ENCRYPTION AND THE GLOBAL INFORMATION INFRASTRUCTURE AN AUSTRALIAN PERSPECTIVE Steve Orlowski Assistant Director Security Management Australian Attorney-General's Department The views in this paper are those of the author and do not necessarily represent the views of the Australian Government Copyright the Commonwealth Government of Australia, 1995 Presented at the Cryptography Policy and Algorithms Conference, Queensland University of Technology, Brisbane, Australia, July 1995 Appearing shortly in an Elsevier volume In December 1993 the Australian Government established a Broadband Services Expert Group to examine the technical, economic and commercial preconditions for the widespread delivery of broadband services to homes, businesses and schools in Australia. In rleasing the Group's Final Report Networking Australia's Future the Prime Minister said being linked to the national information infrastructure is a fundamental right for all Australians. As the Final Report put it: "In the next decade, large-scale communications investments in Australia will pave the way for many business, government, information and entertainment services. These services could change forever the way business and government operate and how we commuicate with our colleagues, families and friends. Over time, even the significance of international borders and the design of towns and cities will change." Similarly, the OECD in its 1992 Guidelines for the Security of Information Systems said: "Recent years have witnessed ... growth of computer use to the point that, in many countries, every individual is an actual or potential user of computer and communication networks." Encryption was for centuries the domain of government, primarily to protect military and diplomatic communications. In the past few decades private enterprise has become an increasingly larger user of cryptography to protect its commercial activities. W have now arrived at the point where individuals are going to become major users of cryptography to protect personal information and finances, and their privacy in general, as they become participants in information infrastructures. Over the past twelve months, the OECD has embarked on a round of meetings on Global Information Infrastructures. The outcomes of this round are to be provided in a report to the G7 on job creation and the information society. Security privacy and the prtection of intellectual property are some of the issues being addressed as part of this round. Indeed the final meeting will specifically address these issues. In outlining an agenda for this meeting the OECD saw encryption as a pivotal issue in the secrity of information systems. The OECD will also be holding a meeting on National Cryptography Policies later this year. The interest in the Global Information Infrastructure relates not only to the direct impact of the infrastructures on national economies, but also on the economic impact of investment failures if the infrastructure is misused or not used to its expected cpacity. User confidence is seen as a key factor in infrastructures reaching their full potential. It is from this position that the OECD is examining issues of security, privacy and the protection of intellectual property. Turning again to the OECD Guidelines, they stated when addressing the question of building confidence: "Users must have confidence that information systems will operate as intended without unanticipated failures or problems. Otherwise, the systems and their underlying technologies may not be exploited to the extent possible and further growth and innovatin may be inhibited." Obviously if encryption is a pivotal issue in information systems security, confidence in encryption techniques and technology is pivotal to confidence in information infrastructures and therefore to the economic viability of such infrastructures. At the meeting in Paris last November most of the session on security was taken up with encryption. It was interesting, however, that very little of it was related to security of government or commercial information on systems. The main focus was on verfiable but untraceable transactions on information infrastructures. This highlighted the progression of cryptography towards individual's requirements and their desire for their transactions to be secure but anonymous. The issue of privacy of an individual's activities in information infrastructures is beginning to receive similar attention in Australia. Individuals are concerned that their activities can be monitored to develop personal profiles such as buying habits. These profiles could then be exploited by organisations such as direct marketing bodies. The Minister for Justice in a speech to the Australian Share/Guide Conference in March this year identified two areas of concern: People want to be assured that information on how they use the network is protected. Usage patterns are of particular interest and value to various groups, for example, direct marketers. People also need to be assured that the content of their information is protected both on networked systems and flowing across the network. Both these concerns can be overcome through the use of cryptography. The first through verifiable but untraceable transactions and the latter through more established message encryption techniques. The question of verifiable but untraceable transactions has attracted the concern of law enforcement agencies given the potential for the proceeds of crime to be transferred in this way. In Australia the Financial Transactions Reports Act 1988 requires tansactions above specified limits to be reported. This approach could possibly be extended to put limits on computer cash transactions which can be carried out anonymously. This would allow individuals protection of their privacy on the small transactios which would make up the bulk of their activity but place some obstacles in the way of those who wish to move large volumes of money illicitly. Technology which limits the amount of anonymous cash which can be sent, received or stored per terminal or smrt card per day may be able to be developed to overcome the law enforcement concerns. While such an approach might reduce the problem of cash transactions for illicit purposes, the more vexing problem is that of criminal activities being planned or transacted by telephone or over networks, particularly where encryption is involved. In othr words the "key escrow" debate. In Australia telecommunications interception (TI), both voice and data, is carried out under the provisions of the Telecommunications (Interception) Act 1979. In 1993 the Australian Government initiated a Review of the Long Term Cost Effectiveness of Telcommunications. The Report stated: "The evidence suggests that TI is very effective as part of an integrated