Cryptography and Liberty: 'Can the Trusted Third Parties Be Trusted?: A Critique of the Recent UK Proposals'
Faculty of Law, Istanbul Bilgi University
London School of Economics & Political Science (LSE) - Computer Security Research Centre
O'Reilly and Associates
August 8, 2011
Journal of Information Technology, Vol. 2, 1997
Computer encryption is part of the basic infrastructure for modern digital commerce and communications. Recently it has been the subject of various proposals from the U.K. government, as well as governments in several other countries and the European Union as a whole. Whilst these proposals claim to address both the goal of improving commerce through better encryption and that of facilitating access to encrypted communications by law enforcement, the impact of the proposals is in fact to impair the former goal in order to favor the latter. They tend to call for `key escrow' or `key recovery' systems that centralize sensitive keys in databases (at `Trusted Third Parties') and permit government access in a manner similar to that in which phone wiretaps are currently conducted. This paper examines several proposals, especially the March 1997 Consultation Paper from the Department of Trade & Industry entitled `Licensing of Trusted Third Parties for the Provision of Encryption Services', and assesses their implications. We argue that key escrow represents an unprecedented intrusion on individual privacy, holds back the development of digital communications and commerce, and does not achieve the government's stated goals of helping to prevent crime. As an alternative, to address problems of law enforcement in electronic commerce and to facilitate the prosecution of crimes, we suggest a compromise proposal which we call `key archiving.'
Date posted: October 8, 1997 ; Last revised: February 27, 2014