I append a note of the IEE meeting at which the government announced
its intention to force `Trusted Third Parties' to supply decryption
keys surreptitiously to the security services on demand. Those who
have followed the medical crypto debate will recall that the
government now propose to make the GMC the `Trusted Third Party' for
the medical profession.

I can't think of a better way to erode the trust that patients and
doctors currently have in the GMC than to turn it into a licensed
agent of state snooping. Cui bono?

Anyway, this note was posted to sci.crypt and other relevant
newsgroups on Friday, 28th June.

Ross

**************************************************************************



I went to the meeting organised at the IEE yesterday on the UK
`Trusted Third Party' proposals. One of the speakers, Nigel Hickson of
the DTI, confirmed that escrowing of confidentiality keys would be
mandatory. He also claimed that an OECD expert group was working on
`global crypto guidelines', and made clear that the controls would
focus on small-to medium enterprises and individuals rather than on
large companies.

It was a most extraordinary meeting, and showed up GCHQ in a rather
poor light. The introductory talk was given by Andrew Saunders,
advertised as head of CESG (GCHQ's protection arm) since 1991 and a
GCHQ board member. He remarked that the debate on encryption had been
acrimonious, especially in the USA, but that now technology made
possible a compromise in the form of `Trusted Third Parties' which
would supply a key delivery service and a key recovery service for
both users and law enforcement authorities.

I asked him whether his department had advised ministers that it was
all right to release the April report on encryption in the NHS network
(which floated the TTP idea), or had at least had sight of it before
its release. He claimed to have no knowledge of whether his agency had
seen it.

After a talk on the common criteria by Murray Donaldson of the
Ministry of Defence, Saunders left, and we were addressed by a man
introduced as Paul Fleury, head of the information systems security
group at the security service. He was claimed to have been with MI5
for 18 years, and in his current post for 5; and to head a team of 9
people responsible for the overall UK threat assessment (with
technical input from GCHQ), as well as for managing CRAMM and running
UNIRAS (the UK government equivalent of CERT).

Strangely enough for such a senior and responsible person, his name did
not appear on the programme, and in the list of participants he appears
only as `UNIRAS SPEAKER, Security Service, PO Box 5656, London EC1A 1AH'
(so now you know - but why did he turn up with slides that had his name
on them and yet not write his name in the attendance register?)

His talk contained little to surprise, with statistics on viruses,
equipment thefts and hacking. He did mention that 98% of the 873 hacking
incidents in 1994/5 were abuse of access by insiders rather than
external attack.

The third talk was by Elizabeth France, the Data Protection Registrar,
who expressed amusement at my having ironically referred to her (along
with the other speakers) as `one of the forces of darkness' when I
relayed notice of the meeting to the net. She proceeded to blaze with
light; she argued that the national security exemptions to data
protection law should be curtailed, and could see no reason why the
security service should not have to register along with everybody
else. She also pleaded for the wider use of privacy enhancing
technologies, such as the use of pseudonyms in medical databases.

Next was John Austen of the Yard, who pointed out that company
directors can get ten years' jail if one of their employees has
kiddieporn on a company server, since under the Children and Young
Persons Act simple possession is an offence. Then Bob Hill of the MoD
talked about the SOS-TDP project to provide security interfaces in
Microsoft, Novell and DEC products, linked with Northern Telecom's
`Enterprise Security Toolkit'; David Ferbrache of DRA talked about
security threats from the Internet; John Hughes of TIS about
firewalls; and Alex McIntosh of PCSL about how his company built a
crypto infrastructure for Shell and got government approval for it.

The threat model depicted in these talks was remote from reality. For
example, it was categorically stated that most thefts of PCs are for
the information in them, rather than the resale value of the machine
or its components. False - over 11% of UK general practitioners have
experienced theft of a practice PC, yet there is only one case known
to the BMA in which the information was abused.  Another example was
the numbers put on various threats: satellite TV hacking was said to
cost 300,000 pounds a year (according to News Datacom at Cardis 94,
that should be 200,000,000) while other risks were wildly inflated.

Bob Morris, the former NSA chief scientist, is fond of asking security
researchers, `Do you consider yourself to be more dishonest, or more
incompetent?' Well, does GCHQ know that the threat model presented at
their meeting is wrong, or don't they?

