interesting-people message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]

Subject: IP: "Clipper III" (TTP) hits Holland


>Date: Tue, 8 May 2001 14:44:45 -0700
>To: eff-priv@eff.org
>From: mech@eff.org (Stanton McCandlish)
>
>
>First "trusted third party" news in a long time.
>
><< start of forwarded material >>
>
>
>Date: Tue, 08 May 2001 14:05:55 +0200
>From: Maurice Wessling <maurice@bof.nl>
>Subject: Dutch government puts Trusted Third Parties under pressure
>To: gilc-plan@gilc.org
>Reply-To: gilc-plan@gilc.org
>Errors-To: list-admin@gilc.org
>Ref-URL: http://www.gilc.org
>
>
>Artikel-URL: http://www.telepolis.de/english/inhalt/te/7571/1.html
>
>   Dutch government puts Trusted Third Parties under pressure
>
>   Jelle van Buuren   08.05.2001
>
>   Intelligence agencies and police want to get access to encrypted
>messages
>
>
>
>    Dutch law enforcement authorities are forcing Trusted Third Parties
>(TTP's) to use key escrow or key recovery techniques, which make it
>possible for law enforcement to decrypt encrypted messages. The law
>enforcement authorities want to get access to encrypted Internet
>messages, according to secret documents revealed by the Dutch digital
>rights movement  Bits of Freedom [0].
>
>   Trusted Third Parties (TTP's) are independent organisations, which
>offer services to enhance the security and reliability of electronic
>communication. TTP's, for instance banks, accountants,
>telecommunication companies or public notaries, use cryptography to
>prove the authenticity of communication and secure the confidentiality
>of communication.
>
>   The Dutch Ministries of Traffic and Waterways and Economical Affairs
>started in 1998 the national  TTP project [1] to regulate in
>co-operation with industry the founding of TTP's. In a policy paper of
>March 1999 the Ministries pointed at the need of 'lawful access' and
>announced that, if voluntary agreements on this subject were not
>possible, the government would introduce legislation that would force
>them to do so.
>
>
>
>
>      "If industry does not want to cooperate in an active way in the
>development of the possibility of lawful access, the government will
>consider legislative initiatives to fulfil the need of lawful access."
>(From a  document [2] obtained by BOF)
>
>
>
>
>
>   In a secret  policy paper [3] (January 2001) of the 'Technical Working
>Group Lawful Access', which is part of the National TTP Project, an
>analysis is made of the needs of intelligence services and law
>enforcement and the different forms of TTP's. According to the
>document, law enforcement and intelligence services want to get access
>to the communication in 'clear language'. They don't want to get hold
>of the encryption keys, unless 'it is the only way to get access to
>encrypted communication'. The agencies also want to listen in to
>encrypted communication in real-time. Access has to be possible without
>the co-operation or knowledge of the user.
>
>   The Technical Working Party then analyses different forms of TTP
>architectures and concludes that only two types will make lawful access
>possible: when a TTP has a copy of the encryption key, or when the TTP
>is technically able to use key recovery. This is, according to the
>working party, a problem: 'The question that has to be answered is if
>it is desirable that forms of TTP's will exist that cannot fulfil the
>demands of the intelligence services and law enforcement.' In the
>   minutes [4] of the co-ordinating committee of the National TTP Project
>of March 2001, the question is formulated more strongly:
>
>
>
>
>      'According to the law, TTP's which do not posses encryption keys,
>are not obliged to co-operate. But the aim is to prevent TTP's from
>claiming this position, by making it an obligation to organise their
>services in a way that makes lawful access possible.'
>
>
>
>
>
>   The coordinating committee recognises that TTP's have problems with
>providing lawful access. It is doubtful if TTP's are willing to give
>lawful access, as companies and consumers will have little faith in
>their services if they know the TTP is able to read their
>communications and deliver it to government. Companies have already
>indicated that the founding of a good TTP infrastructure in the
>Netherlands is not possible if Dutch TTP's are forced to give lawful
>access, while other TTP's don't have this obligation. Clients will take
>a foreign TTP.
>
>   But the Technical Working Party decided to recommend nevertheless that
>TTP's must choose architecture, which make lawful access possible. It
>is called 'obligatory self regulation'. They also recommend making a
>study on the economic impact of this solution. If the study makes clear
>the obligation to give lawful access is economically not feasible, it
>may change the decision.
>
>   The companies, which are involved in the National TTP Project, were
>not amused. 'What is the use of this exercise, if the technical working
>group has already decided that lawful access is one of the criteria
>TTP's have to fullfilll to get their certification,' a member of the
>telco KPN asked according to the minutes.
>
>   But a representative of the Ministry of Economic Affairs assured that
>it is still possible to change the recommendations. 'If the study shows
>that Dutch consumers will choose foreign TTP's as a result of this, the
>proposed recommendation is no longer effective.' He adds that there is
>a huge clash of interest between the different ministries involved.
>
>   Dutch government tried for several years to regulate the use of
>cryptography. Proposals to forbid cryptography, regulate the use of
>cryptography or force suspects to decrypt their encrypted data all were
>withdrawn after huge protest. This seems to be another attempt of the
>intelligence services and law enforcement to get grip on the use of
>encryption.
>
>   After publishing the secret documents, Bits of Freedom was treathened
>by the National TTP Project with a lawsuit. Reason: Bits of Freedom
>infringed the copyright of the documents and the minutes. The TTP
>Project also threatened to close down the website of Bits of Freedom.
>Bits of Freedom wasn't impressed by the threats and told the National
>TTP Project they were more than happy to meet in court. After that, the
>threats were withdrawn.
>
>
>
>   Links
>
>   [0] http://www.bof.nl
>   [1] http://www.ecp.nl/trust/ttp.html
>   [2] http://www.bof.nl/tappen/KST35668.pdf
>   [3] http://www.bof.nl/tappen/RapportageTWRT.pdf
>   [4] http://www.bof.nl/tappen/TTPnotulenmaart2001.pdf
>
>   Artikel-URL: http://www.telepolis.de/english/inhalt/te/7571/1.html
>
>
>----------------------------------------------------------------------
>    Copyright © 1996-2001 All Rights Reserved. Alle Rechte vorbehalten
>   Verlag Heinz Heise, Hannover
>
><< end of forwarded material >>
>--
>
>
>--
>Stanton McCandlish      mech@eff.org       http://www.eff.org/~mech
>Technical Director/Webmaster         Electronic Frontier Foundation
>voice: +1 415 436 9333 x105                    fax: +1 415 436 9993
>EFF, 454 Shotwell St.                    San Francisco CA 94110 USA



For archives see: http://www.interesting-people.org/

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]

Powered by eList eXpress LLC