encryption and law enforcement - fipr · title: encryption and law enforcement author: performance...

pe

rf o

r m

a n c e a n d

i n n o v a t i on

un

i t

AA PPEERRFFOORRMMAANNCCEE AANNDD IINNNNOOVVAATTIIOONN UUNNIITT RREEPPOORRTT –– MMAAYY 11999999

CABINETOFFICE

EEnnccrryyppttiioonn aanndd LLaaww EEnnffoorrcceemmeenntt

FFOORREEWWOORRDDby the prime minister

I am determined to ensure that the UK provides the best environment in the world forelectronic business. Only by taking a lead to promote electronic business will we reap thepotential economic and social benefits. But I am equally determined to ensure that the UKremains a safe and free country in which to live and work.

The rise of encryption technologies threatens to bring the achievement of these twoobjectives into conflict. On the one hand, business has delivered a clear message thatencryption is essential for developing confidence in the security of electronic transactions. And lack of confidence is often cited as one of the main brakes on electronic commerce.People also want to enhance the security of their personal communications through the use of encryption. To meet these needs, the Government is keen to support the strong and growing market in encryption products and services.

On the other hand, the use of encryption by major criminals and terrorists could seriouslyfrustrate the work of the law enforcement agencies. Indeed there is already evidence thatcriminals, such as paedophiles and terrorists, are using encryption to conceal their activities. It is a little known fact that on average one in every two interception warrants issued results in the arrest of a person involved in serious crime. If powers of interception and seizure arerendered ineffective by encryption, all society will suffer. So it is vital that in our support forthe use of encryption we limit the damage to our ability to protect society.

In February 1999, I asked the Performance and Innovation Unit (PIU) to consider the issue ofencryption, e-commerce and law enforcement and a task force was established to look quicklyat the problem. This report draws on the findings of this PIU task force and on the work ofthe Unit’s wider e-commerce project. It sets out the issues surrounding encryption and lawenforcement and the encryption task force’s recommendations to achieve better-balancedGovernment policy in this area.

I see this report as a way of securing greater public understanding of some of the issues atstake. The value of interception as a law enforcement tool is one such issue. Clearly, sensitiveoperational techniques need to be protected because of national security concerns. But thisreport sets out as fully as possible the findings of the PIU task force in demonstrating theGovernment’s intention to encourage a public debate.

I particularly welcome their recommendations for moves towards closer co-operation betweenGovernment and industry to ensure that together we achieve our twin aims: a continued safesociety for all – and the best environment in the world for electronic business.

Tony Blair

pe

rf o

r m

a n c e a n d

i n n o v a t i on

un

i t


CCOONNTTEENNTTSS

1. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Remit of the PIU study . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

3. Developing electronic commerce in the UK and the role of encryption . . . . 4Government policy on e-commerce . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4The importance of encryption to e-commerce . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

4. Law enforcement issues raised by encryption . . . . . . . . . . . . . . . . . . . . . . . . . 6The importance of interception for effective law enforcement . . . . . . . . . . . . . . . . . . . 6Government policy on interception . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7The impact on interception of developing encryption technologies . . . . . . . . . . . . . . 7A shared international problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

5. Government consideration of encryption policy . . . . . . . . . . . . . . . . . . . . . . . 9Public Key Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Digital signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Key escrow and licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

6. Analysis of key escrow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11The merits of key escrow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11The limitations of key escrow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Conclusions on key escrow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

7. A new approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14A new Government/industry joint forum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Establishment of a Technical Assistance Centre . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Legislative issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15International issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

ANNEXESAnnex A: role of the Performance and Innovation Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Annex B: law enforcement requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Topics Covered in this section:

•

IINNTTRROODDUUCCTTIIOONN


1

11.. SSUUMMMMAARRYY

Developments in encryption technology, products and services carrysignificant benefits in increasing consumers’ levels of trust in theInternet, and particularly in e-commerce. However, they also give rise to a number of challenges for law enforcement, where it will becomemore difficult to derive intelligence from lawfully interceptedcommunications and retrieved data. This report considers theGovernment’s response to the issues of encryption, e-commerce and law enforcement. The report is framed by two key objectives for the Government:

to make the UK the best environment in the world in which to tradeelectronically; and

to ensure that the UK remains a safe country in which to live and work.

The task force concluded that no single technique or system was likelyto be enough to sustain law enforcement capabilities in the face ofrising use of encryption by criminals. This being the case, a package of measures was needed to mitigate the consequences as set out below.

RReeccoommmmeennddaattiioonnssThe voluntary licensing of providers of encryption services, proposed in therecent DTI consultation document on the forthcoming Electronic Commerce Bill,will help improve consumers’ confidence and therefore support the developmentof e-commerce in the UK. However, these licensed providers should not berequired to retain ’decryption keys’ or to deposit them with third parties (i.e. no mandatory ’key escrow’). Whilst the introduction of a mandatory linkbetween licensed providers of services and key escrow would provide the besttechnical solution to many of the problems caused by encryption, in practice it would not support achievement of both of the Government’s objectives.

The Government should adopt a new approach based on co-operationwith industry to balance the aim of giving the UK the world’s bestenvironment for e-commerce with the needs of law enforcement. There is no’silver bullet’ policy that guarantees that the development of encryption will notaffect law enforcement capabilities.

A new Government/industry joint forum should be established to discussthe development of encryption technologies and to ensure that the needs of law enforcement agencies are taken into account by the market. This new co-operation should also be promoted at the international level. The forumshould consist of a high-level group to discuss policy issues and be supported by specialist technical and legal groups.


A new Technical Assistance Centre should be established, operating on a 24-hourbasis, to help law enforcement agencies derive intelligence from lawfully interceptedencrypted communications and lawfully retrieved stored data. The Technical AssistanceCentre will also be responsible for gaining access to decryption keys, where they exist,under proper authorisation.

