University of New South WalesFaculty of Law - Information Technology Law


C y b e r s p a c e - l a w


RECENT INTERNATIONAL LEGAL DEVELOPMENTS IN ENCRYPTION

Keith Holland

Assistant Secretary
Security Law and Justice Branch
Attorney-General's Department

The views in this paper are those of the author and do not
necessarily represent the views of the Australian Government


INTRODUCTION

Governments around the world are coming to grips with the problems created by the increasing availability of strong encryption to the private sector and individual users. For centuries cryptography has been exclusively in the government domain. Now changes in technology and economic and social imperatives have made it essential that governments not only allow, but encourage its use in the private sector. This has required governments to relinquish the monopoly they had over its use. This broadening of the use of cryptography is seen as an essential element in fostering electronic commerce as it provides information security.

The European Union[1] averted to this in a recent publication when it said:

In order to make good use of the commercial opportunities offered by electronic communication via open networks, a more secure environment needs to be established. Cryptographic techniques are widely recognised as essential tools for security and trust in open networks. Two important applications of cryptography are digital signatures and encryption.

In this presentation I would like to touch on some of the steps governments are taking to address the issues raised by the proliferation of cryptography.

AVAILABILITY OF CRYPTOGRAPHIC PRODUCTS

The threshold issue is the availability of cryptographic products; the development and manufacture of such products and what controls are imposed on their importation or exportation.

The Australian Government implements controls on the export of defence and related goods through the Customs Act 1901 and the Customs (Prohibited Exports) Regulations.

The Government's policy is to encourage the export of defence and dual-use goods which are consistent with Australia's broad national interests.

The controls allow exporters to apply for permits or licences to export goods.

The guide for exporters and importers[2] specifically mention products related to cryptography under Part 3 Category 5 5A002

Unlike the United States, the export of cryptography from Australia is not governed by a predetermined set of criteria based on key length. Australian export licenses are granted on a case by case basis. The Strategic Trade Policy and Operations Section, Department of Defence makes recommendations on export applications in the case of cryptographic technologies, based on advice from Defence Signals Directorate.

The Government is committed to its policy of encouraging the export of goods where this is not in conflict with the national interest or obligations. To this end it is prepared to cooperate with manufacturers, wherever possible, to advise on products which might be eligible for export. This is particularly relevant in the case of products which satisfy the requirements of general users of information infrastructures and thus enhance the development and use of such networks.

Australia has its own capability for the development and manufacture of cryptographic products. In addition products are available from a number of other countries which do not control their export. Consequently we are not completely dependent on United States products to meet security requirements.

The United States has strong export controls that relate to the strength and use of individual algorithms. For example there is no restriction on export of cryptography used for authentication nor for algorithms with key lengths below certain set limits. These controls are effective where the cryptographic product alone is the subject of exportation but less effective where cryptographic modules are integrated into other products such as web browsers, email packages etc. In some cases, only lower strength products are permitted to be exported or made available to non US citizens. However, where these products are implemented through software, they tend to find their way into the public domain thus circumventing export controls. This problem applies to a number of countries including Australia.

Australian manufacturers have formed an Information Technology and Telecommunications Security Forum to liaise with government to ensure, inter alia, that Australian cryptography capabilities are maintained.

OECD GUIDELINES ON CRYPTOGRAPHY POLICY

The legal issues surrounding cryptography policy will have to be considered in the context of perhaps one of the most significant developments at the international level, namely the decision of the Council of OECD to approve Guidelines on Cryptography Policy. These Guidelines have subsequently gained wide international acceptance, by business, civil liberties groups, and Governments, including the Australian Government. In his statement "Investing for Growth" on 8 December 1997, the Prime Minister announced that the Australian Government would adopt the OECD guidelines.

The Guidelines recognise the importance of cryptography as a tool for protecting privacy, the confidentiality of information and for the authentication, integrity and non-repudiation of transactions in electronic commerce. On the other hand they recognise the potential harm to law enforcement and national security from misuse of cryptography. The Guidelines were produced to assist governments develop policies which balance the various interests. They are not designed to affect the sovereign rights of governments and are always subject to the requirements of national law.

