Electronic Privacy and the Encryption Debate

👤 Jane Affleck  

Electronic Privacy and the Encryption Debate
Attempts by intelligence and law enforcement to control new technologies

Intelligence/law enforcement concerns

Intelligence and law enforcement agencies world-wide have in recent years become concerned that more widespread use of advanced technologies, such as encryption, digital technologies and the Internet, will compromise their ability to fight crime and terrorism. Their attempts to counter and control these developments have been met with concerted opposition from privacy and civil liberties organisations, computer scientists, and the communications industry.(1)

In the US the main arena for this struggle has been the US Congress, where a succession of bills have been and are being considered. Under pressure from the FBI, Congress enacted the Communications Assistance For Law Enforcement Act (CALEA or ‘digital telephony’ law) in 1994. This was intended to ensure that advanced digital technology did not prevent law enforcement agencies from conducting wiretaps.(2) Digital communications services generally convert telephone conversations and other transmissions into a digital code that is impossible to ‘listen in’ on.

The digital telephony act requires all telephone companies to make digital communications available to law enforcement officials in the same way that traditional voice transmissions are currently accessible, and to install increased surveillance capabilities into their networks. Despite the fact that Congress intended CALEA to preserve, not expand, the surveillance powers of the FBI and other law enforcement agencies, since its enactment the FBI has sought to use CALEA to require additional surveillance features, such as the capability to track the location of cellular phone users, and an increase in the amount of ‘call-identifying information’ obtainable, and other features which would considerably increase the cost of compliance with the Act.(3)

In 1997, Louis Freeh, FBI Director, said CALEA was passed

‘to preserve one of law enforcement’s most valuable investigative techniques – court-authorised wiretapping – which was being lost to new technology…… encryption is an equally difficult issue. Law enforcement is in unanimous agreement that the widespread use of robust nonkey recovery encryption ultimately will devastate our ability to fight crime and prevent terrorism. Uncrackable encryption will allow drug lords, terrorists, and even violent gangs to communicate with impunity. Other than some kind of key recovery system, there is no technical solution.'(4)

In his testimony, Freeh listed the three priorities of the FBI as 1) funding to implement CALEA, 2) encryption legislation to create a key-recovery infrastructure allowing guaranteed government access to private keys, and 3) expanded authority for ‘roving wiretaps’.(5) In September 1998, amid legal challenges over CALEA’s powers and privacy infringements, mounted by the US Center for Democracy and Technology (CDT) and other privacy groups, the Federal Communications Commission, which oversees the implementation of CALEA, delayed its implementation until June 2000.

A further illustration of the concerns over advancing technology is given by the Walsh Report, Review of Policy Issues Relating to Encryption Technologies, prepared in 1996 by the Australian Attorney General’s department, and written by Gerard Walsh, a former Deputy Director-General of the Australian Security Intelligence Organisation (ASIO, equivalent to our MI5). The report was suppressed by the Australian government, which later released a censored version. An uncensored copy was obtained and posted on the net by Electronic Frontiers Australia. The report refers to the looming problem of encryption, and that

‘loss of real-time communications of their targets, and the inability to access seized stored data, will necessitate a range of activities by law enforcement and national security agencies which carry greater operational, personal and political risk, involve larger financial outlays and staff allocations and will require some legislative amendments.'(6)

Suggested amendments would ‘permit the AFP (Australian Federal police), NCA (National Crime Authority) and ASIO to “hack” into a nominated computer system to secure access to that system…….to alter proprietary software so that it performs additional functions to those specified by the manufacturer….for the agency (AFP) to install tracing or tracking devices which transmit data.’

And in the UK, John Abbott, Director General of the National Criminal Intelligence Service, (NCIS), in a press release (January 26 1999) called on the government to ensure law enforcement powers do not fall behind technology:

The encryption issue is one of the most important issues currently facing law enforcement throughout the world….and we who work in law enforcement all agree that the widespread use of robust non-recovery encryption by criminals could seriously damage our ability to fight serious and organised crime….we must ensure ….that we have the capability to pursue investigations effectively when criminals use encryption….we are therefore asking the government to safeguard our existing powers by establishing a legal basis for access to the decryption keys where we already have access to material belonging to people strongly suspected of serious crime ….. we are merely asking that a copy of the key is kept with a trusted third party so that if we need it, we can go to them with a proper authorisation to obtain it.'(7)