The task force welcomes the intention to include in the forthcoming ElectronicCommerce Bill provisions to allow lawful access to decryption keys and/or plain textunder proper authority. The task force also recommended that further attention shouldbe given in the Bill to placing the onus on the recipient of a disclosure notice to proveto the authorities that the requested keys or plain text are not in his possession, and to state to the best of his knowledge and belief where they are.

The UK should encourage the development of an international framework,including a new forum, to deal with the impact of encryption on law enforcement.

EEnnccrryyppttiioonn aa

nndd LL

aaww EE

nnffoorrcceemmeenntt

2

RReemmiitt ooff tthhee PPIIUU ssttuuddyy

2.1 The creation of the Performance andInnovation Unit (PIU) was announced by thePrime Minister on 28 July 1998. Its aims areto improve the capacity of government toaddress strategic, cross-cutting issues andpromote innovation in the development of policy and delivery of the Government’sobjectives. The PIU acts as a resource for the whole of government, tackling issues on a project basis. Annex A provides moreinformation on the role of the PIU.

2.2 In February 1999 the Prime Ministerasked the PIU to consider the issue ofencryption and law enforcement. The PIUwas already conducting a project to examinehow the Government’s objective of makingthe UK the world’s best environment forelectronic commerce would most effectivelybe achieved (as announced by the PrimeMinister in December 1998). It then becameclear that more detailed work was needed on whether and how to regulate the use of encryption in the DTI’s ElectronicCommerce Bill.

2.3 The remit given to the PIU was:

to study the needs of law enforcementagencies and of business;

to examine the merits of the currentencryption policy (and in particular keyescrow, which is explained in chapter 5);and, if necessary,

to identify proposals that would satisfyboth the need to promote encryption for electronic commerce and theGovernment’s duty to ensure that publicsafety is not jeopardised.

MMeetthhooddoollooggyy

2.4 To handle this remit, the PIU establisheda joint Government/industry task force toexamine the issue and to recommend a wayforward. The task force was led by DavidHendon, Chief Executive of theRadiocommunications Agency, and workedalongside the existing PIU electroniccommerce project team, led by Jim Norton.Its membership was drawn from:

the Home Office;

the National Criminal Intelligence Service;

GCHQ Communications-ElectronicsSecurity Group;

the Department of Trade and Industry;

the Cabinet Office;

British Telecommunications; and

IBM.

2.5 The PIU task force had a very short timeto complete its work and was tasked withidentifying the broad strategy rather than thedetail of implementation. Over the six-weekperiod of its creation and work, the task force had discussions with 23 companies and organisations and with five overseasgovernments. The task force reported to thePrime Minister at the end of March 1999.This report draws on the findings of the task force and on the work of the PIU’s wider e-commerce project. It sets out the issues surrounding encryption and lawenforcement and the encryption task force’srecommendations to achieve better-balancedGovernment policy in this area.

Topics covered in this section:

• Remit of the PIU study• Methodology

22.. IINNTTRROODDUUCCTTIIOONN


3

GGoovveerrnnmmeenntt ppoolliiccyy oonn ee--ccoommmmeerrccee

3.1 The Government is committed topromoting electronic commerce in the UK.The cost savings available from streamliningbusiness processes and supply chains using e-commerce techniques are dramatic:reduced time to market, lower stock holdings,reduced transaction costs. All these offersubstantial benefits to industry and consumeralike. Entirely new ways of doing business are also enabled, such as holding electronicauctions for airline tickets or hotel rooms. The pace of development around the world is unprecedented, but much depends onensuring trust in this new medium and hereencryption technologies have a vital role to play.

3.2 The Government’s broad electroniccommerce agenda was published in October1998 in Net Benefit: the electronic commerceagenda for the UK.1 Further to this, in theWhite Paper Our Competitive Future: Buildingthe Knowledge-Driven Economy,2 published in December 1998, the Government set outthe ambitious goal of developing the UK asthe world’s best environment for electronictrading by 2002. The PIU’s electroniccommerce project team has been tasked to identify the strategy necessary to meet this objective and is due to report by Summer 1999.

3.3 The DTI continues to work actively in this area, driving forward competition,meeting with the e-commerce supply sectorsto tackle barriers to growth, and helping smallbusinesses take full advantage of the explosionof new ways to access, use and send

information. The Government’s commitmentto e-commerce in its widest sense was furtherspelled out in the March 1999 White PaperModernising Government. Chapter 5 of the White Paper makes it clear that theGovernment will use new technology to helpmeet the needs of citizens and business in the provision of public services, and not trailbehind technological developments.

TThhee iimmppoorrttaannccee ooffeennccrryyppttiioonn ttoo ee--ccoommmmeerrccee

3.4 Encryption can be used to provide avariety of security services for commercialtransactions. Principally these are integrity,authentication and confidentiality. Integrityservices can guarantee that data has not been accidentally or deliberately corrupted;authentication guarantees that theoriginator or recipient of material is the personthey claim to be; and confidentialityensures that data cannot be read by anyoneother than the intended recipients.

3.5 All of these services are important toovercome the lack of trust felt by manypeople in the security of information sentover the Internet. This lack of trust is oftencited as one of the most significant barriers to the increased use of electronic commerce.

3.6 Encryption can be used by business, forexample, to guarantee:

that contracts have not been improperlyaltered, and have been signed byauthorised personnel;

that funds are transferred securely, byreplacing information like credit card


nndd LL

aaww EE


4


• Government policy on e-commerce• The importance of encryption to e-commerce

33.. DDEEVVEELLOOPPIINNGG EELLEECCTTRROONNIICC CCOOMMMMEERRCCEE IINN TTHHEE UUKK AANNDD TTHHEE RROOLLEE OOFF EENNCCRRYYPPTTIIOONN

1 URN 98/8952 CM 4176

details or account numbers in such a waythat they cannot be used fraudulently; and

that market sensitive information flowingbetween different parts of an organisationcannot be accessed by anyone other thanthose entitled to see it.