The principles seek to strike a balance and as such the integration section of the Guidelines calls for the principles to be implemented as a package. Use of particular principles in isolation has the potential for development of policies which do not balance the various interests. I think it is useful therefore to make a few comments on the individual principles, their intent and their possible impact.

TRUST IN CRYPTOGRAPHIC METHODS

1. CRYPTOGRAPHIC METHODS SHOULD BE TRUSTWORTHY IN ORDER TO GENERATE CONFIDENCE IN THE USE OF INFORMATION AND COMMUNICATIONS SYSTEMS

This principle defines the basic reason for the use of cryptography, the need to generate user confidence. Security and privacy are major issues in generating such confidence. Much has been made of the lack of security and privacy when using the Internet and cryptography is seen as a major tool both for protecting the confidentiality of messages and ensuring the authenticity, integrity and non-repudiation of messages, particularly those essential for the conduct of electronic commerce. This principle recognises that that level of confidence in the infrastructure can only be achieved if trustworthy cryptographic methods are available to users.

CHOICE OF CRYPTOGRAPHIC METHODS

2. USERS SHOULD HAVE A RIGHT TO CHOOSE ANY CRYPTOGRAPHIC METHOD, SUBJECT TO APPLICABLE LAW

This principle recognises that different methods may meet different needs. It is designed to allow users maximum choice within any constraints which may be applied by national governments. While the phrase `subject to applicable law' has been generally interpreted as allowing governments to apply an upper limit to the strength of cryptography which may be used, the principle also allows governments to require a minimum level of cryptography to be used in particular circumstances. For example, the Office of Government Information Technology is developing a public key infrastructure for use by government and its clients. This scheme will specify minimum strengths that must be used to protect the interests and assets. The project is consistent with this principle.

Regardless of whether upper or lower limits are applied, the principle should only be applied to the extent that it is considered essential to the discharge of government responsibilities and should respect user choice to the greatest extent possible.

MARKET DRIVEN DEVELOPMENT OF CRYPTOGRAPHIC METHODS

3. CRYPTOGRAPHIC METHODS SHOULD BE DEVELOPED IN RESPONSE TO THE NEEDS, DEMANDS AND RESPONSIBILITIES OF INDIVIDUALS, BUSINESSES AND GOVERNMENTS

For centuries, cryptography was the sole domain of governments, particularly the military and diplomatic communities. The advent of information technology resulted in cryptography becoming an essential element of the security of business and or individual user's transactions. The principle recognises that the future development of cryptographic methods will need to take account of the needs of all these groups. It also recommends co-operation between the various elements in the development of methods.

STANDARDS FOR CRYPTOGRAPHIC METHODS

4. TECHNICAL STANDARDS, CRITERIA AND PROTOCOLS FOR CRYPTOGRAPHIC METHODS SHOULD BE DEVELOPED AND PROMULGATED AT THE NATIONAL AND INTERNATIONAL LEVEL.

This principle also recognises the increasing role of market forces in the development of cryptographic methods. It is aimed at ensuring that standards developed at the national and international level reflect market needs and ensure the global interoperability of IT systems which incorporate cryptography. Both Standards Australia and the International Organisation for Standardisation ensure an appropriate mix of government and private sector representatives to reflect this principle.

PROTECTION OF PRIVACY AND PERSONAL DATA

5. THE FUNDAMENTAL RIGHTS OF INDIVIDUALS TO PRIVACY, INCLUDING SECRECY OF COMMUNICATIONS AND PROTECTION OF PERSONAL DATA, SHOULD BE RESPECTED IN NATIONAL CRYPTOGRAPHY POLICIES AND IN THE IMPLEMENTATION AND USE OF CRYPTOGRAPHIC METHODS.

Cryptography is a two edged sword when considered in the context of privacy. On the one hand, encryption is a strong tool for protecting personal information and the privacy of communications. Authentication techniques ensure users know with whom they are communicating in an environment where there is no personal contact to confirm that the person is who they think or intend them to be. It can also ensure that only persons entitled to access personal data can obtain such access.

