This document is a response to the UK DTI's consulation paper on regulating encryption in the UK. It is structured as follows:
These documents are available on the public Web at http://www-uk.hpl.hp.com/people/sjmz/dtiprop/overview.htm.
The proposed regulatory regime would impose significant costs and credibility burdens on certification authorities. These CAs are new organisations. Their commercial existence is barely developed as yet, but they play a necessary, although not a central, role in commercial and individual transactions in an information society. The costs of complying with the proposed regulations would fall heavily on these emerging organisations; and if their growth in the UK were not stifled altogether, such costs would have to be passed on to their users.
There is merit in the idea of a licensing regime for CAs, which could lend credibility and clarity to their currently ill-defined responsibilities and liabilities. This is a quite separate motivation for licensing from the main thrust of the DTI proposals, where licensing is the tool which ensures law-enforcement access to escrowed confidentiality keys. Were licensing of CAs to be introduced on commercial and social policy grounds, there would be every reason for initially making such licensing voluntary; market acceptance would show if a mandatory regime would be beneficial later.
A fundamental misunderstanding which pervades the DTI proposals is that some single commercial organisation has sole responsibility for providing the "service" of encrypted communication. As described at some length below, in current Internet use no such single organisation exists; instead, multiple pieces of software running solely on the two computers at either end interwork to provide the "service", with the automatic network in between the two computers providing nothing more than unreliable, best-efforts delivery of successive fragments of the messages being exchanged. These individual software components are acquired from diverse commercial (and other) organisations. The role played by a CA, if any, is only to allow the two parties to reliably recognise each other.
Given the peripheral role of CAs in "providing" the "service" of encrypted communication, it should not be too surprising that regulating them in the way proposed provides only illusory benefits to law enforcement. The "service" at issue is encrypted communication involving "serious criminals and terrorists". (The proposals nowhere make clear whether the prime target of desired interception is communication where both parties are suspect, or only one.) Without much fiercer regulation of the use of cryptographic technology, there is no credible case for "serious criminals and terrorists" to make use of only such "services" as provide for law-enforcement access. However, they can still benefit from the regulated "services" of compliant CAs to establish non-compliant secure communication. In a separate blow to UK competitiveness rather than law enforcement access, offshore CAs can "poach" the efforts of compliant CAs without incurring the costs of compliance.
No attention is paid in the document to exploring, as an alternative to interception of communication, the use of existing, or extended, powers to require access to encrypted material under penalties relating to obstructing the course of legitimate law-enforcement enquiries. Perhaps appropriately in an open document, no attention is paid either to the technical means which are available for intercepting, or subverting the confidentiality of, communication involving legitimate targets which present a real threat to civilised society.
The constructive criticisms in this response are specific to the DTI proposals as formulated under the previous UK government, and are specific also to proposed UK policy. We do not dwell in this response on user-controlled key recovery solutions, under which the users of encryption themselves are in a position to recover encrypted material in the event either of their own "disaster recovery" needs, or in response to warranted or subpoenaed legal access demands where the primary keyholder is unable or unwilling to decrypt the stored information. We do note in the detail document that there is a considerable difference in the technical and procedural arrangements needed to support such user-initiated key recovery, and those needed to support the "subject-blind" law enforcement access scenario envisaged by the DTI proposals. It is HP's consistent position that user-initiated key recovery solutions will be welcomed by many organisations, and that such solutions are of benefit to both law enforcement and legitimate organisations when a demand for lawful access to encrypted stored material is made.
However, the specific DTI proposals are an ineffectual, ill-founded compromise between, on the one hand, the needs and rights of individuals and businesses, and on the other, the legitimate needs of law enforcement.
If the law-enforcement needs are considered to be the overriding ones, then measures far stronger than those proposed need to be introduced, to make all but licensed, escrowed encryption illegal to use; only then would there be effective access to encrypted traffic. There currently exist many well-known and widely implemented techniques which would, if not specifically outlawed, allow compliance with the letter of the proposed legislation, but provide no law-enforcement access; the effect of the legislation would then only be to raise costs without even producing the desired law-enforcement access.
