Upload
bridget-hendrick
View
216
Download
1
Tags:
Embed Size (px)
Citation preview
Government should lift crypto export controls
and repeal Net Censorship Legislation
Dr Michael Baker
Board Member, Electronic Frontiers Australia
Sydney, 2 August 1999
http://pobox.com/~mbaker/Govforum.html
Introduction
• to help industry – lift crypto export controls
• since call for papers – Net censorship legislation
• to help industry and government– repeal Net censorship legislation
http://pobox.com/~mbaker/Govforum.html
Looking at many forum topics
• Internet services for government
• Services for Government via the Internet
• Services for clients of the government, via the Internet
• What should the government do to help industry
provide Internet services?
• How can the government run better via the Internet?
• What can the Government teach companies about the
Internet?
• What is happening around the world and in the labs?
http://pobox.com/~mbaker/Govforum.html
Crypto Summary
• Current Export Controls serve no useful purpose.
• Global effect is to risk information, security and communications privacy.
• De-regulation essential for E-Commerce.
http://pobox.com/~mbaker/Govforum.html
Why is crypto important?
• Privacy - communications and stored data
• Authentication - E-commerce
http://pobox.com/~mbaker/Govforum.html
Australian Public Policy
• Characterised by silence• Players include Attorney-General,
NOIE, DFAT, DSD, Defence• No published policy on encryption• Crypto export controls• Walsh Report 1997• OECD Cryptography Principles
supported 1997
http://pobox.com/~mbaker/Govforum.html
Walsh Report
• Title: Review of Policy Relating to Encryption Technologies
• Author: Gerard Walsh, former deputy director of ASIO
• Review conducted Jul-Aug 1996• Report printed by AGPS Feb 1997 for
public comment• Distribution stopped by A-G
http://pobox.com/~mbaker/Govforum.html
Walsh Report - The Saga
• Censored copy obtained by EFA in June 1997
• Published on Internet
• Media coverage: A-G claims not meant for public release
• Library deposit copies found Dec. 98
http://pobox.com/~mbaker/Govforum.html
Walsh Report - The Saga
• Uncensored version published on Internet Jan 99
• Ausinfo claims copyright infringement Feb 99.
• EFA affirms right to publish
• Ausinfo claim withdrawn
http://pobox.com/~mbaker/Govforum.html
Walsh Report - The Detail
• "Design flaws" in US key recovery proposals.
• Export controls of dubious value
• Legalised "hacking" should be allowed to agencies.
• Such recommendations were censored for national security reasons.
http://pobox.com/~mbaker/Govforum.html
Walsh Report - The followup
• Largely silence !
• No further attempts at public debate
• ASIO Act Amendments 1999 implement "hacking" recommendation
• Internet facilitates surveillance
• LEA's - forget cryptanalysis, go for the plaintext ?
http://pobox.com/~mbaker/Govforum.html
What Purpose Controls?
Export controls are in place to prevent the export of (unauthorised) controlled goods and technologies.
DEPARTMENT OF DEFENCE
AUSTRALIAN EXPORT CONTROLS
March 1998
http://pobox.com/~mbaker/Govforum.html
Policy Objective
To prevent proliferation of strong cryptography for unlawful purposes.
http://pobox.com/~mbaker/Govforum.html
The Official Rationale
If you knew what we knew,
you'd agree with us.
http://pobox.com/~mbaker/Govforum.html
Failures of Current Policy
• Unenforceable
• Strong crypto already widespread
• Targets the law-abiding
• Intangible exports uncontrolled
• Increased risk of information warfare
• Chilling effect on E-commerce development
http://pobox.com/~mbaker/Govforum.html
Other Policy Problems
• No policy guidelines available
• Case-by-case evaluation
• Key escrow/key recovery "encouraged"
• No industry consultation on policy
• No review of costs, benefits, risks
http://pobox.com/~mbaker/Govforum.html
Dangers of government access
• Security Risk
• Liability Issues
• Risk of privacy infringement
• Risk of unlawful surveillance
• Costly
• Technological problems
http://pobox.com/~mbaker/Govforum.html
• Points of vulnerability
• Weaken the value of the encryption
• Less secure
• Difficult to use
• Key recovery requirements can be evaded
• Circumvent with double encryption
Dangers of government access
http://pobox.com/~mbaker/Govforum.html
• Costly infrastructure
• Negatively affects industry's competitiveness
• Not feasible for ephemeral keys
• Deters overseas customers (Lotus Notes example)
• Disadvantages exporters
Dangers of government access
http://pobox.com/~mbaker/Govforum.html
What is Wassenaar?