On the other hand, authentication requires individuals to provide personal information as part of the process of binding identity to the authenticator. There is a potential for this information to be misused. In addition, strong authenticators can be used to build profiles of users and their activities.

However, it should be noted that authentication can also provide for anonymous or pseudonymous access or purchasing where appropriate.

The Principle calls for these issues to be considered when developing cryptography policy and notes the guidance provided in the OECD Guidelines for the Protection of Information in Transborder Flows of Personal Data. The Information and Security Law Division of the Department encompasses both cryptography and privacy policy and will ensure that this principle is complied with.

LAWFUL ACCESS

6. NATIONAL CRYPTOGRAPHY POLICIES MAY ALLOW LAWFUL ACCESS TO PLAINTEXT, OR CRYPTOGRAPHIC KEYS, OF ENCRYPTED DATA. THESE POLICIES MUST RESPECT THE OTHER PRINCIPLES TO THE GREATEST EXTENT POSSIBLE.

This Principle relates to lawful access, not just law enforcement access. There will be circumstances where access will be required by, for example, businesses where employees are not available to decrypt data or where a key has been lost.

The principle also draws a distinction between encryption for confidentiality and the use of cryptography for authentication. The principle states that it does not apply to authentication keys. To allow another person access to an authentication key allows that person to assume the electronic identity of the user to whom the key has been issued. Clearly this is not acceptable and in the case of law enforcement access to a person's key could taint any evidence authenticated with that key.

A problem arises where the same key pair is used for both authentication and confidentiality purposes. Lawful access would be permitted where the key was used for confidentiality. However since the key also had an authentication function, this would mean that the electronic identity would be compromised. Both Governments and the private sector are encouraging the use of separate key pairs for confidentiality and authentication. I understand research is underway into techniques which would force the separation of confidentiality and authentication functions.

The reference to plaintext relates to new key recovery technologies which provide access to session keys which are used to encrypt individual messages rather than private encryption keys used to exchange session keys. In these circumstances, individual messages can be recovered without compromising a users private encryption key.

LIABILITY

7. WHETHER ESTABLISHED BY CONTRACT OR LEGISLATION, THE LIABILITY OF INDIVIDUALS AND ENTITIES THAT OFFER CRYPTOGRAPHIC SERVICES OR HOLD OR ACCESS CRYPTOGRAPHIC KEYS SHOULD BE CLEARLY STATED.

Liability is seen as an important element in establishing user confidence in using the global information infrastructure. This principle is designed to ensure that users are aware of liability issues before using cryptography. It covers liability for misuse of keys by users and those who have lawful access to the keys such as trusted third parties or law enforcement.

The liability issue is particularly important in respect of authentication and electronic commerce.

Use of open systems such as Internet raise a number of legal issues, not least of which is that of risk allocation and liability. What we are talking about here is the liability of players in an open system which uses digital signatures supported by a certificate of identity issued by a certification authority. The issues are similar to those which arise in respect of the use of credit cards, except that in the case of credit cards you enter into a contract with the bank and you know, or should know, just what you will be liable for if you lose your card or it is misused.

The same is not true of the use of digital signatures in a public key authentication framework - partly because we haven't yet got to the stage where such a framework is fully operational. The fundamental question is who should bear the risk of loss - the consumer, the certifying authority or the merchant who is relying upon the consumer's digital signature. Contract can be used to resolve the issue in some of these relationships - the consumer and certifying authority, for example. But it doesn't really work, for example, in the context of the merchant and certifying authority, because the merchant has no relationship with the certifying authority. Not that this type of situation is peculiar to new technology and authentication frameworks. The law already deals with a number of situations where contractual remedies are not readily available. Nevertheless, the answer to such problems is often seen to lie in interventionist legislation. I do not agree and will address that issue in a few minutes.

INTERNATIONAL CO-OPERATION

8. GOVERNMENTS SHOULD CO-OPERATE TO CO-ORDINATE CRYPTOGRAPHY POLICIES. AS PART OF THIS EFFORT, GOVERNMENTS SHOULD REMOVE, OR AVOID CREATING IN THE NAME OF CRYPTOGRAPHY POLICY, UNJUSTIFIED OBSTACLES TO TRADE.

