Attached is a copy of an open letter by Mr. Orlowski in response to that post. He is not proposing that individuals be forced to use weak encryption. Key escrow would be an option available to anyone wanting a high level of encryption. Organizations and individuals could escrow their own keys if desired.
This message and his letter may be forwarded.
Dorothy Denning
Thank you for your comments on the subject of the use of encryption by private individuals.
Firstly I would like to make the point that the debate has arisen from one person's interpretation of a paper I gave at a conference on "Cryptography Policies and Algorithms" The full text of that paper is now available on the net.
The paper carries a disclaimer at the top that the views are mine and do not necessarily represent the views of the Australian Government. The paper sets out the Government's policy on telecommunications interception, which includes the issue of the use of cryptography as: "As a result of the Report, Australia is, among other TI issues, monitoring the impact of encryption in the telecommunications interception area and will re-examine matters in 1997 following the opening of the telecommunications area to full competition." Telecommunications covers both voice and data communications.
The last paragraph of the paper says that there is a need to expand the cryptography debate to cover the needs of individual users in the context of the information superhighway rather than current Internet users. The paper also points out that issues suh as cost, convenience and public confidence in cryptography systems will be the main issues. Public confidence is explained in terms that as long as it meets the general requirement for privacy it will be acceptable. I still maintain that the general user of the superhighway in the next century will be satisfied with a lower level of encryption which will meet that and cost and user friendliness requirements.
On specific point made in the Internet message, the paper does not suggest, either directly or by implication, that individuals should be banned from using encryption.
Regarding the use of higher level encryption, the paper supports the concept of commercial key escrow where organisations hold their own keys but may be required to provide them in response to a court order. The same would apply to individuals who could either hold there own keys or store them with a commercial body. Access to those keys would be by court order and in that respect is no different to existing procedures for the interception or seizure of telephone conversations or paper records. There is no suggestion that these basic principles, and protection of individual's rights in general, should be changed
If individuals were to use lower level encryption there would be no need for them to maintain copies of any keys for such systems. To my mind this is preferable to a requirement for keys to be maintained for all encryption systems, which could be the result if universal key escrow were introduced.
Finally on the question of interception, the general public expects a reasonable level of law enforcement to ensure the protection of their person and property. Governments are required to find a balance between this and the rights of individuals to privacy. Part of this balance is to ensure that law enforcement authorities convince a court that there is a need to carry out an interception. There is no suggestion that this fundamental approach should be changed. The paper certainly does not suggest tha the Attorney-General's Department should become a centralised interception authority. In fact such a role would not be consistent with its role as a source of advice to Government.
I hope the above clarifies both the Government's policy and my personal views on these matters.
I consider this to be an open letter and have no objection to it being used as such.
Yours sincerely
Steve Orlowski
Posted from: Date: Wed, 23 Aug 95 15:13:05 EDT From: denning@cs.cosc.georgetown.edu (Dorothy Denning) To: risks@csl.sri.com Subject: Australia and Encryption Policy
Date: Sat, 26 Aug 1995 12:02:07 +0100 From: Ross.Anderson@cl.cam.ac.uk Subject: Re: Australia's proposed crypto policy (Denning/Orlowski, RISKS-17.29)
Ross Anderson posted a message on the net recently stating that Australia was proposing an encryption policy that would force residents to use weak cryptography while banks would get key escrow.
Dorothy Denning goes on to say that I misinterpreted Mr Orlowski; that he `is not proposing that individuals be forced to use weak encryption'. Well, Orlowski is now wriggling like a lawyer, but I was there at the conference, and on the panel with him afterwards. His paper states that
`the needs of the majority of users of the infrastructure for privacy and smaller financial transactions can be met by lower level encryption' and `Given that a large proportion of the population would not be using the higher level encryption products, application of key escrow for such products is less likely to create the type of adverse reaction seen to date. Government agencies and large financial institutions are more likely to accept the need for key escrow in the type of products which they use' and `As mentioned earlier, I see encryption being utilised on two levels, a general level being used by the majority of users and a more sophisticated level with much more limited use. Intercepted messages under the first level may be able to be decrypted by the various interception authorities.
`The second level would probably, however, require more sophisticated techniques in circumstances where the key cannot, for whatever reason, be recovered from escrow. This may be achieved by the establishment of a central decrypting unit which would receive, decrypt and transmit back messages'
He stated at this point, in a verbal aside, that the AG's department considered itself the proper repository for this `central decrypting unit'. As I summarised it in my original post to risks:
40 bit keys for the masses, 56-bit escrowed keys for the banks, and a Wiener machine sitting in Orlowski's office. Belt, braces and string.
Orlowski does phrase his comments as advocacy rather than prescription, and he does have a disclaimer saying that these are his personal views, not those of the Australian government.
But it emerged in the subsequent discussions that the paper did not really represent his personal views at all. Not only was he unable to defend them with any vigour during the panel, but he admitted that he had been told to float the policy by his boss, who didn't want to appear himself out of fear of the sort of fuss which greeted the Clipper chip in the USA, and the last attempt to introduce ID cards in Australia. With a general election due, the Keating government is vulnerable, and this clearly limits their spooks' freedom of action.
Risks readers might like to know that the usual suspects - John Rogers from the Australian Defence Signals Directorate and Mark King from GCHQ - were prominent in the audience. King arrived on the same plane as me; he flew business class and went off to a posh downtown hotel. I doubt that GCHQ paid for all that out of idle curiosity.
Orlowski's article also states
"Debate on these issues should be limited to the appropriate parties rather than widely promulgated on the network."
Curiously, I was not able to post to usenet while I was in Australia -- nobody at Queensland University of Technology was, and their sysprogs couldn't find the fault. (Is this a RISK of playing host to someone involved in the crypto policy debate?) Anyway, once I got back to the UK, I brought Orlowski's proposals to public attention - and this has led to precisely the fuss which Canberra was clearly trying to avoid.
Finally, Orlowski did not even get the URL of his paper right in the letter which Dorothy posted to this group. It is actually to be found at
http://commerce.anu.edu.au/comm/staff/RogerC/Info_Infrastructure/Orlowski.html [This has been corrected in this page.]
Ross