News (Media Awareness Project) - UK: Hand Over Your Keys |
Title: | UK: Hand Over Your Keys |
Published On: | 2001-01-13 |
Source: | New Scientist (UK) |
Fetched On: | 2008-09-02 05:57:15 |
HAND OVER YOUR KEYS
Protecting privacy could soon be more difficult in Britain than
anywhere in the world, warns Caspar Bowden. Internet users may end up
with fewer civil rights than terrorists
[a review of] "Crypto" by Steven Levy, Viking, $24.95, ISBN 0670859508
SINCE the Second World War, international communications have been
hoovered up from undersea cables and microwave links, and
increasingly from computer networks and mobile phones. Sorted and
sanitised, they become the intelligence reports intended for the eyes
only of government ministers. In Britain, the agency that performs
this work is Government Communications Headquarters (GCHQ) in
Cheltenham, Gloucestershire.
It was here in 1969 that the mercurial scientist James Ellis invented
"public key" cryptography, a revolutionary code that allows secret
communication without sharing a secret key. As a direct consequence,
Britain acquired a new law last year that compels the surrender of
computer passwords, even by people not suspected of any crime. It
means two years in jail if you refuse, and another five if you breach
a secrecy order and complain publicly.
The story of what's brought us to this extraordinary state of affairs
is told in Crypto. Written from an American viewpoint, it relegates
GCHQ to an appendix and begins instead with the independent
rediscovery of public key cryptography in 1975 by Whitfield Diffie, a
Stanford computer scientist. Ever since, Diffie has championed the
public's right to use it to protect individual privacy.
How is it possible to devise a code that does not require the
sender's choice of key to be shared with the receiver of the message?
The answer, realised by both Ellis and Diffie, is for the receiver to
construct a kind of puzzle that the sender uses to scramble messages
in a way that cannot be reversed unless you know the trick of the
puzzle. GCHQ worked out the details (which involve enormous prime
numbers) a few years before Diffie and others in the US. But it was
the Americans who were granted patents on the underlying mathematics.
These algorithms are now fundamental to Internet security and
e-commerce. Before you enter a credit-card number on the Web, there
should be a padlock in the corner of your browser to tell you that
all transactions to the website are now scrambled. In that case, all
the computers of the US National Security Agency (NSA) will not be
able put the pieces back together again.
Whitehall's confederacy of dunces simply did not know what to do with
this invention. Not only did it let the American patents go
unchallenged, it also kept the achievements of the GCHQ scientists an
official secret until 1998. The US successfully prevented the
proliferation of these techniques for more than a decade, using
export controls, until a computer program called Pretty Good Privacy
(PGP) found its way onto the Internet in 1991. Its author, Phil
Zimmerman, was arrested for "munitions smuggling", and prolonged
Kafkaesque investigations made him an Internet folk hero. Ironically,
he was motivated by worries about computer networks becoming embedded
in society, and the totalitarian consequences if these were
systematically exploited for surveillance.
Last year, Britain belatedly abandoned an Orwellian scheme for "key
escrow", which would have meant the prior deposit of everyone's keys
with government. But now it has the Regulation of Investigatory
Powers (RIP) Act 2000. Any public authority can demand keys, and can
even keep this a secret by using a gagging order "to protect
investigative methods". The only redress will be through a complaints
tribunal that can hear secret evidence which cannot be
cross-examined. These powers are due to be activated in October 2001,
when the next general election should be safely out of the way.
The RIP Act can also require Internet service providers to install
"black boxes" that relay Internet wiretaps direct to the MI5
building, home of the British security service. The Home Secretary
says these powers are necessary for catching drug dealers and
paedophiles. But this will leave every Internet user with fewer civil
rights and safeguards than are now enjoyed by terrorist suspects or
asylum seekers (and for this Home Secretary that is saying
something). Even more staggeringly, a leaked submission from the
police and intelligence agencies to the Home Office recently revealed
that they aspire to a seven-year computerised archive logging all
phone calls, e-mails and web browsing. When online, this amounts to
surveillance of your stream of consciousness without a warrant.
Crypto is a well-researched book. Its one flaw is its exclusively
American perspective, which means that it overlooks the most
repressive Internet legislation anywhere in the world: the RIP Act
2000.
