This is a consultation paper published in JILT on 30 June 1997 (Originally published by the DTI)
LICENSING OF TRUSTED THIRD PARTIES
FOR THE PROVISION OF ENCRYPTION SERVICES
Public Consultation Paper
Detailed Proposals for Legislation
Ian Taylor MBE MP
Minister for Science & Technology
On 10 June 1996 I announced to Parliament that the Government would be bringing forward proposals for the licensing and regulation of Trusted Third Parties for the provision of encryption services. I indicated then that a public consultation document on the Government's proposals would be issued prior to the introduction of legislation. I am pleased to be able to introduce this document to you now.
The proposals in this consultation document make a significant contribution to the Government's overall strategy for building the information society in the UK. The provision of secure electronic commerce is a key issue for business and consumers and it is important that we take positive steps to address it, if we are to ensure that everyone in the UK exploits the full potential of information and communication technologies.
The last 12 months have been a year of intense activity for Government. February 1996 saw the launch of the Information Society Initiative Programme for Business aimed at encouraging British business to improve its competitiveness by using information and communication technologies. December 1996 saw the full liberalisation of international telecoms facilities in and out of the UK, and the launch of IT for All - an exciting new programme aimed at bringing the benefits of the information society within the reach of all UK citizens. The Green Paper government.direct set out a vision for the electronic delivery of Government services. Whilst the Education Department's Superhighways Initiative continues to support a series of projects designed to raise awareness of computer networks in education.
The UK is already a world leader in the telecommunications, broadcasting and multi media industries. Business and consumers are therefore well placed to take advantage of the opportunities on offer. Despite this however, significant barriers to the take up of electronic commerce still remain.
These proposals - aimed at facilitating the provision of secure electronic commerce - are being brought forward against a background of increasing concern, not about the technology, but about the security of information itself. In a world where more and more transactions are taking place on open electronic networks like the Internet, there has been a growing demand from industry and the public for strong encryption services to help protect the integrity and confidentiality of information. These proposals have been developed to address those concerns, but at the same time are aimed at striking a balance with the need to protect users and the requirement to safeguard law enforcement, which encryption can prevent.
I believe that the proposals outlined in this paper achieve that balance. Their success though will ultimately depend on their widespread acceptance and use of Trusted Third Parties by the business community. We are therefore looking to industry to work with us in close partnership on this important issue.
I therefore urge you now to let us have your comments on this document.
TABLE OF CONTENTS
THE LICENSING OF TRUSTED THIRD PARTIES
FOR THE PROVISION OF ENCRYPTION SERVICES
Consultation Paper on Proposals for Legislation
- This consultation paper sets out the Government's policy proposals for the licensing and regulation of Trusted Third Parties (TTPs) to provide a range of information security services to their clients.
- These proposals stem from the Government's announcement of 10 June 1996 on the provision of encryption services on public networks. This announcement recognised the growing demand from industry for strong encryption services to safeguard the integrity and confidentiality of electronic information transmitted on public telecommunications networks. It also recognised the need to balance this demand with the requirement to preserve the ability of intelligence and law enforcement agencies to fight serious crime and terrorism.
- Against this background the Government announced that it would be bringing forward proposals for the licensing and regulation of TTPs to provide a range of information security services to their clients. It also indicated that formal consultation on the Government's proposals would be undertaken by the Department of Trade and Industry with all interested parties, prior to the bringing forward of legislation. Since June 1996 the Department of Trade and Industry, together with other government departments, has been concentrating on the detail of the legislation required to licence TTPs. This paper outlines the Government's proposals and seeks comments on their suitability and scope. Following this consultation the Government will make a further statement indicating how the legislation is to be brought forward, and giving further details of the intended regulatory regime.
- This paper comprises seven sections. Section I introduces the paper. Section II outlines the overall policy framework within which the Government's policy on TTPs has been developed. Section III outlines international activity being considered by the European Commission on information security, including the promotion of TTPs. It also outlines discussions on similar issues taking place within the OECD. Section IV discusses cryptography and the role it has to play in securing the confidentiality and integrity of data. Section V outlines the potential benefits of a TTP network in the context of information security and indicates the range of services that TTPs might provide. Section VI outlines the structure of the Government's proposals and seeks comments on the areas it considers necessary to cover as the basis for legislation. Section VII highlights those issues on which the Government would particularly welcome comments.
The annexes to this paper contain:
A paper on the legal recognition of digital signatures.
A paper on legal access to keys held by TTPs: International Aspects
An explanation of the proposed licensing criteria.
A glossary of terms.
A paper on the minimum functional requirements of an international TTP Architecture.
Frequently asked Questions and Answers.
- Comments are invited on the issues set out in this consultation paper by Friday 30 May 1997. It may not be possible to take account of any responses received after this deadline given the Government's wish to move ahead quickly with the introduction of legislative proposals.
To obtain additional copies of this document, please ring 0171 510 0174 or fax 0171 510 0197, quoting DTI reference: URN 97/669. You may access the document on the Internet at: http://www.dti.gov.uk/pubs.
Comments should be sent in writing to Nigel Hickson at the following address:-
Information Security Policy Group
Communication & Information Industries Directorate
Department of Trade & Industry
151 Buckingham Palace Road
London SW1W 9SS
- Alternatively comments may be sent to the following e-mail address:- [email@example.com] or faxed to 0171 931 7194
- The Government does not intend to respond to individual comments. However, all comments received will be acknowledged and will be taken into account when proposals for legislation are introduced.
- A summary of comments, subject to requests for confidentiality, will be published prior to legislative proposals.
- The Government's policy on TTPs and the provision of encryption services for the protection of information transmitted electronically should be viewed in the context of the Government's broader objectives for building the information society in the UK.
- The Government's view is that new developments in information and communication technologies offer exciting opportunities in the UK. Advances in the computing, telecommunications and creative sectors, combined with the world-wide explosion of electronic commerce, are revolutionising the delivery and availability of information and services. The Government wants to ensure that everyone in the UK is able to benefit from these developments and that they are able to play a part in the emerging information society.
- The UK is already a world leader in telecommunications, broadcasting and multimedia - benefiting from Government action to liberalise the market and promote competition. Both business and consumers are therefore well placed to take advantage of the opportunities on offer. For example, many firms are already finding that their ability to make effective use of new information and communication technologies is crucial to their performance. Indeed the increased use by British business of information technology over the last decade has been a major factor in their improved competitive position in global markets.
- Within this framework the Government has an important role to play in providing leadership in certain key areas. These include:-
a) Creating the right regulatory framework so that industry and the economy can flourish, while assuring proper protection for the public.
b) Promoting appropriate use of new technologies - in schools and colleges, museums and libraries, in the health service and in all areas of public life.
c) Using information technology to improve efficiency in Government and the effectiveness of the services it delivers to industry and the public.
d) Acting as a catalyst for new developments, bringing people together and working in partnership with the private sector and local authorities to make things happen.
- The Government has adopted a national strategy for the information society - the Information Society Initiative - which seeks to include and enrol everyone in the UK through a number of complementary initiatives applying across all sectors of society.
- IT for All - a programme which offers the public a wide range of opportunities to try and more readily understand technologies.
- Programme for Business - where business and commerce are provided with wide- ranging resources, support and funding to help them thrive in the emerging information based economy.
- government.direct - a recent Green Paper which sets out a vision for the electronic delivery of Government services, making them more accessible, more available and easier to use.
