[Politech logo]

Politech is the oldest Internet resource devoted to politics and technology. Launched in 1994 by Declan McCullagh, the mailing list has chronicled the growing intersection of law, culture, technology, and politics. Since 2000, so has the Politech web site.

Ross Anderson: Crypto wars are over, and we've won!




-------- Original Message --------
Date: Tue, 24 May 2005 12:32:46 +0100
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>

----------------------------------------------------------------------
You have received this message from the FIPR Bulletin mailing list run
by the Foundation for Information Policy Research  http://www.fipr.org
----------------------------------------------------------------------


	* * *		* * *		* * * 		* * *

Press release - Foundation for Information Policy research <www.fipr.org>

		Release time: 00.01, 25th May 2005


		   The Crypto Wars Are Over!


The "crypto wars" are finally over - and we've won!

On 25th May 2005, Part I of the Electronic Communications Act 2000
will be torn out of the statute book and shredded, finally removing
the risk of the UK Government taking powers to seize encryption keys.

The crypto wars started in the 1970s when the US government started
treating cryptographic algorithms and software as munitions and
interfering with university research in cryptography. In the early
1990s, the Clinton administration tried to get industry to adopt the
Clipper chip - an encryption chip for which the government had a
back-door key.  When this failed, they tried to introduce key escrow -
a policy that all encryption systems should leave a spare key with a
`trusted third party' that would hand the key over to the FBI on
demand. They tried to crack down on encryption products that did not
contain key escrow. When software developer Phil Zimmermann developed
PGP, a free mass-market encryption product for emails and files, the
US government even started to prosecute him, because someone had
exported his software from the USA without government permission.

In its dying days, John Major's Conservative Government proposed
draconian controls in the UK too. Any provider of encryption services
would have to be licensed and encryption keys would have to be placed
in escrow just in case the Government wanted to read your email. New
Labour opposed crypto controls in opposition, which got them a lot of
support from the IT and civil liberties communities. They changed
their minds, though, after they came to power in May 1997 and the US
government lobbied them.

However, encryption was rapidly becoming an important technology for
commercial use of the Internet - and the new industry was deeply
opposed to any bureaucracy which prevented them from innovating and
imposed unnecessary costs. So was the banking industry, which worried
about threats to payment systems from corrupt officials. In 1998, the
Foundation for Information Policy Research was established by
cryptographers, lawyers, academics and civil liberty groups, with
industry support, and helped campaign for digital freedoms.

In the autumn of 1999, Tony Blair finally conceded that controls would
be counterproductive. But the intelligence agencies remained nervous
about his decision, and in the May 2000 Electronic Communications Act
the Home Office left in a vestigial power to create a registration
regime for encryption services.  That power was subject to a five year
"sunset clause", whose clock finally runs out on 25th May 2005.

Ross Anderson, chair of the Foundation of Information Policy Research
(FIPR) and a key campaigner against government control of encryption
commented, "We told government at the time that there was no real
conflict between privacy and security. On the encryption issue, time
has proved us right. The same applies to many other issues too - so
long as lawmakers take the trouble to understand a technology before
they regulate it."

Phil Zimmermann, a FIPR Advisory Council member and the man whose role
in developing PGP was crucial to winning the crypto wars in the USA
commented, "It's nice to see the last remnant of the crypto wars
in Great Britain finally laid to rest, and I feel good about our win.
Now we must focus on the other erosions of privacy in the post-9/11
world."

Notes to Editors:

1.      The Foundation for Information Policy Research
<http://www.fipr.org> is an independent body that studies the
interaction between information technology and society. Its goal is to
identify technical developments with significant social impact,
commission and undertaken research into public policy alternatives, and
promote public understanding and dialogue between technologists and
policy-makers in the UK and Europe.

2.  The late Professor Roger Needham, who was a founder and trustee of
FIPR, as well as being Pro-Vice-Chancellor of Cambridge University, a
lifelong Labour party member and, for the last five years of his life,
Managing Director of Microsoft Research Europe, once said: `Our enemy
is not the government of the day - our enemy is ignorance. If
ignorance and government happen to be co-located, then we'd better do
something about it.' <http://research.microsoft.com/users/needham/>

3.	The Electronic Communications Act 2000 received Royal Assent on
the 25th May 2000. Part I provides for the Secretary of State to create
a Register of Cryptography Support Services. s16(4) reads: "If no order
for bringing Part I of this Act into force has been made under
subsection (2) by the end of the period of five years beginning with the
day on which this Act is passed, that Part shall, by virtue of this
subsection, be repealed at the end of that period."
<http://www.hmso.gov.uk/acts/acts2000/20000007.htm>

4. 	The crypto wars ended in the USA when Al Gore, the most outspoken
advocate of key escrow, was found by the US Supreme Court to have lost
the presidential election of 2000.

5.	The last battle in the crypto wars to be fought on UK soil was
in the House of Lords over the Export Control Act 2002. In this bill,
Tony Blair's government took powers to license the export of intangibles
such as software, where previously the law had only enabled them to
criminalise the unlicensed export of physical goods such as guns. This
caused resistance from the IT industry, and also raised the prospect
that scientific communications would become subject to licensing. FIPR
organised a coalition of Conservative, Liberal and crossbench peers to
insert a research exemption (section 8) into the Act, and an Open
General Export License was created for developers of crypto software.

6.	Phil Zimmermann is arriving in London on the 25th May to take part
in PGP Corporation activities until Thursday. Journalists wishing to
interview him can send email to prz at mit dot edu, or make contact
via the St Martin's Lane Hotel, tel 44 207 3005500, fax 44 207 3005501

[ends]

	* * *		* * *		* * * 		* * *

Posted by Declan McCullagh on May 24, 2005 in category privacy


Get a Politech feed through RSS or Atom [RSS] [Atom]

The Politech general information pages and photographs are copyrighted by Declan McCullagh. Original posts distributed to the mailing list are licensed under a Creative Commons License.
Creative Commons License