I am a freelance writer specialising in technology journalism. I write regularly for the Daily Telegraph and Scientific American on Internet-related issues, and am author of the book net.wars (NYU Press), which has two chapters about the US battles over regulating cryptography. I have been online since 1991, and have been following the development of the Net with intense interest since that time; throughout 1997, I did a column on Web-based shopping for the newsletter Future Shopping. There are links from my Web page, to both the full text of net.wars online and to the many articles Ive written for the Daily Telegraph and others on the subject of the regulation of cryptography.
I welcome the dropping of key escrow as a requirement and the conversion of licensing for TTPs from mandatory to voluntary. I think the government does have a role to play to protect both businesses and consumers from fraud in electronic commerce; leaving everything to the market generally favours the large businesses at the expense of everyone else.However, overall, I think the problem with the consultation document is that it tries to do both too much and too little. The proposal to give licensing of TTPs and CAs to Oftel and the general "feel" of the structure as described suggests that whats being built here is a hierarchical, top-down structure, the kind that moves with such ponderousness in other regulatory matters. The Net is not like that. It is a fast-moving, distributed mosaic of little pieces which all fit together because of a single underlying set of protocols, which were agreed not by a set of regulators but by a group of engineers who wanted to build the best network they could. There are two problems with licensing. One is that as a structure it is unwieldy, slow, and inflexible, and may be poorly adaptable to whats actually needed. The level of security and authentication needed to get a library card, for example, is quite different from the level you want to sign the sale documents for your house. In addition, the simple issuing of a certificate and a pair of cryptographic keys is not sufficient to guarantee that the key will be guarded with sufficient security. Even educated users within major companies regularly choose bad (that is, easily guessable) passwords, stick them on Post-It notes attached to their computers, and forget how to access their systems. You are talking here about a system that is going to be used by the general public, and for the foreseeable future for most people a system of certificates will have to be as easy to use as getting a document notarised at a local solicitors office. I should add that a major concern for me in the discussions of non-repudiable signatures is how cases of identity theft (a problem already surfacing in the US) will be handled. What is also likely is that people and businesses will have many cryptographic signatures for different uses, that they may guard with different levels of care, just as you are more careful with your passport and credit cards than you are with your library card. I believe, therefore, that as we do not know yet how cryptographic keys will be used or precisely what form the technology will take (smart cards?), much of this legislation is premature. I also believe it has some significant omissions. Last weeks pre-trial ruling in Godfrey vs. Demon Internet, for example, raised again the whole question of what ISPs liability should be for the storage and distribution of defamatory postings. In the Godfrey case, Godfrey, who was and is not a Demon subscriber, claimed that a posting forged to appear to come from him was posted to the Usenet newsgroup soc.culture.thai, and he faxed Demon to request its removal. The judge in the case believes that notifying Demon of the existence of the defamatory material was sufficient; to a Net user, however, the question is, how was Demon to check Godfreys identity? In the context of electronic commerce, the question of what ISPs liability should be for the transactions between the electronic commerce businesses they host and those businesses customers will be a vital one, even more so if those electronic commerce sites host, as many do, message boards and chat rooms. Finally, I believe that law enforcement concerns should be removed from the electronic commerce bill and debated separately. The additional powers the police are requesting are not trivial, and should not be piggy-backed onto a regulatory framework to pacify law enforcement. To say that the government is "just" extending the Interception of Communications Act into the new electronic medium is, in my view, inappropriate: before extending those powers, we should reconsider whether the original bill has had the effect intended. That is, as one of the police representatives said at the Scrambling for Safety day, another debate entirely.At the Scrambling for Safety day, one of the DTI representatives said there is a great demand from legislation from the people it has consulted. I feel the DTI needs to consult more widely among a greater variety of people, including consumers associations, civil libertarians, and academic researchers. However, in any case, it is better to think things through and pass good legislation than to hastily pass bad legislation that sticks. Next year is better than this year if the legislation is closer to having the intended effect of spurring on the growth of electronic commerce. The absence of a regulatory regime is not the only reason ecommerce is not taking off as quickly here as in the US: compare any two business Web sites from the two countries, and the problems of bad design, poor customer service, and inept product selection will tell you much of whats wrong on the UK end.I append some comments to the specific points in the consultation paper.