3.7 Encryption also has benefits in helping to protect the privacy of personalcommunications. Whether individuals arecorresponding with friends using e-mail, or electronically booking appointments with their doctor, some people will wish for the added security that comes from using encryption.

A FAMILIAR USE OF ENCRYPTION IN THE HOME

One familiar commercial use of encryption is toprevent free reception of satellite TV. Withoutadvanced encryption devices, programmesdelivered into homes could be viewed by anyone.Encryption allows only the person who has paidto view the programmes to watch them. Thetechnology also makes it virtually impossible totamper with a decoder to extract and copy thekey, which is supplied over the air.

A BUSINESS USE OF ENCRYPTION

The world-wide Automotive Network Exchange(ANX) is a system being developed collectively by vehicle manufacturers. It is a private networkusing Internet technologies (an Extranet). Thenetwork binds together manufacturers,contractors, sub-contractors and componentsuppliers throughout the industry supply chain.Through this network flow computer-aideddesign information and manufacturing files,purchase orders, shipment details, electronicpayments and a wide variety of other businessinformation. Encryption technology is used in a variety of ways:

• integrity services assure that order informationhas not been corrupted;

• authentication services assure that orders andinvoices are genuine; and

• confidentiality services protect proprietarydesign information.

Encryption continues to make a significantcontribution to areas such as the 72% reductionin error rates experienced since the introductionof ANX.


5

4.1 The development of encryptiontechnology gives rise to a number ofchallenges to law enforcement, security and intelligence agencies. In particular, itswidespread use will have an effect on theability of these agencies to make use oflawfully intercepted communications andretrieved data for law enforcement purposes.This chapter assesses the importance ofinterception for law enforcement andconsiders the impact of encryption on law enforcement capabilities.

TThhee iimmppoorrttaannccee ooffiinntteerrcceeppttiioonn ffoorr eeffffeeccttiivveellaaww eennffoorrcceemmeenntt

4.2 It is sometimes claimed thatinterception has rarely led to the successfulprosecution of a criminal and that equallygood intelligence can be gained by othermeans. This is simply untrue. Interception of communications has long been anessential tool in the fight against seriouscrime and threats to national security. It islong-standing policy not to disclose details of interception operations so as not toundermine its value as an intelligence source.But the following figures give an idea of thevalue of the existing arrangements. During1996 and 1997, lawful interception ofcommunications played a part – often thecrucial part – in operations by police and HM Customs which led to:

1,200 arrests;

the seizure of nearly 3 tonnes of class Adrugs;

the seizure of 112 tonnes of other drugswith a combined street value of over £600 million; and

the seizure of over 450 firearms.

4.3 During this period, around 2,600interception warrants were issued by theHome Secretary. This means that on averageone person involved in serious crime wasarrested for every two warrants issued.

4.4 In addition to being highly effective,interception also gives many advantages over other investigative methods, such assurveillance and the use of informants.Surveillance is extremely expensive in its use ofresources compared with interception. To worksuccessfully it must be targeted very carefully,usually in conjunction with some other form of intelligence gathering mechanism such asinterception. The use of informants often failsto give the direct and unbiased access whichcan be gained by interception. Informants arenot always available, cannot always be reliedupon and seldom offer the kind of directcoverage provided by interception. In manyinvestigations, interception may be the onlypossible means of access to a target who isalert to surveillance and against whom noinformants can be recruited.

4.5 The task force noted that there is ageneral public acceptance of the use oftelephone and mail interception underwarrant with the aim of protecting society.Yet there appears to be a very strong aversionin some quarters to law enforcement agencieshaving similar warranted access to theelectronic communications that are thecommon currency of the Internet community.The task force therefore felt it important toemphasise to this community the importanceof lawful interception in protecting societyfrom crime and terrorism. They believed itwas important that the development ofelectronic communications, which promisesmany benefits to businesses and individuals,should not also give assistance to those whoare engaged in serious crime.


nndd LL

aaww EE


6


• The importance of interception for effective law enforcement• Government policy on interception• The impact on interception of developing encryption technologies• A shared international problem

44.. LLAAWW EENNFFOORRCCEEMMEENNTT IISSSSUUEESS RRAAIISSEEDD BBYY EENNCCRRYYPPTTIIOONN

GGoovveerrnnmmeenntt ppoolliiccyy oonniinntteerrcceeppttiioonn

4.6 Under the Interception ofCommunications Act (IOCA) 1985,interception of any communication (includinge-mail) on a public telecommunicationsnetwork requires a warrant to be signed by aSecretary of State. Interception may only beauthorised where the Secretary of Stateconsiders that it is necessary in the interestsof national security, for the purpose ofpreventing or detecting serious crime, or forthe purpose of safeguarding the economicwell-being of the United Kingdom. IOCArequires the Secretary of State to consider,before authorising an interception, whetherthe information could reasonably be obtainedby any other (less intrusive) method. Anindependent Commissioner keeps underreview the exercise of the Secretary of State’spowers under the Act. The Commissioner

EXAMPLES OF ENCRYPTION USED INSERIOUS CRIME

• In 1995 two suspected paedophiles werearrested by police in the UK on suspicion ofdistributing child pornography on the Internet.Their computer systems were found to containpornographic images of children and, in thecase of the leading suspect, a large amount of encrypted material. The indications werethat the suspects had used encryptedcommunications to distribute childpornography to contacts around the world via e-mail. Although both paedophiles weresubsequently convicted of distributing childpornography, the police investigation into the leading suspect was severely hampered by the fact that he had used encryption.

• In late 1996, a police operation culminated in the arrests of several leading members of aNorthern Irish terrorist group and the seizureof computer equipment containing encryptedfiles. The files held information on potentialterrorist targets such as police officers andpoliticians. The data was eventually retrievedbut only after considerable effort.