Caspar Bowden is director of the Foundation for Information Policy Research
Protecting privacy could soon be more difficult in Britain than
anywhere in the world, warns Caspar Bowden. Internet users may end up
with fewer civil rights than terrorists
[a review of] "Crypto" by Steven Levy, Viking, $24.95, ISBN 0670859508
SINCE the Second World War, international communications have been
hoovered up from undersea cables and microwave links, and
increasingly from computer networks and mobile phones. Sorted and
sanitised, they become the intelligence reports intended for the eyes
only of government ministers. In Britain, the agency that performs
this work is Government Communications Headquarters (GCHQ) in
Cheltenham, Gloucestershire.
It was here in 1969 that the mercurial scientist James Ellis invented
"public key" cryptography, a revolutionary code that allows secret
communication without sharing a secret key. As a direct consequence,
Britain acquired a new law last year that compels the surrender of
computer passwords, even by people not suspected of any crime. It
means two years in jail if you refuse, and another five if you breach
a secrecy order and complain publicly.
The story of what's brought us to this extraordinary state of affairs
is told in Crypto. Written from an American viewpoint, it relegates
GCHQ to an appendix and begins instead with the independent
rediscovery of public key cryptography in 1975 by Whitfield Diffie, a
Stanford computer scientist. Ever since, Diffie has championed the
public's right to use it to protect individual privacy.
How is it possible to devise a code that does not require the
sender's choice of key to be shared with the receiver of the message?
The answer, realised by both Ellis and Diffie, is for the receiver to
construct a kind of puzzle that the sender uses to scramble messages
in a way that cannot be reversed unless you know the trick of the
puzzle. GCHQ worked out the details (which involve enormous prime
numbers) a few years before Diffie and others in the US. But it was
the Americans who were granted patents on the underlying mathematics.
These algorithms are now fundamental to Internet security and
e-commerce. Before you enter a credit-card number on the Web, there
should be a padlock in the corner of your browser to tell you that
all transactions to the website are now scrambled. In that case, all
the computers of the US National Security Agency (NSA) will not be
able put the pieces back together again.
Whitehall's confederacy of dunces simply did not know what to do with
this invention. Not only did it let the American patents go
unchallenged, it also kept the achievements of the GCHQ scientists an
official secret until 1998. The US successfully prevented the
proliferation of these techniques for more than a decade, using
export controls, until a computer program called Pretty Good Privacy
(PGP) found its way onto the Internet in 1991. Its author, Phil
Zimmerman, was arrested for "munitions smuggling", and prolonged
Kafkaesque investigations made him an Internet folk hero. Ironically,
he was motivated by worries about computer networks becoming embedded
in society, and the totalitarian consequences if these were
systematically exploited for surveillance.
Last year, Britain belatedly abandoned an Orwellian scheme for "key
escrow", which would have meant the prior deposit of everyone's keys
with government. But now it has the Regulation of Investigatory
Powers (RIP) Act 2000. Any public authority can demand keys, and can
even keep this a secret by using a gagging order "to protect
investigative methods". The only redress will be through a complaints
tribunal that can hear secret evidence which cannot be
cross-examined. These powers are due to be activated in October 2001,
when the next general election should be safely out of the way.
The RIP Act can also require Internet service providers to install
"black boxes" that relay Internet wiretaps direct to the MI5
building, home of the British security service. The Home Secretary
says these powers are necessary for catching drug dealers and
paedophiles. But this will leave every Internet user with fewer civil
rights and safeguards than are now enjoyed by terrorist suspects or
asylum seekers (and for this Home Secretary that is saying
something). Even more staggeringly, a leaked submission from the
police and intelligence agencies to the Home Office recently revealed
that they aspire to a seven-year computerised archive logging all
phone calls, e-mails and web browsing. When online, this amounts to
surveillance of your stream of consciousness without a warrant.
Crypto is a well-researched book. Its one flaw is its exclusively
American perspective, which means that it overlooks the most
repressive Internet legislation anywhere in the world: the RIP Act
2000.
Caspar Bowden is director of the Foundation for Information Policy Research
Member Comments |
No member comments available...