The government's plan for encryption policy, unveiled yesterday, has been condemned as a naive and foolish U-turn reminiscent of a similar Internet security fiasco in the US.
The Department of Trade and Industry (DTI) revealed proposals that will allow the authorities "to gain legal access" to encryption keys "or other information protecting the secrecy of stored or transmitted information." The proposals outlined plans for the controversial Trusted Third Parties policy: a voluntary scheme where third parties would be licenced to provide or facilitate encryption services including keys to encrypted data. "This is an absolute disaster" according to Brian Gladman, an independent information security consultant with thirty years experience working for the Ministry of Defence. "By implementing this undeniable U-turn, the government is making a target of these Trusted Third Parties (TTPs)." He added: "It is impossible to set up the sort of enormous system needed to house all these encryption keys without the risk of security breaches." A point echoed by James Gardiner, marketing manager at Demon Internet. "Using third parties to protect data is a licence to leak." He explained: "If you put your faith in a system that has all the data in one place and it gets hacked, all your private data will be compromised. It's a foolish plan. There's no need for third parties."
The proposals are comparable with the US government's much maligned encryption policy - a policy Whitehouse officials recently admitted is "a failure". It also represents a U-turn on the government's pre-election manifesto which states: "Attempts to control the use of encryption technology are wrong in principle, unworkable in practice and damaging to the long-term economic growth of the information networks." Asked if the government had done a U-turn, a DTI spokesperson said: "The previous government did a private consultation and the response was that a voluntary scheme was definitely the way forward."
But Yaman Akdeniz of the UK's civil liberties organisation Cyber-Rights and Cyber-Liberties said the U-turn is a result of pressure from an EC document called the 'Communication Paper on Encryption and Electronic Signatures' which was released last November and supports TTPs. "The government is naive and is simply falling into line with the European directive," he said.
Gladman believes the U-turn goes deeper: "This has been influenced by civil servants in the upper echelons of government who simply want to maintain a means by which they can access private data." A claim refuted by the DTI spokesperson: "The government simply wants to bring the online world into line with the rest of the world. This system is like a guarantee. It's voluntary. So if you want to use a plumber, you'll look for the Corgi sign to guarantee you quality. This system is the same. If you want privacy guaranteed this system will guarantee it."