from a single jurisdiction.
7. It should not impede the due process of law and order. In
particular, it should allow near-real-time access when a warrant
is held. The system must not allow the user to detect that warranted
access is taking or has taken place.
The system must cater for lawful access.
8. It should give the sender the opportunity to ensure that
legitimate access by the authorities to data specified by the
warrant does not also allow indefinite access.
There should therefore be technical and/or procedural means
to enforce the time limits (for access to the appropriate private
confidentiality key) laid down in the warrant. Such arrangements
will help facilitate the confidence of users.
9. It should provide for the use of a variety of data encryption
algorithms whether in hardware or software.
Use of software may not be appropriate for some security critical
applications, but it will inevitably be widely used and must therefore
be catered for.
10. It should not be possible to misuse information obtained
under a warrant to fabricate evidence.
Separation between confidentiality and authentication/non-repudiation
is needed, not least to ensure that the ability of the authorities
to decrypt data does not also put them in a position of being
able to impersonate anyone.
11. It should ensure that attempted abuse by the sender can
be noticed by the receiver.
It should be impractical for user to subvert or bypass the
legal access provisions. If the recipient contributes to the process
of producing the data encryption key then this applies to both
parties.
12. It should not require a user to deal with a Trusted Third
party in another country.
Users should be able to choose their own TTP, but any framework
should not force users (on technical or national policy grounds)
to deal with foreign TTPs.
13. It should not require either regular or on-line communications
between Trusted Third Parties.
It would be unwise to presume permanent availability of all
parts of a network. TTPs need to provide a timely service, but
not necessarily a 24-hour one for users.
Annex F:
Frequently asked Questions and Answers
What is a TTP?
An entity trusted by other entities with respect to security related
activities and services.
Who will use a TTP?
Anyone who wishes to have secure communication between two parties,
particularly those that have never met.
Will use of a TTP be mandatory?
No. The market will decide if it wants to use TTP services.
Those wishing to do otherwise will be at liberty to do so.
Who will be able to be a TTP ?
Any commercial or non-profit organisation would be eligible provided
that it can meet the appropriate licensing conditions.
What are the benefits for business ?
A network of TTPs, operating to a common architecture should present
significant benefits. For example, availability and interoperability
of encryption products; a supporting infrastructure that facilitates
international public key certification for authenticity, integrity,
and confidentiality; expensive and complex key management tasks
and secure backup facilities to prevent irretrievable loss of
information. Secure communication between unknown parties, without
the need to depend on either expensive or multiple solutions,
will become common place and thus lead to increased confidence
and use of the information society.
Why should users trust a TTP ?
There should be no less reason to trust a TTP than there is to
trust, for example, a bank. A licensing regime will help to ensure
that only reputable service providers are able to become TTPs.
It is important to note that whilst a TTP will hold private
confidentiality keys in escrow, it will not normally have access
to the encrypted traffic as this will be sent by the user over
whichever telecoms network he chooses.
Will there be a Government TTP ?
Government departments will need TTP services as much as other
organisations, especially where business is transacted with the
public.
Why the need for licensing ?
Given the position of trust that a TTP would hold, and the importance
its clients will attach to their reliability, some form of regulation
of the activities of a TTP is necessary if only to protect the
public.
Will UK citizens need to register with a UK TTP ?
No, but any foreign TTPs offering services in the UK will need
to meet the UK licensing conditions.
Will you attempt to control the length of encryption keys ?
No. For use in the UK that is an issue for the market to decide.
What involvement will industry have in the policy process ?
As is made clear in Mr Taylor's statement on 10 June 1996, the
DTI will conduct more formal consultation with all interested
parties prior to introducing legislative proposals. This consultation
paper forms the major part of that ongoing consultation process.
When will legislation be passed ?
After this consultation period is complete and at the earliest
opportunity in the legislative programme. Other circumstances
permitting, we hope to bring forward legislative proposals during
the next Parliamentary session.
Are you adopting a purely national approach ?
No. Electronic commerce is global in nature and the international
perspective needs to be fully taken into account. The UK approach
is consistent with ideas being discussed in other fora such as
OECD and the European Union.
How will law enforcement access be achieved ?
Where a warrant has been obtained under due process of law, TTPs
holding secret confidentiality keys will be required to release
them to the law enforcement authorities.
Will a TTP be able to access an encrypted message ?
No. It is important to be clear that it is not envisaged that
the encrypted communication would be routed via the TTP. Nor
will the TTP encrypt the message, it will merely assist (depending
on the service offered) in the very complex area of key management
or Key Certification.
If such a system is not mandatory why bother, surely crooks
and terrorists will use something else ?
Criminals will often make use of whatever technology is conveniently
available to them. We expect TTPs to have a major role in conveying
secure electronic communications, especially where a payment for
legitimate services is involved.
Surely this is just a front for security agencies to expand
their "big brother" role ?
No. The UK accepts that businesses have a need to safeguard both
the integrity and confidentiality of their information, and is
keen to find effective means of meeting this need. The TTP approach
will provide such a means, but in a way that would also meet another
important need, namely to preserve the effectiveness of the existing
powers to intercept communications. Similar safeguards to those
that already exist under the Interception of Communications Act
1985 will be established. Widespread encryption has the potential
to make legally intercepted messages unreadable, to the detriment
of all law abiding citizens.
What about export controls - will they be relaxed ?
Products for specific use within a licensed TTP network should
not create export difficulties. The fact that they would be for
use under such a system should allow them to be exported with
minimum restrictions being applied.
1 Hansard reference 10/6/96 Columns 13-14
2 ITSEC - Information Technology Security Evaluation and Certification
3 ETSI - European Telecommunications Standards Institute
4 ISO - International Organisation for Standardisation
5 A "Group of Companies" for the purposes of this document has the meaning given in section 736 of the Companies Act which states that a company is a subsidiary of another company - its holding company - if that other company:
i) holds a majority of voting rights in that company; or
ii) is a member of it and has the right to appoint or remove a majority of its Board of Directors; or
iii) is a member of it and controls alone, pursuant to an agreement with other shareholders or members, a majority of the voting rights in it.
6 The Central Repository would either be an existing Government Department or an agency set up specifically, by Government, for the purpose.
7 In other words the TTP must have some authentication procedure which enables it reliably to distinguish a properly authorised warrant from a fraudulent application, and must be able to show that its procedures allow delivery to be made only to the central repository.
8 "receiving" denotes the authority in the country which has jurisdiction over the TTP.
9 "requesting" denotes the authority seeking access to the keys.