[prev in list] [next in list] [prev in thread] [next in thread]
List: best-of-security
Subject: Orlowski.html
From: Julian Assange <proff () suburbia ! net>
Date: 1995-08-13 4:01:43
[Download RAW message or body]
ENCRYPTION AND THE GLOBAL INFORMATION INFRASTRUCTURE
AN AUSTRALIAN PERSPECTIVE
Steve Orlowski
Assistant Director
Security Management
Australian Attorney-General's Department
The views in this paper are those of the author and do not necessarily
represent the views of the Australian Government
Copyright the Commonwealth Government of Australia, 1995
Presented at the Cryptography Policy and Algorithms Conference,
Queensland University of Technology, Brisbane, Australia, July 1995
Appearing shortly in an Elsevier volume
In December 1993 the Australian Government established a Broadband
Services Expert Group to examine the technical, economic and
commercial preconditions for the widespread delivery of broadband
services to homes, businesses and schools in Australia. In rleasing
the Group's Final Report Networking Australia's Future the Prime
Minister said being linked to the national information infrastructure
is a fundamental right for all Australians.
As the Final Report put it:
"In the next decade, large-scale communications investments in
Australia will pave the way for many business, government,
information and entertainment services. These services could change
forever the way business and government operate and how we
commuicate with our colleagues, families and friends. Over time,
even the significance of international borders and the design of
towns and cities will change."
Similarly, the OECD in its 1992 Guidelines for the Security of
Information Systems said:
"Recent years have witnessed ... growth of computer use to the point
that, in many countries, every individual is an actual or potential
user of computer and communication networks."
Encryption was for centuries the domain of government, primarily to
protect military and diplomatic communications. In the past few
decades private enterprise has become an increasingly larger user of
cryptography to protect its commercial activities. W have now arrived
at the point where individuals are going to become major users of
cryptography to protect personal information and finances, and their
privacy in general, as they become participants in information
infrastructures. Over the past twelve months, the OECD has embarked on
a round of meetings on Global Information Infrastructures. The
outcomes of this round are to be provided in a report to the G7 on job
creation and the information society. Security privacy and the
prtection of intellectual property are some of the issues being
addressed as part of this round. Indeed the final meeting will
specifically address these issues. In outlining an agenda for this
meeting the OECD saw encryption as a pivotal issue in the secrity of
information systems.
The OECD will also be holding a meeting on National Cryptography
Policies later this year.
The interest in the Global Information Infrastructure relates not only
to the direct impact of the infrastructures on national economies, but
also on the economic impact of investment failures if the
infrastructure is misused or not used to its expected cpacity. User
confidence is seen as a key factor in infrastructures reaching their
full potential. It is from this position that the OECD is examining
issues of security, privacy and the protection of intellectual
property.
Turning again to the OECD Guidelines, they stated when addressing the
question of building confidence:
"Users must have confidence that information systems will operate as
intended without unanticipated failures or problems. Otherwise, the
systems and their underlying technologies may not be exploited to
the extent possible and further growth and innovatin may be
inhibited."
Obviously if encryption is a pivotal issue in information systems
security, confidence in encryption techniques and technology is
pivotal to confidence in information infrastructures and therefore to
the economic viability of such infrastructures. At the meeting in
Paris last November most of the session on security was taken up with
encryption. It was interesting, however, that very little of it was
related to security of government or commercial information on
systems. The main focus was on verfiable but untraceable transactions
on information infrastructures. This highlighted the progression of
cryptography towards individual's requirements and their desire for
their transactions to be secure but anonymous.
The issue of privacy of an individual's activities in information
infrastructures is beginning to receive similar attention in
Australia. Individuals are concerned that their activities can be
monitored to develop personal profiles such as buying habits. These
profiles could then be exploited by organisations such as direct
marketing bodies.
The Minister for Justice in a speech to the Australian Share/Guide
Conference in March this year identified two areas of concern:
* People want to be assured that information on how they use the
network is protected. Usage patterns are of particular interest
and value to various groups, for example, direct marketers.
* People also need to be assured that the content of their
information is protected both on networked systems and flowing
across the network.