Leaked documents have recently revealed that the impetus behind some of these developments has been an organisation founded in 1993 by the FBI, known as the International Law Enforcement Telecommunications Seminar (ILETS), consisting of police and security agency representatives from up to 20 countries. ILETS has been pursuing the FBI’s objectives on an international scale: to ensure new digital telecommunication systems do not hinder surveillance capabilities, and requiring the installation of monitoring capacity in these systems for national security/law enforcement purposes:

‘Acting in secret and without parliamentary knowledge or government supervision, the FBI through ILETS has since 1993 steered government and communications policy across the world. In the shadows behind the FBI stood the NSA whose global security operations could only benefit if, around the world, users were systematically to be denied telecommunications privacy in the information age.'(8)

UK policy on crypto

This government and the previous government have published a number of consultation papers and statements covering encryption and electronic commerce in recent years, the Department of Trade and Industry (DTI) taking the lead role.(9)

Both Conservative and Labour governments, in their 1997 and 1998 papers, proposed some form of key escrow system, in which a user’s private encryption key is held by a third party or ‘Trusted Third Party’ (TTP). When appropriately authorised, a TTP would be required to hand over a key to law enforcement agencies, thereby allowing them access to encrypted data. However, any involvement of a third party reduces security, and increases vulnerability – and costs.(10)

Key escrow is less secure firstly because its use increases the chances of keys being passed on to unauthorised third parties, and secondly because the accumulation of many keys in a centralised repository increases the risk of infiltration by criminals and hackers. In 1997 a group of leading cryptographers and computer scientists released a report which examined the risks of government-designed key recovery systems. This concluded:

‘The deployment of key recovery systems designed to facilitate surreptitious government access to encrypted data and communications introduces substantial risks and costs ….[they] will result in substantial sacrifices in security and greatly increased costs to the end-user.'(11)

The use of a key escrow system with its inherent weaknesses could cause substantial damage to the emerging electronic commerce business of the UK. E-commerce is expected to become increasingly important to the UK economy, but to be successful those using it must have confidence in the technology, which relies on secure encryption. The use of a key escrow system would cause customers to move away to sites and software that gives security the highest priority. Further, such key escrow systems are unlikely to deter criminal activity on the Internet – they are readily circumvented, and criminals are unlikely to use government-supported systems when stronger encryption is readily available; and the opportunities for criminal activity may even be increased by the existence of centralised databases of keys which could be infiltrated.(12)

Cyber-rights and Cyber-liberties (UK) reiterate this point:

‘From our own research into recorded criminal uses of encryption, we have concluded that the use of encryption has not been a serious problem for crime detection or prevention…in any event it seems fanciful to expect that criminals will use government-mandated encryption systems with key-recovery systems when alternative systems of encryption remain readily available.'(13)

The US government attempted to introduce a similar system at the request of the FBI and other law enforcement agencies in 1993-4. The ‘Clipper Chip’, a cryptographic device developed by the NSA, would have permitted government agencies to access encrypted communications by obtaining the ‘key’ from key escrow agents with legal authorisation. The attempt was thwarted by concerted opposition from civil liberties groups such as the Electronic Privacy Information Center(14) and industry concerns that products containing the chip – and vulnerable to interception by US intelligence – would not sell abroad.

The Labour Party while in opposition objected to such proposals, and their 1995 paper, Labour Party Policy on the Information Superhighway, Communicating Britain’s Future stated:

‘One of the great attractions of the new networks is that they allow freedom of speech……Labour welcomes this extension of freedom of speech and would be wary of any censorship that restricted it……The only power we would wish to give to the authorities in order to pursue a defined legitimate anti-criminal purpose, would be to enable decryption to be demanded under judicial warrant. Attempts to control the use of encryption technology are ‘wrong in principle and unworkable in practice, and damaging to the long-term economic value of the information networks.'(15)

However, subsequent statements on the subject after coming into government indicated a change in policy, and a move back toward key escrow. The Department of Trade and Industry (DTI) ‘Secure Electronic Commerce Statement’ of April 1998 recognised that:

‘Electronic commerce and the electronic networks on which it relies have to be secure and trusted….businesses need access to appropriate technological solutions to protect the information they send across public net-works. And perhaps the most important tool is cryptography; the use of digital signatures and encryption. Whether we are concerned with the integrity of information (ensuring its content has not been altered) or its confidentiality (keeping it secret) the appropriate use of cryptography can be of major benefit to all IT users.’

