By Rachel Chalmers
The British government has given opponents of its unpopular key recovery crypto plan a mere three weeks to come up with an alternative proposal. The Department of Trade and Industry (DTI) first made its encryption policies public in 1997, when it proposed a scheme to license trusted third parties (TTPs) to maintain and certify encryption keys. Under the DTI proposal, law enforcement and security forces would retain access to encrypted material via key escrow. This plan made civil rights organizations extremely unhappy. One group, stand.org.uk, urged UK voters to adopt an MP with a view to persuading them that key escrow will hurt industry and privacy without helping catch criminals at all. That group now boasts 3000 members in 600 constituencies. The private sector was no less annoyed, pointing out that few overseas business partners or customers would trust encryption which had been compromised in this way. In addition, while legitimate traders would be required to give up their key, criminals would obviously have no incentive to participate in the scheme, giving them a distinct technical advantage.
Finally, on March 4 1999, the UK Prime Minister Tony Blair backed down. Key escrow is not the answer, he told representatives of the UK’s most prominent IT and telecommunications companies, including BT, CBI, Entrust, GEC, HP, ICL, Intel, Microsoft, Motorola, Racal and Sun. But Blair emphasized that it was not good enough for industry merely to say that key escrow was unworkable: businesses must assist in providing alternatives. If satisfactory solutions do not emerge, the PM said, escrow could make a comeback. An industry-government Task Force headed by DTI’s David Hendon now has three weeks to examine possible technical alternative means to assist law enforcement. Appropriately enough, their plan is due on April 1, 1999. Why the short deadline? Because, according to a DTI Consultation Document released last week, The Government is committed to introducing legislation in the current parliamentary session. The government’s reasoning appears to be that even if key escrow is a poor control over encrypted material, it is better than giving up control of electronically transmitted data altogether. Few outside the British authorities would agree.
