Up: No Title
Previous: Trustworthiness of Third Parties
A number of other points are raised by the DTI document:
- The fact that PGP keys are used for both decryption and signature means
that it would not be feasible to escrow simply the decryption key. But PGP has
become the de facto standard for secure email (largely because government
export controls prevent any competitor getting a wide enough user base) and
this means we have to use it when consulting for overseas organisations such as
Microsoft and Intel. Without these consultancy relationships (that contribute
of themselves to the balance of payments) we would not make the contacts that
lead in due course to much more substantial research funding. If legislation
prevented our using PGP, or forced keys to be escrowed, then it would have an
immediate and negative effect on my own income as well as a longer-term and
greater negative effect on the income of the University of Cambridge.
- At Cambridge University Computer Laboratory, we already certify the PGP
keys of our students and faculty at their request. The investment involved has
been minimal (zero in financial terms) and the service is perceived to be
modestly useful. The DTI proposals would stop us offering this service. Yet
since the Laboratory built the first stored program digital computer in 1948,
there has only been once instance in which our assistance has been sought by
police investigating a crime that may have involved the use of the Laboratory's
facilities. In our particular case, the economic loss would outweigh any
conceivable law enforcement gain. No case has been made that that a different
state of affairs would pertain anywhere else in the economy.
- It is not true that it is hard to create a signature scheme that cannot
be `abused' for encryption. Take Fiat-Shamir with a modulus whose factorisation
is known to no-one; let each user choose a secret vector at random; and let the
square of the vector be certified as the public key. (Of course, such a scheme
can be used to sign a public encryption key using another mechanism, or to
authenticate a Diffie Hellman exchange, but so can any digital signature
- On paragraph 54: my understanding has always been that the essence of a
signature is the will of the signer rather than the nature of the signature.
Thus even an ascii name typed at the end of a cleartext email is a signature,
and I understand has been held to be such in a libel case.
If a separate rebuttable presumption were brought in, perhaps along the lines
of the proposed German digital signature law, then legislators should avoid the
mistakes in the German draft (it does not allow for role as opposed to identity
certificates, it insists that certification chains have a length of precisely
one, it renders invalid all signatures whose public keys are not certified by a
licensed TTP, and would appear to render invalid all signatures made in
accordance with current UK government proposals). Many of these mistakes stem
from an attempt to tie up the digital signature issue with the crypto control
issue. This is a bad idea, especially when the advisers to the drafters of
legislation are not particularly au fait with the technical issues involved in
- On paragraph 60, 70 and 71: the licensing of TTPs is in my view
completely inappropriate and should not be undertaken whether by the DTI or
anybody else. If fact, if there were any demand for TTPs at all, then surely
the market would by now have called them into existence; commercial
cryptography has been around for long enough.
- On paragraph 65: attempting to force trust management facilities to be
compatible with each other is an unwarranted interference in the market and is
not likely to achieve anything. There is simply no call for my mobile phone to
have anything to do with my ATM card -- and the mechanisms in use are too
different for interworking to be in prospect.
- On paragraph 81: it would be highly imprudent for anyone in possession of
key material to release it without evidence of compulsion. This should take the
form of a paper warrant or subpoena. Electronic means of presentation would be
too open to abuse by GCHQ and by foreign intelligence services, especially if
the `CASM' mechanisms for escrowed electronic mail remain the standard in
- On paragraph 82: given that the Labour
party was elected on a platform of categorical
opposition to key escrow and a majority of 179, the issue of such
legislation does not arise.
- On paragraph 84, 91 and 93: this is an aspect of the current lamentable
state of affairs under which the middle classes are effectively excluded from
seeking legal redress for amounts in excess of the small claims limit from
large defendants by the rules on legal costs. Assuming that keys were
mismanaged by a bank, the experience of people litigating in the ATM cases
indicates that there would be little hope of effective redress.
This is yet another reason why the centralisation of trust into organisations
such as banks is unacceptable. Simply creating a new criminal offence of
releasing key material without a warrant would not suffice; the police are
notoriously unwilling to prosecute large organisations such as banks and failed
to do so on more than one occasion during the ATM litigation despite compelling
evidence of conspiracy to defraud (which, as remarked above, included a
televised confession of the conspiracy).
By contrast, if the current more distributed trust structures are allowed to
be incorporated into the electronic world in the normal course of events, then
for many purposes it will be possible for users to use trust services provided
whether implicitly or explicitly by people against whom they have some
effective redress, such as a GP (who can be reported to the GMC for misconduct)
or a local businessman (with a reputation in the community that could be lost).
A long term solution to these problems would involve changing British
procedural law to make it more closely resemble American law. While I believe
that to be desirable, it is not imminent and legislative provision in other
areas must reflect reality.
Up: No Title
Previous: Trustworthiness of Third Parties
Tue Oct 21 11:00:05 BST 1997