This principle calls for governments to avoid using cryptography policy as a barrier to trade, particularly electronic trading. The wording is consistent with that used by the World Trade Organisation in its agreements.

The principle calls for national key management systems to allow for the international use of cryptography. However, the opening statements of the Guidelines specifically refer to the Wassenaar Agreement on Export Controls for Conventional Arms and Dual-use Goods and Technologies. Australian export controls are implemented in accordance with that agreement and would not be seen as an unjustified obstacle to trade.

The principle contains a call for bilateral and multilateral co-operation and agreement on lawful access. In July last year, Australia hosted a Working Meeting on International Cooperation on Cryptography Policy as part of the implementation of this principle.

SUMMATION

From this brief outline of the OECD Guidelines, you can probably get a feel for the difficulties confronting governments because the guidelines are designed to produce cryptography policies which try to balance what at first sight might appear to be conflicting interests. Business and government require certainty and security to foster online commerce. Cryptography technology can provide that environment but in so doing may hamper or frustrate governments' legitimate `right to know' for law enforcement and national security purposes.

Already law enforcement and national security agencies, including Australian agencies, are encountering misuse of this technology by criminal elements to avoid detection or prosecution. If governments are to carry out their responsibilities of protecting public safety and the community, they need to have the necessary tools to do so.

In some cases misuse of the technology is hampering investigations into attacks on elements of the information infrastructure itself. If governments are to assist in developing the necessary user confidence in the new technologies, they must be able to prevent or take action against perpetrators of such attacks.

Governments are working together to develop approaches which achieve this balance without undermining overall user confidence.

LAW ENFORCEMENT

As mentioned, a major area of concern for government has been the impact of the new technology on law enforcement which is already encountering the use of encryption by criminals to protect their communications and stored data. The question is whether existing legal principles can be applied in this new environment. Present indications are that they can.

Information is information, whether it be in paper or electronic form. Australia has long accepted processes whereby law enforcement can access information where it can justify such access.

In respect of communicated data, the Telecommunications Interception Act sets out the circumstances where such information can be intercepted and the processes that must be followed.

The use of encryption complicates this access. Law enforcement will need to develop the tools to deal with this. However, there is no need to change the basic principles which govern access, and the tools will have to be used within the constraints such principles exert.

In addition, law enforcement and the legal profession is facing the use of encryption to protect stored information. The question arises as to how that information can be used as evidence. Once again, there are long established legal principles that permit law enforcement to gather evidence.

Where cases involve criminal law, the principle of self-incrimination would permit an accused to decline to comply with a demand that they surrender the key to such encryption. In order to enable law enforcement agencies to have access to keys it may become necessary to modify the application of this principle in some circumstances.

While some changes to legislation may be necessary, they are in the nature of modifications to the application of principles rather than a change to the principles themselves. The important thing is to ensure that the principles which currently govern the circumstances in which law enforcement can access information, and which are generally accepted by the community, not be changed without sufficient justification.

The Australian policy on the use of cryptography is that there are no restrictions on the importation or use of cryptography. In the context of law enforcement, we may need to examine whether there should be any change to this policy. The Government in its pre-election policy statement said:

"We are working with law enforcement to ensure that any policy developments do not change the principles which govern their access to the information required for them to discharge their responsibilities for public safety."

This approach has been evident in the recent amendments to the Telecommunications Act which are directed at ensuring a continuing interception capability despite the emergence of new technologies, both in telecommunications and cryptography. The changes are again based on the premise that access to communications under warrant is a basic law enforcement principle which is accepted by the community. This principle should be made neutral so that future changes in technology do not require changes in legislation.

The changes to the Telecommunications Act require services to be interceptible to the standards set out in what is known as the International User Requirement. This is an internationally agreed, generic specification of requirements for telecommunications interception capabilities for the purposes of law enforcement and national security. The obligation applies both to carriers and to carriage service providers.

