The Development of UK Policy - the Processes
The Development of UK Policy - the Substance
Developments in the last five years
Introduction and Background
The United Kingdom likes to think that it brings something special to the policy debate on controlling cryptography. Mainly, that 'something special' arises from the UK's pole position in the remarkable story of 'Ultra' or 'Enigma', - the interception and decryption of German military signals at Bletchley Park in the second world war.
The three particularly relevant points are:
Any appreciation of British official policy on cryptography should start from that standpoint. The maintenance of a strong 'sigint' capability, and the subordination of other interests to that, became accepted (and virtually unquestioned) policy at the highest level. And for once that last cliché is correct - the policy was run by 10 Downing Street under the direct responsibility of the Prime Minister and the relevant top-level security committees effectively managed by the Head of the Civil Service.
A prime objective of the policy was to prevent the proliferation of strong cryptography by the continuation of export controls.
Further, that policy was operated in as covert a way as possible, with the minimum of open guidance to anyone wanting, for example, an export licence. Most things were done in behind-the-scenes negotiation between the officials and a trusted representative of the would-be exporter.
Finally, co-operation with the US was across the spectrum from policy to operations. Thus anyone applying for an export licence from the US to the UK, could be sure that before granting it the US authorities would check, again behind the scenes, with their UK opposite numbers before granting it. And, of course, vice versa.
From the start, Britain supported COCOM, and implemented it to the letter. Their legislative infrastructure was impeccable, thanks to emergency legislation enacted in 1939 and still valid. Under it, successive Export of Goods (Control) Orders have been laid before Parliament and 'nodded through' without debate. These Orders simply implement the entire COCOM, and now Wassenaar, recommendations (of which only a small part concern cryptography) into UK law, usually verbatim.
More recently, they have also taken account of the EU's requirements for implementation of the single European market, for example allowing for recognition of other EU member states' licences in harmonising the arrangements at EU borders.
Formally, applications for licences are made to the Department of Trade and Industry, but in the case of cryptography anything other than routine applications are referred to the appropriate cryptography authorities. From the start, the bureaucratic element of the process has been alleviated where appropriate, as in the US, by granting bulk licences for cryptography vendors etc for routine applications, such as where the COCOM rules clearly allow export.
For example companies wishing to export to banks, or where use is limited to authentication/integrity only, may take advantage of the DTI's Open General Export Licence (OGEL), subject only to notifying the DTI that they have done so soon after their first such export.
For situations where a company frequently makes exports to a specific class of end-users in a specific set of countries, but for an end-use which is not within the OGEL categories, an Open Individual Export Licence (OIEL) is available, but must be agreed in advance initially.
Other exports have to be licensed in advance on a case by case basis. To maximise success chances, applications should be accompanied by a 'statement of end-use', setting out the application, crypto justification (including the strength of mechanism appropriate to meet threats), algorithm, key length and key management, logical and physical security, etc. The authorities will usually appreciate an informal approach first to enable them to understand or discuss the application with the exporter.
More interesting than this discussion of the processes, is the question: what are the chances of getting an application for an export licence accepted? What sort of view does the UK take on exceptions to the COCOM/Wassenaar rules?
There have been few clear guidelines. The authorities are helpful and co-operative, but try to steer applicants towards a compromise on what their minimum strength requirement really is, based on threat analysis. Unless faced with an exceptionally well-informed applicant, the authorities have all the advantages in any such discussion.
In practice, many of the most contentious cases have concerned the use of DES for confidentiality. Like the US, the UK has historically tried to limit DES strictly to banking applications. Until recently extensions have only been allowed when a user is, although not strictly speaking a bank, in practice operating exclusively with banks, or pursuing some 'bank-like' business in the financial sector.
Events in 1985, when the UK authorities joined the US in persuading ISO to drop the standardisation of DES, tend to suggest that both those countries regard the arrival of DES, in retrospect, as an unfortunate mistake. Since then they have been trying to contain it, or at least restrict its proliferation to the maximum extent they can.
The Wassenaar Arrangement came just too early to take account of the new focus on key escrow - it is entirely limited to export controls. Import, use, or supply controls are also outside Wassenaar and are a matter for individual countries.