The DTI paper makes a clear policy differentiation between digital signatures, which confirm the identity of the sender and integrity of the data, (vital to e-commerce, but which don’t pose a threat to law enforcement because they do not prevent data being read), and encryption. Licensing would be voluntary:

‘We intend to introduce legislation to licence those bodies providing cryptography services. Principally these would be Trusted Third Parties (bodies which provide cryptography services to clients), Certification Authorities (bodies which mainly issue certificates for electronic signatures) and Key Recovery Agents (responsible for facilitating the ‘recovery’ of encrypted data)….such licensing arrangements will be voluntary….. we intend that licensed CAs would be in a position to offer certificates to support electronic signatures reliable enough to be recognised as equivalent to written signatures, an essential ingredient of secure electronic commerce…’

And key escrow returns – for licensed authorities:

‘Organisations facilitating encryption services……will also be encouraged to seek licenses….licensed service providers that provide encryption services will, therefore, be required to make recovery of keys …..possible through suitable storage arrangements….’

Thus, in theory key escrow would not be mandatory, but in practice, users of e-commerce would be compelled to use licensed authorities operating key escrow, as only these would be in a position to offer legally recognised digital signatures.

The Statement raises concerns that encryption could have serious implications for the fight against crime and terrorism:

Encryption might be used to prevent law enforcement agencies from understanding electronic data seized as the result of a search warrant or communications intercepted under a warrant issued by a secretary of state…the government intends to introduce legislation to enable law enforcement agencies to obtain a warrant for lawful access to information necessary to decrypt the content of communications or stored data (in effect, the encryption key).'(16)

As Computing magazine’s editor, Peter Kirwan, commented, ‘The result is to corral users of cryptography into licensed services using the carrot of legal digital signatures’.(17) So why the change of heart between opposition and government, and move back to key escrow? Was the new government subjected to pressure from law enforcement, intelligence, particularly GCHQ – or the US, where attempts to introduce a form of key escrow had only recently been defeated?

‘… in January (1998) Home Secretary Jack Straw, agreed with other EU ministers to consider a key escrow policy which would allow law enforcement agencies access to the computer codes used to scramble information…..The explanation for the change of heart lies in the gap between business and technology priorities and those of law enforcement. Although encryption policy formally lies within the jurisdiction of the DTI, many believe DTI officials are under pressure from the Home Office, which in turn is under pressure from US security officials. The US firmly believes that key-recovery policy is necessary to stop the criminals of the information age…'(18)

But a recent report for the European Parliament by Duncan Campbell suggests US intelligence were the driving force.

‘Between 1993 to 1998, the United States conducted sustained diplomatic activity seeking to persuade EU nations and the OECD to adopt their ‘key recovery’ system. Throughout this period, the US government insisted that the purpose of the initiative was to assist law enforcement agencies. Documents obtained for this study suggest that these claims wilfully misrepresented the true intention of US policy.

Documents obtained under the US FOIA indicate that policy-making was led exclusively by NSA officials…. For example, when the specially appointed US ‘Ambassador for Cryptography’, David Aaron, visited Britain on November 25 1996, he was accompanied and briefed by NSA’s most senior representative in Britain, Dr James J. Hearn, formerly Deputy Director of NSA.'(19)

Privacy

The Secure Electronic Commerce Statement claims to be compatible with the OECD Guidelines on Cryptography Policy and the European Commission’s Communication on Encryption and Electronic Signatures, Ensuring Security and Trust in Electronic Commerce, October 1997 (COM (97) 503) However, neither the 1998 statement nor the 1997 Consultation Paper make any reference to privacy, whereas both the OECD and EC documents refer to the fundamental right to privacy, including secrecy of communications:

‘The fundamental rights of individuals to privacy, including secrecy of communications and protection of personal data, should be respected in national cryptography policies and in the implementation and use of cryptography methods.'(20)

And a number of international treaties, constitutions, and laws guarantee the fundamental right to privacy including secrecy of communications.(21) The European Commission paper also states:

‘The fundamental right of privacy has to be ensured, but may be restricted for other legitimate reasons such as safeguarding national security or combating crime if these restrictions are appropriate, effective, necessary and proportionate….Restricting the use of encryption could well prevent law-abiding companies and citizens from protecting themselves against criminal attacks. It would not, however, prevent totally criminals from using these technologies.'(22)