Anyway, Alex McIntosh's talk brought matters back to crypto policy
when he explained that following UK and US government approval of a
corporate security architecture designed for Shell, Fortune 500
companies would be trusted to manage their own keys. The explanation is
that they have so much to lose that they will be responsive to warrants
and subpoenas. (The doctrine of equality of persons before the law was
not, of course, mentioned.)

The final speaker was Nigel Hickson from the DTI. The excuse given for
his late arrival ws that he had been in France with the OECD and had
been discussing crypto policy for three days. He looked somewhat junior
but was said to co-chair the ITSEC scheme with CESG and to be one of a
group of five people in DTI responsible for information security policy.

In the introduction to his talk, he picked up on Alex's remarks about
Shell and stated that the motivation for the DTI's involvement was
that while `large firms will crack security', it would be an
inhibiting factor for small-to-medium firms and individuals, and would
prevent them participating in commerce on the Internet (this seemed to
clash with the policy announcement that corporate encryption would be
regulated but private would not be).

He then quite blatantly waffled until his time was almost up before
getting to the reason most people had come to the meeting, namely the
DTI announcement of its intent to regulate `Trusted Third Parties'. My
notes on his words are as follows:

 Why the UK announcement? Many reasons, some of which are highlighted in
 the public statement. The primary reason is that to secure electronic
 commerce people will need access to strong crypto, and if this is serious
 then government will have to look at what systems are `appropriate'. The
 UK government has spent a lot of time discussing the essential balance.
 Continued law enforcement access is required along the lines of the
 Interception of Communications Act. The government has `obviously' looked
 at TTPs and at `elements of key escrow'. There was no mention of national
 intelligence requirements.

 Policy framework for the provision of encryption services:

 1	No new controls on the use of encryption, such as types of
	algorithm. The introduction of trusted third parties will be
	on a voluntary basis;

 2	Licensing of TTPs will be on (a) competence (b) ability to
	provide a service (c) cooperation with government under
	conditions of warranted interception;

 3	International working will be the essential vehicle to drive it
	- first in Europe and then in a wider field.

 Legislation later this year is possible. The EU is working on a `second
 infosec decision' to promote TTPs in Europe. The OECD expert group is
 working on global crypto guidelines.

By the time he had finished this short exposition, he had run over the
advertised time of 4.15, eating well into the fifteen minutes that the
programme had allocated for discussion. There were only a few questions:
Paul Leyland managed to ask whether it would be mandatory for
confidentiality keys to be escrowed, and Hickson said yes.

Just as the questions were starting to flow, the chairman - advertised
as Mr DJ Robertson, Ministry of Defence - declared the meeting closed. I
objected; I pointed out that there were plenty of people with questions,
and that the government's attempts to sell their proposal would not be
aided by such blatant news management, which would surely be reported. He
said that we absolutely had to be out of the room by half past four - the
time then - and overruled me, remarking that the Universities of Oxford
and Cambridge had asked quite enough questions.

Then a large gentleman came up to me and said that he hoped my remark
about publicising their news management had been made in jest. I told him
that it was not, and he became menacing. He said that the meeting was
held under IEE rules and seemed taken aback when I stood my ground and
told him I was a member. He then said that he was also a graduate of
Cambridge and that he would write to very senior people in the University
about me. Good luck to him. Although he wouldn't give me his name, his
lapel badge said `B Buxton' and the attendance register lists a Bill
Buxton, Parity Solutions Ltd., Wimbledon Bridge House, 1 Hartford Road,
Wimbledon SW19 3RU.

After the meeting, we milled around, to the evident discomfiture of the
man advertised as Robertson. Finally, at almost five o'clock, an IEE
lady turned up while there were still a few of us in the corridor. He
asked her to see us off the premises, at which she smiled and asked
whether we knew our way out. When I said yes, she said 'that's all right
then' and went off. The man advertised as Robertson scuttled away without
meeting my eye.

As Bob would ask, incompetence or dishonesty? Well, I didn't get the
impression that our spooks are even competent at being dishonest.

Ross Anderson









%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%