3 July 1997
Source: Nicholas Bohm <nbohm@ernest.net>
This responds to the DTI paper "Licensing of Trusted Third Parties for the Provision of Encryption Services" (100K).
June 1997
Licensing of Trusted Third Parties
for the Provision of Encryption Services
Consultation Paper published in March 1997
by the Department of Trade & Industry - an Information Society Initiative
Response by the Law Society of England and Wales
Introduction
1. The second part of this paper sets out our comments on
the issues listed in Section VII of the Consultation Paper.
We should however like to begin with three general points. These can be
summarised thus:
a) We are not persuaded by the arguments put forward in the Consultation Paper that there is a convincing case for the introduction of a Trusted Third Party system;
b) there would, in our view, be value in legislation on the validity of "electronic signatures": and
c) if the Trusted Third Party system is introduced, eligibility to be a TTP should not, either theoretically or in practice, be confined to telecommunications providers.
First point: a) As to the first of these observations: we
understand the proposed TTP system as being intended to serve two purposes:
one, as a support for those who make use of encryption for legitimate commercial
(and perhaps also private) purposes: and, second, as a deterrent to the use
of encryption for the furtherance of crime.
We doubt that the proposed system would be effective for either purpose.
The Paper says (para.42) that "TTPs will allow UK Business to take advantage
of secure electronic trading". We find it difficult to think of reasons why
those who use encryption in the course of business would want to make use
of TTPs' services. To do so would create a security risk by giving the capacity
to decrypt information to others outside the control of the sender and intended
receiver, thereby increasing the number of those with access to it, without,
as we see it, any material corresponding benefit.
In our view. the very great majority of encryption users would not want to
give any outsider information which could allow access to their encrypted
material, however apparently trustworthy the outsider. They would rely on
contractual arrangements with those with whom they wanted to communicate
and which did not require the disclosure of their keys to anyone else.
Use of the TTP system would, we suggest, give rise to a security risk which
could be of a significant kind. The TTP's arrangements for preventing access
to its records by any but authorised staff would need to be highly effective
- and, if the system was used to any significant extent, the value of the
stored information could be great, making it an attractive target for organised
crime, perhaps with substantial resources at its disposal; and breach of
a system's security would not only give access to information but could give
the intruder the power to alter and forge messages.
TTPs' defences against security breaches would need to start with their
procedures for verifying the identity of key depositors. Unless they made
rigorous identity checks, fraudulent depositors would be able to use them
for endorsement of false identities, another potentially profitable avenue
for misuse of the system. Rigorous identity checking is expensive: passports
and other documents usually used to prove identity may be false or forged,
and thorough personal enquiries is needed.
To overcome the disadvantage of the security risk which the TTP system would
pose for users, it would, we suggest, have to offer very substantial benefits
to encourage its use. We find it difficult to see what these could be.
For example, the Paper says (para. 36) that "Private parties may also have
legitimate reasons and a legal basis to obtain access to encrypted information.
For instance, an employee who has encrypted files may resign without leaving
information concerning the private key, or the death of an individual may
require a solicitor to have access to their encrypted information" which
may require resort to a TTP. We find this difficult to accept: surely no
organisation would allow an employee to encrypt information in such a way
that it was inaccessible to the organisation other than through the employee;
and it seems to us improbable that an individual would be so perverse as
to arrange his or her affairs in such a way that his or her personal
representative could get access to information which the deceased wanted
him to have only by resorting to a TTP.
The Paper also says (Annex F) that an advantage of the TTP system will be
that "Secure communications between unknown parties. without the need to
depend on either expensive or multiple solutions will become common place
and thus lead to increased confidence and use of the information society."
We question the assumption underlying this assertion that there is a demand
of any significant extent for a secure system for communications between
people who are unknown to each other. In our view. the great majority of
situations in which people want to exchange information in confidence involve
two or more participants each of which is known to at least one, if not all,
of the others. We find it difficult to think of situations in which people
unknown to each other might need to communicate confidentially in such a
way as to make the use of a TTP desirable, or indeed practicable.
