[107683] in Cypherpunks
FW: more on : The Maginot Line of Encryption Falls
daemon@ATHENA.MIT.EDU (Stewart, William C (Bill), BNSVC)
Thu Jan 21 03:29:28 1999
From: "Stewart, William C (Bill), BNSVC" <billstewart@att.com>
To: cypherpunks@cyberpass.net
Cc: cryptography@c2.org
Date: Thu, 21 Jan 1999 02:17:31 -0600
Reply-To: "Stewart, William C (Bill), BNSVC" <billstewart@att.com>
Two messages Forwarded from Dave Farber's list:
Stewart Baker's note and Kenn Cukier's followup.
-----Original Message-----
From: Dave Farber [mailto:farber@cis.upenn.edu]
Sent: Wednesday, January 20, 1999 6:15 PM
To: ip-sub-1@majordomo.pobox.com
Subject: IP: more on : The Maginot Line of Encryption Falls
Date: Wed, 20 Jan 1999 20:41:24 -0500
From: "K. N. Cukier" <100736.3602@compuserve.com>
To: "farber@cis.upenn.edu" <farber@cis.upenn.edu>
Dave,
As a follow up to Stewart Baker's note, here's some more info on France's
decision to liberalize crypto....
It is an astounding and surprising policy reversal -- a complete about-face
-- that no one expected (except Stewart!), although there had been a lot of
talk about "modifying" the laws recently. It made front page news in all
the major French dailies, and Le Monde and Liberation both ran two full
pages on the matter and broader French Net issues.
Prime Minister Lionel Jospin's policy announcement is on the Web at:
<http://www.internet.gouv.fr/gb/sommaire.html> (I translated the relevant
section, below).
While Jospin is a master at reducing political risk, his policy is still
fraught with domestic political dangers -- and dangers for online
individual privacy.
It's still unclear how much buy-in Jospin has from law enforcement,
intelligence agencies and the military. He's certainly got some, but until
we see the actual legislation, it is unclear whether no restrictions really
mean no restrictions. Just as in the US, where the FBI has called on
Congress to impose domestic controls on crypto, so too will the same
pressure appear in France. This is really the start of a public policy
debate, not the final judgment.
Yet in gaining support for the policy, Jospin had to throw a bone to the
spooks, and did so via increasing their funding. This is a dual-edged sword
solution. France already has one of the most extensive domestic police and
spy forces in the industrialized world (via the CRS, a domestic
hyper-militarized police force and the Renseignement General, an
intelligence agency for civilian espionage), and this adds to their
influence. In fact, one of the legacies of the Mitterrand years was the
president's illegal wiretaps of over 400 judges, journalists, actors and
intellectuals. This ought be noted when considering France's latest move,
since liberalizing crypto is only half the coin if the other half is an
abuse of privacy via a massive state apparatus that spys on citizens. Thus,
the danger is crypto is legalized, but interception of communications
becomes commonplace.
Le Monde noted one reason to encourage crypto is to fight against economic
espionage, and singled out the US-UK-Australia-Canada-New Zealand
interception project ECHELON. The newspaper calls Jospin's new position one
of "realism."
The following is an English translation of Prime Minister Jospin's remarks
from a press conference on 19 January 1999:
"[...] The third legislative area concerns cryptography. While the means
for electronic espionage grows, cryptography appears to be an essential way
to protect the confidentiality of communication and for privacy.
A year ago, we made the first step towards liberalizing cryptography, which
is a technique for exchanging data across a network. I had announced that
we would make further initiatives. The government has, since then, listened
to concerned parties, spoken with experts and consulted its international
partners. Today, we are convinced that the 1996 law is no longer viable. In
effect, it strongly holds back the usage of cryptography in France, and
does not have any impact on allowing law enforcement authorities to
effectively fight the criminal use of encryption, which is easily
obtainable.
To change the orientation of our legislation, the government therefore will
take the following steps, of which I have discussed with the president
(Jacques Chirac):
- Offer the complete freedom of cryptography use.
- Revoke the mandatory nature of escrowing private encryption keys in
trusted third parties.
- Complete the judicial steps required by new regulations, including penal
sanctions, concerning the handing over to lawful authorities upon demand
the plaintext transcriptions of encrypted documents. Also, the technical
ability for law enforcement authorities will be significantly reinforced
(to deal with the matter) and their budget increased accordingly.
Changing the law will take many months. The government has wanted that the
principle obstacles that weigh on citizens as they protect the
confidentiality of their communications and develop electronic commerce be
lifted without delay. So, in the meantime before the legislative
modifications are announced, the government has decided to raise the limit
on unregulated cryptography use from 40 bits to 128 bits, a level that is
considered by experts to durably assure strong security. [...]"
Cheers,
Kenn
------------------------------ previous message
From: sbaker@steptoe.com
Date: Tue, 19 Jan 1999 14:25:59 -0500
To: <farber@cis.upenn.edu>
Dave --
A note I recently sent to clients. I expect this to be in the papers
tomorrow.
Stewart
From: Stewart Baker (sbaker@steptoe.com)
The rumors that we reported earlier are true. The French Government has
abandoned its effort to control domestic use of encryption.
In an announcement made today by Prime Minister Jospin, the government
announced
its decision to abandon most aspects of the encryption legislation adopted
in
1996. This legislation created a licensing scheme for import and use of
encryption and required the use of key escrow for all products containing
strong encryption. That approach has now been scrapped.
Jospin announced that his administration would send forward proposed
legislation
allowing complete freedom in the use of all cryptography, abolishing the
requirement to use trusted third parties, and providing instead increase
funding
for the police, combined with enhanced authority to demand plaintext in the
course of an investigation.
Jospin went further in his announcement. Recognizing that it would take
several
months to modify the legislation, he announced that the level for free use
of
encryption inside France would be raised administratively from the current
40-bit level to 128 bits. It appears that this change will take place
almost
immediately.
We're seeking details about how companies that wish to sell stronger
encryption
inside France may be assured of their legal status and will report further
as we get the information.
