AustLII Home | Databases | WorldLII | Search | Feedback

Privacy Law and Policy Reporter

Privacy Law and Policy Reporter (PLPR)
You are here:  AustLII >> Databases >> Privacy Law and Policy Reporter >> 1996 >> [1996] PrivLawPRpr 22

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

Greenleaf, Graham --- "Cryptography changes everything" [1996] PrivLawPRpr 22; (1996) 3(2) Privacy Law & Policy Reporter 21

OECD searches for crypto-consensus

Graham Greenleaf introduces this special issue on encryption and its new uses.
Cyberspace is a virtual place littered with `superhighway -- under construction' signs, large holes, and people with hard hats carrying plans marked `standards', `public key infrastructure', `key escrow' and the like. Meanwhile, many of the natives have been building increasingly elaborate shanties out of stuff called encryption. The planners like the local materials, but have other ideas for the site ...

Cryptography changes everything

The importance of public key (or asynchronous) encryption to the construction of cyberspace can scarcely be overstated. The discovery that different keys (numbers) could be used to encrypt and decrypt a message, and that one key could not be derived from the other even if the encryption algorithm was known, may be one of the most significant developments in the history of communications.

The technologies that public key cryptography has made possible are essential for the confidentiality and privacy of Internet communications; for the guaranteed authenticity of messages through digital signatures; for the `crypto bottling' of intellectual property `super-distribution' systems[1]; for secure credit card transactions; and for the additional privacy advantages of electronic cash. Cryptography has long been described as the walls and ceilings out of which cyberspace is being built[2], and now it is often said that `cryptography changes everything'.

It is rare that a single technology plays such a major role in the development of public policy in so many areas. A great deal of the attention of government officials and official standards bodies is being turned to getting the policy and legal settings right for encryption technologies, mainly because they are the perceived to be, at the same time, the key to competitive advantage in electronic commerce, and a threat to law enforcement and revenue collection. Privacy advocates, on the other hand, see the general availability of `strong' encryption (that is, in practice uncrackable by governments or anyone else) as offering the essential `privacy enhancing technology' (PET) in relation to telecommunications and the internet.

The legal framework within which encryption technologies will operate is perhaps the single most important privacy issue of the moment. This special issue surveys how that framework is emerging in Australia and internationally, to assist those who are not security experts to participate in debate on these important public issues. For those new to crypto concepts, Roger Clarke provides a primer (p 24).

Australia moves centre-stage in encryption debates

In February 1996 Australia and the OECD jointly hosted a Conference on Security, Privacy and Intellectual Property Protection in the Global Information Infrastructure. The Conference was notable not so much for the written papers[3] as for the preoccupation of attendees with the development of encryption policies, and increasingly lively debates on the conference floor. The rapporteurs reports capture some of this (see http://www.nla.gov.au/gii/copyrite.html).

Norman Raeburn, Deputy Secretary of Australia's Attorney-General's Department, was elected as the Chairman of the OECD's Group of Experts on Security, Privacy and Intellectual Property on the GII. It was previously an ad hoc committee when chaired by Justice Michael Kirby to produce the OECD's privacy and security guidelines, but it has now been given `permanent' status. The Group of Experts reports to the Committee for Information, Computing and Communications Policy (ICCP) of the OECD. This OECD structure seems to be emerging as the main forum for international negotiation of cryptography policy (at least outside Europe), so Australia has obtained an influential position in the developing international debate.

OECD forging crypto consensus?

In relation to crypto policy, the main action is occurring at the meetings of the Ad Hoc Group of Experts on Cryptography Policy Guidelines (the `Crypto-Experts Group'), which is supposed to report to the broader Group of Experts mentioned above.

The most recent meeting was in Washington on 8 May, and the next is in Paris on 26-27 June. At the 8 May meeting, a number of sets of draft Guidelines were discussed, including one deriving from a December 1995 meeting of the Crypto-Experts Group, and one prepared jointly by the ICC (International Chamber of Commerce) and BIAC (the OECD's Business and Industry Advisory Council). The ICC/BIAC draft was the subject of considerable discussion.

Some of the issues under discussion by the Crypto-Experts Group include whether there should be any national limitations on the export of products that are in fact widely available internationally; whether governments should insist that any keys be held within their borders; whether there should be any requirements at all that private keys be held in escrow by any third parties; and whether it is sufficient to protect governmental interests that governments be able to obtain warrants to obtain private keys in order to decrypt texts. The breadth of the issues under discussion indicates that no one view yet predominates.

The Electronic Privacy Information Centre (EPIC), analysing the OECD developments, concludes that it is unlikely that the Expert Group will agree in the near future to an international encryption policy based on key escrow (see p 40). However, the US Government is continuing to push such an approach, as noted below.

Australian Government policy

The Coalition parties' election policy, Online Services Policy[4] concludes that: `Heavy-handed attempts to ban strong encryption techniques will compromise commercial security, discouraging online service industries (particularly in the financial sector) from adopting Australia as a domicile. This would result in a substantial economic loss to the country'. It says that `the onus is on security agencies to demonstrate that the benefits of mandating `crackable' codes (as has been attempted in the US with the `Clipper' chip technology) outweigh the social and economic consequences of the loss of personal privacy and commercial security that this would entail.' This is a strong pro-privacy election statement, but it remains to be seen how it translates into policies now that the Coalition is in government. It shouldn't be forgotten that Federal Cabinet's 1990 decision that `all public telecommunications services should be capable of being intercepted for law enforcement and national security purposes' (see 1 PLPR 161) still stands.

The issue of the unconstrained availability of strong encryption has been the issue which has attracted most public attention, particularly in the US. It seems far less an issue in countries like Australia, or in Canada.[5]

US holds out

The US administration, despite abandoning its `Clipper chip' proposal, is still maintaining its export ban on strong cryptography, and is actively developing new proposals which use export prohibitions as the stick with which to force US companies to only release software which requires private keys to be placed in approved escrow arrangements, both internationally and within the US, as a condition of obtaining export permissions.

The new Key Management Infrastructure (KMI) proposals[6] -- also dubbed `Clipper III' -- have a vital bearing on international developments, because the US proposal is that US software exports with strong encryption would only be permitted to countries which have government-to-government key escrow arrangements with the US. As EPIC puts it, KMI is proposed as `a worldwide standard for network communication'. Whether Australia, NZ and Canada hold out against US pressures to introduce key escrow schemes is likely to be significant.

Dorothy Denning's article in this issue sets out the views of a strong supporter of such `voluntary' key escrow schemes who has close links to US policy-makers (though it was written prior to the KMI announcements). Roger Clarke tries to find a middle ground in a debate that is characterised by confusion.

Public key infrastructure

The availability of strong encryption is not the only encryption issue of importance to privacy. Public key encryption is not effective unless there is a ready means for anyone to obtain the public key of any other person from whom they may receive a message (or alternatively, for the sender to readily obtain the public key of anyone to whom they wish to send a confidential message). As a result, various types of structures are being proposed for the certification and distribution of public keys, to be used either for the purpose of encryption/decryption or for authentication of digital signatures, or both. `Public key infrastructure' (PKI) or `certification authority' proposals can cover an enormous range of possibilities, from the most centralised government-controlled registers to very decentralised approaches. Roger Clarke's primer introduces the concepts (p 24), and Bob Lions outlines the thinking behind Standards Australia's new draft standard for a `public key authentication framework' for Australia (DR 96078).

The bottom-line privacy issue in all of these proposals is that they will create identification registers which will play an important role in our future society. Certification authorities will have to hold acceptably strong evidence of identification, so as to certify that a particular physical/legal person is to be identified with a particular public key. Any methods of excluding a person from such registers could prejudice their participation in cyberspace, and therefore have significant privacy implications. Issues relating to the extent of central control of such registers, and any potential for abuse, are likely to be important.

Limits of crypto-privacy

A final caveat. While the availability of strong cryptography is undeniably important to the protection of privacy in cyberspace, we must not confuse the broad concept of `privacy' with the narrower notions of `secrecy' and `confidentiality', which is mainly what encryption protects. Despite the availability and value of encryption, it will not solve most privacy problems in cyberspace.

When we engage in transactions over the internet with governments or businesses, our communications are likely to be encrypted to prevent interception, or at least to be accompanied by a digital signature to ensure authenticity, and may be accompanied by e-cash for payment purposes. However, the information so gathered, and generated by our transaction, will be plain texts in the hands of the recipient government or merchant[7], and subject to all the usual privacy problems of use or disclosure for other purposes. For most users, most of the time, encryption of internet communications is beside the point when it comes to privacy. We will also spend much of our time using cyberspace in public and semi-public ways (where digital signatures are relevant for authentication), but this does not dispose completely of the privacy issues.

It's an obvious point, but we must not focus unduly on encryption or other privacy-enhancing technologies to the exclusion of other privacy issues, because they can only ever deliver part of the privacy protection agenda.

Graham Greenleaf, General Editor.


[1] See the announcement of IBM's Cryptolope containers -- http://www.infomarket.ibm.com

[2] John Perry Barlow `Crypto bottling' from `Wine without bottles: The economy of mind on the global net' (1993) http://www.eff.org/pub/Publications/John_Perry_Barlow/HTML/idea_economy_article.html

[3] See http://www.nla.gov.au/gii/papers.html for a selection

[4] For a review, see G Greenleaf `Privacy and Australia's new Federal government' 3 PLPR 1.

[5] Information Highway Advisory Council Report (1995) -- `Security Recommendations'; see (1995) Privacy Files, Vol 1 No 1, p11

[6] See http://www.epic.org/crypto/key_escrow/white_paper.html

[7] The position is different with the e-cash `Bank', which will not be able to identify the user with a particular transaction.


AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.austlii.edu.au/au/journals/PrivLawPRpr/1996/22.html