New Spanish telecommunications law opens a door
to
mandatory key recovery systems
mandatory key recovery systems
Synopsis
A recently enacted telecommunications law in Spain gives a right to use "strong cryptography systems" to Spanish citizens. However, the new law also implies that some goverment agencies may have access to encrypted communications, by means of mandatory key recovery system in which private keys of Spanish citizens would be stored by the government agencies.
Such a system would have several problems:
1) Key recovery compromises privacy - a right incorporated within the Spanish data protection law, known as Lortad.
2) Instead of enhancing crime detection, key recovery would increase the opportunities for crime.
3) Key recovery poses a serious menace to the development of electronic commerce.
These problems arise from a common source: Any cryptographic system that implies the existence of a third party that stores private keys is inherently insecure.
Introduction
The Global Internet Liberty Campaign is a group of human rights, civil liberties, and Internet advocacy organisations which favours the unrestricted use of cryptography to protect personal private communications. We consider that article 52 annex 2 of the Spanish Telecommunications Law 1998 devoted to cryptography may easily lead to a mandatory key recovery system in Spain. We believe that, this new initiative would pose serious problems both to privacy and to the development of electronic commerce in Spain.
Encryption is usually viewed as something only related only to the military defence field, spies and criminals. However they are the basis of a secure communication system which is vital both for privacy and electronic commerce. Therefore, they are increasingly integrated into commercial systems and applications.
They are also needed increasingly for the infrastructure of networking. For instance, systems that synchronize and exchange administrative information on the Internet are starting to use encryption to prevent malicious intruders from disrupting the Internet.
Also, cryptography has historically been associated with extreme, contentious situations like crime and war. However, nowadays the overwhelming use of encryption is during routine interactions between individuals and business organizations. For instance, credit card numbers and other transaction information is encrypted;so are reports by a salesperson about a customer to his or her central office. Also, encryption technology over the Internet is increasingly used for privacy reasons, that is to ensure that only the selected person or the audience are the ones that would be able to read a message, and no one else. As a matter of fact, the use of cryptography would create the equivalent of a sealed envelope. Therefore sending a simple e-mail would be like sending a postcard and the only way to seal and secure the postcard is to use strong encryption tools without a back door mechanism (key escrow or key recovery). If our cryptographic systems are crippled with this kind of gadgets, then there is always a third party that, if desired is able to sneak at our private mail, and therefore, e-mail is a lot less secure or confident.
We don't mean to state that strong cryptography without backdoors or key recovery systems are 100% secure. Nothing is 100% secure. Depending on the algorithm used, the lenght of the key and the technical devices at hand, an specific message can be deciphered. On the other hand, as it is going to be stablished later in the paper, trusted third parties or backdoor systems turns cryptography in something a lot more insecure. As Bruce Schneier -a leading cryptography researcher and author of "Applied Cryptography"- stated, it is impossible to meet the needs of both law enforcers and industry. We can't have both fairly secure encryption and the enforcer's ability to snoop from time to time into some one else's mail.
However, Article 52 of the new Spanish Telecommunications Law 1998 opens the door to a mandatory key recovery system.
Following international agreements, such as the European Convention on Human Rights (article 8) and the Spanish data protection laws known as LORTAD, the newly enacted Spanish Telecommunications Act guarantees the privacy of communications, and even the right to use strong cryptography, as stated in the main paragraph of article 52 (the complete text of the law can be read in Spanish at http://www.asertel.es/cs/08017002.htm):
"Any kind of information that is transmitted using telecommunication networks can be protected by means of encryption procedures".
However, article 52 (2) claims that:
"Among their conditions of use, when it (encryption) is used to protect the confidentiallity of information, an obligation could be imposed to notify either a General Administration body, or a public organisation about the algorithm or whatever encryption procedure is used, with an effect to control it following prevailing normatives. This obligation will affect all the developers which incorporate cryptography in their equipments or devices, the operators that include it in their networks or in the services they offer, and, if applicable, to the users that employ it"
(Spanish text) "Entre sus condiciones de uso, cuando se utilice para proteger la confidencialidad de la informacion, se podra imponer la obligacion de notificar, bien a un organo de la Administracion General del Estado o a un organismo publico, los algoritmos o cualquier procedimiento de cifrado utilizado, a efectos de su control de acuerdo con la normativa vigente. Esta obligacion afectara a los fabricantes que incorporen el cifrado en sus equipos o aparatos, a los operadores que lo incluyan en las redes o dentro de los servicios que ofrezcan y, en su caso, a los usuarios que lo empleen".