• In 1998, police enquiries into a case ofattempted murder and sexual assault wereimpeded by the discovery of encryptedmaterial on a suspect’s computer. Theinvestigation was able to proceed only afterthe relevant decryption key was discovered bythe police amongst other material seized fromthe suspect.

submits an annual report to the PrimeMinister who lays it before Parliament. It is open to anyone who believes that his or her communications may have beenintercepted to apply to the InterceptionTribunal established under IOCA whichinvestigates complaints.

4.7 The proposals contained in this reportare, therefore, not about increasing thescope of interception, or access tostored data. They are designed to ensurethat lawfully intercepted and retrievedmaterial can continue to provide intelligenceto the law enforcement agencies in order to assist the investigation of serious crimesand terrorism.

4.8 The PIU task force suggested that thelaw enforcement agencies should adopt amore pro-active approach to making peopleaware of the value of interception in the fight against serious crime, to the extentpossible whilst not compromising thetechnique’s effectiveness.

TThhee iimmppaacctt oonn iinntteerrcceeppttiioonnooff ddeevveellooppiinngg eennccrryyppttiioonntteecchhnnoollooggiieess

4.9 The widespread deployment ofencryption means that it will becomeincreasingly difficult for law enforcementagencies to make use of communicationswhen they are lawfully intercepted.

4.10 The problem is urgent. There is ageneral acceptance that encryption willbecome a more generic technology, and thus integrated into an ever larger number of applications and products. For example,there are indications that some InternetService Providers in the UK will make strong encryption tools available on theirintroductory CDs, giving many Internetsubscribers the opportunity, at little cost to themselves, to use strong encryptiontechniques for both their stored andcommunicated data. The advent of Internettelephony and of encrypted mobile phonesalso has the potential to reduce theinformation that can be derived by lawenforcement agencies from interceptionunder warrant.


7

4.11 Much of the encryption used whencommunicating or storing data will beeffectively unbreakable by the authorities. Forexample, readily available strong encryptiontechnology means that many billions ofdifferent combinations potentially need to betried before a code can be broken. The timeand computer resources needed to do thismake the code unbreakable in a reasonabletime. For most police operations, informationis needed as soon as possible; mostencryption would take far too long to crackfor the decoded information still to be of use.A fuller account of the requirements for lawenforcement when dealing with encryptedmaterial is at Annex B.

INTERNET TELEPHONY

Voice and data are increasingly converging onto a single, Internet Protocol (IP) based, transportnetwork. Currently, telephone calls use the(circuit-switched) Public Switched TelephoneNetwork – where a path is opened across thenetwork between the calling parties for theduration of the call. In an IP communication, onthe other hand, the call is divided up into manysmall packets, which are sent individually by anynumber of different routes and reassembled atthe other end. Both circuit-switched telephonyand IP data are conveyed in a digital form, and digitisation of the network has allowedtelecommunications operators to offer many newservices to users. A technology known as ’VoiceOver IP’ is increasingly being suggested as areplacement for Public Switched TelephoneNetwork voice calls, as rationalisation of switchingmethods leads to savings for operators. Technicalchange in telecommunications is furtheraccelerated by new service providers entering themarket and improving competition. Operatorswishing to attract new customers, or to earnadditional revenue from existing customers, areincreasingly likely to offer encryption services asvalue-added services, especially as encryption ismore readily applied to digital rather than theolder analogue transmissions.

AA sshhaarreedd iinntteerrnnaattiioonnaallpprroobblleemm

4.12 Whilst the study has largelyconcentrated on the domestic scene, the PIUtask force also took account of the views andexperiences of the Governments of the USA,Canada, Sweden, France and Germany. It isclear that law enforcement agencies in allthese countries, and many others, are facingsimilar problems. Although the degree of lostlawful interception currently caused by theuse of encryption in different countries isvariable, there is a general expectation thatthe problem posed by encryption for lawenforcement can only get worse. All thecountries with which this issue was raisedexpressed a desire to co-operate with othergovernments and with industry to tackle theimpact of encryption on law enforcement.

CODE BREAKING (‘BRUTE-FORCEATTACKS’)

How easy is it to crack an encrypted message?Digital encryption keys are classified according to how may ’bits’ they have. To take the exampleof a readily available 128-bit key; using a ’bruteforce’ approach – with a billion computers that are able to try a billion keys per second(which is far beyond anything available atpresent) – it would still take the decrypter10,000,000,000,000 years to try all of thepossible combinations. That is something like a thousand times the age of the universe.


nndd LL

aaww EE


8

5.1 In chapter 3, the importance ofencryption to the development of electroniccommerce, as a means of guaranteeingintegrity, authentication and confidentiality,was demonstrated. Chapter 4 assessed theimpact of encryption on law enforcementcapabilities and, in particular, on the ability of law enforcement agencies to deriveintelligence from seized and interceptedmaterial. Taken together, these two precedingchapters make clear that there is a balance tobe struck between the needs of business andlaw enforcement. This chapter goes on to setout the Government’s recent approach toregulating providers of encryption serviceswith the aim of striking that balance. It alsoconsiders the likely way in which encryptionservices will be provided to customers acrossthe Internet, specifically explaining thestructure of Public Key Cryptography, as the most likely form of service provision.

PPuubblliicc KKeeyy CCrryyppttooggrraapphhyy

5.2 The widespread use of cryptography has only become feasible because of theinvention of what has become known asPublic Key Cryptography. In such a system,users’ keys come in pairs, known as publicand private keys. As the names suggest, theprivate keys are only known to their owners,whereas public keys can be made available toanyone. A private key cannot be derived fromthe corresponding public key.

5.3 Messages can now be enciphered usingthe intended recipient’s public key. Theprivate key needed to decipher the messageis known only to the recipient. Therefore,only the recipient can decipher the messagecontent. It is obviously important for thesender of the message not only to be able togain access to the recipient’s public key, but

also to be confident that it does indeedpertain to the correct and intended recipient.Public keys are very often made accessible to all; they are bound to the identity of theirindividual owner by ’wrapping’ them in adigital certificate, signed by a recognised and trusted Certification Authority (CA). This important supporting infrastructure is commonly known as a Public KeyInfrastructure (PKI).

