Abstract
The public debate on cryptography policy assumes that the issue is between the state's desire for effective policing and the privacy of the individual. We show that this is misguided.
We start off by examining the state of current and proposed legislation in Europe, most of which is concerned with preserving national intelligence capabilities by restricting the export, and in cases even the domestic use, of cryptography, on the pretext that it may be used to hide information from law officers. We then survey the currently fielded cryptographic applications, and find that very few of them are concerned with secrecy: most of them use crypto to prevent fraud, and are thus actually on the side of law enforcement.
However, there are serious problems when we try to use cryptography in evidence. We describe a number of cases in which such evidence has been excluded or discredited, and with a growing proportion of the world economy based on transactions protected by cryptography, this is likely to be a much more serious problem for law enforcement than occasional use of cryptography by criminals.
Preview
Unable to display preview. Download preview PDF.
References
RJ Anderson, “Solving a class of stream ciphers”, in Cryptologia v XIV no 3 (July 1990) pp 285–288
RJ Anderson, “UEPS — A Second Generation Electronic Wallet”. in Computer Security — ESORICS 92, Springer LNCS 648, pp 411–418
RJ Anderson, “Why Cryptosystems Fail”, in ACM Conference on Computer and Communications Security (Nov 1993) pp 215–227; journal version in Communications of the ACM v 37 no 11 (Nov 1994) pp 32–40
RJ Anderson, “Liability and Computer Security: Nine Principles”, in Computer Security — ESORICS 94, Springer LNCS v 875 pp 231–245
RJ Anderson, “NHS-wide networking and patient confidentiality”, in British Medical Journal v 311 (1 July 1995) pp 5–6
anonymous, “SESAME”, posted to Internet newsgroup sci.crypt as message 〈154315Z07111994@anon.penet.fi〉, 7th November 1994; and followup postings
C Arthur, news article in New Scientist, 11th March 1995; when accused by a labour spokesman of misquoting, he supplied the tape of his interview to the net. See ‘Re: Britain to outlaw PGP — whats happened so far', posted as article 〈D60F7L.KvH@exeter.ac.uk〉 to sci.crypt, 25 Mar 1995.
RJ Anderson, SJ Bezuidenhout, “Cryptographic Credit Control in Prepayment Metering Systems”, in 1995 IEEE Symposium on Security and Privacy, pp 15–23
Associated Press, “BANKS-ATMS”, wire item 1747, 30 November 1994, New York
KM Banks, Kluwer Security Bulletin, 4 October 93
ED Bartlett, “RMS need to safeguard patient records to protect hospitals”, in Hospital Risk Management v 15 (1993) pp 129–133
MS Baum, ‘Federal Certification Authority Liability and Policy — Law and Policy of Certificate-based Public Key and Digital Signatures', U.S. Department of Commerce Report Number NIST-GCR-94-654
T Berson, private communication
Bank of England, “Crest's security”, in Crest project newsletter, April 1995
S Bortzmeyer, “Data Encryption and the Law(s) — Results”, available from http://web.cnam.fr/Network/Crypto/survey.html (15/12/94)
FP Brooks, ‘The mythical man-month: Essays on software engineering’ (Reading, Massachusetts, 1975)
'RedCARE — The secure alarm networks', British Telecom, 1993
“Who's Reading Your Medical records?”, in Consumer Reports (Oct 1994) pp 628–632
Cards International has country surveys about once a month; similar information can be found in Banking Technology
Report of 4th Deutschen IT-Sicherheitskongre\, Bad Godesberg, 8–11 May 1995, in Computer Zeitung no 21 (25th May 1995) p 21
S Eisvogel, posting about German ‘Fernmeldeanlagen Ueberwachungs-Verordnung’ of May 4th 1995 to tv-crypt mailing list
Conference debate on security evaluation, ESORICS 94
JL Gailly, “French law on encryption”, posted to Internet newsgroup sci.crypt as message 〈831@chorus.chorus.fr〉, 28 Oct 92 by jloup@chorus.fr (Jean-loup Gailly)
Y Girardot, “The Smart Option”, in International Security Review Access Control Special Issue (Winter 1993/1994) pp 23–24
J Gordon, “How to Steal a Car”, talk given at 4th IMA Conference on Cryptography and Coding, December 1993
R Hanson, “Can wiretaps remain cost-effective?”, in Communications of the ACM v 37 no 12 (Dec 94) pp 13–15
N Hawkes, “How to find the money on lottery street”, in The Times (8/10/94) weekend section pp 1 & 3
A Heuser, writing on behalf of BSI to U Möller, copied at http://www.thur.de/ulf/krypto/bsi.html
P Inman, “Bank of England share system ‘open to fraud’ ”, in Computer Weekly, 23rd March 1995, pp 1 & 18
'Banking — Key management by means of asymmetric algorithms — Part 1: Principles, procedures and formats; Part 2: Approved algorithms using the RSA cryptosystem, International Standards Organisation, 15th November 1994
L Jackson, “NHS Computer is ‘Paparazzi's Dream’ ”, Press Association report 1520, 1st June 1995.