A right to privacy will be created within the UK under the Human Rights Act, which incorporates the European Convention on Human Rights (ECHR) and which is expected to come into force in October 2000. Where legislation breaches a provision of the HRA, a court may make a declaration of incompatibility. Parliament may then amend the legislation.(23)

Recent Developments

The most recent consultation paper, Building Confidence in Electronic Commerce, (DTI March 1999)(24) signals a climbdown on key escrow, but only allowed a month for the industry to come up with an alternative that would ‘identify ways of meeting law enforcement requirements while promoting the growth of electronic commerce.’

The rejection of key escrow by major economies such as the US and France, and industry’s concerns that business would be lost from the UK, are among the reasons for this.

‘The Government…recognises industry concerns that making key escrow and third party key recovery a requirement for licensing could hinder the development of electronic commerce in the UK. It is therefore consulting on the basis that this will not be a requirement for licensing.’

However, the Government ‘intends to provide the agencies responsible for tackling serious crime with the ability to acquire lawful access to material necessary to decrypt communications or stored data.’

The government believes encryption presents a serious threat to the effectiveness of both the Interception of Communications Act 1985 (IOCA) whereby interception of any communication requires a warrant signed by the Secretary of State, and the Police and Criminal Evidence Act 1984 (PACE), whereby the police may apply to the courts for a search warrant under which certain material can be seized. A review of IOCA is expected shortly, and a consultation paper on this is imminent. However,

‘the government needs to take action now to protect the effectiveness of the existing interception regime. The convergence of telephony and computer technologies will make it easier for encrypted speech and data to be sent over a range of networks. It is therefore necessary to introduce a power to enable the intercepting agencies to decrypt communications. This means providing a power for lawful access to encryption keys.’

The paper states that law enforcement needs to be able to decrypt communications without the knowledge of the individual. PACE provides the police with powers of search and seizure, but encryption means the police may not be able to read the content of computer files:

‘The government believes it is necessary to establish a new power to allow the police to require disclosure of encryption keys to maintain the effectiveness of existing statutory powers of search and seizure.’

The government proposes to establish a power to require any person, upon service of a written notice, to produce specified material in a comprehensible form, or to disclose relevant material (eg an encryption key) necessary for that purpose. It will only apply to material which has been, or is being, obtained lawfully (eg under IOCA or PACE).

Two new offences are proposed:

  1. An offence of failure to comply with the terms of a written notice without reasonable excuse; and
  2. An offence of ‘tipping off’ an individual about the existence of an authorisation allowing lawful access to an encryption key

The government’s claim that ‘the new proposals do not extend the intrusive surveillance powers of the law enforcement, security and intelligence agencies’ has been widely challenged. The Campaign Against Censorship of the Internet in Britain, in their response to the consultation paper, say that the proposed offence of ‘tipping off’ is an extension of police powers:

‘No such offence of ‘tipping off’ exists in a corresponding case not involving encryption: for example if a law enforcement official obtains lawful access to accounting records from a professional accountant instructed by the target of an investigation, that accountant is under no legal duty to refrain from tipping off his client, and is under a professional obligation to do so.'(25)

There have been calls for law enforcement aspects to be separated from an electronic commerce bill, (eg in a separate Home Office Bill) or at least be delayed until the review of IOCA has been completed:

‘There is an obvious case for including in any new draft of this Act…. suitably regulated powers relating to encrypted communications, rather than including them in legislation which in other respects has nothing to do with law enforcement.'(26)

Other criticisms concern the inappropriateness of OFTEL as the proposed licensing authority and that the ‘rebuttable presumption’ of validity of electronic signatures is likely to undermine consumer protection.(27)

A Commons Select Committee report in May 1999 was highly critical of the government’s proposals, particularly key escrow.(28) A Bill on e-commerce is imminent and may have been published by the time this is read. For up to date information see the websites of the Campaign Against Censorship of the Internet in Britain,(29) Cyber-rights and Cyber-liberties (UK)(30) and the Foundation for Information Policy Research.(31)