- The Education Department's Superhighways Initiative which supports a series of projects designed to raise awareness of computer networks in education and show how they can best enrich the delivery of education.
- The growth in electronic commerce offers great opportunities for the business community and consumers. The Government recognises however that it also brings with it significant risks. In particular, the ability to conduct all kinds of transactions across open information and communication networks like the Internet has led to increasing concern about the security of the information itself. In this context, businesses in particular have raised legitimate concerns about the adequacy of security measures for protecting the integrity and confidentiality of information transmitted on public telecommunication networks. It is clear that increasingly the concerns of users are not only about the availability of the technology and its benefits, but about the level of trust that both business and the public can place in such technology. These concerns represent a significant obstacle to the continued take up of electronic commerce in the UK. Hence the issue of how best to facilitate the provision of secure electronic commerce has become a key component of the Government's objectives for building the information society.
- One of the most effective security tools for protecting the integrity and confidentiality of information transmitted on open electronic networks is cryptography. Over the last 2 years there has been a growing demand from industry for strong encryption services on communications networks and the Government recognises that this can help solve some security problems. In developing a policy in this area however the Government has to take many different interests into account. For example, a significant area for consideration in this context is how the spread and availability of encryption technology will affect the ability of the authorities to continue to fight serious crime and terrorism, and protect UK economic well being and national security. In particular, the Government considers it essential that the ability of security, intelligence and law enforcement agencies to conduct effective legal interception of communications under the Interception of Communications Act 1985 is preserved in any policy proposals. Another key area in developing this policy is the need to ensure the privacy of individuals. That is why the Government is in favour of developing a policy that will facilitate the use of cryptography for everyone. The rights of individual privacy will be strongly safeguarded by the technology made available, and the tightly controlled legal access conditions that these proposals wish to introduce.
- It is the need to strike a balance between the commercial requirement for robust encryption services, with the need to protect users, and the need to safeguard law enforcement and national security requirements which led to an announcement by the Government in June 1996 of its policy towards encryption services on public networks. It is on the basis of the policy outlined then that the detailed proposals outlined in this paper- for the introduction of legislation to license TTPs wishing to provide a range of encryption services to their clients - are now being brought forward.
- Whatever services TTPs provide, they must be trusted by their clients. Indeed in a global trading environment there will have to be trust of, and between, the various bodies fulfilling this function. To engender such trust, TTPs providing encryption services to the general public will be licensed. The licensing regime will seek to ensure that organisations who wish to establish themselves as TTPs will be fit for the purpose. It will aim to protect consumers as well as to preserve the ability of the intelligence and law enforcement agencies to fight serious crime and terrorism by establishing procedures for disclosure to them of the encryption keys, under safeguards similar to those which already exist for warranted interception under the Interception of Communications Act 1985.
- The Government's initiative on TTPs will be of much greater significance for industry if similar developments take place in the countries of our main trading partners. The development of encryption services via TTPs requires compatible mechanisms in other countries and the UK has been active in promoting the concept through both bilateral and multilateral contacts. Within Europe the main forum for discussion on such issues is the European Union, in particular the European Commission where DG XIII has a small unit dedicated to information security issues.
- In 1992 a Committee of Member States on information security issues (known as SOG-IS) was established as a forum for Member States to advise the Commission on the sort of initiatives that might be appropriate in this field. This resulted in a programme of work on information security including the adoption of the ITSEC criteria (first developed by the UK, France, Germany and the Netherlands) and the first pilot projects involving the use of Trusted Third Parties for digital signature services. In August 1994 the Commission Services began developing a proposal for a further programme of work concentrating this time exclusively on the development of Europe-wide network of Trusted Third Party Services (ETS) for the provision of cryptographic key management services (for both confidentiality and integrity).
- The Commission's proposal was the subject of lengthy debate by Member State representatives, both in terms of the relative role of the member States and the Commission in introducing such pan-EU services and the law enforcement and national security issues pertaining to confidentiality services. As a consequence, and due to other priorities, the Commission's proposals have been delayed. It is hoped however that there will be a policy announcement in 1997. In the meantime the Commission is sponsoring work on a number of pilot projects concerning Trusted Third Parties in the ETS Preparatory Programme. Of the eight projects recently funded by the Commission, UK companies are involved in seven. The Government will be closely monitoring developments on these projects to learn lessons for its own licensing regulations.
- It is recognised that complementary European Commision initiatives on Trusted Third Parties would be appropriate to enable an EU wide network of TTPs to be established. The Government has therefore, been working closely with the European Commission on the scope and content of applicable measures. The Government, in concert with other European countries, has recommended that the Commission adopt measures to demonstrate, trial and pilot TTP projects which would underpin the EU wide development of encryption services through TTPs.
- Information on any of the current TTP projects can be obtained from David Herson (DG XIII/7) at the European Commission (e-mail firstname.lastname@example.org ) or from the Commission Web site at www.cordis.lu/infosec/
- The other main international forum for the discussion of cryptographic policy has been the Organisation for Economic Co-operation and Development (OECD). The OECD has taken an interest in information security issues for a number of years and in December 1995 hosted a landmark conference between industry and Government. This conference indicated that both international co-operation between Governments, as well as close co-operation between government and industry, would be key in developing acceptable and forward looking encryption policies. The OECD therefore decided to establish an Expert Group to look specifically at the development of cryptography guidelines as a direct guide to national policy development in member countries. The Expert Group met four times in 1996 and in December agreed a draft paper on Cryptography Guidelines for OECD consideration. This paper is currently being considered by member countries and will hopefully be issued as an OECD Recommendation to member countries in late Spring 1997.
- In terms of content, and with regard to OECD confidentiality, the paper outlines eight key principles which any national encryption policy (including industry's development of products) should observe. These are Trust in Cryptographic Methods (vital if they are to be used), Choice of Cryptographic Methods (allowing the user to chose from a variety of systems), Market Driven Development of Cryptographic Methods (noting that it is primarily for the market, rather than Governments, to bring forward solutions), Standards for Cryptographic Methods (which should be promulgated in an open way), Protection of Privacy and Personal Data (the importance of individual privacy), Lawful Access (outlining the Government's right to legally access data -whether or stored or in transmission - and encryption keys), Liability (which the TTP must take on) and International Co-operation (stressing the need for countries to work together on global, rather than national, solutions).
- The OECD exercise has gained considerable public exposure and the Government hopes that the guidelines, when published, will make a major contribution to the goal of developing global encryption services of direct benefit to business whilst safeguarding individual privacy and the national security concerns of member countries.
- In addition to activities within the EU and OECD, a number of other fora and groups are also working on related encryption initiatives. In Europe, the Council of Europe has recently developed guidelines on Computer Crime, specifically noting the adverse role cryptography could have in hampering investigations. In the context of standards, both regional and global groupings are producing encryption standards. In Europe ETSI are developing a specific standard for Trusted Third Parties while SC27 (part of ISO) are developing a specific standard for digital signature and encryption methods. In addition, the UN (through UNCITRAL) and the American Bar Association (ABA) are developing, and the EU considering the development of, digital signature guidelines.
- Individual countries both in and outside Europe are also developing their own national approaches. Whilst the US, France and the UK are perhaps unique in having policies on Trusted Third Parties involving key escrow, Germany has introduced a draft Digital Signature Law, Canada is developing a Federal Public Key Infrastructure, and Australia is developing a national Public Key Authentication Framework.
- Cryptography is the art or science of keeping a message secure. It can be used to hide its information content, establish authenticity, prevent undetected modification, prevent repudiation, and/or prevent unauthorised use.
- Cryptography can be used to protect the confidentiality of data, such as financial data or personal records, whether it is in storage or in transit. Cryptography can also be used to verify the integrity of data by revealing whether it has been altered and identifying the person or device that sent it. These techniques are critical to the development and use of national and global information and communications networks and technologies, as well as the development of electronic commerce.
- The development of information and communications technologies that allow vast quantities of data to be transmitted, copied and stored quickly has promoted a growing concern for the protection of privacy and confidentiality of data. Effective cryptography is therefore an essential tool in a network environment for protecting the privacy of personal information and the secrecy of confidential business information.
- Encryption uses a mathematical algorithm to encrypt data in order to render it unintelligible to anyone who does not possess certain secret information (cryptographic key) necessary for decryption of the encrypted data. Traditionally the secret cryptographic key needs to be agreed in advance of any communication. The secret key is used to both encrypt and decrypt the message. The security of this type of encryption lies in protecting the key; divulging it would allow anyone to decrypt the message. Therefore great care needs to be taken to protect the key, and therein lies the difficulty of adopting such a system for widespread use - how to protect the key and at the same time, distribute it to those you wish to communicate with.
- In the mid 1970s a new development in cryptography introduced the "public key" concept, which allows parties to exchange encrypted data without communicating a shared secret key in advance. Rather than sharing one secret key, this concept uses two keys: a "public key" that can be disclosed to the public and used to encrypt data, and a corresponding "private key" that is kept secret and used to decrypt the data. Another important use of public key cryptography is "digital signature", which is used to verify the integrity or the sender or data. In this case, the private key is used to sign a transmission, while the corresponding public key is used to verify a signature.
- Public key cryptography offers the benefits of confidential transmissions and digital signature in an open network environment in which parties do not know one another in advance, and without the need to share secret key information. The Government believes this is vital for electronic commerce between trading partners who may, of course, not know each other.
- For a public key system to work in the public domain, not only must the public key be freely accessible, but also the user must have a reliable way of verifying the authenticity of public keys. Such an infrastructure, for managing and certifying public keys, can be based on a hierarchy or network of certificate authorities or Trusted Third Parties. A TTP would be a trusted source of information about the keyholder in the form of a "public key certificate". The certificate could be used to verify certain information exchanged over a network.
- However, the widespread use of cryptography raises other important issues, and cryptography policy should, therefore, balance a number of varied interests. In addition to its role in the operation of electronic commerce, cryptography has implications for the protection of privacy, intellectual property, business and financial information, as well as law enforcement and national security.
- A critical issue presented by cryptography is the possible conflict between privacy and law enforcement. While the use of cryptography is important for the protection of privacy, it can also be put to improper use such as hiding the illegal activities of criminals and terrorists. Consequently, there is a requirement to establish appropriate mechanisms for lawful access to encrypted information. In the UK, security, intelligence and law enforcement agencies can lawfully intercept communications under certain conditions in accordance with the Interception of Communications Act 1985 (IOCA). Unfortunately, the use of cryptography has the potential to seriously hamper this important law enforcement tool, by making legally intercepted messages unreadable, to the detriment of all law abiding citizens. Private parties may also have legitimate reasons and a legal basis to obtain access to encrypted information. For instance, an employee who has encrypted files may resign without leaving information concerning the private key, or the death of an individual may require a Solicitor to have access to their encrypted information. In all of these circumstances TTPs can enable legitimate access to the keys to unlock such information.
- Legal access can be achieved by making use of a key escrow/recovery system. Key recovery allows authorised persons (for example users, officers of an organisation and law enforcement authorities) under certain conditions, to decrypt messages with the help of cryptographic key information, held in escrow, and supplied by one or more trusted parties. In such cases legal access is to the private confidentiality key.
- Another important issue is the fact that cryptographic products and technology are also subject to export controls. The UK, and all EU member states, are bound by the Council Regulation (EC) No. 3381/94 linked to the Council Decision No. 941/942 CFSP. The introduction of these TTP proposals will hopefully lead to relaxed export licensing procedures for cryptographic products used with TTPs.
- A TTP can be described as an entity trusted by other entities with respect to security related services and activities. A TTP would be used to offer value added services to users wishing to enhance the trust and business confidence in the services they receive, and to facilitate secure communications between business trading partners. TTPs need to offer value with regard to integrity or confidentiality and assurance of the services and information involved in the communications between business applications. A user in the UK, under these proposals, would be free to choose their own TTP.
- Typically, a TTP will be an organisation, licensed by the DTI, which will provide encryption services to a wide range of bodies across all sectors. The use of a TTP is dependent on the fundamental requirement that it is trusted by the entities it serves to perform certain functions. A TTP can also assure the user of the trustworthiness of another user to the extent that they are who they claim to be.
- In practice, TTPs could exist in both public and private domains, at the local, national and international level. TTPs should have trust agreements arranged with other TTPs to form a network, thus allowing a user to communicate securely with every user of every TTP with whom his TTP has an agreement. The proposed legislation is solely concerned with licensing those TTPs offering services to business and the public and not intra-company TTPs. TTPs, as noted above, are required to interwork and therefore a key management architecture is required to facilitate both the cross certification of keys and legal access requirements. The minimum functional requirements the Government considers suitable for such an international TTP architecture are outlined at Annex E.
- Some of the commercial and business benefits of a Licensed TTP solution are:-
- TTPs are being licensed to protect the consumer - Users will need to be protected from sub-standard TTPs. Users must also be assured of a TTPs trustworthiness, technical ability, financial stability, confidentiality of operations and ability to take legal liability for their actions.
- TTPs will be able to offer interoperability of secure services hitherto unavailable - While encryption products are available in the UK domestic market, interoperability between different products is not possible. A lack of standards for algorithms and interfacing, coupled with the high burden of key management has created a fragmented market. Today's encryption market is thus very costly. Passing the key management to TTPs and building products to a common architecture will allow access to cryptography for everyone with a PC. Encrypted communications, therefore, will no longer be limited to Governments and larger organisations.
- TTPs will allow UK Business to take advantage of secure electronic trading- The wide availability of cryptography will allow more paper based transactions to be conducted electronically. Time stamping, non repudiation, confidentiality, authentication and integrity are all necessary to install trust in the electronic age and to allow electronic contracts to take the place of paper ones.
- TTPs will also be able to offer Data recovery Services - At present, if encryption keys are lost, stolen or deliberately withheld by disaffected employees then the information will remain encrypted and may be lost to its owner for ever. TTPs will be in a position to offer recovery of the keys to their clients as they will store (or escrow) the keys.
- TTP Encryption policy will help UK manufacturers to export robust encryption within their products - Products that are designed to operate within a TTP environment will be subjected to simpler export licence procedures, thus allowing them to be exported with minimum restrictions. This increased availability will stimulate a greater demand for encryption products both in the UK and foreign markets. UK companies should be in a good position to take advantage of this.
- Use of licensed TTPs is voluntary - those wishing to do otherwise are at liberty to do so - The market will decide if it wants to use TTP services and not Government. The Government believes that the benefits of this scheme will far outweigh any others. Of course those wishing to use any other cryptographic solutions can continue to do so, but they will not be able to benefit from the convenience, and interoperability of licensed TTP services.
- UK taking lead in very important area - Many countries are currently trying to develop a cryptographic policy. Many countries agree with the UK that widespread use of cryptography must not be to the detriment of law enforcement requirements. The Government believes that this scheme is the best way to achieve this balance and that other countries may also see the benefits and follow the UK lead.
- Help to increase the Volume of electronic trading - Transactions over the Internet are forecast to reach as much as £22 billion by 2005. Some research suggests that the Internet will take 5 -10% of all retail traffic by 2000. Various barriers (lack of security products and standards, and poor interoperability) may impede this growth. The introduction of TTPs should help in this respect.
- The policy considerations for HMG which have determined the scope and content of the proposed legislative headings which follow are outlined below:-
Positive Licensing regime
The Government believes that the positive (and individual) licensing of TTPs (i.e. the body being licensed before the service can be provided) is critical in allowing the initial assessment, monitoring and regulation of a TTP that would meet the requirements of consumer protection, trust in the market and security, intelligence and law enforcement access. Consumer trust and acceptance are paramount as it is anticipated that licensed TTPs will form the back bone of the Public Key Infrastructure in the UK which, in itself, is a critical requirement for the growth of secure electronic communication. Such licensing arrangements will, therefore, also apply to TTPs solely providing public key certification services.
- The Government has considered other routes such as negative licensing (where bodies would be free to provide encryption services unless they breached pre-set licensing conditions) and accreditation arrangements. These alternative routes were not, however, considered adequate to facilitate the necessary degree of consumer protection or trust. Either arrangement could, in the Government's view, lead to the presence of unsuitable or incompetent TTPs, thus significantly damaging the infant TTP market.
Voluntary use of TTPs
- The legislation is directed solely towards the provision of encryption services to subscribers in the UK and notthe use of encryption. Organisations offering or providing encryption services to the public in the UK, including those providing or advertising such services from outside the UK, will be required to be licensed. (The Government is also considering whether UK based bodies which provide encryption services solely to clients outside of the UK should also require licensing). Users, however, will remain at liberty to choose whether to make use of TTPs, or to make other arrangements for their encryption requirements.
Key recovery from licensed TTPs.
- In terms of Key Recovery the proposed legislation is concerned solely with legal access to private encryption keys (which are used to protect the confidentiality of information) required by the authorities in connection with the lawful interception of communications (i.e. information on the move) or for lawful access to data stored and encrypted by the clients of licensed TTPs. There is, of course no intention for the Government to access private keys used for only integrity functions. Legal access to encryption keys will be permitted through serving warrants on TTPs.
- The Government recognises that further legislation may be required in the future to enable the appropriate authorities to obtain private encryption keys other than those held by licensed TTPs.
Exclusions (e.g. intra-company TTPs)
- The TTP legislation will not require intra-company TTPs (i.e. organisations supplying encryption services to their own employees or those within their own Group  of companies) or similar closed user groups, to be licensed. However, if within such a closed community an intra-company TTP wishes to extend its services beyond the members of the group or, if it wishes to interoperate with a licensed TTP, a licence will be required.
- Encryption services as an integral part of another service (such as in the scrambling of pay TV programmes or the authentication of credit cards) are also excluded from this legislation.
- The Government invites views on whether the suggested scope of an exclusion from licensing for intra-company TTPs is appropriate in this context.
- Various national and international bodies are currently considering a number of issues concerning the legal recognition of electronic signatures. For example, a note on the recommendations contained in a recent report by the Society for Computers and Law on digital information and the requirements of form generally is at Annex A. In the UK, research has shown that uncertainty as to the legal effect of using electronic commerce is seen by the business community as a considerable barrier to its development. In particular, there is uncertainty as to whether a requirement in law for a signature can be met using electronic technology. The Government is currently considering how best to ensure that requirements of form laid down in statute law can be met electronically. This is likely to be a massive undertaking as it involves reviewing all existing legislation to identify those cases where use of electronic technology would not meet legal requirements of form.
- Two separate issues which need to be considered are how the identity of the signatory of a document and the integrity of a document may be proved in legal proceedings in the UK. These issues may arise where a digital document is admissible in court and where digital signature satisfies relevant legislation. Parties to encrypted documents may be able to agree between themselves as a matter of contract law that they will accept a certificate by their TTP as to these matters in any action against each other over the contract. This would not however bind a third party and would not necessarily assist if the validity of the contract were challenged.
- The Government would welcome views on whether this legislation should establish a rebuttable presumption in any proceedings that a document has been signed by the person or persons named in a certificate issued by a licensed TTP who has provided encryption services in relation to that document. A similar presumption could also apply to the certification by a licensed TTP of the integrity of a document. This would have the effect of placing the burden of proof on a person wishing to challenge the identity of a signatory of a document or the integrity of a document.
- The Government invites views on whether, in the short term, it would be sufficient for business to rely on agreements under contract regarding the integrity of documents and identification of signatures; or whether it would be helpful for legislation to introduce some form of rebuttable presumption for the recognition of signed electronic documents.
Convention on key exchange to underpin TTP legislation
- Although the legislation will require foreign TTPs offering or providing encryption services to clients in the UK to have a registered base in the UK (which will allow for the licensing of non-UK bodies with no trading presence in the UK), there will be no provision requiring UK clients to use a UK licensed TTP. They are, and will be, free to register with foreign TTPs. It will therefore be necessary (for law enforcement purposes) to establish arrangements with other countries for the exchange of keys. The UK Government believes that these arrangements will be on the basis of dual legality i.e. whereby the criteria for access is satisfied in both countries. The keys held by UK licensed TTPs will not, under this legislation, be permitted to be disclosed to the authorities of other countries unless such requests satisfy UK law and are authorised by the competent UK authority. A fuller description of such arrangements is at Annex B.
Licensing Criteria & Conditions
- It is intended that the licensing conditions, as opposed to the criteria on which licences will be granted, will not be prescribed in the legislation.
- The legislation will provide that bodies wishing to offer or provide encryption services to the public in the UK will be required to obtain a licence. The legislation will give the Secretary of State discretion to determine appropriate licence conditions.
- The DTI has been chosen as the initial authority for the licensing, in view of its experience in licensing telecommunications operators. Further consideration will be given to whether the on-going enforcement task in relation to these licences will also be handled by the DTI, or whether it will be delegated. The legislation will include provisions to allow both licensing and on-going enforcement to be delegated to a responsible designated body. More detail about the structure of the regulatory arrangements will be included in the further statement referred to in paragraph 3 above.
- The duration of licences will be a minimum of five years. Licence fees will be payable both on the grant of a licence and annually thereafter to meet the cost of their issuing and enforcement.
- The Government invites views on the appropriateness of these arrangements for the licensing and regulation of TTPs.
- As noted above the DTI or a designated body will be responsible for determining, and enforcing compliance of TTPs with, the licensing conditions. DTI will consult with other government departments and organisations on the practical, legal or technical details as necessary.
- Before the Licensing Authority will deem an organisation fit to receive a licence to provide encryption services, it will need to be satisfied as to, inter-alia:-
- competence and trustworthiness of information security personnel
- competence and trustworthiness of directors
- competence of information security management
- technical assurance of IT security equipment used for key management and storage
- adherence to quality standards and procedures
- adequate liability cover
- ability to meet legal access conditions
- the TTP's business plan and longevity of interest in market
- isolation of TTP function from other business functions
- interface requirements to other Licensed TTPs
- structure and ownership
- Annex C outlines in more detail the thinking behind the above criteria and seeks comments and suggestions on their appropriateness. A register of the holders of TTP licences, and the licences issued should be publicly available.
- The licence conditions will include such conditions as are necessary to ensure continued adherence to the licensing criteria. THis may include-:
- provision of quality services to public
- demonstration of co-operation to authority under legal access conditions
- adequate co-operation with other licensed TTPs
The exact scope of licensing conditions applied to a TTP will depend, inter-alia, on the encryption services being provided.
- The Government seeks views on the proposed conditions.
- Encryption that is used solely in the protection of a business service (e.g. in pay TV systems or in payment systems), or encryption services that are provided only to the employees of the service provider or those in the same group of companies (see footnote ) are outside the scope of this legislation.
- For example, a home banking service offered by a bank to its clients, which included a cryptographic functionality designed to protect the banking transaction between a client and the bank, would not be covered by this legislation. However, if the bank wished to extend the cryptography's functionality and allow client to client communications, then this service would be covered by the legislation, and the bank would need to apply for a licence. Another example, of an excluded service, would be the key management and certification services that might be offered by providers to credit card companies to authenticate the users of their cards.
- Similarly, an employer offering cryptographic protection between its employees, (whatever the functionality) would not be covered by this legislation. However should it decide to extend the protection service to its suppliers, then it would require a licence.
- In many cases such "intra-group" TTPs are likely to seek a license given their need to interoperate with organisations outside their own organisation, or with clients of a licensed TTP.
- The Government invites comments on whether specific exemptions for particular organisations offering encryption services may be appropriate, depending on the nature of services offered.
- The Government also invites comments on whether it is thought desirable to licence the provision of encryption services to businesses and citizens wholly outside the UK.
- The legislation will prohibit an organisation from offering or providing encryption services to the UK public without a licence. Prohibition will be irrespective of whether a charge is made for such services. The offering of encryption services to the UK public (for example via the Internet) by an unlicensed TTP outside of the UK will also be prohibited. For this purpose, it may be necessary to place restrictions on the advertising and marketing of such services to the public.
- The legislation will be framed so as to give existing providers of encryption services time to obtain licences, as TTPs, before the prohibitions outlined above come into effect.
- For the purposes of this legislation the terms public and encryption services will encompass the following meanings:
- Public will be defined to cover any natural or legal person in the UK.
- Encryption services is meant to encompass any service, whether provided free or not, which involves any or all of the following cryptographic functionality - key management, key recovery, key certification, key storage, message integrity (through the use of digital signatures) key generation, time stamping, or key revocation services (whether for integrity or confidentiality), which are offered in a manner which allows a client to determine a choice of cryptographic key or allows the client a choice of recipient/s.
- The legislation will also prohibit a UK licensed TTP from contracting with any non licensed TTP for the purposes of carrying out encryption services. In order to build up a TTP network it may be necessary from time to time for UK licensed TTPs to recognise non-licensed bodies from other countries where no licensing regime exists. In such cases recognition should not be given to an unlicensed body until the UK licensed TTP is satisfied that such recognition would not put at risk its ability to meet any of its obligations under this, or other, legislation, or international obligations (such as those concerning data protection).
- The legislation will provide that the Secretary of State may issue a warrant requiring a TTP to disclose private encryption keys (protecting the confidentiality of information) of a body covered by that warrant. Under such legal access arrangements, there will be safeguards broadly similar to those in the Interception of Communications Act 1985, under which a Secretary of State may issue a warrant requiring the interception of communications
- For the purposes of legal access, a central repository might be nominated or established by the UK authorities. The purpose of this central repository will be to act as a single point of contact for interfacing between a licensed TTP and the security, intelligence and law enforcement agencies who have obtained a warrant requiring access to a client's private encryption keys. The central repository would, therefore, be responsible for serving the warrant (whether by physical or electronic means) on the TTP and distributing the encryption key to the appropriate agency.
- It is envisaged that a warrant would require a TTP to disclose, in a timely manner, cryptographic key material to a central repository  (acting on behalf of an agency). It is envisaged that it should take no more than an hour for a TTP, once presented with a validated warrant request, to deposit the appropriate client encryption key(s) with the central repository. The procedures and methods to enable such timely disclosure will be determined between the licensed TTP and the central repository. The costs of obtaining a warrant and serving it on a TTP, as well as the direct costs of the TTP complying with such a request, shall be borne by the appropriate agency. Costs of implementing and maintaining the technical capabilities for legal access shall, however, be borne by the TTP.
- In order to comply with the above legal access provision, TTPs will be required:-
- to have the ability to deliver cryptographic key material by secure electronic means to a central repository on receipt of a validated warrant.
- to demonstrate the ability to recognise a duly authorised warrant served by the central repository, and to comply only with such a warrant.
- to be responsible for facilitating all measures necessary for legal access.
- to keep auditable records of legal access requests.
- at all times, not to deliberately or negligently jeopardise the integrity of any legal access request, or to disclose the identity of the target of such a request.
- In addition to disclosure under the Legal Access provisions noted above the TTP may also release the private encryption key of the client under contractual arrangements between the two parties. Such arrangements may, for example, ensure that keys which have been used to encrypt company files can be released when the user leaves the employ of the client company. Other arrangements allowing third party access by a solicitor, or other persons, may also be agreed between the parties in certain circumstances.
- The Government seeks views on whether secure electronic methods for the delivery of electronic warrants by the central repository and the subsequent delivery of keys by the TTP should be introduced.
- The Government also seeks views on whether the legislation specifically needs to refer to other forms of legal access including a civil court order for access to cryptographic keys used to protect information relating to civil matters such as bankruptcy.
- It is recognised that in order for business and the public to have trust in TTPs, some forms of sanction will be required against those either not complying with the conditions of the licence or, more seriously, providing encryption services without a valid licence. On the latter, we intend that it will be a criminal offence for a body to offer or provide licensable encryption services to the UK public without a valid licence. We consider - again on grounds of consumer confidence - that it may also be appropriate for the legislation to make it a specific criminal offence for a licensed TTP deliberately to disclose a client's private encryption key (or for an employee of such a TTP to do so), other than pursuant to any legal requirement, or permission of the client, to do so. There are, however, existing provisions (including the Data Protection Act and the Computer Misuse Act) which would, in some circumstances, already apply to the disclosure of a client's private encryption key in this respect.
- The Government seeks views on whether deliberate (and perhaps wilfully negligent) disclosure of a client's private encryption key should be a specific criminal offence, or whether existing civil and criminal sanctions would suffice.
- Other types of sanction will be necessary for non-compliance by TTPs with other licence conditions. Such sanctions may include fines, specific orders issued by the regulator, and (in extremis) withdrawal of a licence.
- TTPs will be liable for the protection of the private encryption keys of clients at all times while they are in their possession. They will also be liable for the protection of hierarchical keys upon which the secrecy of client keys or system keys are dependant. In the event of loss or disclosure (whether deliberate or accidental) of keys the TTP will be required to have in place adequate arrangements to compensate any loss suffered by its clients or clients of other TTPs. The TTP will be required to demonstrate, to the satisfaction of the Licensing Authority, that such arrangements have been made. TTPs will also have vicarious liability for acts of their employees.
- In order to ensure adequate consumer protection the Government is minded to impose a form of strict liability on TTPs in relation to the compromise or disclosure of a client's private encryption key. A TTP would be strictly liable if such a key was disclosed other than by agreement with its client (but see paragraph 88 for circumstances in which the authorities have legally obtained the key). The client would only have to establish disclosure and not responsibility for such disclosure. It would be a defence for the TTP to show that the client itself was responsible for the loss or compromise of his own private keys (whether those for integrity or confidentiality). Since the TTPs would have strict liability, the Government also proposes to limit the amount of compensation payable by TTPs to the client if disclosure (or compromise) of the key was established by the Court.
- As the concept of fault (i.e. of either the TTP or another party (e.g. the central repository) is not an issue in such proceedings there would also be - in cases of a judgement against a TTP - an automatic referral to a Tribunal (established under the legislation). It would then be for the Tribunal to determine whether there had been legal access under warrant to the key, and, if so, whether the responsibility for the disclosure (or compromise) lay with the central repository or the security, intelligence or law enforcement agencies. If so, the Tribunal would order recompense to the TTP for the loss it had paid the TTP client and would publish its findings accordingly. Liability cover and compensation above the minimum level will be at the discretion of the TTP and its clients and will be dealt with by individual contract. These arrangements, we believe, balance the rights of the TTP clients to compensation for loss caused by disclosure of their private encryption keys, against protection of TTPs from unlimited liability.
- The Government invites comments on whether the principle of strict liability (as described above) is appropriate in these circumstances.
- Careful consideration will be needed of the extent to which decisions taken about the granting of licences and their enforcement and amendment should be appealable. The Government sees merit, in terms of increasing the industry's confidence in the regulatory process, for some form of appeals body to be created which is independent of the parts of the Government responsible for licensing and enforcement.
- The Government seeks views on whether, in principle, an independent appeals body (such as a Tribunal, separate from that referred to below) should be created.
- A Tribunal would also be established, which would deal both with references from the Courts under the strict liability procedures (described above) and applications from the clients of TTPs who believe that their keys may have been subject to legal access. As with the similar Tribunal established under IOCA, the Tribunal's function would be to ascertain whether warranted access had taken place and, if so, whether any contravention of the legislation had occurred.
- The Government seeks views on whether the above duties of an independent Tribunal are appropriate.
Location of TTPs
- All organisations wishing to be licensed in the UK as TTPs will be required to register a UK address (if they do not already have one). This address is necessary to ensure compliance with the legal access conditions, Regulatory Orders and other sanctions. It will not be necessary for the escrowed keys themselves to be held in the UK, but only that they are delivered to the UK.
- The Government invites comments on this paper until 30 May 1997 (see Introduction for information on where to send comments). In particular the Government would like to receive views on:-
Paragraph 50 - Whether the suggested scope of an exclusion from licensing for intra-company TTPs is appropriate in this context.
Paragraph 54 - Whether, in the short term, it would be sufficient for business to rely on agreements under contract regarding the integrity of documents and identification of signatures; or whether it would be helpful for legislation to introduce some form of rebuttable presumption for the recognition of signed electronic documents.
Paragraph 60 - The appropriateness of the proposed arrangements for the licensing and regulation of TTPs.
Paragraph 65 - Where views are sought on the proposed conditions.
Paragraph 70 - What, if any, specific exemptions for particular organisations offering encryption services would be appropriate depending on the nature of services offered?
Paragraph 71 - Whether it is thought desirable to licence the provision of encryption services to businesses and citizens wholly outside the UK?
Paragraph 81 - Should secure electronic methods for the delivery of electronic warrants by the central repository and the subsequent delivery of keys by the TTP be introduced?
Paragraph 82 - Does the legislation specifically need to refer to other forms of legal access including a civil court order for access to cryptographic keys used to protect information relating to civil matters such as bankruptcy?
Paragraph 84 - Should deliberate (and perhaps wilfully negligent) disclosure of a client's private encryption key be a specific criminal offence, or would existing civil and criminal sanctions suffice?
Paragraph 89 - Whether the principle of strict liability (as described ) is appropriate in these circumstances?
Paragraph 91 - Whether, in principle, an independent appeals body (such as a Tribunal, separate from that referred to below) should be created ?
Paragraph 93 - Whether the proposed duties of an independent Tribunal are
Annex C - Would mandatory ITSEC formal evaluation be appropriate?
96. The Government will need to consider the comments received and, in some cases, discuss them with their originators. A summary of comments will be published prior to the introduction of legislative proposals, subject to requests for confidentiality.
Legal Recognition of Digital Signatures
- The emergence of electronic commerce will, to a large extent, be determined by the market both in term of the availability of technology and the trust business has in it. Governments can, however, help to facilitate secure communications by helping to provide the appropriate regulatory and legal infrastructures. Apart from the licensing of Trusted Third Parties, which the proposed legislation will deal with, Governments may also wish to ensure that electronic communications, especially when used for electronic contracts, can be legally recognised. Although electronic "partners" may well be prepared to contract with one another on the basis of "trust" (as many organisations do already) there is a perception that some form of legislation should underpin the basis of this electronic communication. For example, if there were a dispute on the alteration, or disclosure of a message, recourse to the courts may well be appropriate.
- In recognition of the possible need to introduce new, or amend existing, legislation to allow for the recognition of digital transactions, and particularly digital signatures, the Government has welcomed the work of the Society for Computers and Law. The group, co-ordinated and facilitated by the Commercial Law Unit at Queen Mary and Westfield College has examined whether current English legislation may prevent electronic contracts being enforced; and - if so - what steps might be taken to address the issue. It was recognised that Scottish law, which is different in some respects, would have to be, and is being, looked at separately.
- The Group has now made the Government aware of their findings on both of the above counts. To answer the first question the Group analysed those terms in legislation which pertained to the transmission of electronic information. They thus considered whether the existing usage of words such as "information", "document", "recording", "writing" and "signature" had meanings, in their legislative context, which could extend to digital electronic information. Basically, they found that all the above terms, and others, could be extrapolated to cover electronic information apart from the terms "signatures", "writing" and (more obviously) "physical writing". These latter terms, they suggested, had meanings which generally pertained to the "physical " world of documents and ledgers, rather than to the electronic one. Thus they suggested that by altering, or perhaps extending the general meaning of these words, it would be possible for future legislation to be electronic proof (so to speak). For existing legislation, however, the Group concluded that piecemeal change would probably be more appropriate. This being based on the vast amount of exiting law which has references to "writing" and "signatures" in, and the realisation that some of this body of law may actually require physical actions (such as a signature in writing for some legal processes).
- In light of these findings, DTI, and other interested parties, may now wish to consider whether these measures, or any others should be taken forward. Introducing changes to the above terms through the use of the Interpretation Act (as recommended by the Group) is a complex matter and would, necessarily require primary legislation. Government will also no doubt consider whether, and if so how, the further (and perhaps even more difficult) task, of examining the current legislation - to see where the terms "signature" and "writing" need amending, can be taken forward.
- These are complex issues and cannot be rushed. Such changes will possibly help to underpin secure electronic commerce for a long time to come. We cannot afford therefore to get it wrong.
- The picture is further complicated by the fact that electronic commerce is global in nature. The contracting parties will - possibly in the majority of cases - not both be in this country and therefore the law of a different jurisdiction may also be relevant. In recognition of this a number of different bodies (both public and private) as well as different Governments, are contemplating issues of digital signature recognition. Perhaps the most important is the work being undertaken by the United Nations Commission on International Trade Law (known as UNCITRAL). The latter set up a working party 1995 to try and develop a "Model Law" which would aid members in developing compatible and broadly similar legislation. This being on the simple basis that issues such as dispute resolution, may be easier to handle where legislation is broadly similar, rather than totally different. The "Model Law" has now been published and has already formed the basis of legislation in a number of US States. The Group's recommendations, noted above, is also broadly compatible with the UNCITRAL approach. Work at the UN, however, does not stop with the Model Law. A new working group of UNCITRAL has now been commissioned to look at the process of using digital signatures. They will be exploring such issues as the role, and responsibilities of Certification agents, and how the legal certainty of a signature relates to the technological process being used to sign data.
- Another initiative has come forward from the American Bar Association (ABA) who have produced their own legal guidelines on both the use and recognition of digital signatures. The European Commission has also recently initiated a number of studies of the legal recognition of digital signatures perhaps as a forerunner to the emergence of guidelines of their own.
- The DTI, and other interested Government Departments, will take note of these developments in considering what steps we need to take.
LEGAL ACCESS TO KEYS HELD BY TRUSTED THIRD PARTIES:
1. If the UK and other countries adopt a system of Trusted Third Parties (TTPs) providing confidentiality services including encryption on a key escrow basis, it will be open to encryption users to register with a TTP abroad. Unless workable arrangements are in place for the authorities to gain access to keys escrowed with TTPs in other countries, criminals may choose to register with TTPs abroad in order to evade national legislation providing for access to keys held by TTPs licensed in their own country.
2. Direct access to TTPs by foreign authorities would raise a number of concerns, for example:
- the host country might be concerned that access to certain encrypted data might be detrimental to its national security and economic wellbeing;
- in the law enforcement domain, keys might be sought in connection with the investigation of offences abroad which would not be serious enough to justify interception or key access under the host country's own legislation;
- any indication that key access might be inadequately controlled could undermine the confidence of the public and industry in the integrity and security of TTPs.
3. To meet these concerns the host country's authority would need to have full information on the foreign authority's case for seeking disclosure of keys, in order to enable a decision to be taken on whether or not to serve a warrant on the TTP.
4. It has been suggested that some of these concerns might be met if, rather than permitting the release of encryption keys at the request of a foreign authority, international arrangements provided for the passing of plain text of decrypted material.
5. Provision of plain text may be adequate where the need is for decryption of stored material seized for evidential purposes. Arrangements for the provision of plain text in such cases might be pursued through:
- bilateral agreements, or;
- (where plain text is required for evidential purposes) agreements based on existing arrangements for mutual judicial cooperation.
6. However, the provision of plain text is unlikely to be practical where the need is for urgent decryption of intercepted communications or decryption of stored data to provide time critical operational intelligence. In these cases arrangements for the release of keys to the requesting authority would be required.
Arrangements for key access
7. Arrangements for lawful key access need to:
- create an enforceable obligation on TTPs to disclose keys when required to do so;
- protect TTPs from any criminal or civil liability which might arise from the disclosure of keys.
8. These aims would need to be achieved by national legislation in the state which has jurisdiction over the TTP's actions. If it is accepted, as argued in paragraphs 2 4 above, that there should not be a system of automatic recognition of warrants from foreign authorities, then the legislation would need to provide for the issue of a national warrant by the competent authority in the "receiving"  state, within an agreed framework of arrangements for international cooperation. It is recognised that this sort of procedure will introduce some delays into the process of obtaining keys, but these should be considerably less than those which would arise from the provision of plain text.
9. The criteria for granting a key access request from another state might be:
- the request has been made by a recognised competent authority in the "requesting" state (this might be an executive or a judicial authority according to the law of the requesting state);
- the request discloses information which satisfies the competent authority in the receiving state that the release of keys is required for the prevention or investigation of serious criminal offences, or in the interests of the national security or economic wellbeing of the requesting state;
- the request satisfies the competent authority in the receiving state that release of the requested keys would not adversely affect the national security or economic interests of the receiving state or any friendly state;
- the receiving authority is satisfied that there are adequate arrangements in the requesting state for ensuring that keys are held securely, not used for purposes other than those disclosed in the request, and are destroyed when no longer required.
Form of agreement
10. The international arrangements could be provided for either by bilateral agreements or a multilateral convention. The commitments created by any convention should ideally be the minimum necessary to achieve the desired effect:
- states would be required to have legislation in place to enable them to consider requests for key access from other states which are parties to the convention;
- the competent authority to determine a request from another state should be a matter for national legislation;
- the authority in the receiving state should not be required to agree to any request unless the criteria of its national law on key access are fulfilled;
- a refusal by a competent national authority to comply with a request from another state should not be reviewable by any international tribunal.
Explanation of Licensing criteria
- Competence of information security personnel.
It will be necessary to ensure that TTP security personnel are competent, suitably qualified, trusted & have successfully completed a recognised security vetting procedure.
- Competence of directors.
Checks will need to be undertaken to ensure that the background and other business interests of directors would not compromise the trust placed in a TTP.
- Competence of information security management.
TTPs will need to demonstrate that their system security policy is suitable for TTP operations and consistent with information security standards (such as BS 7799).
- Technical assurance of IT security equipment used for key management and storage.
Evaluation of the security system and IT security products will need to be undertaken, for example UK ITSEC, although formal evaluation by an independent third party may not be the sole evaluation procedure.
The Government seeks comments on whether mandatory ITSEC formal evaluation would be appropriate
- Adherence to quality standards and procedures.
e.g. ISO 9000.
- Assessment of business plan and longevity of interest in market.
TTPs will need to demonstrate that their interest in providing a TTP service is not short term. They will also need to demonstrate that adequate procedures are in place to ensure the integrity and confidentiality of all information, in the event that the TTP withdraws such services.
- Isolation of TTP function from other business functions.
Many organisations may wish to operate as TTPs while continuing other business interests. A TTP may need, therefore, to demonstrate that the TTP function is isolated from its other business functions.
- Interface requirements to other Licensed TTPs.
In order to achieve widespread interoperability, TTPs will be required to operate to common interface requirements.
- Company structure and ownership.
Checks will be made to ensure that those who own, or effectively control, an organisation, are suitable candidates for ownership of a TTP.
Glossary of Terms
The following terms are described for information only and are not intended to be interpreted as legal definitions:
Authentication: The verification of a claimed identity. Central Repository: Government department or agency set up by Government to act as a point of contact for interfacing between a TTP and the appropriate law enforcement agency. Confidentiality: The prevention of the unauthorised disclosure of information. Cryptographic key: Is a parameter used with a cryptographic algorithm to transform, validate, authenticate, encrypt or decrypt data. Cryptography: The art or science of keeping messages secure. Digital Signature: Data appended to a message that allows a recipient of the message to prove the source and integrity of the message. Dual Legality: A legal request from a foreign agency must satisfy legal access conditions in both the requesting country and the country being asked. Encryption Algorithm: A mathematical function used to change plaintext into ciphertext (encryption) or vice versa (decryption). Integrity: Prevention of the unauthorised modification of information. Key escrow / recovery A capability that allows authorised persons, under certain prescribed conditions, to decrypt ciphertext with the help of information supplied by one or more trusted parties. Key management: The process of generating, storing, distributing, changing, and destroying cryptographic keys. Key revocation: Notification that a public cryptographic key is no longer valid. Private key: The private (secret) part of a cryptographic key pair. Knowledge of which should be strictly limited. Public key certificate: Public key information of an entity, signed by a trusted entity to certify the integrity of the public key. Public Key Infrastructure Supporting infrastructure, including non-technical (PKI): aspects, for the management of public keys. Public key: The public (i.e. non secret) part of a cryptographic key pair. This key is widely known and no secrecy should be attached to it. Time stamping: An electronic equivalent of mail franking. Trusted Third Party An entity trusted by other entities with respect to (TTP): security related services and activities.
Minimum Functional Requirements for an International TTP Architecture
1. The framework should provide benefits to the legitimate user. It must support electronic business transactions in terms of integrity, authenticity and confidentiality.
This is important in order to encourage widespread acceptance and justify any costs for users.
2. It should provide for both national and international working.
Use of a local TTP would be encouraged; in some countries it might be mandatory.
3. It should use well known techniques and thus be public and unclassified.
It is recognised that well known techniques are essential for broad initial acceptance and for subsequent confidence by users, although there is no direct national security reasons for insisting upon this. Any truly international system cannot, by definition, rely upon classified parts. This does not, however, automatically exclude the system from use in protecting classified information.
4. It should support all forms of electronic communication.
One-way communications, such as e-mail, must be included, but any proposal must be suitable for all forms of communication.
5. It should be compatible with different laws and regulations of participating countries concerning interception, use, supply and export.
The need for licences or other forms of authorisation is unaltered, although a successful system should aim to make licensing arrangements easier for all concerned.
6. It should provide access under warrant (or other legally-constituted form of authority) to the data specified in the warrant, which includes both incoming and outgoing communications.
The warrant would be from a single jurisdiction.
7. It should not impede the due process of law and order. In particular, it should allow near-real-time access when a warrant is held. The system must not allow the user to detect that warranted access is taking or has taken place.
The system must cater for lawful access.
8. It should give the sender the opportunity to ensure that legitimate access by the authorities to data specified by the warrant does not also allow indefinite access.
There should therefore be technical and/or procedural means to enforce the time limits (for access to the appropriate private confidentiality key) laid down in the warrant. Such arrangements will help facilitate the confidence of users.
9. It should provide for the use of a variety of data encryption algorithms whether in hardware or software.
Use of software may not be appropriate for some security critical applications, but it will inevitably be widely used and must therefore be catered for.
10. It should not be possible to misuse information obtained under a warrant to fabricate evidence.
Separation between confidentiality and authentication/non-repudiation is needed, not least to ensure that the ability of the authorities to decrypt data does not also put them in a position of being able to impersonate anyone.
11. It should ensure that attempted abuse by the sender can be noticed by the receiver.
It should be impractical for user to subvert or bypass the legal access provisions. If the recipient contributes to the process of producing the data encryption key then this applies to both parties.
12. It should not require a user to deal with a Trusted Third party in another country.
Users should be able to choose their own TTP, but any framework should not force users (on technical or national policy grounds) to deal with foreign TTPs.
13. It should not require either regular or on-line communications between Trusted Third Parties.
It would be unwise to presume permanent availability of all parts of a network. TTPs need to provide a timely service, but not necessarily a 24-hour one for users.
Frequently asked Questions and Answers
What is a TTP?
An entity trusted by other entities with respect to security related activities and services.
Who will use a TTP?
Anyone who wishes to have secure communication between two parties, particularly those that have never met.
Will use of a TTP be mandatory?
No. The market will decide if it wants to use TTP services. Those wishing to do otherwise will be at liberty to do so.
Who will be able to be a TTP ?
Any commercial or non-profit organisation would be eligible provided that it can meet the appropriate licensing conditions.
What are the benefits for business ?
A network of TTPs, operating to a common architecture should present significant benefits. For example, availability and interoperability of encryption products; a supporting infrastructure that facilitates international public key certification for authenticity, integrity, and confidentiality; expensive and complex key management tasks and secure backup facilities to prevent irretrievable loss of information. Secure communication between unknown parties, without the need to depend on either expensive or multiple solutions, will become common place and thus lead to increased confidence and use of the information society.
Why should users trust a TTP ?
There should be no less reason to trust a TTP than there is to trust, for example, a bank. A licensing regime will help to ensure that only reputable service providers are able to become TTPs. It is important to note that whilst a TTP will hold private confidentiality keys in escrow, it will not normally have access to the encrypted traffic as this will be sent by the user over whichever telecoms network he chooses.
Will there be a Government TTP ?
Government departments will need TTP services as much as other organisations, especially where business is transacted with the public.
Why the need for licensing ?
Given the position of trust that a TTP would hold, and the importance its clients will attach to their reliability, some form of regulation of the activities of a TTP is necessary if only to protect the public.
Will UK citizens need to register with a UK TTP ?
No, but any foreign TTPs offering services in the UK will need to meet the UK licensing conditions.
Will you attempt to control the length of encryption keys ?
No. For use in the UK that is an issue for the market to decide.
What involvement will industry have in the policy process ?
As is made clear in Mr Taylor's statement on 10 June 1996, the DTI will conduct more formal consultation with all interested parties prior to introducing legislative proposals. This consultation paper forms the major part of that ongoing consultation process.
When will legislation be passed ?
After this consultation period is complete and at the earliest opportunity in the legislative programme. Other circumstances permitting, we hope to bring forward legislative proposals during the next Parliamentary session.
Are you adopting a purely national approach ?
No. Electronic commerce is global in nature and the international perspective needs to be fully taken into account. The UK approach is consistent with ideas being discussed in other fora such as OECD and the European Union.
How will law enforcement access be achieved ?
Where a warrant has been obtained under due process of law, TTPs holding secret confidentiality keys will be required to release them to the law enforcement authorities.
Will a TTP be able to access an encrypted message ?
No. It is important to be clear that it is not envisaged that the encrypted communication would be routed via the TTP. Nor will the TTP encrypt the message, it will merely assist (depending on the service offered) in the very complex area of key management or Key Certification.
If such a system is not mandatory why bother, surely crooks and terrorists will use something else ?
Criminals will often make use of whatever technology is conveniently available to them. We expect TTPs to have a major role in conveying secure electronic communications, especially where a payment for legitimate services is involved.
Surely this is just a front for security agencies to expand their "big brother" role ?
No. The UK accepts that businesses have a need to safeguard both the integrity and confidentiality of their information, and is keen to find effective means of meeting this need. The TTP approach will provide such a means, but in a way that would also meet another important need, namely to preserve the effectiveness of the existing powers to intercept communications. Similar safeguards to those that already exist under the Interception of Communications Act 1985 will be established. Widespread encryption has the potential to make legally intercepted messages unreadable, to the detriment of all law abiding citizens.
What about export controls - will they be relaxed ?
Products for specific use within a licensed TTP network should not create export difficulties. The fact that they would be for use under such a system should allow them to be exported with minimum restrictions being applied.
1 Hansard reference 10/6/96 Columns 13-14
2 ITSEC - Information Technology Security Evaluation and Certification
3 ETSI - European Telecommunications Standards Institute
4 ISO - International Organisation for Standardisation
5 A "Group of Companies" for the purposes of this document has the meaning given in section 736 of the Companies Act which states that a company is a subsidiary of another company - its holding company - if that other company:
i) holds a majority of voting rights in that company; or
ii) is a member of it and has the right to appoint or remove a majority of its Board of Directors; or
iii) is a member of it and controls alone, pursuant to an agreement with other shareholders or members, a majority of the voting rights in it.
6 The Central Repository would either be an existing Government Department or an agency set up specifically, by Government, for the purpose.
7 In other words the TTP must have some authentication procedure which enables it reliably to distinguish a properly authorised warrant from a fraudulent application, and must be able to show that its procedures allow delivery to be made only to the central repository.
8 "receiving" denotes the authority in the country which has jurisdiction over the TTP. 9 "requesting" denotes the authority seeking access to the keys.