>Date: Tue, 8 May 2001 14:44:45 -0700 >To: [EMAIL PROTECTED] >From: [EMAIL PROTECTED] (Stanton McCandlish) > > >First "trusted third party" news in a long time. > ><< start of forwarded material >> > > >Date: Tue, 08 May 2001 14:05:55 +0200 >From: Maurice Wessling <[EMAIL PROTECTED]> >Subject: Dutch government puts Trusted Third Parties under pressure >To: [EMAIL PROTECTED] >Reply-To: [EMAIL PROTECTED] >Errors-To: [EMAIL PROTECTED] >Ref-URL: Http://www.gilc.org > > >Artikel-URL: http://www.telepolis.de/english/inhalt/te/7571/1.html > > Dutch government puts Trusted Third Parties under pressure > > Jelle van Buuren 08.05.2001 > > Intelligence agencies and police want to get access to encrypted >messages > > > > Dutch law enforcement authorities are forcing Trusted Third Parties >(TTP's) to use key escrow or key recovery techniques, which make it >possible for law enforcement to decrypt encrypted messages. The law >enforcement authorities want to get access to encrypted Internet >messages, according to secret documents revealed by the Dutch digital >rights movement Bits of Freedom [0]. > > Trusted Third Parties (TTP's) are independent organisations, which >offer services to enhance the security and reliability of electronic >communication. TTP's, for instance banks, accountants, >telecommunication companies or public notaries, use cryptography to >prove the authenticity of communication and secure the confidentiality >of communication. > > The Dutch Ministries of Traffic and Waterways and Economical Affairs >started in 1998 the national TTP project [1] to regulate in >co-operation with industry the founding of TTP's. In a policy paper of >March 1999 the Ministries pointed at the need of 'lawful access' and >announced that, if voluntary agreements on this subject were not >possible, the government would introduce legislation that would force >them to do so. > > > > > "If industry does not want to cooperate in an active way in the >development of the possibility of lawful access, the government will >consider legislative initiatives to fulfil the need of lawful access." >(From a document [2] obtained by BOF) > > > > > > In a secret policy paper [3] (January 2001) of the 'Technical Working >Group Lawful Access', which is part of the National TTP Project, an >analysis is made of the needs of intelligence services and law >enforcement and the different forms of TTP's. According to the >document, law enforcement and intelligence services want to get access >to the communication in 'clear language'. They don't want to get hold >of the encryption keys, unless 'it is the only way to get access to >encrypted communication'. The agencies also want to listen in to >encrypted communication in real-time. Access has to be possible without >the co-operation or knowledge of the user. > > The Technical Working Party then analyses different forms of TTP >architectures and concludes that only two types will make lawful access >possible: when a TTP has a copy of the encryption key, or when the TTP >is technically able to use key recovery. This is, according to the >working party, a problem: 'The question that has to be answered is if >it is desirable that forms of TTP's will exist that cannot fulfil the >demands of the intelligence services and law enforcement.' In the > minutes [4] of the co-ordinating committee of the National TTP Project >of March 2001, the question is formulated more strongly: > > > > > 'According to the law, TTP's which do not posses encryption keys, >are not obliged to co-operate. But the aim is to prevent TTP's from >claiming this position, by making it an obligation to organise their >services in a way that makes lawful access possible.' > > > > > > The coordinating committee recognises that TTP's have problems with >providing lawful access. It is doubtful if TTP's are willing to give >lawful access, as companies and consumers will have little faith in >their services if they know the TTP is able to read their >communications and deliver it to government. Companies have already >indicated that the founding of a good TTP infrastructure in the >Netherlands is not possible if Dutch TTP's are forced to give lawful >access, while other TTP's don't have this obligation. Clients will take >a foreign TTP. > > But the Technical Working Party decided to recommend nevertheless that >TTP's must choose architecture, which make lawful access possible. It >is called 'obligatory self regulation'. They also recommend making a >study on the economic impact of this solution. If the study makes clear >the obligation to give lawful access is economically not feasible, it >may change the decision. > > The companies, which are involved in the National TTP Project, were >not amused. 'What is the use of this exercise, if the technical working >group has already decided that lawful access is one of the criteria >TTP's have to fullfilll to get their certification,' a member of the >telco KPN asked according to the minutes. > > But a representative of the Ministry of Economic Affairs assured that >it is still possible to change the recommendations. 'If the study shows >that Dutch consumers will choose foreign TTP's as a result of this, the >proposed recommendation is no longer effective.' He adds that there is >a huge clash of interest between the different ministries involved. > > Dutch government tried for several years to regulate the use of >cryptography. Proposals to forbid cryptography, regulate the use of >cryptography or force suspects to decrypt their encrypted data all were >withdrawn after huge protest. This seems to be another attempt of the >intelligence services and law enforcement to get grip on the use of >encryption. > > After publishing the secret documents, Bits of Freedom was treathened >by the National TTP Project with a lawsuit. Reason: Bits of Freedom >infringed the copyright of the documents and the minutes. The TTP >Project also threatened to close down the website of Bits of Freedom. >Bits of Freedom wasn't impressed by the threats and told the National >TTP Project they were more than happy to meet in court. After that, the >threats were withdrawn. > > > > Links > > [0] http://www.bof.nl > [1] http://www.ecp.nl/trust/ttp.html > [2] http://www.bof.nl/tappen/KST35668.pdf > [3] http://www.bof.nl/tappen/RapportageTWRT.pdf > [4] http://www.bof.nl/tappen/TTPnotulenmaart2001.pdf > > Artikel-URL: http://www.telepolis.de/english/inhalt/te/7571/1.html > > >---------------------------------------------------------------------- > Copyright � 1996-2001 All Rights Reserved. Alle Rechte vorbehalten > Verlag Heinz Heise, Hannover > ><< end of forwarded material >> >-- > > >-- >Stanton McCandlish [EMAIL PROTECTED] http://www.eff.org/~mech >Technical Director/Webmaster Electronic Frontier Foundation >voice: +1 415 436 9333 x105 fax: +1 415 436 9993 >EFF, 454 Shotwell St. San Francisco CA 94110 USA