ENCRYPTED MESSAGES AND PUBLIC KEYINFRASTRUCTURE

This example illustrates data confidentiality. The same PKI can be used to support secureelectronic signatures. Different keys are typicallyused for the different services.

If two people, A and B, want to send each otherencrypted messages:

1. A arranges to have a key pair certificated bythe Certification Authority providing the PublicKey Infrastructure service. A must prove hisidentity to the Certification Authority whothen vouches for the fact that A indeed hasthe private key corresponding to thecertificated public key.

2. A keeps the private key securely, whilst thepublic key is published complete with itscertificate attached.

3. B uses A’s public key to encrypt his message,having first verified for authenticity theassociated certificate for A.

4. B then sends the encrypted message to A (insome cases enclosing his own public keywhere this is necessary).

5. A uses his private key (and if necessary B’spublic key) to decode the message.

Note: In key escrow both A and B’s private dataencryption keys (but not their signature keys) wouldbe stored (escrowed) with a Trust Service Provider.


• Public Key Cryptography• Digital signatures• Key escrow and licensing

55.. GGOOVVEERRNNMMEENNTT CCOONNSSIIDDEERRAATTIIOONN OOFF EENNCCRRYYPPTTIIOONN PPOOLLIICCYY


9

DDiiggiittaall ssiiggnnaattuurreess

5.4 Public Key Cryptography can also be used to guarantee the integrity andauthenticity of data, whether the data itself is to be enciphered or not. (The signing of a bank cheque is often regarded as a helpfulanalogy.) With encryption, this is done by a process that combines use of a privatesignature key with the data that is to besigned to construct a (message dependent)digital signature. This signature can bevalidated with knowledge only of theassociated public key. Hence anyone can be confident that the owner of the key pairconstructed both the signature and the datato which that particular signature is attached.

5.5 Again, for this to work it is essential forverifiers of the signature to be confident thatthe relevant key pair is properly identified toits real owner. So in these circumstancesaccess to the public key would normally beachieved via a digital certificate, itself signedby a trusted CA. Attaching such a digitalsignature to an electronic document hassignificant benefits for engendering trust inelectronic commerce. When they receive adocument with such a signature, a recipientwill know that the document has genuinelycome from the claimed originator. Digitalsignatures have the potential to open up newareas of business to electronic commerce, forexample by making a reality of electronicsigning of contracts.

5.6 Digital signatures do not pose the sameproblem to law enforcement. They couldeven bring significant law enforcementbenefits, as they would help an individualsender or recipient to be positively identified and may also help cut down on fraudulent transactions.

KKeeyy eessccrrooww aanndd lliicceennssiinngg

5.7 In 1996, the Government proposed thatproviders of data encryption and digitalsignature services should be obliged to applyfor official licensing as ’Trusted Third Parties’.Such mandatory licensing would be designedto help establish the market by guaranteeingto consumers that certain standards wereadhered to by the service providers. For lawenforcement purposes, an importantcondition of the proposed licensing regimewas that service providers would be requiredto keep copies of their customers’ privatedata encryption keys (but not signature keys),so that, if required, law enforcement agenciescould access them under warrant.

5.8 ’Key escrow’ is the arrangementwhereby a copy of the key that enables thecontent of a document to be subsequentlyrecovered is held securely by a third party.Licensed key escrow refers to a system wherea copy of the key is held by a trusted thirdparty, who has satisfied the stringentregulations concerning maintenance andcustody of client keys, generally – but notalways – the company that is providing theencryption service.

5.9 Industry’s response to these proposalsincluded a concern that mandatory licensingfor encryption service providers would slowthe take-up of electronic commerce. It wasalso argued that criminals would avoid thecontrols by making their own arrangements,while British business and commerce wouldbe competitively disadvantaged by having to build their e-commerce systems in theparticular way that the Government required.

5.10 In April 1998, the Government decidedthat policy should be relaxed. Instead ofmandatory licensing for encryption anddigital signature service providers, itproposed that licensing would be voluntary.However, the requirement to operate dataencryption key escrow remained for thosecompanies that wished to exploit the cachetof being licensed.

5.11 Digital signatures supported byproviders who met the regulatoryrequirements were thought likely to carry a greater legal presumption of authenticitythan those issued by unlicensed providers.This would be an encouragement for peopleto use licensed providers. Companies hopingto avoid key escrow would not be allowed togain the benefits of licensing for operatingjust a signature service. The proposal wasthat there should be an ’all or nothing’approach, i.e. companies licensed to providedigital signatures that also wished to provideencryption services could only do so under licence.

5.12 Government trailed a change to thispolicy, in the DTI’s latest consultationdocument on the Electronic Commerce Bill,Building Confidence in Electronic Commerce,issued on 5 March 1999. This consulted onthe basis that key escrow or third party keyrecovery would not be a requirement forlicensing, and that licensing itself would in any case be voluntary.


nndd LL

aaww EE


10

6.1 As stated above, the PIU task force was to examine the merits of the originallyproposed linkage between licensing and key escrow. This chapter assesses the meritsand limitations of key escrow, from theperspective of industry and consumers. It also considers the extent to which keyescrow, or other forms of third party keyrecovery, would address the law enforcementconcerns raised by encryption.

TThhee mmeerriittss ooff kkeeyy eessccrrooww

6.2 For business and consumers, asystem of Government-licensed providers of encryption services, together with licensed Trust Service Providers holdingcopies of encryption keys, carries a numberof potential benefits:

the licensing of Trust Service Providerswould provide reassurance to users thattheir confidentiality requirements are being met by a company that meetscertain minimum standards of serviceprovision (analogous to a British Standardkite mark);

a properly implemented and managedthird party key recovery system would helpincrease users’ confidence that their keysare properly maintained and access tothem is given only to those having aproper, lawful permission; and

a Key escrow (or key recovery) systemwould permit the retrieval of importantdata by users themselves, for example ifconfidentiality keys were accidentally lostor perhaps destroyed by a departing ordisaffected employee.