Both these concerns can be overcome through the use of cryptography.
The first through verifiable but untraceable transactions and the
latter through more established message encryption techniques.
The question of verifiable but untraceable transactions has attracted
the concern of law enforcement agencies given the potential for the
proceeds of crime to be transferred in this way. In Australia the
Financial Transactions Reports Act 1988 requires tansactions above
specified limits to be reported. This approach could possibly be
extended to put limits on computer cash transactions which can be
carried out anonymously. This would allow individuals protection of
their privacy on the small transactios which would make up the bulk of
their activity but place some obstacles in the way of those who wish
to move large volumes of money illicitly. Technology which limits the
amount of anonymous cash which can be sent, received or stored per
terminal or smrt card per day may be able to be developed to overcome
the law enforcement concerns.
While such an approach might reduce the problem of cash transactions
for illicit purposes, the more vexing problem is that of criminal
activities being planned or transacted by telephone or over networks,
particularly where encryption is involved. In othr words the "key
escrow" debate.
In Australia telecommunications interception (TI), both voice and
data, is carried out under the provisions of the Telecommunications
(Interception) Act 1979. In 1993 the Australian Government initiated a
Review of the Long Term Cost Effectiveness of Telcommunications. The
Report stated:
"The evidence suggests that TI is very effective as part of an
integrated framework of surveillance by both law enforcement and
security agencies".
A significant finding of the report was:
"Encryption by targets of their communications (both voice and data)
is not considered by agencies as a problem for TI at present in
Australia, but it is a growing problem in the US and Europe and a
potentially significant problem in Australia. It will eed to be
monitored, particularly with increased availability of cheap voice
encryption devices. The issues extend well beyond the scope of the
Review."
The report also commented that:
"...Australians have available in the GSM digital mobile services an
effective means of encrypting their communications for legitimate
privacy and commercial security purposes...".
As a result of the Report, Australia is, among other TI issues,
monitoring the impact of encryption in the telecommunications
interception area and will re-examine matters in 1997 following the
opening of the telecommunications area to full competition.
The average Australian mobile phone user appears to be satisfied with
the security offered by the GSM digital mobile services and to date I
have not seen a report of instances of communications on that network
having been found to be insecure. Individual and small businesses seem
to be the major users of the networks and their requirements for
security are relatively low. On that basis there would appear to be a
relatively small market for voice encryption devices on mobile phone
services. Similarly Autralians have, by and large, been comfortable
with the standard telephone service and again there has been
comparatively little market for voice encryption products, although
they have been readily available.
Of course there have been instances of criminals using encryption
devices on the existing standard and mobile services, and this will
continue.
However, most persons involved in this field agree that even if key
escrow were introduced, this could be circmvented by determined
criminals.
Furthermore we are rapidly moving towards the integration of voice and
data services. By the turn of the century, the majority of voice
communications is likely to be over data lines. Encryption of both
voice and data is therefore likely to be handled b the same products.
Stephen Walker, in his paper 'Software Key Escrow A Better Solution
for Law
Enforcement Needs?' stated:
"Since law enforcement's requirements for key escrow appear largely
focused, for now at least, on telephone communications, it will
probably remain necessary for the government to escrow keys of
telephone security devices".
(It has been observed that due t the high cost of telephone security
devices with or without Clipper, there may never be a significant
market for such devices and therefore little reason for an extensive
telephone-only based key escrow capability.)
I would therefore argue that the value of key escrow for purely voice
encryption would be marginal in the Australian context and probably
internationally in the long term. In saying this I am not advocating
the abandonment of the conventional field of teecommunications
interception, rather I am arguing that resources might be better
applied to addressing the longer term problem of the emerging field of
interception of telecommunications in the form of data.
That then leaves us with the question of encrypted data
communications.
Law enforcement concerns have focussed on two aspects; financial
transactions associated with criminal activity such as payments for
drug deals, and messages such as setting up a dru deal or planning a
terrorist attack. These are realistic scenarios which confront law
enforcement authorities.
Obviously the community expects that law enforcement authorities will
take steps to prevent information infrastructures being used for these
purposes.