The Internet

The Internet has become a powerful medium for dissemination of information. Attempts to regulate it are likely to be futile because of its decentralised nature as was shown recently when the government was unable to prevent the distribution of a list of alleged MI6 officers.(32) Governments, law enforcement and intelligence agencies have become increasingly concerned, citing the Internet’s use by criminals, terrorists and paedophiles to justify attempts to impose controls. There may be other concerns: the Internet allows political groups and environmental campaigners to communicate and spread information rapidly. The Internet played an important role in the temporary defeat of the proposals contained in the Multilateral Agreement on Investment (MAI). Earlier this year the East Timor top level domain was brought down by cyber-attack intended to subvert it. The domain had been a focal point for East Timorese activities on the web and the struggle for independence, and East Timorese resistance leader Xanana Gusmao, currently under house arrest in Dili, was the registered domain administrator. The cyber-attack was thought to have been the work of paid hackers.(33) The Dublin-based Internet Service Provider (ISP), Connect Ireland, who host the website managed the attack by ‘pulling the plug’ and shutting down for 3 days, while recreating services with different software and hardware, so the same mode of attack would not succeed.(34)

In a 1995 report prepared for the US Department of Defense, entitled Strategic Assessment: The Internet,(35) the Internet’s potential as both a source of intelligence and its use for offensive purposes are discussed:

‘Politically active groups using the Internet could be vulnerable to deceptive messages introduced by hostile persons or groups… the US might be able to employ the Internet offensively to help achieve unconventional warfare objectives.’

The report notes that the Internet has played an important role in recent conflicts, and discusses its use by protest groups and activists, such as neo-nazi groups in Germany and the Zapatistas in Mexico. It claims the most active political groups using the Internet appear to be the San Francisco-based IGC (Institute For Global Communications) and APC (Association for Progressive Communications), networks which include PeaceNet, EcoNet, ConflictNet and LaborNet, whose conferences include lists of companies to be considered for boycotts, state security activities, surveillance and tapping, monitoring of the extreme right and discussion of socialism and Marxism.

In the US free speech on the Internet has been threatened by a series of legislative proposals, which have been met by largely successful legal challenges from groups campaigning for civil liberties on the web, such as the Electronic Privacy Information Center,(36) Electronic Frontier Foundation (EFF)(37) and the American Civil Liberties Union (ACLU).(38) In a landmark decision in 1997 (ACLU v Reno 1997) the US Supreme Court struck down the Communications Decency Act, which sought to regulate online speech and make it a crime to transmit ‘indecent’ material on the Internet, because it violated the First Amendment’s free speech provisions.

More recently, EFF, and others launched a legal challenge to the Child Online Protection Act (also known as ‘CDA2’) which was enacted by Congress and signed into law in December 1998, and makes it a federal crime to ‘knowingly’ communicate ‘for commercial purposes’ material considered ‘harmful to minors’. Penalties included massive fines and up to 6 months imprisonment. In February 1999 a district court judge found the new law would restrict free speech, and issued a preliminary injunction protecting Internet speakers from prosecution and fines; the plaintiffs were likely to win the case on its merits, Internet users would suffer irreparable harm if the statute were enforced and First Amendment rights would be stifled. The decision is being appealed by the US Dept of Justice.(39)

In the UK, the police have been attempting to reach an arrangement with Internet Service Providers (ISPs) that would allow them access to information about e-mail content and use. Under the ‘ACPO, (Association of Chief Police Officers) ISP and Government Forum’ discussions in 1998 were aimed at developing guide-lines between law enforcement agencies and the ISPs concerning the type of information and the circumstances in which such information may be provided to the police. ISPs have objected to the cost implications of collecting some information.

Under the Data Protection Act, the police may request any type of information, including subscriber, traffic and content information. Information may be requested from ISPs under Section 28 (3) of the Data Protection Act 1984, (S 29(3) DPA 1998) which permits data controllers to disclose personal data where it is for ‘the prevention or detection of crime; the apprehension or prosecution of offenders; or the assessment or collection of any tax or duty’. The Act provides data controllers with a legal defence if they are satisfied it is essential to release the information.