6.3 In terms of law enforcementrequirements, the merits of key escrow would to some extent depend on the ease

with which it could be avoided, nationally or internationally. This is considered furtherbelow. However, if key escrow was widelyadopted and implemented, then the taskforce concluded that, in terms of the publicpolicy response to developing encryptiontechnologies, no other technique would give anything like the same functionality in meeting the needs of law enforcement in their task of ensuring the UK is a safe place in which to live and work.

6.4 Having obtained the particular ’keywarrant’, in addition to the authority tointercept the communications of a suspectedserious criminal, key escrow would allow thepolice and law enforcement agencies todecrypt such communications cheaply andeasily, thereby retaining similar levels ofintelligence to those they currently have.Seized encrypted material might be similarly examined.

6.5 The obvious question is why criminalswould use a key escrow system which madekeys available to the police and other law enforcement agencies. The PIU task force took the view that this is not apersuasive argument against key escrow,concluding that:

criminals generally use technology that is readily available. Indeed, criminalscontinue to use landline telephones, even though it is well known that theircommunications can be intercepted; and

criminals have to deal with legitimatebusinesses including travel agents, car hirecompanies and others who will not beinterested in evading normal commercialarrangements.

The task force did, however, recognise andagree with the Government’s previous


• The merits of key escrow• The limitations of key escrow• Conclusions on key escrow

66.. AANNAALLYYSSIISS OOFF KKEEYY EESSCCRROOWW


11

assessment that a proportion of moresophisticated criminals would be unlikely to use any Government-sanctionedencryption system.

TThhee lliimmiittaattiioonnss ooff kkeeyy eessccrrooww

6.6 The task force’s in-depth interviews with industry highlighted a number of criticalconcerns about key escrow. These can bedivided as follows:

concerns as to the viability of key escrow as a technique in providing electronicconfidentiality products and services. Asthere is no large-scale working model of anescrowed Public Key Infrastructure, theseconcerns as to scalability and securitycannot be resolved at present;

commercial problems affecting the extent to which market forces could be expected to drive key escrow as anindustry standard;

difficulties arising from the global nature of e-commerce which would interact withthese technical and commercial problems if the UK adopted a stand-alone key escrow policy.

6.7 These issues are explored further in theboxes below.

STATED TECHNICAL OBJECTIONS TO KEY ESCROW

• An escrowed Public Key Infrastructure may not scale to millions of users because of itsinherent complexity; it is untried technology.

• A ‘key store’ would represent a singleconcentration of vulnerability, which may be subject to sophisticated attack by hackers.However, an advantage is that this risk is moreeasily addressed by implementing strongsecurity at a single location.

• Adoption of key escrow could cut UK industryoff from the mainstream development of newencryption protocols, with consequential costand functionality limitations.

• Some technologies make use of a new key for each message (known as ’session keys’).Because of the potential number of them,these keys are not suited to storage.

DIFFICULTIES WITH KEY ESCROW ARISINGFROM THE GLOBAL NATURE OF E-COMMERCE

The task force considered that the range oftechnical and commercial objections to keyescrow were such that adoption of key escrowwould be unlikely to take place solely through theaction of market forces – it could only be drivenby legislation. Domestic legislation in the UKalone would raise further difficulties:

• the Internet does not respect nationalboundaries. A potential user of encryptionservices would be able to choose from allthose offered commercially, regardless ofwhere they originated;

• it is probable that UK users would opt forsimpler, cheaper encryption services locatedoutside the UK if key escrow imposedadditional costs on domestic providers;

• a market might well develop outside the UK for services that offered themselves as’defending the individual’s right to privacy’ by avoiding key escrow; and

COMMERCIAL CONCERNS WITH KEY ESCROW

Companies interviewed by the task force raisedthe following problems with key escrow:

• Key escrow is perceived as adding costs to a Public Key Infrastructure supporting publicconfidentiality services;

• potential UK Trust Service Providers would be reluctant to be licensed under a regimethat mandated key escrow as a condition of licensing;

• Key escrow could be expected to involve some additional capital and running costs thatwould have to be passed on to customers; and

• it would be difficult to react quickly to thechanging Internet business environment if itwas also necessary to meet the UK’s uniqueescrow requirements.

For key escrow to be successful in meeting the law enforcement requirements, it would need to become the industry standard and ’blue chip’service providers would need to lead the way in marketing licensed services. The lack ofcommercial enthusiasm to be licensed represents a major hurdle which would need to be overcome.


nndd LL

aaww EE


12

continued >

CCoonncclluussiioonnss oonn kkeeyy eessccrrooww

6.8 In the abstract, key escrow and otherforms of third-party key recovery have anumber of attractions as a public policyresponse in meeting the concerns of lawenforcement in the face of developingencryption technologies. However, a systemof key escrow with Trusted Third Parties couldonly be effective if it was widely adopted inthe UK and international marketplace.

6.9 In assessing likely domestic andinternational developments in encryption, the task force concluded that:

widespread adoption of key escrow wasunlikely in the current industry and publicclimate. It was evident that the opportunityto put in place a single Public KeyInfrastructure incorporating key escrow hadpassed. Many different products andservices are already being introduced into a market that is changing rapidly;

the proposed voluntary licensing ofproviders of electronic encryption serviceswould help improve consumers’confidence and would therefore supportthe development of e-commerce in the UK;

implementation of mandatory key escrowwould significantly impair the ability of theUK to become the leading environment inthe world in which to trade electronically.It would be shunned by UK business whichhas to compete in world markets andagainst competitors established in othercountries; and

in the light of the above, key escrow as a condition of licensing would not deliverto law enforcement agencies even areasonable amount of assured access todecrypted communications.

• on the basis of discussions with othercountries, and in particular with EU memberstates, there would be a danger of driving theUK’s encryption market overseas if key escrowwas implemented in the UK alone. UK firmswould, of course, be free to market theirservices back into the UK from any EU country.