Some confusion has arisen about the application of the Requirement to encrypted services which I would like to clarify. Yes, the changes do require carriers and service providers to provide an interception capability. And yes this could include the ability to decrypt messages which may have been encrypted by the carrier or service provider as part of the normal operation of the service. It does not, however, require carriers or service providers to decrypt traffic which has been encrypted by customers before being carried over the network.

This requirement for carriers and service providers to provide an interception capability is nothing new. Law enforcement agencies have been able to intercept communications under warrant since early 1988. And carriers have been required to provide interception facilities in new services to law enforcement agencies since 1991. However, advances in technology require changes to the way in which that is done. The amendments do not change the basic principle of interceptibility for law enforcement purposes. Nor do they change the process which law enforcement and national security agencies have to follow to be able to intercept communications lawfully.

SURVEILLANCE DEVICES

Similar considerations apply to the use of surveillance devices and the impact of new technology.

There are existing principles and practices for the use of such devices for capturing voice. The change in technology, however, has resulted increasingly in more of that speech being transmitted as text rather than voice. For example email is increasingly replacing telephone conversations.

Consideration may need to be given to enacting legislation covering surveillance device which is technology neutral to allow it to cover the capture of electronic communications at the point of input. This may occur before a communication to be captured is encrypted. Alternatively it may allow an encryption key to be captured.

An indication of need for change was contained in a media release of 19 January by the Minister for Justice. The release dealt with initiatives in the Attorney-General's portfolio to implement the Prime Minister's Drug Strategy. One of the initiatives signalled by the Minister was a review of electronic surveillance legislation. The Minister said:

`It is important that agencies are able to effectively use the latest surveillance technology including, on occasions, on private property.

It is also important that law enforcement authorities be required to comply with an authorisation system that protects the community from potential abuse of this equipment.'

Such a review may consider the use of surveillance devices to counter the effects of encryption.

In November last year, the "Computer News" section in the Australian reported that in response to the question:

"Should Internet Service Providers be required to provide law enforcement with the capability to decrypt all messages carried on their network?" 93% of respondents said no, only 7% yes. Almost all of those replying `No' cited "invasion of privacy" as the reason for their response.

The question had been posed by the Australian in the "Computer News" section and response was by the Internet. There is no doubt that those responding would hardly represent a cross section of society. Nevertheless, the result does reflect the extent to which the individual's right to privacy is seen as a major concern for most people, and highlights the difficulties confronting law enforcement agencies who see their capabilities as being eroded by the use of encryption. This is a problem not unique to Australia as evidenced by a recent statement by European Ministers for Justice and Home Affairs at the end of last month. In its website report, the ABC reported that:

`European Union Ministers for Justice and Home Affairs have agreed that law enforcement agencies must have access to the codes used to transmit secret information over the Internet. In their first discussion of what is set to become one of the major privacy/civil liberties issues of the next century, the Ministers warned that unbreakable encryption systems would mean organised crime could pursue its activities unhindered.'

`We have to make sure that legitimate law enforcement interests are taken into account when it comes to accessing encrypted material," said Joyce Quin, a junior British Home Office Minister. "We should not be in the position of fighting the crime of the 21st century with the methods and equipment of the 19th.'

It will not be easy for any government to find the policies that strike the right balance.

KEY RECOVERY

While encryption is a powerful security tool it is also the source of potential problems where an encryption key is lost or damaged and the encrypted data cannot be retrieved. Both the OECD Guidelines for the Security of Information Systems and the Australian/New Zealand Standard - Information Security Management have objectives which include ensuring the availability of data. This would include ensuring that systems are in place whereby encrypted data could be recovered in the case of loss of, or damage to, the encryption key.

It would be consistent with the Government's role of promoting the OECD Guidelines for it to highlight to the community the advantages of products which facilitate lawful access to encrypted data. One of the tools for achieving such lawful access is key recovery technology.

The provision of storage containers for paper based information is a basic part of security. However, it is recognised that spare keys or copies of combinations for safes need to be held to allow organisations to access information where the usual holder of the key or combination is not available. The same principle applies where data is encrypted for security purposes.