Equally users of the infrastructures for legitimate purposes expect
that their right to privacy will berespected. The hapless task for
governments is to find an acceptable balance between the two.
Firstly I would like to address the question of financial
transactions.
Earlier I proposed a restriction on anonymous cash transactions which
would make it difficult to move large sums of money in this manner.
Larger transactions would then have to be mved through traceable
transactions.
This would mean that records of the transactions and the parties
involved would exist in much the same way as they do for financial
transactions at present. If the anonymous transaction limit was the
same as the cash transactions reporting limit, this would mean that,
in Australia or for transactions entering or leaving Australia, the
transaction would be reported to the AUSTRAC, the agency which
collects and analyses data on cash transactions. Moreover, law
enforcemet agencies could approach the courts to obtain access to an
organisation or individual's records of such transactions.
This leaves the question of messages which may contain evidence of
criminal activities. While in some cases, copies of such messages may
be recoverable from one of the party's equipment, any serious criminal
using these methods would know how to modify o delete all traces of
the message.
Therefore court orders granting access to the equipment and data held
on it would not necessarily provide the evidence sought. This problem
would exist whether or not the transmission or the storage media were
encrypte.
Before advancing this argument further I would like to make the
observation, which I will be expanding on later, that debate to date
has focussed on higher level encryption. I feel that the needs of the
majority of users of the infrastructure for privacyand smaller
financial transactions, can be met by lower level encryption which
could withstand a general but not sophisticated attack against it. Law
enforcement agencies could develop the capability to mount such
sophisticated attacks.
Criminals who puchased the higher level encryption products would
immediately attract attention to themselves.
Given that a large proportion of the population would not be using the
higher level encryption products, application of key escrow for such
products is less likely to create the type of adverse reaction seen to
date. Government agencies and large financil institutions are more
likely to accept the need for key escrow in the type of products which
they use.
The Review of the Long Term Cost Effectiveness of Telecommunications
Interception referred to earlier quoted the following points made by
the Australian Federal Police:
* much valuable TI evidence and intelligence comes from targets
talking to people who are not part of a criminal activity and who
would not use encryption (arranging hotel, shipping or airline
bookings is one obvious example);
* call data will not be encrypted and will contain much valuable
information about who is involved in an investigation
The Review did, however, include the following in its findings:
* Telecommunications interception is of crucial importance to law
enforcement; and
* On present indications, it would not be true to say that
developments in technology may render telecommunications
uninterceptible.
Given that there is a requirement for telecommunications interception,
the question is how is this achieved in the face of changing
technology. The answer is to use the new technology to the advantage
of law enforcement agencies.
As mentioned earlier, I see encryption being utilised on two levels, a
general level being used by the majority of users and a more
sophisticated level with much more limited use. Intercepted messages
under the first level may be able to be decrypted by he various
interception authorities.
The second level would probably, however, require more sophisticated
techniques in circumstances where the key cannot, for whatever reason,
be recovered from escrow. This may be achieved by the establishment of
a cenral decrypting unit which would receive, decrypt and transmit
back messages.
Given the standard of equipment and expertise which would be developed
at such a centralised unit, it may be more cost effective for that
unit to handle all decryption of intercepted messages for all law
enforcement agencies within the country. Modern comunications
technology would facilitate the secure and rapid transmission of
messages between the intercepting authority and the central unit.
Indeed the "Clipper" proposal, and suggested variations of it, relied
on a similar concept for the transmissionof escrowed keys to the
intercepting authority. this takes the process one step further. It
also builds in an additional safeguard to the interception process as
the central unit would need to be satisfied of the validity of the
interception before it dcrypted the messages.
The same concept would apply for the higher level encryption systems
where the keys would be escrowed. In this case the central unit would
obtain the keys from the escrow agent or data recovery centre.
Regarding the question of data recovery centres, I am attracted by
proposals put forward by Stephen Walker in the paper I referred to
earlier, which suggested commercial data recovery centres. Even the
term data recovery centre is a positive one of a serice rather than
the negative image which now surrounds the term key escrow. The
concept I have just outlined could operate for either government
escrow agents or commercial data recovery centres.