The reluctance to use TTPs would, in our view, apply eyen more strongly to
those using encryption for illegal purposes. The Paper does not provide a
convincing explanation of how the TTP system would deter the use of encryption
in the furtherance of crime. Annex F asks the question why, if the system
is not to be mandatory, will "crooks and terrorists" not use something else,
and puts forward as an answer that "Criminals will often make use of whatever
technology is conveniently available to them". It goes on to state that "We
expect TTPs to have a major role in conveying secure electronic communications,
especially where a payment for legitimate services is involved." This does
not seem to us to answer the question: it seems obvious that "crooks and
terrorists" will use "something else" to avoid handing over keys to anyone
who might in turn hand them over to the law enforcement authorities and we
do not see how the existence of the TTP regime will discourage, let alone
prevent, it.
Second point: b) this relates to electronic signatures,
or authentication of documents. Rightly, the Consultation Document does not
propose that keys used for "integrity functions" - which we take to cover
keys used solely to indicate documents' authenticity and their senders' identity
- should have to be deposited with TTPs. However. one of the questions asked
in the Paper is whether legislation to introduce "some form of rebuttable
presumption" for the recognition of electronic signatures would be useful.
As we have said, we think that it would be. Large numbers of commercial
transactions are already carried out in reliance on electronic "signatures",
for example, contractual offers and acceptances made by fax or other electronic
medium, and many users of these systems have contractual arrangements for
this purpose. However, the status of documents "signed" in this way is uncertain,
particularly where the law requires a particular document to be signed, or
a type of transaction to be recorded in writing.
Some form of legislative recognition of the validity of an electronic "signature"
which was the result of an agreed procedure would be helpful to commerce;
and also a clarification of the law on how requirements for writing might
be complied with in electronic communications.
We do not believe that this need be a "massive undertaking" or that it need
involve "reviewing all existing legislation", as para. 51 of the Paper says.
A general presumption could be set up without difficulty, and the various
situations where the law imposes particular requirements could be dealt with
piecemeal, starting only with the more obvious and widely applicable situations.
Third point: c) We understand that the Government see Trusted
Third Party services as being provided by telecommunications companies. If
our doubts about the viability of the TTP system are unfounded and there
is a demand for TTP services, we think that, though telecommunications companies
may want to provide them. it would be wrong to confine eligibility to companies
of this kind and that the legislation introducing the system should be designed
so as to enable others to qualify. Solicitors' firms with commercial clienteles
might want to be able to provide these services and the same could apply
to accountancy firms.
We think that it would be a grave mistake to design the new structure so
as to confine the availability of TTP status to telecommunications companies.
----------------
Our answers to the Section VII questions follow.
Answers to questions in Section VII, "Moving ahead"
2. Our answers to these questions assume that a TTP system will be introduced but
should not be taken as qualifying in any way the doubts which we have expressed
about its viability.
Questions
Paragraph 50 - whether the suggested scope of an exclusion from licensing
for intra-company TTPs is appropriate in this context.
We see no reason why intra-company communications should be subject to the
regulatory structure. Groups of companies should be entitled to devise their
own codes and attempting to regulate in-house communications of this kind
seems to us to verge on a breach of civil rights.
Paragraph 54 - whether, in the short term, it would be sufficient for
business to rely on agreements under contract regarding the integrity of
documents and identification of signatures; or whether it would be helpful
for legislation to introduce some form of rebuttable presumption for the
recognition of signed electronic documents.
We have dealt with this issue in the first part of our response.
Paragraph 60 - the appropriateness of the proposed arrangements for the
licensing and regulation of TTPs.
If a TTP svstem is to be introduced, the proposed arrangements seem to us
appropriate.
Paragraph 65 - where views are sought on the proposed
conditions.
The licensing criteria and conditions seem to us appropriate but we think
that a further criterion should be added: that the prospective TTP's proposed
procedure for verifying the identity of key depositors must be adequate:
that is, in this situation, of a high standard.
Paragraph 70 - what, if any, specific exemptions for
particular organisations offering encryption services would be appropriate
depending on the nature of services offered?
We agree with the exclusions proposed in paras. 66 - 69. However, in our view, firms regulated by professional bodies should also be exempt provided that the TTP services they offer are available solely to their clients i.e. those for whom they are providing other professional services to which the TTP services are incidental.