These concerns suggest that a stand-alone UKregulatory framework for encryption would beunlikely to be effective.

6.10 The PIU task force thereforerecommended that the Governmentshould reform policy so that licensedproviders should not be required todeposit data encryption keys with third parties (i.e. no mandatory ’keyescrow’). The introduction of amandatory link between licensedproviders of services and key escrowwould not support the Government’stwin objectives on e-commerce and law enforcement.


13

7.1 In the absence of key escrow, the taskforce recommended that the Governmentshould adopt a new approach based onco-operation with industry to balance theaim of giving the UK the world’s bestenvironment for e-commerce with the needsof law enforcement. The task force identifiedno ’silver bullet’ policy that would guaranteethat the development of encryption did notaffect the capability of law enforcement toderive intelligence from interceptedcommunications. In future, a package ofmeasures will be needed in developing acredible strategy to limit the harm done by encryption and to maintain public safety.The main elements of this strategy arerecommended below.

AA nneeww GGoovveerrnnmmeenntt//iinndduussttrryyjjooiinntt ffoorruumm

7.2 The PIU task force found that, to someextent, the development of a more crediblestrategy had been hampered by poorGovernment/industry co-operation. In largepart the debate has focused on key escrow to the detriment of everything else. And yetco-operation between Government andindustry is vital to:

help industry understand the threats to lawenforcement from emerging technologies;

enable law enforcement to understandmarket trends and realities; and

allow Government and business to worktogether in order to achieve a workablebalance between commercial and lawenforcement interests, leading to theadoption of appropriate practices andstandards in the provision of Internet andtelecommunications services.

7.3 This co-operation would need to bebased on trust between the parties. The taskforce hoped that this will be helped by theunambiguous statement that key escrow isnot to be an element of the licensing regime,reflecting the concerns of industry. Greaterco-operation would also expose business tothe important public safety interests at stake.

7.4 As a focus for this new co-operative approach, the PIU taskforce recommended the establishmentof a joint Government/industry forum.This idea was warmly welcomed by thecompanies the task force spoke to. The forumwould include the Cabinet Office’s Central ITUnit, representing government as a purchaserand user of IT products and services.

7.5 The forum might have a high-level policygroup with a subordinate specialist technicaland legal structure. The purpose of the forumwill be to ensure that industry is consulted on, and given a structured opportunity tocontribute positively to, Government policy in this area. The chairman of the high-levelpolicy group should be a senior official fromthe Department of Trade and Industry. When established, this co-operation should be promoted internationally. It is proposedthat the forum should be assisted by theestablishment of an encryption co-ordinationunit within the Home Office. This unit willprovide assistance on matters connected with policy, technology and standards, and act as a secretariat and as a focal point forinternational liaison.


nndd LL

aaww EE


14


• A new Government/industry joint forum• Establishment of a Technical Assistance Centre• Legislative issues• International issues

77.. AA NNEEWW AAPPPPRROOAACCHH

EEssttaabblliisshhmmeenntt ooff aa TTeecchhnniiccaallAAssssiissttaannccee CCeennttrree

7.6 There is currently no dedicated resourceto assist law enforcement agencies withaccessing plain communications or text from encrypted material. The PIU taskforce therefore recommended theestablishment of an operationalTechnical Assistance Centre in securepremises, operating on a 24 hour basis.This would, where possible, carry outdecryption of lawfully intercepted orrecovered material not supplied in plain-textformat, seeking assistance from industrywhere necessary. Such decryption wouldinvolve the routine application of appropriatemethodologies, where the keys are available.It would provide a means of rapidconsultation with industry where access to plain text is hindered by the need toidentify the communications or storageprotocol structures.

LLeeggiissllaattiivvee iissssuueess

7.7 The task force found that currentlegislation is inadequate to deal with thechallenges for law enforcement that are likelyto arise as a result of the increasing use ofencryption. In this respect, the task forcewelcomes the intention to include inthe Electronic Commerce Bill provisionsto allow lawful access to decryptionkeys and/or plain text under properauthority. The task force alsorecommended that further attentionshould be given in the Bill to placingthe onus on the recipient of adisclosure notice to prove to theauthorities that the requested keys orplain text are not in his possession, andto state to the best of his knowledgeand belief where they are.

7.8 During the course of the study, the task force found that industry shares many of the concerns of Government with respectto the misuse of encryption for criminalpurposes. For business, this is particularlyrelevant to cases of fraud and intellectualproperty theft. In this respect, the view ofsome of the countries and organisationsconsulted was that it should be made acriminal offence to use encryption in thefurtherance of a crime. In other words therewould be a penalty (of a nature to be

determined) if encryption for confidentialitywas used by an individual or a body in eitherplanning or carrying out a crime. The taskforce considered the option of such anapproach, but concluded that this should not be pursued. It was unlikely to be of anypractical benefit in deterring the criminal use of encryption and risked being seen as criminalising the use of encryption.

7.9 The task force noted that a review of theInterception of Communications Act 1985was under way within the Home Office. It was recognised that the findings of thisreview would have an important read-acrossto the Government’s policy on encryption.

IInntteerrnnaattiioonnaall iissssuueess

7.10 The task force considered that asencryption, like electronic commerce, is aworld-wide phenomenon, there must be agreater degree of international co-operation – particularly in relation to setting agreedstandards. To be effective, solutionsconcerning the regulation or use ofencryption must be made to workinternationally. However, apart from theOECD Guidelines on Cryptography Policy,3

there has been remarkably little co-ordinationof policy on encryption matters. The resulthas been a degree of misunderstanding andsuspicion as to the rationale behind attemptsto regulate, or influence, the domestic use ofencryption. The real case for law enforcementhas not been made effectively.

