UK government rejects key-escrow resurrection

The Home Office has confirmed that it will not try to resurrect the key escrow debate in light of last week's terrorist attacks on America, but will continue with the enforcement of current encryption laws later this year.

Privacy experts had speculated that the British government would follow the lead of the US Congress, and review its stance on encryption as contained in Part III of the Regulation of Investigatory Powers Act (RIPA). But the Home Office is adamant that this part of the Act, which will grant law enforcement authorities the power to demand decryption keys from companies and individuals, is still on target to be implemented towards the end of the year.

"We believe this is an effective tool for law enforcement agencies, and we will not be reviewing its provision or implementation," said a Home Office spokeswoman.

In response to the bombings of the World Trade Centre and the Pentagon on 11 September, the British government has shown support for a global unilateral approach to surveillance. Cyber-liberty groups are concerned that the Home Office will be tempted to expand the encryption provisions contained in RIPA to mirror President Bush's proposed Mobilization Against Terrorism Act.

"There is a healthy debate over the loss of freedom in the US -- it would be nice to see the same level of debate in England," said Simon Davies, director of Privacy International. "There is a blind acceptance that the US and UK need to form some common public interest pact, but this will ultimately lead us into hell. National agreements have no bearing on the governing requirements of each individual country."

This week, Congress has re-energised the key escrow debate in an attempt to restrict encryption tools that do not contain a backdoor for government surveillance. Similar discussions in 1994 resulted in a proposal for the Clipper chip initiative developed by the National Security Agency (NSA) for the National Institute of Standards and Technology (NIST). This encryption chip used the Skipjack algorithm, which could be decrypted using a process that required two separate keys. The US government proposal attempted to escrow these keys separately with the NIST and the Department of Treasury, on the basis that they could be combined under a court order to decrypt a transmission -- but the plan was unsuccessful.

Cyberliberty advocates had suspected that the British government would take an opportunist approach towards encryption in light of the US terrorist attacks, and use it as an excuse to claw back the RIPA encryption debate. "A sensible reading of history would lead anyone to the conclusion that escrow is a dead instrument," said Davies. "Many public officials have egg on their face after defending the system in the last few years -- they may revive the escrow debate for economic and political self-interest rather than public interest," he added.

The section of RIPA that relates to the investigation of electronic data protected by encryption is one of the final sections of the Act still to be implemented. The Home Office has scheduled its implementation for the end of the year.

See the Surveillance News Section for the latest headlines.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.