Information Politics in the UK and Europe

This page was last updated in about 2000 and is no longer maintained. For more recent views on information politics, see our blog.

The information revolution is eroding our liberty in a number of different ways. For example, the US government is pushing to amend international copyright law to give publishers complete control over the use of digital products - so you won't be able to lend a magazine to a friend, or copy an excerpt from a news article into one of your own writings in order to criticise it, without getting permission and paying a fee. Publishers will get Orwellian powers to monitor the books you read, the videos you watch, the music you listen to and the games you play. For more details, see here.

In another assault on liberty, the European Commission proposes to bring the export of intangibles under the export licensing regime. This could make it an offence for me to teach my undergraduate course on security to foreign nationals (who make up 20% of a typical class). It would certainly prohibit many current research collaborations with foreign nationals, such as the work I did on Serpent with Lars Knudsen and Eli Biham: DTI officials have confirmed that I would need a personal export licence to participate in the email exchanges by which this cipher was developed. My research students (who are all foreign) would need licences to access the software in tools such as focussed ion beam workstations which we use for research on the security of smartcards.

The regulation could even make it an offence for me to talk to my daughter (a South African citizen) about `technology related to weapons of mass destruction and long-range missiles' as this would constitute an oral export. (She works in Cambridge as a lawyer: how can she process a patent application relating to missile guidance technology if the client can't talk to her?) Presumably bookshops will have to remove from their shelves such standard titles as Fieser and Fieser's Organic Chemistry (which contains the recipe for mustard gas) and the Feynman Lectures in Physics (which tells you how atom bombs work). Somewhere between a quarter and a half of the courses offered by our school of technology may be affected; if you don't believe me, have a look at the Wassenaar list, or read the much more extensive briefing on the problem here.

This lunacy was originally proposed, at the request of the USA, by the British Government. Following industry representations to the Trade and Industry Select Committee, the government seems unwilling to introduce this law here directly, and their preferred route is to sneak it in as an EU council regulation. This should have the same effect, but will be harder for `troublemakers' to oppose - and the opposition to this measure is very broad indeed: it is the only issue anyone can recall which unites the Committee of Vice Chancellors and Principals with the Defence Manufacturers' Association. The proposed regulation is also at odds with the DTI's stated objective `that for the development of electronic commerce we will create the most business friendly environment in the world'. If export controls on intangibles are introduced throughout Europe, it will do serious harm to Europe's software industry. By fragmenting it into national markets, we will give the Americans most of the mass markets they don't already dominate, while the small specialist firms who survive will generally not have the resources to get export licences. Those who do will be distrusted by overseas customers, who will believe that the price of the export licence was the deliberate introduction of security vulnerabilities.

An example of the deliberate introduction of vulnerabilities is key escrow. The last UK government introduced proposals for licensing cryptography that amounted to mandatory key escrow - that is, that people enciphering data would have to give spare copies of the keys to the authorities to facilitate snooping. In my view, this policy was neither technically feasible nor ethically acceptable. The House of Commons Trade and Industry Select Committee agreed, as did the computing industry. The latest draft Electronic Communications Bill is not much better. For background information on key escrow and the whole crypto policy debate, see the Foundation for Information Policy Research, the Cyber-Rights & Cyber-Liberties home page, the Campaign Against Censorship of the Internet in Britain, and the crypto policy pages of CDT, EPIC, EFF, and GILC. There is also a piece from the nineteenth century which shows that there's nothing new under the sun, and a book called Trust in Cyberspace which is available online and which looks at the broader context of risks to networked information systems.

Before the election, the Labour party (along with many other groups) was firmly opposed to key escrow. (Their policy on the `Info Highway' was here; it's since disappeared.) Once in power, they soon started having second thoughts; despite pressure from within the party, a U-turn came in April 1998 with the furtive announcement of a crypto policy that was scarcely different from their predecessors'. Following general outrage, a further turn led to a consultation document which backs off from some of the most objectionable proposals. There was still plenty to complain about though; for example, consumer protection on the net would be seriously undermined (see here for more).

Fundamentally, our politicians appear ignorant rather than malicious. Being mostly from a legal or media background, they tend to leave IT policy to civil servants, who have little more expertise but still push what they see as their departmental interest. We sorely need to raise the quality of the debate and extend its scope. I therefore got some colleagues together and we started the Foundation for Information Policy Research, which was launched at the Scrambling for Safety workshop in May 1998. This conference had a debate on the latest UK government proposals, the presentation of a a draft Directive on harmonising digital signature law from the European Commission, and a position paper from the Law Society on electronic commerce (see also their related work on the draft Electronic Commerce Directive). The first problem tackled by the Foundation was therefore a consultation exercise on the EU proposals. The results of this exercise can be found here. My own views on key escrow differ somewhat from the libertarian position usually taken by the crypto community and indeed by long term Internet users in general. The reason for this is that I am probably one of the few people outside the intelligence community to both work in cryptography and have operational experience helping with police communications intelligence. I first formulated my analysis of the problem in a 1995 paper entitled Crypto in Europe - Markets, Law and Policy; an updated and less technical overview appears in a recent interview published by the New Scientist.

Crypto policy issues have been hammered out at a number of public meetings, of which the most recent was the Scrambling for Safety conference at the LSE on the 23rd September 1999. This was the first public meeting at which both the relevant government minister and an opposition spokesman both spoke, and (although they avoided each other) it was quite fun. Other meetings where crypto policy issues were discussed included the 1999 Economic Crime Symposium here in Cambridge, the previous Scrambling for Safety event in March, and an ICX conference in London in February. The crime conferences are particularly interesting as most of the working policemen and prosecutors who attend them skip the crypto sessions - which supports the view that the `law enforcement' argument for key escrow is simply a smoke screen for the spooks.

UK policy is also strongly influenced by our membership of the European Union, one of whose recent communications has come out quite strongly against the kind of restrictions that GCHQ/DTI wish to impose. We like to think that this was influenced by a workshop on the topic organised by EPIC in September in Brussels. That in turn was a response to a recently publicised US-EU agreement on phone tapping and key escrow. Meanwhile, the US has pushed new crypto controls through Wassenaar, although quite different interpretations were put on them by the USA, Denmark, Australia and Germany. So that's surely all right then. We also helped to persuade the EU to take a relatively enlightened line on copyright piracy (a previous proposal, backed by Hollywood, would have all but outlawed research in computer security). The struggle continues ...