The other logically consistent position is to assert that the needs of of business for commercially confidential communication, and of individuals for private communication, are the overriding ones, and that effective alternatives to key escrow for legitimate law-enforcement investigations and intelligence-gathering should be pursued. As well as being more commercially appropriate, such a decision is far more in the spirit of this country's traditions. The use of cryptographic technologies, and the emerging infrastructure which supports them, must be left unencumbered at present, so that the technology is able to do its job properly, and develop in a way which best serves the needs of the market and our country's citizens.
This response argues that the regulatory regime proposed in the consultation paper is an ineffective compromise between the legitimate needs of commercial entities and private individuals for confidential communication, and the desire to provide for undetectable access to those communications by legitimate law-enforcement agencies.
The proposed regulatory regime is unsatisfactory for business and individual users, because the existence of additional copies of the (otherwise strictly private) cryptographic keys irredeemably weakens the link between "the" legitimate key-holder and cryptographically protected messages which are supposed to be uniquely readable or produceable by that keyholder alone. Such a weakness would cause significant problems in the enforcement of any agreements intended to be legally binding which would involve such a key-holder. The problems (in which origination, receipt, or responsibility for leaking the contents of messages can be plausibly denied) will be all the greater after the first documented instance of the leakage of keys from a TTP. Given the experience to date of the leakage of nominally confidential material -- be it held by the DVLC (Driver and Vehicle Licensing Centre, a UK-wide analogue of the US DMV organisations), the PNC (Police National Computer system), by Select Committee, or by disaffected former employees of the security services now resident in Australia -- it is reasonable to describe such a leak as a probable occurrence.
The DTI proposals attempt to balance the needs of individuals and business against those of law enforcement. However, the proposal does not provide any technical means to assure the effectiveness of the law-enforcement access provisions. The proposals appear to believe that a truly effective distinction can be drawn in practice between the private portion of keypairs used for integrity (which includes authentication) -- which at para. 46 of the proposals are emphatically stated not to be subject to law-enforcement access -- and those used for encryption, which are subject to such access. However desirable such a separation might be, the underlying mathematics and software which uses the keys is blind to the use being made of them; and keys intended for authentication only can be used to create effective confidentiality channels between the participants. The technical details of some ways in which this can be done are given below.
However, the CA does not need, or want, to handle the user's private key. (A good introduction to the technical underpinnings of modern cryptography is available on-line at RSALabs, the patent-holders and active developers of public-key based solutions. A widely known CA is Verisign; others include Thawte and Entrust.)
The DTI paper, from the title onwards, describes the licensing of "trusted third parties for the provision of encryption services". It proposes requiring CAs to play a further role in providing law-enforcement access to keys used for encryption. However, CAs do not provide an "encryption service". This is provided by (multiple layers of) software running on the two computers at the ends of the communication, or the single computer which is storing encrypted data. In that latter case (local encrypted storage), CAs have no role to play at all, though a local within-company key-management service might. In the former case, CAs have -- as described immediately above -- an important but peripheral role to play in initially introducing the parties to one another. It is possible that some "full-service" third party might emerge which could also provide key-recovery facilities for those customers who want them; but there are no such companies known to us today. (There do exist suppliers of products which allow a company internally to recover keys used for encrypting locally stored materials, such as PGPmail 4.0/BusinessEdition from PGP Inc.).
It is not the case that the core activity of a single commercial organisation is currently, or is likely to be, "the provision of encryption services" as portrayed in this proposal. Rather, end-users themselves combine the products of multiple commercial and other organisations in achieving appropriately secured communication. At a minimum, in a typical Internet scenario, two communicating nodes A and B are using, in sequence,
Where A and B are communicating securely, in addition to the above components they may, at some point in the past, have made use of the service of one or more CAs, or of less formally constituted third parties. But the responsibility for the use of the certified information is in the hands of the end users, and it cannot be used to establish secure communication between them without appropriate application software. With the increasing use of component-based software technologies such as Java Applets, Microsoft ActiveX controls, and object interoperability frameworks such as CORBA and OpenDoc, the actual responsibility for the "provision of encryption services" becomes all the more distributed. The role of the certification authority -- which is the point at which the DTI's consultation paper proposes to place the burden of legislative control and provision for law-enforcement access -- is critical, but in itself far from sufficient to constitute a single entity which can sensibly be said to "provide encryption services".