7.11 The task force considered that effortsshould be made to ensure that the lawenforcement requirement is recognised andaccepted by international policy andstandardisation bodies. This will involvesustained international co-operation betweenHMG and other governments to promote lawenforcement access as a legitimate regulatoryrequirement. There is therefore a potentialneed for a new international framework fordealing with this issue. Following discussionswith the leading countries on encryptionmatters, the PIU task force recommendedthat the Government should continuediscussions with foreign governmentswith a view to seeking support for anew forum to promote co-operation on policy, law enforcement, andtechnical and standards mattersrelating to encryption.


15

3 The Guidelines on Cryptography Policy were drawn up in 1996 and published in March 1997 by the OECD.

The creation of the Performance andInnovation Unit (PIU) was announced by the Prime Minister on 28 July 1998 as part of the changes following a review of theeffectiveness of the centre of government by Sir Richard Wilson. The PIU’s aim is toimprove the capacity of government toaddress strategic, cross-cutting issues andpromote innovation in the development of policy and in the delivery of theGovernment’s objectives. The PIU is part of the drive for better, more joined-upgovernment. It acts as a resource for thewhole of government, tackling issues thatcross public sector institutional boundaries on a project basis.

The Unit reports direct to the Prime Ministerthrough Sir Richard Wilson and is headed by a Senior Civil Servant, Mr SumaChakrabarti. It has a small central team thathelps recommend project subjects, managesthe Unit’s work and follows up projects’recommendations with departments. Workon the projects themselves is carried out by small teams assembled both frominside and outside government. About half of the current project team staff are drawn from outside Whitehall, including fromprivate sector consultancies, academia and local government.

The first set of PIU projects were announcedby the Prime Minister in December 1998. The aim is to complete most of them by latesummer/autumn 1999. The projects are:

Developing Electronic Commerce inthe UK – how to make the UK the world’sbest environment for electronic commerce,ensuring that the UK benefits fully from thesingle fastest growing marketplace in theglobal economy;

AANNNNEEXX AA::RROOLLEE OOFF TTHHEE PPEERRFFOORRMMAANNCCEE AANNDD IINNNNOOVVAATTIIOONN UUNNIITT


17

Active Ageing – how to improve thewell-being and quality of life of olderpeople by helping them to remain active.The study will identify ways of increasingthe employment opportunities for olderpeople, by examining the incentives forbusinesses to employ and retain olderpeople and for individuals to remain inpaid or voluntary work;

Central Government’s Role atRegional & Local Level – getting theright institutional arrangements andrelationships in place for joined-up deliveryof central Government policies in regionsand communities;

Accountability and Incentives forJoined-Up Government – examininghow current accountability arrangementsand incentive systems can be reformed to facilitate joined-up policy-making anddelivery, for example by promotingachievement of joint objectives whichrequire co-operation betweendepartments; and

Objectives for Rural Economies –examining the differing needs of local ruraleconomies, and the key factors affectingperformance, so as to establish clearobjectives for Government policiesinfluencing the future development of rural economies.

The Unit is also separately identifying the keyfuture challenges that government will haveto face, as referred to in the Government’sModernising Government White Paper,published in April 1999. This work will helpdepartments and other organisations to lookbeyond their existing policies towards theGovernment’s long-term goals.

IInntteerrcceeppttiioonn ooff eennccrryypptteedd ccoommmmuunniiccaattiioonnss

The following represent law enforcement’sideal requirements in order to maintain theeffectiveness of interception in the face ofcriminal use of encryption:

to be effective, interception must take placewithout the knowledge of either party tothe communication. Therefore, decryptionmust also take place without either partybeing aware that it is happening;

one of the most useful features ofinterception is that it enables information to be gathered in ’real time’ (as it happens).Decryption of communications must takeplace as close as possible to real time tomaintain the effectiveness of the power;

there needs to be a means of identifyingthe sender and recipient of a message andthe identity of the key holder; and

law enforcement agencies require sufficientinformation in order to decrypt interceptedcommunications to and from a target. Ingeneral this will mean the provision of keysnecessary for decryption. The provision ofplain text may be acceptable if it isprovided in such a way as to ensure thatonly the law enforcement agency is awareof the content (to protect the target’s rightto privacy and operational security) and itis accompanied by sufficient information toensure that the plain text provided is theoriginal content of the communication.

AAcccceessss ttoo eennccrryypptteedd ssttoorreeddddaattaa

Similarly, a number of factors applying tolawful access to stored data must also beapplied to lawful access to encrypted storeddata, as follows:

stored data must be retrieved in such away as to ensure that its provenance canbe proved in court, and handled in such a way as to maintain the ’chain ofevidence’. Decryption of stored data must therefore take place in accordancewith best practice on computer forensicevidence. In general, this may requireaccess to the decryption key rather thanthe plain text (otherwise doubt might becast in court on the authenticity of theplain text); and

access to the stored data must be within alegal time limit imposed by the instrumentunder which it is obtained (e.g. aproduction order issued by a court mightrequire compliance within five workingdays). Decryption must therefore be ableto take place within the same timescale asthe statutory power.

DDeelliivveerryy ooff eennccrryypptteedd ddaattaa ttoowwhhiicchh llaawwffuull aacccceessss iiss ggiivveenn

Any data lawfully intercepted or retrieved, or requests for such data, must be passedsecurely between the agency which has beengiven legitimate access and the Trust ServiceProvider, or other party providing access.Delivery must be effected in such a way thatthe data cannot be read or retrieved byanyone not having lawful access. This willprotect both operational sensitivities and theprivacy of users of encryption.

CCoosstt--eeffffeeccttiivveenneessss

The current interception of communicationsregime is a cost-effective use of lawenforcement resources. Ideally this wouldremain the case under a system that includes the decryption of lawfullyintercepted communications.

AANNNNEEXX BB::LLAAWW EENNFFOORRCCEEMMEENNTT RREEQQUUIIRREEMMEENNTTSS


19

Performance and Innovation Unit, Horse Guards Road, London SW1P 3AL Published: May 1999 CABI J99-4278/9905/D16

encryption and law enforcement - fipr · title: encryption and law enforcement author: performance...

Documents