I do think its appropriate for the government to amend primary legislation via statutory instrument to give legal recognition of electronic signatures and writing on a case-by-case basis. However, it is important that such legal recognition take account of the possibility of "identity theft" and other fraud, types of crimes which are rare now but increasing in frequency in the US and doubtless soon to become a problem in the UK. There must be a way for someone who is the victim of such a case to be able to prove and reclaim their identity. In the haste to legalise "non-repudiable" electronic signatures, it must be remembered that computers are merely machines: they may be stolen, hacked, borrowed, or used while their owners are out to lunch, and the data stored on them may be copied.
Its difficult to imagine a licensing regime that can prevent such problems, even though the consultation document seems to suggest its possible. Although one suggestion that occurs to me is that in the case of really important documents, more than one signature might be required so a companys annual report might perhaps have to be authenticated both by the company itself and by the companys accountants (an electronic equivalent of requiring two people with two different keys to be present in order to open a safe).
The biggest change that could be made to promote electronic commerce is not legislative per se: bring in flat-rate local phone calls. ISPs would have to change their pricing structures slightly (in the US, where flat-rate calling is commonplace, many ISPs have caps of 100 hours a month, to control their heaviest users), but overall the effect would be to encourage experimentation and exploration online.
The second important change for businesses is mostly technological: real-time credit card validation would do a great deal to assist businesses in supplying online customers promptly. In the case of digital products such as software and, eventually, music and video files, this will become essential. To balance the scales, consumers also should have some way of checking the trustworthiness of the business. The American auction site eBay provides something like this by allowing users to post customer feedback about the various sellers who offer goods on the site; the Better Business Bureau (BBBOnline) and TrustE are both examples of attempts to raise consumer confidence in the businesses that bear their logo.
Any scheme seeking to control junk email must begin with opt-in; it is wholly unreasonable to demand that email users should spend their time (and money) removing themselves from email lists they did not ask to be on. In addition, whole sites such as businesses and schools, should have the right to declare themselves off-limits to spammers. The problem is that there will always be enough organisations that ignore the rules constructed by legitimate businesses and organisations that users are going to be stuck with a lot of useless junk anyway. We have already seen that attempts to legislate in the US have led to junk email with embedded claims that its legally authorised under bills that have not even passed Congress yet.
Two things make anti-spam/junk email legislation difficult to construct. First, its extremely difficult to create a description of spam/junk email that doesnt take legitimate email with it. Second, the international character of the Net means that we are bombarded with junk from the US, Canada, Russia, and elsewhere beyond the reach of UK law. However, I do believe that British businesses and individuals who send junk email should be stopped; more than that, though, any legislation which covers junk email should also cover junk faxes (which proliferate, seemingly unchecked), and there needs to be tighter control over telemarketing calls as well. I have been listed with the telephone preferences people for some time, and yet I still get telemarketing calls. Businesses need to be taught that buying one of their products does not constitute a license to pursue the customer with further offers and demands. As we move into the Web era, where customers must of necessity supply personal contact information in order to take delivery, this is going to become much more, not less, of an issue.
Trust online is like the Web itself: its earned through the links you make. Many known names do have an advantage in cyberspace; equally, many new names (such as Amazon.com) inspire trust by word of mouth. If I were asked today to authenticate a transaction online, Id start by going to people whose background I already know, and work outward from there. This is in fact the model that PGP is built on: that peers who trust each other may guarantee a third party who is known to only one of them. I think therefore that intermediaries have an important role to play (in fact, I wrote a piece about this a few years back for the Telegraph, and the material was incorporated into one of the chapters of net.wars), but that the success of such organisations will depend for the foreseeable future on peoples being able to verify them in the real world. I would be more likely to use a local solicitor whose office is on my doorstep to authenticate a transaction than a distant bank that operated customer service via a national call centre.
I would recommend that you consult the careful legal analyses on this subject that have been written and researched by Michael Froomkin, an associate professor of law at the University of Miami who specialises in this field. His papers are available from his Web site, and have been published in legal journals.
The governments assumption seems to be that licensed TTPs and CAs will be large businesses. I believe this is exactly contrary to whats required, and that authentication services would be more appropriately handled by a large network of much smaller businesses. (It is easy to imagine, of course, that a small start-up entering this field might wind up with local offices everywhere.)However, whatever the size of the business, it seems to me that one important requirement for licensing should be that the TTP/CA be required to state publicly if there has been a breach of its systems which might compromise its customers keys. Few businesses will welcome such a requirement, but it seems to me vital in terms of building the public trust the consultation document talks about so eloquently, and also to protect the public against fraud.