Furthermore, the secure transport of Internet packets will soon be part of the basic service provided by the operating system, rather than by individual software applications. This work (in the Internet Engineering Task Force's IPSEC working group) is well advanced, and is likely to lead to a much greater degree of security in communication between Internet end-node computers, all without the Internet Service Providers themselves changing anything at all about how their equipment operates. It is perhaps relevant to rehearse one of the core truths of the Internet: that, by very deliberate design, it is a network which places the "intelligence", the "service", and the "value added", at the end nodes of the network -- that is, in the individual computers which connect up to the Internet -- and not in any computers which are in the "middle" of the network. In this way it is fundamentally different from the existing telecommunications network, in which the services are provided by equipment belonging to the telecom service provider, to which the end-user connects a simple piece of equipment such as a telephone. It is this core design decision which makes it feasible for new services -- such as the World Wide Web itself -- to be rapidly introduced as a result of the decision of individual users with control over only their local machines. This basic design principle is here to stay; and this core design decision is but one of the factors which makes equating the work of a Certification Authority with "providing encryption services" fundamentally flawed.
There is, then, no case convincingly argued in the DTI proposals that the proposed licensing regime would in fact provide the authorities with access to the communications of "serious criminals and terrorists". It is therefore disingenuous for the documents to repeatedly recite this as the motivation for the proposed escrow of keys. The law-enforcement benefits would appear to be limited to providing the authorities with access to communication between lazy, uninformed criminals.
Sadly, the mathematics at the heart of modern
practice does not support a distinction between authentication and
encryption keys in actual use. Given an "authentication-only"
certification scheme, confidentiality secure against interception (whether
by law enforcement or criminal elements) can be achieved in at least the
following four ways:
Although individual CAs may want to limit their users' use of keys for
which they provide certificates, their sanctions are limited to civil
suits for violation of the terms of a contract and withdrawal (revocation)
of the certificate previously issued. By this time secure,
non-interceptable communication has long been established. In the case of
the first workaround listed above (the use of a public
signature-verification key as an "encrypt-to" key), the CA's direct user
is not even traceably implicated in the "abuse": it would be the
sender who chose to "misuse" the CA-certified recipient's public
key in that way.
The DTI's public response to an open
letter requesting clarification of the proposals appears to be quite
sanguine about the possibilities outlined above, including the second one
in which an unescrowed signature-only TTP-registered key is used to sign a
certificate for an unescrowed encryption key, saying that "everyone
should recognise that this is a compromise under which we acknowledge that
a proportion of confidentiality keys will not be accessible via the
warrant process because they have not been escrowed". The capability to
traverse such a chain of certificates is built into mass-market encryption
software (e.g. compliant implementations of the IPSEC standard, and email
software compliant with the S/MIME Internet standard such as Netscape's
Communicator, their latest Web browser and email program). There is
therefore absolutely no convenience penalty to the legitimate
user in working around the intent of the DTI proposals, and there
is an increase in security, since no private keys are now
escrowed. It is therefore plausible to expect that the "proportion of
confidentiality keys" which "will not be accessible via the warrant
process" will be indistinguishable from 100%. The regulatory intent could
perhaps be salvaged by licensing only TTPs/CAs which would forbid the user
signing certificates for themselves: this would make evasion of the intent
more awkward (though obviously still feasible).
An encrypted communication using one of the workarounds listed above
may have been used to exchange a shared secret used as a further layer
within apparently compliant use of TTP-escrowed confidentiality keys,
which on law-enforcement access produce only the ciphertext of the inner
encryption layer(s).
Making CAs responsible for providing the authorities with copies of the
users' secret keys significantly increases the CAs' costs, and lowers the
trust a user can place in their service. It increases the costs because in
the absence of having to provide the escrow function, they handle only
users' public keys, and have to assure only the
integrity of customer information, not its confidentiality; the
only secret keys a CA naturally holds are its own. If a CA has to perform
the escrow function also, it must store the users' private keys also,
arrange for them to be transmitted to it in a Very Safe Way, and yet have
them available to law enforcement inside 60 minutes of receiving
(something which claims to be) a valid warrant. Those costs would be
further increased if every CA had to meet the strict ITSEC requirements,
an idea floated in Annex C of the DTI
proposal.
