Crypto in Europe - Markets, Law and Policy
Summary (2 min read)
1 Introduction
- The US Clipper chip initiative has fuelled extensive and acrimonious debate on the privacy versus wiretap issue, and this has spread to other countries too.
- On the one hand, GCHQ permitted the export of over $35m worth of tactical radios to Iraq, which used them against allied forces in the Gulf War on the other, it has made e orts to suppress academic research in cryptography.
- Governments, and in particular by their signals intelligence agencies, claim to be concerned that the growth of commercial and academic cryptography might threaten intelligence and law enforcement capabilities.
- There are tens of millions of these worldwide, with BSkyB having elded 3.45 million in the UK alone by mid 1994 Ran94] they may be the largest single installed base of cryptographic terminal equipment.
Electronic funds transfer at point of sale (eftpos)
- There is a lot of overlap between ATM, eftpos and credit card systems.
- The installed base of eftpos terminals has overtaken that of ATMs in most countries.
- For the last twenty y ears, it has transmitted payment i nstructions between the several thousand banks which o wn it, and its primary use of cryptography is to calculate a message authentication code (MAC) on each p a yment message DP84].
- These range from prepaid cards for public telephones to the much more sophisticated `subscriber identity modules' (SIMs) used in GSM digital mobile phones.
4 The Legal Reliability of Cryptography
- The authors r s t looked at automatic teller machines, and the various frauds which h a ve b e e n carried out against them it turned out that the attacks were not particularly high-tech, but exploited blunders in system design and operation And93]: { one bank wrote the encrypted PIN on the card strip.
- These allow the customer to buy electricity units at a shop and take them home in the form of a coded token, which is inserted into the meter once the units run out, the supply is interrupted.
- The authors conclude that cryptography does not provide any `silver bullet' solution for the old problem of software reliability Bro75] systems which use it are just as likely to fail in unexpected ways as any other computer system.
- In the last three years, defence lawyers have started to challenge the banks' claims that their systems are secure.
- The manager asked how his holiday in Ireland went apparently the information he had in front of him indicated that ATM withdrawals had been made in Omagh.
5 How Realistic is European Public Policy?
- Most crypto is about authenticity rather than secrecy, and an increasing proportion of economic activity relies on it to some extent.
- They are aware that the main problem facing law enforcement is not tra c processing, but tra c selection LKB+94]: in layman's terms, a ten minute scrambled telephone call from Medell n, Columbia, to 13 Acacia Avenue, Guildford, is an absolute giveaway.
- One common modus operandi (in the USA and increasingly the UK) is to use an address agile system | cellular telephones are repeatedly reprogrammed with other phones' identities.
- The authors conclude that the privacy versus police debate is misguided neither the libertarians nor the policemen have a serious case.
6 Conclusions
- The politics of cryptology is often viewed as a Manichaean struggle between the privacy of the individual and the ability of the police to detect crimes such a s money laundering and child pornography.
- The real law enforcement problem is that neither prosecutors nor civil litigants can rely on cryptographic evidence, and in an information based society, this kind of evidence is likely to gure in more and more trials.
- The ITSEC/ITSEM procedure typically takes a y ear and a million dollars to evaluate a security product, while underwriters' laboratories might do the job in a month for twenty thousand dollars ESO94].
- On past form, the authors expect that the securocrats will fail to adapt.
Did you find this useful? Give us your feedback
Citations
1,852 citations
1,133 citations
Cites background from "Crypto in Europe - Markets, Law and..."
...This is the case that most interests us: it includes pay-TV smartcards, prepayment meter tokens, remote locking devices for cars and SIM cards for GSM mobile phones [ 4 ]....
[...]
378 citations
Cites background from "Crypto in Europe - Markets, Law and..."
...This is the case that most interests us: it includes microcontrollers for industrial applications, pay-TV smartcards, prepayment meter tokens, protection dongles for software, hardware identification tags, remote locking devices for cars and SIM cards for GSM mobile phones [73]....
[...]
210 citations
83 citations
References
3,875 citations
2,042 citations
1,605 citations
447 citations
Related Papers (5)
Frequently Asked Questions (10)
Q2. What is the challenge of a major paradigm shift?
It is the challenge of adapting to a major paradigm shift: from intelligence to evidence, from protecting lives to protecting money, from secrecy to authenticity, from classi ed to published designs, from tamper-proof hardware to freely distributed software, from closed to open systems, and from cosseted suppliers to the rough and tumble of the marketplace.
Q3. What countries used to supply considerable quantities of cryptographic equipment to developing countries?
Some European countries, including Switzerland, Belgium and Germany, used to supply considerable quantities of cryptographic equipment to developing countries.
Q4. What is the primary use of cryptography?
For the last twenty years, it has transmitted payment instructions between the several thousand banks which own it, and its primary use of cryptography is to calculate a message authentication code (MAC) on each payment message [DP84].
Q5. What are the common types of mobile phone cards?
These range from prepaid cards for public telephones to the much more sophisticated `subscriber identity modules' (SIMs) used in GSM digital mobile phones.
Q6. What is the market leading supplier of software protection dongles?
The market leading supplier of software protection dongles, Rainbow Technologies, has sold seven million units since 1984; from this business base, it took over Mykotronx, the manufacturer of the Clipper chip [Rai95].
Q7. How much money does it cost to provide a wiretap capability in the USA?
It is very expensive to provide a wiretap capability in a modern digital network; if it is mandated in the USA, phone companies say it could cost $5bn in the rst four years alone.
Q8. What is the common use of microprocessor cards?
These microprocessor cards are more expensive than simple memory cards, and are typically used when some kind of crypto protocol needs to be supported.
Q9. What are the main reasons for the use of cryptographic techniques in car security?
These are starting to incorporate cryptographic techniques to thwart the `sni ers' which can intercept and mimic the signals of rst generation locking devices [Gor93].
Q10. What is the real threat to privacy?
4. The real threats to individual privacy have little to do with crypto but are rather concerned with the abuse of authorised access to data.{