• Basis for Australian DSGL
• 33 nations as signatory
• Replaced COCOM 1996
• Not intended to impact on commerce
• Directed against offensive weapons
• Amended December 1998
http://pobox.com/~mbaker/Govforum.html
General Software Note
• Prior to 1998 exempted mass market and public domain software
• Now only exempts public domain
• Was previously ignored by 5 of the 33 signatories: USA, Russia, France, New Zealand, Australia
http://pobox.com/~mbaker/Govforum.html
Scope of Wassenaar?
Article 4, Initial Elements:
• Will not impede bona fide civil transactions
• Will not interfere with legitimate means of defence
http://pobox.com/~mbaker/Govforum.html
Scope of Wassenaar?
• Cryptography is not a weapon
• Cryptography is a defensive tool
http://pobox.com/~mbaker/Govforum.html
Intangible Exports
• Uncertain legal position
• Customs Act limitations
• Intangible goods difficult to distinguish from ideas
• Academic freedom issues
• UK has current proposals
http://pobox.com/~mbaker/Govforum.html
Australia Disadvantaged
The Wassenaar provisions are being flexibly interpreted by other countries, e.g.
• Ireland
• Germany
• Canada
• Israel (not a Wassenaar signatory)
• France
http://pobox.com/~mbaker/Govforum.html
Inconsistency
Current application of export controls is inconsistent internationally and is disadvantaging Australian business.
http://pobox.com/~mbaker/Govforum.html
Are export controls effective?
• What is the policy objective?– preventing proliferation of strong
cryptography for unlawful purposes– preventing widespread adoption of strong
cryptography for lawful purposes
• Widely available.
• Has prevented development of global standards.
http://pobox.com/~mbaker/Govforum.html
Cryptography is Widely Available
The basic mathematical and algorithmic methods for strong encryption (without key recovery) are published and well known and can easily be implemented in software by any bright high-school student with access to a personal computer.
Industry Canada Report 1998.
http://pobox.com/~mbaker/Govforum.html
Cryptography is Widely Available
Strong encryption software is already widely available on the Internet, for anyone to download, for free.
http://pobox.com/~mbaker/Govforum.html
Controls impede adoption of crypto
• Fragmented market
• Reduces competition
• Counter to competition policy
http://pobox.com/~mbaker/Govforum.html
No Support for Controls
There is no popular consensus, outside the law enforcement or national security communities, that regulation of cryptography is needed
http://pobox.com/~mbaker/Govforum.html
Organisations Opposing Controls
• Internet Architecture Board (IAB)
• Internet Engineering Steering Group (IESG)
• International Federation for Information Processing (IFIP)
• National Research Council, USA
• OECD
http://pobox.com/~mbaker/Govforum.html
• Institute of Electronics and Electrical Engineers (IEEE)
• American Association for the Advancement of Science
• The Internet Society (ISOC)
• Global Internet Liberty Campaign (GILC)
Organisations Opposing Controls
http://pobox.com/~mbaker/Govforum.html
• Australian Computer Society (ACS)
• Australian Information Industry Association (AIIA)
• US Association for Computing Machinery (USACM)
• Americans for Computer Privacy (US industry lobby group)
Organisations Opposing Controls
http://pobox.com/~mbaker/Govforum.html
Alternatives to Controls
• Using court orders to gain access to keys
• Enforcing existing laws on surrender of information
• Gathering information by means other than examining encrypted files
• Cryptanalysis
http://pobox.com/~mbaker/Govforum.html
What should government do?
• Current Export Controls serve no useful purpose
• De-regulation essential for E-Commerce
• Public policy debate needed
• Lift crypto export controls
http://pobox.com/~mbaker/Govforum.html
Net Censorship Legislation
• Complaints based• Prohibited content based on Film &
Video video classification scheme• Takedown orders on ICHs for prohibited
content in Australia• Blocking orders on ISPs for prohibited
content outside Australia• Industry Codes for ICHs and ISPs
http://pobox.com/~mbaker/Govforum.html
Will it be effective?
• ABA's additional funding will only allow classification of small part of potentially prohibited material
• Easy to circumvent any blocking
http://pobox.com/~mbaker/Govforum.html
Will it cause damage?
• Uncertainty for content providers• Movement of content overseas• Increased costs for ISPs, especially
small ISPs• Less competition• Adverse effect on "balance of traffic"• Increased costs• Malaysia and Canada won't regulate
http://pobox.com/~mbaker/Govforum.html
What ICHs & ICPs will have to do
• ICHs - respond to take down orders
• Content Providers - covered by matching state legislation
• Content Providers - beware “Adult themes”
http://pobox.com/~mbaker/Govforum.html
What should government do?
• Amend legislation by removing– content classification– takedown orders– blocking orders
• Would gut the legislation
• Repeal the legislation
http://pobox.com/~mbaker/Govforum.html
Conclusion
• What should the government do to help industry provide Internet services?
• Lift crypto export controls
• Repeal Net Censorship Legislation
http://pobox.com/~mbaker/Govforum.html