Exactly how the use of cryptography and certificates of authentication will develop is unknown. Therefore whatever framework is put in place should be as flexible and adaptable as possible. Besides key recovery agents, CAs, and TTPs, one can imagine businesses that hold online contracts-in-progress, to speed up and streamline negotiating processes, also companies that authenticate specific documents or specific pieces of a persons identity for specific purposes (say I want to arrange a car rental I might need something to authenticate that I was over 25); there may even be a business in negative authentication, as when a hot stock tip might be authenticated as *not* coming from the company itself. Because these uses are unpredictable, any regulation needs to be undertaken with a very light hand.
There is some feeling that its important not to discriminate against unlicensed services, in part because doing so might eventually lead to the kinds of restrictions civil libertarians and many businesses want to avoid. However, one possible way to distinguish the services is to design a cryptographically enhanced logo that incorporates the businesss public key and an authentication from the licensing agency that includes sufficient information to clearly identify the service provider. A user should be able to take this logo, run it through the licensing authoritys public key, and get back the businesss public key (which can be compared with the key that has been identified to the user as the right one), the agencys stamp, a licensing number if any (which can then be double-checked by a phone call), and the identifying information of the business name, address, phone, Web and email details. A licensed business would have the right to reproduce the logo on its stationery and advertising, but users could be educated to check the logo to be sure.
As I said above, I think its vital that cryptographic service providers be required to broadcast an alert if there is a security breach. Licensing is a meaningless exercise if there is no liability on service providers if they fail to do their job (one can see the insurance products already). Yes, service providers should be required to state in contracts what liability they have, just as plane tickets do for accompanied baggage.
Liability should vary with the amount and weight of the transactions being authenticated, and with the severity of the breach and the length of time between the breach and its discovery. A year-old breach of security for example, has much more serious consequences (particularly if the SPs customers are using the keys for all of their transactions instead of only a few) than a single mistake in authentication that grants someone a grocery order they werent entitled to.
As I said above, I believe this deserves separate legislation. In addition, the cases listed in the document contain so little detail its impossible to evaluate them. Law enforcement was hindered but still secured convictions. No mention is made of the type or strength of the cryptography involved. At the very least, police should be required to inform the subjects of interception orders after the investigation is closed. Particularly if people are using the same signature and confidentiality keys for a substantial legnth of time (something which I personally would avoid, just as one is normally advised to change passwords every month or two), it is not right for them not to be aware that their security has been compromised.
I do not believe the new offence of "tipping off" is either desirable or enforceable, and I believe great care must be taken in considering what constitutes a "reasonable excuse" for failure to produce a cryptographic key or plain text, due to the unfamiliarity of the technology to many people.It also seems to me important to distinguish between the two different cases: the first, where the data itself is the crime (such as the mass distribution of copyrighted data, or the transmission of material that is itself illegal, such as child pornography), and the second, where the data is evidence of a crime (such as the communications between conspirators plotting a bank robbery). Encrypted data may play a big part in both cases, but especially in the second case many other techniques are available to police investigators, including traffic analysis and traditional policing, following up known contacts and suspects.
Public education on how to use the new services as they become available will be of key importance. I do not think it is appropriate for the government to promote law enforcement objectives by encouraging people to use licensed SPs.
In the race to control cryptography, people forget how many other privacy-invading tools are already available to law enforcement: CCTV and face recognition systems, DNA testing from ever smaller scraps of detritus, and many other techniques are all available now or will be soon. Encrypted data is only one part of an average persons life. Any technology someone can build, someone else can crack. It is reasonable for there to be a task force to investigate and propose other technologies; however, the membership of the task force should not become a closed partnership between technology businesses and law enforcement. The electronification of daily life provides greater oppportunities for surveillance than ever before; but we should not grant powers of surveillance just because we can, but only as they are genuinely needed. Law enforcement needs to make its case much better (and in any case, the needs of law enforcement do not belong in this bill).
One question I have is how you are going to ensure that a key issued as a signature key is only used for that purpose, and what rights police will have to claim access on the ground that its been used for confidentiality.
Go back to the start of this document.
Go to the library of current responses.
Go to FIPR home page.
Last Revised: April 16 1999