However, the general reference to "procedure" can be easily used to establish another specific law to create a mandatory key recovery system. That is, every user who gets encryption software must give his or her private key to a "trusted third party" which would be a goverment body, according to the text of the new Spanish law.
According to law enforcement forces, mandatory key recovery systems are a must to avoid criminal activities over the Internet. From this point of view, leaving our private keys to a trusted third party is a way to avoid the great danger of computer crime by putting a negligible risk to our privacy in computer networks.
Nevertheless, this argument has several flaws:
First, a recent European Commision Communication paper stated that "most of the (few) criminal cases involving encryption that are quoted as examples for the need of regulation concern 'professional' use of encryption. It seems unlikely that in such cases the use of encryption could be effectively controlled by regulation." (see EU Communication paper)
We, the undersigned members of the GILC have disputed the argument on several occasions, finding no evidence that criminal or terrorist rings cannot be broken through more traditional means of law enforcement such as examination of the evidence, use of informers, and so on.
Second, the risk of mandatory key recovery systems is not negligible at all. Inevitably, these systems introduce vulnerabilities into cryptographic protocols, creating opportunities for insider abuse and criminal attack (See also EU Communication paper). Public officers of the Spanish goverment would hold the private keys within a centralized infrastructure that will become a highly attractive target for criminals. And these potential criminals will not only be hackers trying to break from outside, but also possibly corrupted officers that could sell the private keys to racketeers, or even use themselves in criminal actions. Moreover, centralized databases of private keys are a great temptation to individuals in the enforcement bodies to sneak a look at private communications without the need of a legal warrant to do so. Mandatory key recovery systems are a great temptation for different kinds of abuse, and it is a tempation difficult to refuse once the private keys are available to third parties.
Using private enterprises to hold the private keys, as it is planned to do, for example, in the United Kingdon, is not a solution. These systems have the same flaws that a public body may have, and therefore will turn electronic communications into something inherently insecure.
The recent police raid against the hacker network Hispack showed how easily Spanish goverment computers and private e-mail can be accessed. If any of them had stored private keys, they may had ended in hands of criminals, which then could have used the keys and the confidential information obtained through e-mail for criminal purposes.
Also, cases like the thief of confidental military documents by Colonel Perote in CESID show how corrupted officials which steal secrets are more than a possibility.
Third, once the danger of abuse is stated, mandatory key recovery systems pose non trivial problems to electronic commerce. The users will not employ commercial systems in the Internet as massively as they would do in other circumstances, due to the fear that confidential information -like their credit card number- may end in hands of racketeers.
Fourth, criminals and terrorists are not going to be stopped by this newly introduced Spanish law. Developing a cryptographic program is not so difficult. As a matter of fact, there are hundreds of them over the Internet now. Criminals could easily get encryption software illegaly, in the same way they get weapons or drugs, and use it without notifying the private key to any public body. Only the good citizens would store the private keys in a centralized computer, with a significant risk to their privacy, while terrorists and criminals would use cryptography without any worries.
Moreover, by hiding a message within a larger innocent message or in a picture attached to it (a practice known as steganography) criminals could avoid being detected in their use of illegal encryption.
Fifth, article 52 of the new law is contradictory. After all, there is no sense in stating that every Spanish citizen has the right to encrypt their communications and then producing a mandatory key recovery system. The only reason to use cryptography is to make private communication really private. If some third party can also read our private messages if desired, there is no reason at all to use encryption or to believe that encrypted communications are secure.
Sixth, article 52 is also in contrast with recent global initiatives. We already mentioned the EU Communication paper released in October 1997, and titled "Towards a European Framework for Digital Signatures and Encryption". This paper finds key recovery systems to be inefficient and ineffective. The EU communication states that "the European Union simply cannot afford a divided regulatory landscape in a field so vital for the economy and society". The EU developments are important and would have a direct effect in Spain.
It is also of interest to observe how last month a U.S. government panel (known as the Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure) has failed in a two-year effort to design a federal computer security system which included "back doors," a feature that poses similar treats to cryptography. The 22-member panel appointed by the secretary of commerce in 1996 concluded at a meeting last month that there were serious technical problems that would develop a system both insecure and not meeting police expectations.
Alan Davidson staff counsel at the Center for Democracy and Technology, a nonprofit advocacy group stated that:
"The administration keeps spending taxpayer money to pursue a ... strategy that's wrong-headed and won't protect security," Davidson said. "Its own advisory committee can't answer basic questions about how to make it work for the government, yet they continue to push for its adoption by everyone, worldwide."
OECD Guidelines and policies announced in 1997 lean away from what the newly enacted Spanish Telecommunications law states. A recent OECD report stated that:
"National cryptography policies may allow lawful access to plaintext, or cryptographic keys, of encrypted data," but immediately reiterated that "These policies must respect the other principles contained in the guidelines to the greatest extent possible" and, "This principle should not be interpreted as implying that governments should, or should not, initiate legislation that would allow lawful access."
As a matter of fact, restrictions to cryptography have been debated from five years in the US, for several years in France, and recently in Canada, Germany, or Australia. If restrincting encryption techniques are such a good idea, why no democratic country has been able so far to make a coherent law to put them into practice?
Confusion exists among some members of the public about the difference between key recovery and another type of service that is very important for online commerce and communication, the certificate authority.
Certificate authorities are organizations that guarantee the identities of online correspondents. Just as you trust a check from a bank you know or a letter on an agency's letterhead, you can trust that a person really is who he claims to be if a certificate authority vouches for him. Certificate authorities are expected to become common and to vastly increase the viability of digital interactions, should governments permit unfettered encryption.
However, it is important to realize that certificate authorities are unrelated to key escrow. In the current public-key systems used for most encryption, certificate authorities hold the correspondents' public keys. There is no reason for a certificate authority to hold private keys, and they would become security risks if they did so.
Because of the heavy responsibility shouldered by certificate authorities, there may be a government role in licensing them for purposes of quality assurance. But there is also a risk that governments will force certificate authorities to hold private keys and become trusted third parties, which is a distortion of their role and has no technical justification.
On the other hand, GILC released the first comprehensive review of cryptography policies around the globe in a report entitled "Cryptography and Liberty: An International Survey of Encryption Policy" in February 1998. The purpose of the survey conducted by EPIC was to determine whether countries are limiting the availability of new technologies that are used by Internet users and others to protect personal privacy. According to the GILC report, most countries in the world do not have controls on the use of cryptography. "In the vast majority of countries, cryptography may be freely used, manufactured and sold without restriction." The report says that recent trends in cryptography policy suggest greater liberalisation in the use of this technology, which was originally controlled during the Cold War for reasons of national security.
Conclusion
Strong encryption technology without mandatory key recovery systems offers the only protection to those who seek to bring official abuses of power to light. Also, It is the only efficient system to generate a communication system which acomplishes privacy requisites and is used in electronic commerce that is really secure and trustable.
The GILC Members have urged national goverments not to adopt controls on cryptographic technology on several ocasions. Most recently, we released statements criticising the encryption policies of the British and Canadian governments. We believe that the same arguments apply in Spain and should persuade the Spanish goverment to close the door they have opened to mandatory key recovery systems by approving article 52 in its newly adopted Telecommunications Law.
When formulating policies with respect to the Internet, respect for the privacy of communications on the Internet should be guaranteed by:
- Ensuring that personal information generated on the Internet for one purpose is not used for an unrelated purpose or disclosed without the person's informed consent;
- Enabling individuals to review personal information on the Internet and to correct inaccurate information;
- Providing privacy measures for information regarding on-line bussiness transactions as well as content; and
- Allowing users of the Internet to encrypt their communications and information without restriction.
Therefore, the undersigned members of the GILC believe that policies concerning cryptography should be based on the fundamental right to engage in private communication. We oppose efforts that would lead to the development of communication infrastructure designed for surveilance. To conclude, we do state that mandatory key recovery policies would make Spain and any other country a second-class nation for the development of electronic commerce and Information Age.
Signed by the following members of the Global Internet Liberty Campaign
Associazione per la Libertà nella Comunicazione Elettronica Interattiva (ALCEI)
http://vivaldi.nexus.it/altri/alcei/index.htmlCITADEL EF France
http://www.citadeleff.orgCommUnity
http://www.community.org.uk/Computer Professional for Social Responsibility
http://www.cpsr.orgCyber-Rights & Cyber-Liberties (UK)
http://www.leeds.ac.uk/law/pgs/yaman/yaman.htmDerechos Human Rights
http://www.derechos.orgDigital Citizens Foundation Netherlands)
http://www.db.nlElectronic Frontier Foundation
http://www.eff.orgElectronic Frontier Canada
http://www.efc.ca/Electronic Frontiers Australia
http://www.efa.org.au/Electronic Frontiers Spain (FrEE)
http://www.arnal.es/free/Electronic Frontiers Texas
http://www.eftexas.orgElectronic Privacy Information Center
http://www.epic.orgEquipo Nizkor
http://www.derechos.org/nizkorFoerderkreis Informationstechnik und Gesellschaft (FITUG) e.V.
http://www.fitug.de/Imaginons un Réseau Internet Solidaire (IRIS)
http://www.iris.sgdg.orgPrivacy International
http://www.privacy.org/pi/quintessenz user group
http://www.quintessenz.at