HM Kriz, “Phreaking recognised by Directorate General of France Telecom”, in Chaos Digest 1.03 (Jan 93)
Labour party policy on the information superhighway, at URL http: www.poptel.org.uk/labour-party/content.html
C Lloyd, “Place your bets while on the hoof”, in the Sunday Times 2nd October 1994 section 2 p 11
N Luck, J Burns, “Your Secrets for Sale”, in Daily Express, 16th February 1994 pp 32–33
S Landau, S Kent, C Brooks, S Charney, D Denning, W Diffie, A Lauck, D Miller, P Neumann, D Sobel, “Codes, Keys and Conflicts: Issues in US Crypto Policy”, Report of the ACM US Public Policy Committee June 1994
W Madsen, “NCIC criticised for open security and privacy doors”, in Computer Fraud and Security Bulletin (Oct 93) pp 6–8
W Madsen, “Norwegian encryption standard moves forward”, in Computer Fraud and Security Bulletin (Nov 94) pp 10–12
Ulf Moeller, “Kryptographie: Rechtliche Situation”, at http://www.thur.de/ulf/krypto/verbot.html
M Newman, “GSM moves past analog”, in Communications Week issue 135 (28 November 1994) p 40
S Orlowski, “Encryption and the Global Information Infrastructure, An Australian Perspective”, this volume
N Pattinson, Schlumberger, personal communication
Racal Research Ltd., “GSM System Security Study”, 10th June 1988
“Counterfet Software Operations”, press release no. OTC 06/27 1135 on CompuServe.
J Randall, “BSkyB set for record £5bn stock market debut”, in The Sunday Times (2nd October 1994) section 2 p 1
MNR Remijn, “Tekst van de memorie van toelichting van de wet tegen crypto”, posted to Internet newsgroup nlnet.cryptografie as message 〈1994Apr15.124341.20420@news.research.ptt.nl〉
D Robinson, “Cellular phones offer chip opportunity”, in Cards International no 98 (24th November 1993) p 10
I Ryan, “Market diversity points way forward”, in Cards International no 111 (13th June 1994) p III
Discussion at Singapore National Computer Board, 30th June 1995
“German Motorway Toll Trial is GSM-Based”, in Smart Card News v 3 no 3 (March 94) pp 41–44
Discussions with staff of Tollpass Ltd., Edinburgh
A Torres, “Commission wants black box, smart cards to enforce road safety”, Reuters RTec 09/02 0804
B Yeltsin, Decree no. 334, 3rd April 1995; English translation at http://www.eff.org/pub/Privacy/
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1996 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Anderson, R.J. (1996). Crypto in Europe — markets, law and policy. In: Dawson, E., Golić, J. (eds) Cryptography: Policy and Algorithms. CPA 1995. Lecture Notes in Computer Science, vol 1029. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0032347
Download citation
DOI: https://doi.org/10.1007/BFb0032347
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-60759-5
Online ISBN: 978-3-540-49363-1
eBook Packages: Springer Book Archive