The suggestion I have outlined is a rather simplistic version. In
practice there would be a number of legal problems to be overcome,
especially in a federal structure with a division of law enforcement
powers.
In the case of key escrow for corporations, there may already be an
implied requirement in corporate affairs legislation which requires
records to be held for a statutory period. If the records were
encrypted, then the key would need to be available to dcrypt them.
This could be used as the basis for a formal key escrow requirement.
I put this forward as a starting point for discussion of the concept
of differential key escrow.
As mentioned earlier the concept of restricting key escrow to higher
level encryption systems would reduce general user concerns about
using the GII and provide the confidence which the OECD considered was
essential to the economic viability of the infrasructures.
Another area where confidence has to be established is that of content
providers. Confidence that provider will receive payment for their
intellectual property will be key to the range of material being
available on the infrastructure. As the Minister fr Justice put it in
the speech I referred to earlier:
An important aspect of the network will be the quality of the
information available on it. the question of intellectual property
rights is crucial to the success of the infrastructure.
The Government is pursuing the question of intellectual property
rights in various international fora. However those rights have to be
protected once they have been defined. Encryption will be the key to
protecting information to which intellectual proprty rights attach and
to ensuring users pay for what they access. This will involve the more
traditional field of data protection as well as access control, user
authentication and electronic cash applications.
The Australian Government implements controls on the export of defence
and related goods through the Customs Act 1901 and the Customs
(Prohibited Exports) Regulations. In March 1994 the Government issued
Australian Controls on the Export of Defence andrelated Goods -
Guidelines for Exporters. The Guidelines state in part:
"The Government encourages the export of Australian made defence and
related goods where such exports are consistent with Australia's
interests including international, strategic, foreign policy and
human rights obligations".
The controls do allow exporters to apply for permits or licences to
export goods.
The controls specifically mention products related to cryptography as
follows:
1. complete or partially complete cryptographic equipment designed to
ensure the secrecy of communications (including data
communications and communications through the medium of
telegraphy, video, telephony and facsimile) or stored information;
2. software controlling, or computers performing the function of,
cryptographic equipment referred to in paragraph (a);
3. parts designed for goods referred to in paragraphs (a) or (b);
4. applications software for cryptographic or cryptanalytic purposes
including software used for the design and analysis of
cryptologics.
In November 1994 the Government also issued Australian Controls on the
Export of Technology With Civil and Military Applications - A Guide
for Exporters and Importers defines in more detail equipment,
assemblies and components to which the controls apply.
The Strategic Trade Policy and Operations Section, Department of
Defence makes recommendations on export applications.
The Government is committed to its policy of encouraging the export of
goods where this is not in conflict with the national interest or
obligations. To this end it is prepared to cooperate with
manufacturers, wherever possible, to advise on products whih might be
eligible for export. This is particularly relevant for the type of
products which would satisfy the requirements of general users of
information infrastructures and thus enhance the development and use
of such networks.
Digital signature techniques and public key authentication will play
an increasingly significant role as networks expand and the number of
users and range of services offered increase.
This is a further area where confidence needs to be engendered to
ensure acceptance. There is a need for a mechanism to ensure that
techniques are appropriate for the purpose for which they will be
used. Similarly there is a need for a structure throughwhich keys can
be obtained and digital signatures authenticated.
Within Australia a Government Group has been developing a proposal for
a Public Key Authentication Framework. The group's work has been
primarily focused on the needs of electronic commerce. In an
unpublished paper the group stated:
"There needs to be a wide scale informed debate about this issue
before any decisions are taken as to choice of technology, the
appropriate administrative structure, privacy issues, legal effect,
method of implementation and the like. After such a debate he
system will need to be introduced in a planned way with appropriate
public education, legislation and the like in order that the use of
the PKAF system will have the same standing and validity in the
eyes of the community as a paper based signature".
The proposal calls for a management structure to verify various key
generation systems, supervise the issue of key pairs and maintain a
directory of the public keys.
This proposal has been referred to the Standards Association of
Australia which has established a task force to examine the
establishment of an Australian Public Key Authentication Facility. The
Task Force is required to report by the end of the year.