A draft form for making such requests is being drawn up by ACPO/ISPs, and is intended to provide ISPs with sufficient information to decide whether they are in a position to release information under the Data Protection Acts. It does not oblige them to take action.(40) ISPs have met with privacy groups with the intention of drawing up a Code of Practice as to what information ISPs can make available to police under existing legislation.(41)

Access to e-mail is covered by either the Interception of Communications Act 1985 (requiring a warrant signed by the Home Secretary) or the Police and Criminal Evidence Act 1984, (requiring a warrant or order signed by a Crown Court Judge) depending on whether the ISP is also a licensed telecommunications provider. Although not tested yet, it is likely that most ISPs do not meet the Statute’s meaning of a telecommunications company, therefore the lesser requirements of PACE would apply. (Information obtained under IOCA is not admissible as evidence). Cyber-Rights and Cyber-Liberties (UK) point out that:

‘an express right to privacy in UK law will be granted for the first time under the Human Rights Act 1998. Article 8 of the European Convention on Human Rights demands ‘respect for family and private life….. home and…..correspondence’ and this undoubtedly requires a greater recognition of the value of privacy than has hitherto been forthcoming from English judges or Parliament.'(42)

Conclusion

What of the future? Technological developments work both ways: both to provide increased privacy for the individual and society, as with encryption technology, and the growth of telecommunication networks based on optical fibres which will make interception more difficult; and to provide ever increasing surveillance capabilities for, in the main, the intelligence community. In Secret Power: New Zealand’s role in the International Spy Network, Nicky Hager describes the ECHELON system:

‘Designed and co-ordinated by the NSA, the ECHELON system is used to intercept ordinary e-mail, fax, telex and telephone communications carried over the world’s telecommunications networks.'(43)

Duncan Campbell’s April 1999 report, Interception Capabilities 2000, for the STOA panel of the European Parliament, provides new documentary evidence about the highly automated Echelon system – for example, systems which recognise the speech of targetted individuals have been developed.(44)

European Union documents recently leaked to the German internet magazine, Telepolis, and to the London-based Foundation for Information Policy Research, reveal plans, drawn up by law enforcement agencies, and known as Enfopol, for surveillance of all communication systems, including the Internet, mobile phones, faxes and pagers.(45)

Duncan Campbell’s Interception Capabilities 2000 report calls for increased openness:

‘The work of ILETS has proceeded for 6 years without the involvement of parliaments, and in the absence of consultation with the industrial organisations whose vital interests their work affects…..As a matter of urgency, the current policy-making process should be made open to public and parliamentary discussion in member states and the European Parliament, so that a proper balance may be struck between the security and privacy rights of citizens and commercial enterprises, the financial and technical interests of communications network operators and service providers, and the need to support law enforcement activities intended to suppress serious crime and terrorism.'(46)

There are, and will continue to be, demands, legitimate or otherwise, in both directions. At the very least the availability of adequate and up-to-date information, and a well-informed and continuing public debate should contribute to future developments.

Thanks for information and advice to Malcolm Hutty of Campaign against Censorship of the Internet in Britain (http://www.liberty.org.uk/cacib/) and Caspar Bowden, Director of the Foundation for Information Policy Research (http://www.fipr.org/) and co-author with Yaman Akdeniz of Cryptography and Democracy: Dilemmas of Freedom (http://www.fipr.org/publications/index.html).

The author, Jane Affleck, can be contacted on

Notes

  1. See for example the American Civil Liberties Union (ACLU) report, Big Brother in the Wires: wiretapping in the Digital Age at http://www.aclu.org/issues/cyber/wiretap_brother.html
  2. http://www.cdt.org/digi_tele/CALEA_plan.html
  3. See the US Center for Democracy and Technology website at
    http://www.cdt.org/digi_tele/
  4. http://www.cdt.org/digi_tele/970604_Freeh.html
  5. http://www.cdt.org/digi_tele/headlines/headline6.html
  6. efa.org.au/Issues/Crypto/Walsh/
  7. http://www.ncis.co.uk/web/Press%20Releases/encryption.htm
  8. Duncan Campbell, Special Investigation: ILETS and the ENFOPOL 98 Affair, on the telepolis website at
    http://www.heise.de/tp/english/special/enfo/6398/1.html
  9. DTI paper On Regulating Intent Concerning Use of Encryption on Public Networks June 1996; Consultation Paper Licensing of Trusted Third Parties for the Provision of Encryption Services March 1997.
  10. The Conservative’s March 1997 Consultation Paper, Licensing of TTPs For Provision of Encryption Services, proposed mandatory key escrow: http://www.cyber-rights.org/crypto/dti97.htm and Cyber-rights and Cyber-liberties (UK) critique of it at http://www.cyber-rights.org/crypto/ukdtirep.htm
  11. The Risks of Key Recovery, Key Escrow and Trusted Third Party Encryption at http://www.cdt.org/crypto/risks98/
  12. STAND submission on e-commerce to the Trade and Industry Select Committee, http://www.stand.org.uk
  13. CR and CL’s response to the government’s paper, Building Confidence in E-Commerce, March 1999 http://www.cyber-rights.org/reports/dti99.htm
  14. http://www.epic.org/
  15. This document is no longer on the Labour website, but can be found in the ‘resource list’ at http://www.liberty.org.uk/cacib/
  16. http://www.dti.gov.uk/CII/ana27p.html
  17. Computing, January 1999
  18. BBC News February 20 1998: ‘UK Govt dithers on encryption regulation’ http://www.bbc.co.uk/hi/english/special_report/1998/encryption/newsid _58000/58499.stm
  19. Para 84, Interception Capabilities 2000, April 1999, working document of the STOA panel of the European Parliament by Duncan Campbell. (PE 168.184 /Part 4/4) http://www.iptvreports.mcmail.com/stoa_cover.htm
  20. OECD Guidelines on Cryptography, http://www.oecd.org/dsti/sti/it/secur/index.htm
  21. Article 12 Universal Declaration of Human Rights; Article 17 International Covenant on Civil and Political Rights; Article 8 European Convention on Human Rights; Article F (2) Treaty on EU; EU Data Protection Directive. See European Commission Communication http://www.ispo.cec.be/eif/policy/97503toc.html
  22. http://www.ispo.cec.be/eif/policy/97503toc.html
  23. It will be noted that Article 8 (of the ECHR) incorporates a right to privacy in ‘correspondence’ and this has long been interpreted by the European Court of Human Rights as including privacy in relation to communications via telecommunication networks. http://www.cyber-rights.org/reports/dti99.htm
  24. http://www.dti.gov.uk/cii/elec_com.html
  25. http://www.liberty.org.uk/cacib/
  26. Justice’s response to Building Confidence in E-commerce http://www.fipr.org/library/justice.html Also see Liberty’s response at http://www.fipr.org/library/liberty.html
  27. See http://www.fipr.org/library/fipr.html
  28. Select Committee on Trade and Industry report on ‘Building Confidence in Electronic Commerce’: the Government’s proposals. HC 187 7th Report of Session 98/99, May 19 1999. http://www.parliament.the-stationery-office.co.uk/pa/cm199899/cmselect/cmtrdind/187/18702.htm
  29. http://www.liberty.org.uk/cacib/
  30. http://www.cyber-rights.org
  31. http://www.fipr.org/
  32. The list is at http://www.pir.org/mi6.html and jya.com/mi6-true.htm
  33. http://www.wired.com/news/news/politics/story/17562.html
  34. http://www.freedom.tp
  35. See summary in Lobster 31.
  36. www.epic.org
  37. www.eff.org
  38. www.aclu.org
  39. http://www.epic.org/free_speech/copa/ http://www.eff.org/pub/Legal/Cases/ACLU_v_Reno_II/HTML/19990201_eff_pressrel. html
  40. http://www.linx.net/misc/dpa28-3form.html
  41. See Internet Privacy Forum at http://www.linx.net/events/privacy/
    See also Duncan Campbell: Computing Magazine October 8 1998, ‘Personal Privacy versus Crime Fighting on the Electronic Frontier’, and Guardian Online, September 17 1998, ‘Police Tighten the Net’ at http://www.xemu.demon.co.uk/censor/snoopers.html
  42. Cyber-Rights and Cyber-Liberties UK Report February 1999, Who Watches the Watchmen: Part 3, ISP Capabilities for the Provision of Personal Information to the Police. http://www.cyber-rights.org/privacy/watchmen-iii.htm
  43. Exposing the Global Surveillance System, http://jya.com/echelon.htm
  44. http://www.gn.apc.org/duncan/stoa_cover.htm
  45. See http://www.telepolis.de/tp/english/special/enfo/6382/1.html for
    Enfopol Timeline and many enfopol links to articles by Duncan Campbell and others. Also http://www.fipr.org/polarch/enfopol19.html and
    http://www.fipr.org/policywatch.html
  46. http://www.iptvreports.mcmail.com/stoa_cover.htm

Accessibility Toolbar