Information Security Bulletin, Dec 2000, pp. 58

8th December

Sir

May I congratulate you on publishing the inadvertently hilarious article by Geert Kampschoer in defence of the RIP Act (ISB Nov 2000). Many readers may have suspected that senior management of companies purporting to specialize in information security have no understanding of the principles of cryptography, but you don't expect such glorious proof in print.

Jaws will have dropped on learning that his product "works via a private key infrastructure which is extremely difficult to break because the key is held by the individual and not awarded by the ISP, as is the case with the public key infrastructure".

In contrast using Wellance's private-key system, "for the Government to view documents being managed by a service of this type requires the securing of a warrant to approach the sender and/or recipient for access". Internet Service Providers will have been shocked to discover that "this is not the case with straightforward PKI, where ISP's can still intercept and hand over content without the knowledge or consent of the 'owner'"

Mr.Kampschoer evidently believes that PKI means that ISPs are performing the role of key-distribution centres (and therefore may function as key-recovery centres). He hasn't grasped that secret communication is possible without sharing a secret, so he naturally draws the conclusion that Big Brother Has Been Here All Along, and RIP is nothing to get excited about.

Extraordinarily embarassing as it must be for him, I have been told anecdotally that very senior civil servants in the British government fell into the same conceptual error through the mid-1990s.

Your sincerely

Caspar Bowden

Director, Foundation for Information Policy Research

RIP Information Centre: www.fipr.org/rip