framework of surveillance by both law enforcement and security agencies". A significant finding of the report was: "Encryption by targets of their communications (both voice and data) is not considered by agencies as a problem for TI at present in Australia, but it is a growing problem in the US and Europe and a potentially significant problem in Australia. It will eed to be monitored, particularly with increased availability of cheap voice encryption devices. The issues extend well beyond the scope of the Review." The report also commented that: "...Australians have available in the GSM digital mobile services an effective means of encrypting their communications for legitimate privacy and commercial security purposes...". As a result of the Report, Australia is, among other TI issues, monitoring the impact of encryption in the telecommunications interception area and will re-examine matters in 1997 following the opening of the telecommunications area to full competition. The average Australian mobile phone user appears to be satisfied with the security offered by the GSM digital mobile services and to date I have not seen a report of instances of communications on that network having been found to be insecure. Individual and small businesses seem to be the major users of the networks and their requirements for security are relatively low. On that basis there would appear to be a relatively small market for voice encryption devices on mobile phone services. Similarly Autralians have, by and large, been comfortable with the standard telephone service and again there has been comparatively little market for voice encryption products, although they have been readily available. Of course there have been instances of criminals using encryption devices on the existing standard and mobile services, and this will continue. However, most persons involved in this field agree that even if key escrow were introduced, this could be circmvented by determined criminals. Furthermore we are rapidly moving towards the integration of voice and data services. By the turn of the century, the majority of voice communications is likely to be over data lines. Encryption of both voice and data is therefore likely to be handled b the same products. Stephen Walker, in his paper 'Software Key Escrow A Better Solution for Law Enforcement Needs?' stated: "Since law enforcement's requirements for key escrow appear largely focused, for now at least, on telephone communications, it will probably remain necessary for the government to escrow keys of telephone security devices". (It has been observed that due t the high cost of telephone security devices with or without Clipper, there may never be a significant market for such devices and therefore little reason for an extensive telephone-only based key escrow capability.) I would therefore argue that the value of key escrow for purely voice encryption would be marginal in the Australian context and probably internationally in the long term. In saying this I am not advocating the abandonment of the conventional field of teecommunications interception, rather I am arguing that resources might be better applied to addressing the longer term problem of the emerging field of interception of telecommunications in the form of data. That then leaves us with the question of encrypted data communications. Law enforcement concerns have focussed on two aspects; financial transactions associated with criminal activity such as payments for drug deals, and messages such as setting up a dru deal or planning a terrorist attack. These are realistic scenarios which confront law enforcement authorities. Obviously the community expects that law enforcement authorities will take steps to prevent information infrastructures being used for these purposes. Equally users of the infrastructures for legitimate purposes expect that their right to privacy will berespected. The hapless task for governments is to find an acceptable balance between the two. Firstly I would like to address the question of financial transactions. Earlier I proposed a restriction on anonymous cash transactions which would make it difficult to move large sums of money in this manner. Larger transactions would then have to be mved through traceable transactions. This would mean that records of the transactions and the parties involved would exist in much the same way as they do for financial transactions at present. If the anonymous transaction limit was the same as the cash transactions reporting limit, this would mean that, in Australia or for transactions entering or leaving Australia, the transaction would be reported to the AUSTRAC, the agency which collects and analyses data on cash transactions. Moreover, law enforcemet agencies could approach the courts to obtain access to an organisation or individual's records of such transactions. This leaves the question of messages which may contain evidence of criminal activities. While in some cases, copies of such messages may be recoverable from one of the party's equipment, any serious criminal using these methods would know how to modify o delete all traces of the message. Therefore court orders granting access to the equipment and data held on it would not necessarily provide the evidence sought. This problem would exist whether or not the transmission or the storage media were encrypte. Before advancing this argument further I would like to make the observation, which I will be expanding on later, that debate to date has focussed on higher level encryption. I feel that the needs of the majority of users of the infrastructure for privacyand smaller financial transactions, can be met by lower level encryption which could withstand a general but not sophisticated attack against it. Law enforcement agencies could develop the capability to mount such sophisticated attacks. Criminals who puchased the higher level encryption products would immediately attract attention to themselves. Given that a large proportion of the population would not be using the higher level encryption products, application of key escrow for such products is less likely to create the type of adverse reaction seen to date. Government agencies and large financil institutions are more likely to accept the need for key escrow in the type of products which they use. The Review of the Long Term Cost Effectiveness of Telecommunications Interception referred to earlier quoted the following points made by the Australian Federal Police: much valuable TI evidence and intelligence comes from targets talking to people who are not part of a criminal activity and who would not use encryption (arranging hotel, shipping or airline bookings is one obvious example); call data will not be encrypted and will contain much valuable information about who is involved in an