Australia has also raised in the OECD the need to establish an
international framework to ensure the effective use of public keys as
a tool for both international electronic commerce and individual use
of the global information infrastructure.
While this proposal is driven, primarily, by commercial needs, there
is scope for it to be extended to meet the needs of individuals who
will also be using the information infrastructure. Any scheme such as
this has to be better than the current process f passing credit card
information over the network.
The referral of the PKAF proposal to Standards Australia is in keeping
with the Australian Government policy of minimal legislative
intervention. When commenting on the implementation of the OECD
Guidelines for the Security of Information Systems, in a seech I
referred to earlier, the Minister for Justice outlined the
Government's approach as follows:
"In implementing the Guidelines, the Government has decided not to
use a general legislative approach because of the problems in
reaching agreement with State and Territory Governments on
legislation where the Commonwealth has no blanket constitutional
power. "Furthermore we recognise that legislation is slow to
respond to technological advances, so broad definitions have been
used in relevant legislation to allow the courts to consider
current technology as cases come up".
This policy extends to electronic commerce and the use of cryptography
in general. Any legislation required to support the use of
cryptography is likely to be written in broad terms rather than
endorsing particular technology or algorithms. It would the be left to
groups such as Standards Australia to specify the standards which at
that particular point in time would meet the legislative requirement.
By the turn of the century, the major users of the Global Information
Infrastructure will be individuals conducting their day to day
activities in electronic form. The main concerns of these users will
be to authenticate their identity, to conduct their usiness with
privacy and to have a reasonable level of security for the
comparatively low level financial transactions they will be
performing. To date the cryptography debate has focussed on the higher
needs of government and business. There is a need or the debate to be
extended to cover the needs of individual users.
For the information superhighway to reach its full potential in terms
of both economic viability and social change, cryptographic systems
will need to be developed to meet the needs of individual users. These
systems will need to be cheap, user friendly,and above all, have
public confidence.
For centuries the simple paper wrapper called an envelope has met the
needs of the majority of users of the postal service. They come in
many forms but most provide an indication of whether they have been
tampered with.
Also individuals have their own wy of opening envelopes no matter what
type they are. This basic philosophy needs to be applied to encryption
systems for individual users. in other words a simple system which is
easy to seal and easy to open and which does not require a wide
variety oftechniques for either.
Individual users will not be attracted to use services if they each
involve different techniques for sending or receiving information. To
this end service providers may need to look at providing a number of
alternative schemes for distributing material s that they meet the
individual's requirements, rather than expecting the user to maintain
a number of systems to meet the various providers requirements.
Finally there is the question of public confidence. Users will not use
cryptographic systems unless they have confidence in them. Firstly
this confidence has to be established. Algorithms and the technology
to implement them will need to be tested and he results made public.
Once the tests have been completed, endorsement by standards bodies
will build public confidence.
There is also an ongoing requirement to continue to test systems to
ensure they remain suitable for the purpose for which they are being
used.
However some caution needs to be exercised in this respect. The main
users of encryption systems at this stageare reasonably well equipped
to make a considered assessment of the risks involved in using
particular systems.
This will not be the case initially for most individual users.
Messages flowing freely around the network that an algorithm has been
broken, ven when details of the extent of technology to achieve the
result are included, may cause a panic reaction and loss of confidence
in the particular system. The resultant lack of confidence could have
adverse effects on infrastructure usage. Debate on tese issues should
be limited to the appropriate parties rather than widely promulgated
on the network.
In summary, what I have been saying today is that there is a need for
the cryptography debate to be expanded to include the needs of the
individual users who will make up the largest percentage of users of
the global information infrastructure.
_________________________________________________________________
Navigation
Go to the Department of Commerce's Home Page.
Go to Roger's Home Page.
_________________________________________________________________
Last Amended: 4 August 1995
Roger.Clarke@anu.edu.au
Reader in Information Systems
Department of Commerce
Australian National University
Canberra ACT 0200 AUSTRALIA
Tel: +61 6 249 3666 or 3664
Fax: +61 6 249 5005 or 0744
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic