The previous government's proposals for introducing key escrow via a scheme of compulsory licensing of so-called `Trusted Third Parties' are founded on mistaken assumptions. They are probably illegal under European law; they will place a significant cost burden on British business; they will decrease public confidence in information systems; and they attempt to centralise the trust structures in our society in a way that will have many unpleasant consequences -- only some of which we can now predict. No case has been made for any law enforcement gain to offset these financial and social costs.
The key escrow programme has already held up the deployment of a medical system that could have saved both money and lives, because doctors would not accept a GCHQ demand that all keys be generated centrally. The DTI may consider that it has no brief for medical and other professional practice, but it should nonethelsss consider the similar effects that the TTP programme will certainly have on business.
The DTI should also care very much about being used by GCHQ as its de facto sales agent for a product -- the GCHQ protocol -- that is not of marketable quality; this can only diminish the department's standing. It should also care about being forced to use that product to protect its own classified traffic. It should finally cease and desist from relying on GCHQ for its technical advice; whatever experience GCHQ may have of military cryptosystems, it is abundantly clear that engaging them in the regulation of commercial systems is inappropriate. Let me quote from my `Crypto in Europe' paper:
The infrastructure built up by GCHQ and its overseas counterparts is of little relevance to commercial crypto. For example, the ITSEC/ITSEM proceedure typically takes a year and millions of dollars to evaluate a security product, while underwriters' laboratories might do the job in a month for twenty thousand dollars. We can see no reason why military crypto suppliers should be any more able to beat swords into plowshares than the similarly bloated and inefficient suppliers of tanks, warships and missiles turned out to be.
So the challenge facing Europe's crypto policymakers is a hard one. It is not just a matter of sacking a few thousand civil servants at GCHQ and letting a few CLEFs and equipment vendors go to the wall. It is the challenge of adapting to a major paradigm shift: from intelligence to evidence, from protecting lives to protecting money, from secrecy to authenticity, from classified to published designs, from tamper-proof hardware to freely distributed software, from closed to open systems, and from cosseted suppliers to the rough and tumble of the marketplace.
Every aspect of this change is likely to be alien and threatening to the signals security establishment. On past form, we expect that the securocrats will fail to adapt. Their attempts to retain control of cryptographic technology appear doomed to fail, and if they continue to fight market forces, then they risk public humiliation, with resulting cuts in their organisations' budgets and influence.
These predictions, which I made in July 1995, have come true. The paradigm shift is now clear to all, the irrelevance of ITSEC is trumpeted by industry, and GCHQ has been humiliated by the faults in its protocol. Its attempts to defend itself have simply dug it in deeper; for example, the CESG web page states that `a hierarchy is defined only for the authentication framework' but this is inconsistent with CESG Infosec Memorandum no. 12. DTI ought to distance itself as far as possible from this mess.
It is quite inappropriate for crypto control measures that are sought at the request of a small section of the intelligence community, that are oriented towards US rather than UK defence interests, and that are uninformed by commercial reality, should be mixed up with measures to promote the information economy. The election of a Labour government opposed to key escrow and committed to a defence review gives the ideal opportunity for crypto policy to be removed from the intelligence community completely. This is inevitable given the paradigm shift described above; doing it now, and doing it cleanly, will be much less costly for industry and much less traumatic for the government.