investigation The Review did, however, include the following in its findings: Telecommunications interception is of crucial importance to law enforcement; and On present indications, it would not be true to say that developments in technology may render telecommunications uninterceptible. Given that there is a requirement for telecommunications interception, the question is how is this achieved in the face of changing technology. The answer is to use the new technology to the advantage of law enforcement agencies. As mentioned earlier, I see encryption being utilised on two levels, a general level being used by the majority of users and a more sophisticated level with much more limited use. Intercepted messages under the first level may be able to be decrypted by he various interception authorities. The second level would probably, however, require more sophisticated techniques in circumstances where the key cannot, for whatever reason, be recovered from escrow. This may be achieved by the establishment of a cenral decrypting unit which would receive, decrypt and transmit back messages. Given the standard of equipment and expertise which would be developed at such a centralised unit, it may be more cost effective for that unit to handle all decryption of intercepted messages for all law enforcement agencies within the country. Modern comunications technology would facilitate the secure and rapid transmission of messages between the intercepting authority and the central unit. Indeed the "Clipper" proposal, and suggested variations of it, relied on a similar concept for the transmissionof escrowed keys to the intercepting authority. this takes the process one step further. It also builds in an additional safeguard to the interception process as the central unit would need to be satisfied of the validity of the interception before it dcrypted the messages. The same concept would apply for the higher level encryption systems where the keys would be escrowed. In this case the central unit would obtain the keys from the escrow agent or data recovery centre. Regarding the question of data recovery centres, I am attracted by proposals put forward by Stephen Walker in the paper I referred to earlier, which suggested commercial data recovery centres. Even the term data recovery centre is a positive one of a serice rather than the negative image which now surrounds the term key escrow. The concept I have just outlined could operate for either government escrow agents or commercial data recovery centres. The suggestion I have outlined is a rather simplistic version. In practice there would be a number of legal problems to be overcome, especially in a federal structure with a division of law enforcement powers. In the case of key escrow for corporations, there may already be an implied requirement in corporate affairs legislation which requires records to be held for a statutory period. If the records were encrypted, then the key would need to be available to dcrypt them. This could be used as the basis for a formal key escrow requirement. I put this forward as a starting point for discussion of the concept of differential key escrow. As mentioned earlier the concept of restricting key escrow to higher level encryption systems would reduce general user concerns about using the GII and provide the confidence which the OECD considered was essential to the economic viability of the infrasructures. Another area where confidence has to be established is that of content providers. Confidence that provider will receive payment for their intellectual property will be key to the range of material being available on the infrastructure. As the Minister fr Justice put it in the speech I referred to earlier: An important aspect of the network will be the quality of the information available on it. the question of intellectual property rights is crucial to the success of the infrastructure. The Government is pursuing the question of intellectual property rights in various international fora. However those rights have to be protected once they have been defined. Encryption will be the key to protecting information to which intellectual proprty rights attach and to ensuring users pay for what they access. This will involve the more traditional field of data protection as well as access control, user authentication and electronic cash applications. The Australian Government implements controls on the export of defence and related goods through the Customs Act 1901 and the Customs (Prohibited Exports) Regulations. In March 1994 the Government issued Australian Controls on the Export of Defence andrelated Goods - Guidelines for Exporters. The Guidelines state in part: "The Government encourages the export of Australian made defence and related goods where such exports are consistent with Australia's interests including international, strategic, foreign policy and human rights obligations". The controls do allow exporters to apply for permits or licences to export goods. The controls specifically mention products related to cryptography as follows: complete or partially complete cryptographic equipment designed to ensure the secrecy of communications (including data communications and communications through the medium of telegraphy, video, telephony and facsimile) or stored information; software controlling, or computers performing the function of, cryptographic equipment referred to in paragraph (a); parts designed for goods referred to in paragraphs (a) or (b); applications software for cryptographic or cryptanalytic purposes including software used for the design and analysis of cryptologics. In November 1994 the Government also issued Australian Controls on the Export of Technology With Civil and Military Applications - A Guide for Exporters and Importers defines in more detail equipment, assemblies and components to which the controls apply. The Strategic Trade Policy and Operations Section, Department of Defence makes recommendations on export applications. The Government is committed to its policy of encouraging the export of goods where this is not in conflict with the national interest or obligations. To this end it is prepared to cooperate with manufacturers, wherever possible, to advise on products whih might be eligible for export. This is particularly relevant for the type of products which would satisfy the requirements of general users of information infrastructures and thus enhance the development and use of such networks. Digital signature techniques and public key authentication will play an increasingly significant role as networks expand and the number of users and range of services offered increase. This is a further area where confidence needs to be engendered to ensure acceptance. There is a need for a mechanism to ensure that techniques are appropriate for the purpose for which they will be used. Similarly there is a need for a structure throughwhich keys can be obtained and digital signatures authenticated. Within Australia a Government Group has been developing a proposal for a Public Key Authentication Framework. The group's work has been primarily focused on the needs of electronic commerce. In an unpublished paper the group stated: "There needs to be a wide scale informed debate about this issue before any decisions are taken as to choice of technology, the appropriate administrative structure, privacy issues, legal effect, method of implementation and the like. After such a debate he system will need to be introduced in a planned way with appropriate public education, legislation and the like in order that the use of the PKAF system will have the same standing and validity in the eyes of the community as a paper based signature". The proposal calls for a management structure to verify various key generation systems, supervise the issue of key pairs and maintain a directory of the public keys. This proposal has been referred to the Standards Association of Australia which has established a task force to examine the establishment of an Australian Public Key Authentication Facility. The Task Force is required to report by the end of the year. Australia has also raised in the OECD the need to establish an international framework to ensure the effective use of public keys as a tool for both international electronic commerce and individual use of the global information infrastructure. While this proposal is driven, primarily, by commercial needs, there is scope for it to be extended to meet the needs of individuals who will also be using the information infrastructure. Any scheme such as this has to be better than the current process f passing credit card information over the network. The referral of the PKAF proposal to Standards Australia is in keeping with the Australian Government policy of minimal legislative intervention. When commenting on the implementation of the OECD Guidelines for the Security of Information Systems, in a seech I referred to earlier, the Minister for Justice outlined the Government's approach as follows: "In implementing the Guidelines, the Government has decided not to use a general legislative approach because of the problems in reaching agreement with State and Territory Governments on legislation where the Commonwealth has no blanket constitutional power."Furthermore we recognise that legislation is slow to respond to technological advances, so broad definitions have been used in relevant legislation to allow the courts to consider current technology as cases come up". This policy extends to electronic commerce and the use of cryptography in general. Any legislation required to support the use of cryptography is likely to be written in broad terms rather than endorsing particular technology or algorithms. It would the be left to groups such as Standards Australia to specify the standards which at that particular point in time would meet the legislative requirement. By the turn of the century, the major users of the Global Information Infrastructure will be individuals conducting their day to day activities in electronic form. The main concerns of these users will be to authenticate their identity, to conduct their usiness with privacy and to have a reasonable level of security for the comparatively low level financial transactions they will be performing. To date the cryptography debate has focussed on the higher needs of government and business. There is a need or the debate to be extended to cover the needs of individual users. For the information superhighway to reach its full potential in terms of both economic viability and social change, cryptographic systems will need to be developed to meet the needs of individual users. These systems will need to be cheap, user friendly,and above all, have public confidence. For centuries the simple paper wrapper called an envelope has met the needs of the majority of users of the postal service. They come in many forms but most provide an indication of whether they have been tampered with. Also individuals have their own wy of opening envelopes no matter what type they are. This basic philosophy needs to be applied to encryption systems for individual users. in other words a simple system which is easy to seal and easy to open and which does not require a wide variety oftechniques for either. Individual users will not be attracted to use services if they each involve different techniques for sending or receiving information. To this end service providers may need to look at providing a number of alternative schemes for distributing material s that they meet the individual's requirements, rather than expecting the user to maintain a number of systems to meet the various providers requirements. Finally there is the question of public confidence. Users will not use cryptographic systems unless they have confidence in them. Firstly this confidence has to be established. Algorithms and the technology to implement them will need to be tested and he results made public. Once the tests have been completed, endorsement by standards bodies will build public confidence. There is also an ongoing requirement to continue to test systems to ensure they remain suitable for the purpose for which they are being used. However some caution needs to be exercised in this respect. The main users of encryption systems at this stageare reasonably well equipped to make a considered assessment of the risks involved in using particular systems. This will not be the case initially for most individual users. Messages flowing freely around the network that an algorithm has been broken, ven when details of the extent of technology to achieve the result are included, may cause a panic reaction and loss of confidence in the particular system. The resultant lack of confidence could have adverse effects on infrastructure usage. Debate on tese issues should be limited to the appropriate parties rather than widely promulgated on the network. In summary, what I have been saying today is that there is a need for the cryptography debate to be expanded to include the needs of the individual users who will make up the largest percentage of users of the global information infrastructure. --------------------------------------------------------------------------- Navigation Go to the Department of Commerce's Home Page. Go to Roger's Home Page. --------------------------------------------------------------------------- Last Amended: 4 August 1995 Roger.Clarke@anu.edu.au Reader in Information Systems Department of Commerce Australian National University Canberra ACT 0200 AUSTRALIA Tel: +61 6 249 3666 or 3664 Fax: +61 6 249 5005 or 0744