Paragraph 71 - whether it is thought desirable to licence the provision
of encryption services to businesses and citizens wholly outside the UK?
It might, in theory, be desirable to license these services on a reciprocal
basis - on the principle of home state regulation, with reciprocal home state
regulation by other countries - but we doubt that this would be feasible
in practice because of the elusiveness of electronically provided services.
Paragraph 81 - should secure electronic methods for the delivery
of electronic warrants by the central repository and the subsequent delivery
of keys by the TTP be introduced?
We think that secure methods for the delivery of warrants, whether by electronic
or other means, and for the subsequent delivery of keys by the TTP, are vital.
Paragraph 82 - does the legislation specifically need to refer to other
forms of legal access including a civil court order for access to cryptographic
keys used to protect information relating to civil matters such as
bankruptcy?
A trustee in bankruptcy, or liquidator, administrator, or administrative
receiver of a company should be able to obtain access to any private key
of the bankrupt or company.
As to the issue of warrants requiring disclosure of private encryption keys, we are unhappy with the proposal that the Secretary of State should have issuing powers. In our view, the appropriate bodies to regulate the issue of warrants for all purposes are the courts. We suggest that s.55 of the Drug Trafficking Act 1994 provides an appropriate model. This gives power to a circuit judge to order the production of material which may be relevant to an investigation into drug trafficking, on the application of a constable or officer of H. M. Customs and Excise. If it is thought necessary, power to
apply to the court could also be given to the Secretary of State or anyone
authorised by him.
Section 55 sets out criteria for the making of an order by a judge, which
specify, among other matters, who an order may be made against; and when
it may be applied for. It provides for one very important factor which paras.
76-80 of the Consultation Paper do not mention: the person against whom the
order may be made (i.e. the TTP here) must normally be given seven
days in which to produce the material or give access to it, which thus gives
time for that person to apply to the court for the order to be rescinded.
A procedure of this kind is, in our view, essential as a protection against
abuse. In order to prevent abuse of the delay, s.58 of the Act makes it an
offence to make any disclosure which is likely to prejudice an investigation
into drug trafficking, where an order under s.55 has been made or applied
for. A similar anti-tip off protection could be incorporated in relation
to TTPs.
The question of appeals and tribunal, referred to in paragraph 90, does not
arise if the courts are given powers to issue warrants since an appeal procedure
is already in place.
Paragraph 84 - should deliberate (and perhaps wilfully negligent) disclosure
of a client's private encryption key be a specific criminal offence, or would
existing civil and criminal sanctions suffice?
We are against the creation of new criminal offences unless it is clear that
existing sanctions do not cover the mischief concerned. We suggest that the
Data Protection Act 1984, the Computer Misuse Act 1990, and the Interception
of Communications Act 1985 should be reviewed to see whether they would,
individually or together, provide adequate protection against disclosure
by TTPs of users' encryption keys.
We question the use of the term "wilfully negligent". It is not, as far as
we know, an accepted legal term. Further we question whether "wilful" negligence
can mean anything other than "deliberate" negligence and thus whether the
term means anything different from "deliberate". Possibly the proper term
would be "reckless" which has an accepted legal meaning.
We do not know what the "civil sanctions" which are referred to are but presume
that they are the types of liability covered by the next question.
Paragraph 89 - whether the principle of strict liability (as described)
is appropriate in these circumstances?
It seems to us that there is a strong argument for strict civil liability
for loss caused by unlawful disclosure of users' keys - the consequences
of disclosure could be disastrous for the code user and TTPs should have
to provide very good protection indeed against unlawful disclosure of keys.
Paragraph 91 - whether, in principle, an independent appeals body (such
as a Tribunal, separate from that referred to below) should be created ?
As we have said, the power to issue warrants should be given to the courts.
This would dispense with any question of a new appeals body.
Paragraph 93 - whether the proposed duties of an independent
Tribunal are appropriate.
See our comments on paragraph 91.
Annex C - would mandatory ITSEC formal evaluation be appropriate?
We do not regard ourselves as qualified to answer this question.
==============================
===================
========
We should like to acknowledge the very considerable help of Mr Nicholas Bohm in the preparation of our response
Thanks to Nicholas Bohm
RTF conversion to HTML by JYA/Urban Deadline