It lowers the users' trust because the basic premise of public-key
crypto as used for encryption is violated: instead of the private
"decoding"/"receiving" key being held only by the user, with any leakage
of that key being solely that user's fault, it is now available also at
the CA, and the user has to worry about the CA's ability to keep that
material secure. The proposed legislation also assumes that there is a
single body ("the" user's TTP) which makes the user's entire private key
available on demand. This maximally affects key security; the document
entirely ignores technical work on secret-sharing among a number
of escrow agents, who must co-operate for the key to be recovered. This
still leaves the party which can demand, and gain, these component pieces
as a single point of attack, but one with a (greatly) smaller number of
complete keys.
In summary, whilst a market may at some point in the future
emerge for a "full-service" TTP which provides many of the services
described in the DTI proposals, no such entity currently exists.
Commercial logic suggests the need for a broad range of strength
of CA-like services, from organisations willing to take real commercial
risk in acting as guarantors on high-value, long-term contracts, through
"classic" CAs which vouch for an entity's identity but shy away from any
contractual liability for such certification, through to lightweight CA
functions for membership of clubs, libraries, and loyalty schemes. The DTI
proposals appear to remove any possibility of such a spectrum of CAs
across the market: any organisations offering the "classic" CA services is
defined to be a TTP and needs to meet the full set of regulatory burdens.
For the lighter-weight functionality especially, the burdens of regulation
proposed by the DTI would be crippling in costs and administrative
overheads.
This is not a weakness specifically introduced by the DTI proposals:
however, it does show that where there is a significant imbalance in costs
between acting as a compliant CA in the UK and acting outside the UK
framework, commercial exploitation of such imbalances is likely, to the
detriment of UK-based enterprise.
Adverse Consequences
As a result of starting from the false premises described at painful
length above, the proposals arrive at conclusions which would have the
overall effect of imposing significant cost and convenience burdens on
legitimate crypto-based activities, without providing the hoped-for
law-enforcement benefits in exchange. These adverse consequences are
spelled out here.
Burdening CAs with Mandatory Escrow Responsibilities
Increases Costs and Reduces Security
Offshore CAs/TTPs Can Poach A UK TTP's
Customer Base Without Bearing the Costs of Regulation
In the context of UK trade and industry policy, it's worth noting that the
increased costs of being a "compliant" CA/TTP are born only by that CA.
The existing standards (X.509, as implemented in S/MIME and SSLeay) allow
one CA to certify another, and the software implementations which accept
X.509 certificates will traverse such a chain of signatures. However, such
certification does not require the active participation of the compliant
CA, and cannot be prevented by it, as it requires only the compliant CA's
public key, which is of course widely distributed. An offshore CA
can therefore certify the compliant CA, thereby "certifying" the entire
user base of the compliant CA, without itself bearing any of the costs of
law-enforcement access. Such certification would not of itself extend any
contractual guarantees from the compliant CA to the offshore one; however,
an offshore CA might choose to extend its own guarantees, perhaps
a subset of the compliant CA's, to certificate-checking users willing to
pay the offshore CA a (lower) fee, in much the same commercial way that a
supermarket may choose to accept the money-off coupons issued by a
competitor.
Illusory Law-Enforcement Benefits of Key
Escrow
By reason of the non-separability in
practice of encryption and authentication keys, and the purely peripheral role played by
CAs, the nominal targets of interception warrants -- the "serious criminals and terrorists" --
will not in fact have their communications readable even if all CAs and
similar offering services in the UK are operating under the proposed
licensing regime. The DTI proposals repeatedly duck the unpleasant truth
that such interception becomes effective only when the use of non-escrowed
confidentiality techniques is made directly illegal.
In view of the ready availability of TTP- and escrow-free strong encryption technology, whose use the DTI proposals affirmatively state (at para. 45) will continue to be legal, it would be negligent indeed for the security services not to be actively developing and using the relevant surveillance techniques already.