There are two basic key recovery approaches that could be employed. The first involves storage of the private keys needed to decrypt data. The second relates to techniques that allow recovery to the session key used to encrypt a particular message. This key changes from message to message.

The Office of Government Information Technology is developing a public key infrastructure for encryption.

LEGAL ENVIRONMENT

Turning to the question of whether or not we need a `suite of cyberlaws', I refer you to the Report on the Global Information Economy prepared by the Information Industries Taskforce known as the `Goldsworthy Report'. The Report urged governments to `adopt a non-regulatory, market oriented approach to electronic commerce, one that facilitates the emergence of a transparent and predictable legal environment to support business and commerce'. This is a view we share and one that applies as much to the use of cryptography as it does to other aspects of information technology. But the `Goldsworthy Report' also emphasised that in attempting to achieve this environment, we may not necessarily need new legislation, a view also expressed in the Clinton Administration statement of July last year.

On the question of radical change, the Commonwealth Attorney-General[3] the Hon Daryl Williams, in an address to the Security in Government Conference in November 1997, said

`The changes in information handling are an evolutionary, not a revolutionary process. In the same way that this needs to be reflected in changes in the legal framework, so it is with changes in the protection of that information. The basic principles that apply to the exchange and protection of information still apply despite the change in the environment in which that information is stored or communicated. We have to ensure that this change in the environment is not used as a vehicle for fundamental changes in the principles which have served society well, in some cases for hundreds of years.'

We must focus on how to interpret the law in this new and ever changing environment. One only has to examine the changes in technology in the last ten years to realise that the environment has changed significantly but the existing law has, by and large, been able to cope.

For example, how many people here have used their credit card over the phone to buy goods or to pay bills? That has been achieved without changes in the legal principles that govern business and evidence of transactions. And yet, when it comes to the current expansion of information technology, we hear a constant refrain that we do not have the necessary legal infrastructure to facilitate the Technological Revolution in general and electronic commerce in particular. It is claimed that the legal system does not provide the necessary `certainty'.

In the relatively brief period that I have been involved in this area of information technology, it is the almost obsessive quest for certainty that has struck me the most. On closer examination it becomes clear that the level of certainty being sought, is greater than can be found in any other aspect of life. For example, when we enter into written contracts we do so because we want to bring some certainty to our commercial dealings. The fact that courts at all levels devote so much time to the resolution of contract dispute is a fair indication that we have not achieved our objective. And yet in the area of information technology, an even higher level of certainty is being sought from the legal system without, it seems, any consensus as to what is truly meant by `certainty'. Well let me add to the old adage that death and taxes are the only things that are certain in life by saying that I am certain you will never achieve absolute certainty in the legal system.

In a revolution every bit as profound as the one we are now engaged in, namely the Industrial Revolution, there was no greater certainty than there is now.

Just as the Industrial Revolution forged on regardless, so too will the Technological Revolution.

By these remarks I do not mean to imply that all is right with the legal world in the context of technology. Far from it. Some problems have already been identified and no doubt the current inquiries and the report of the Attorney-General's Expert Group looking at legal issues will come up with a few more. And depending upon what decisions governments make it may be necessary to amend existing legislation or pass new laws.

But the important point that the Attorney made in his speech in November and needs to be reinforced time and again, was that the fundamentals of our legal system are in good shape. Our legal system coped with the Industrial Revolution; sure it spurned new laws and the courts, through development of the Common Law, evolved others - an evolution which is still taking place. Just as the former Revolution did not stand still waiting for the ideal legal infrastructure, nor can the current one. The law cannot be allowed to be used as an excuse for inaction in this area.

[1] European Union, Ensuring Security and Trust in Electronic Commerce, http://

[2] Department of Defence, Australian Controls on the Export of Defence and Strategic Goods - A Guide for Exporters and Importers, Canberra, November 1996

[3] The Hon Daryl Williams AM QC MP, The New Security Risk Environment, Keynote Address to the Security in Government 97 Conference, Canberra, November 1997, Unpublished