The Wassenaar rules are that countries will impose a licensing regime on all exports of cryptographic devices (including software, though this is subject to interpretative possibilities), with certain exceptions. The most significant of these is that where the end-user is a bank countries need not impose licensing on exports for authentication/integrity, nor for DES used in the encryption of interbanking transactions. Signatory countries are of course free to impose more restrictive licensing if they so wish.
Contrary to popular belief, Wassenaar (as with COCOM before it) does not prescribe in any detail the circumstances in which signatory countries will grant individual licences for end-use beyond the recognised exception categories. That is perhaps the main reason why the whole crypto control issue is so uncertain and the subject of so much informal 'backdoor' negotiation between companies and governments over individual licence applications.
It is up to the member governments to make their own decisions. There is scarcely any Wassenaar secretariat, or central control or enforcement mechanism - Wassenaar is not a Treaty. In practice however there is an 'understanding' (backed by a certain amount of discreet diplomatic pressure, particularly from the US) that individual licence applications for anything other than 'weak' crypto will only be granted where the end-use is:
As already indicated, the UK follows Wassenaar. In the last five years it has become more relaxed about authentication/integrity, where it can be reasonably satisfied that there will be no diversion to other less desirable uses. It has gradually extended its acceptance of what is 'weak' and what is not - to the point where 56-bit symmetric keys can now be regarded more favourably.
But the central theme of this period is the gradual transformation of the authorities' objectives - from control over the algorithm to control over the keys when needed. In other words, some form of key escrow system to enable law enforcement agencies to gain access to the keys to encrypted communications subject to a warrant officially approved at a high level on a case by case basis.
That has coincided, of course, with the change in the 'sigint' target from the days of the cold war. The authorities are now much more interested in terrorists, organised crime, drugs cartels and rings, etc - although they consider that even some of these activities can be state-sponsored in a handful of extreme cases like Libya, Iran and Iraq. It has also coincided with increasingly strong demands by business for relaxation in the export control policy, to enable a whole host of services which can very approximately be summarised as 'secure electronic commerce'.
The UK response to these changes was the DTI's March 1997 public consultation paper 'Licensing of Trusted Third Parties for the Provision of Encryption Services'. This set out the then government's proposals for mandatory licensing of any TTP offering cryptographic services to the public. Highlights were:
It was emphasised that the law enforcement access to confidentiality keys was to enable the provisions of the existing Interception of Communications Act (IOCA) to be effective in cases where interception under an IOCA warrant resulted in encrypted traffic being obtained. An extension to the same IOCA warrant would then be used to get the required keys from a TTP. No great increase in the volume of IOCA warrants was to be expected - in the UK each has to be signed at Cabinet Minister level. They are believed to be running at about 200 - 300 per year.
The consultation paper attracted a large volume of comment and responses. Some of the technical comments were made public by their authors, and questioned the feasibility of the proposed scheme. Other responses are known to have been politically hostile to it on privacy and other grounds. At the time of writing, the formal position is that the new government is considering its predecessor's paper and the responses, and is expected to make a statement on its own way forward in the last quarter of 1997. It will also publish a summary of the responses.
Attracting less notice than the TTP licensing proposals, was a paragraph in the consultation paper on the recognition of digital signatures. A DTI official has said publicly that this part of the paper was almost universally approved in principle, so that we can presumably expect government action on it, possibly in harmony with the expected EU initiative.
Since the US Government's stumble over Clipper, and even before that, the close relations and virtual harmonisation of policy in this area between Britain and the US has weakened considerably. Any similarity of policy between the two countries is now perhaps more likely to be accidental than deliberate, and the UK may became more 'European' than transatlantic in its leanings.
The most difficult decisions for the new UK government are:
This issue is extremely dynamic, and any discussion of the future possibilities is highly uncertain. In the writer's view, what the UK government would like to see is some sort of international agreement on an acceptable level of intervention and surveillance in support of law enforcement, and on a multilateral framework to achieve it. But the difficulties of achieving that are so great that unilateral action may be required. In view of the UK's traditionally strong stance on the issue, it may well be that if unilateral action is felt to be necessary the political difficulties will be faced squarely. The more challenging problem is whether there is any way in which the objectives of the law enforcement authorities can be achieved in practice.