End-point interception is also the only route which makes sense given the nature of the Internet, in which the machinery "in the middle" provides only a best-efforts packet delivery service, with all the intelligence and higher-level service provision being the sole responsibility of the computers at the end-points of the transmission. This is in stark contrast to the design of the switched-circuit voice telephony system, and it should not be surprising that law-enforcement access provisions which start out from that as a model -- as the DTI proposals with their repeated references to "provision of encryption services" seem to -- do not transfer well to the Internet.
Key recovery schemes under the control of the end user can help legitimate users comply with warrants issued under such alternative legal provisions.
The retrieval of an escrowed key is only the first step in accessing a user's communications: the IP packets which carry the message still have to be accessed in order for the traffic to be read by the law-enforcement agency. To be effective, this requires the co-operation of the user's IAP, which is the user's connection point into the Internet: because of the distributed nature of the Internet and the dynamic routing capabilities of the network, only the IAPs of the two communicating users can guarantee access to the entire data stream (and with most encryption schemes, the loss of a single block will make the contents of the message from that point on unreadable even with the recipient's secret key; the entire message must be tapped intact for decryption to be successful). Warranted access to users' traffic at IAPs is therefore also necessary; this may already be covered by the IOCA legislation mentioned in the DTI proposals, but needs to be spelled out. At this moment, established telecom operators still provide the lines over which the great bulk of final-hop IP traffic currently flows (ordinary phone lines, ISDN lines, and higher-bandwidth leased lines). However, future developments (cable modems, low-orbit satellites, radio-frequency local loop operators like Ionica) will extend the range of parties providing the lower-level links along which the IP packets flow. All of these parties may need to be in a position to provide law-enforcement access to the traffic stream covered by a TTP warrant, although they themselves are entirely distinct from the TTP. Such an extended scope for interception warrants follows from the peripheral role of the TTP in actually providing the communication facility.
There is, however, a perfectly reasonable case for the DTI to consider licensing the provision of "natural" CA services: indeed, this case is hinted at in the proposal, and is likely to have been a significant element of the DTI's thinking; it is however submerged in the case made for law-enforcement access to escrowed confidentiality keys. Currently, the CA market is dominated by US players, Verisign in particular; there are no well-known UK-based CAs (and only one small and possibly inactive one I've been able to find at all, "EuroSign - The European Certification Authority", apparently organisationally related to the small, pioneering MarketNet and BankNet services).
A CA cannot sensibly be held liable for the content of a document signed by one of its registered users; as explained in the detail document it does not even see such documents. The CA does however vouch for the association between a given keypair and some facts about the legitimate user of the private half of the keypair, most usually the keyholder's identity. The legal status of the consequences of such an assertion are still quite unclear (see Annex A of the DTI proposals). Particularly vexed is the issue of the liability of a CA to anyone relying on the link between the keypair and the facts the CA has vouched for. In the UK there appears (based only on a limited understanding of the legal issues, and certainly not intended as authoritative legal opinion!) to be no legal basis for such a liability, as no "consideration" has passed to the CA from the body relying on the CA's statements. In the US, CAs attempt to very strictly limit their liability: perhaps in anticipation of legal challenges which may force them to adopt greater liability than their current terms and conditions, it is prudent for them to start out from a position of very limited liability!
Nevertheless, the opportunity would appear to exist for the UK to take a lead in the introduction of licensed and/or bonded CA services, in such a way that those relying on the facts vouched for by such a UK-licensed CA would gain practical advantages from that reliance, and the subscribers to such a CA would gain greater acceptance. Such a licensing or bonding scheme could be initiated without any legislative backing, for example being based on commercially-run accreditation arrangements. It might then move to a voluntary licensing scheme, and finally to a mandatory licensing scheme for UK-based CAs, without at any point restricting the freedom of UK bodies to use the services of CAs based outside the UK. This would be close to the regulatory regime for UK banks: operating as a bank in the UK requires a license which imposes known standards of responsibility, bringing not only a useful degree of protection to the bank's depositors but increased credibility to the bank itself. This does not prevent the existence of banks in laxer jurisdictions, nor their use by UK residents, but nevertheless produces a useful distinction between a UK licensed bank and one based in (say) the Cayman Islands. (Grateful acknowledgements are due to the authors of the DTI document for explaining in person this postive potential impact of licensing.)
Other means of allowing illegal activity to be detected and prosecuted are available and should, where necessary, be the subject of legislation.