By Madeleine Acey,
The British government's recently proposed encryption policy could open the door to human rights abuses, according to Phil Zimmermann, creator of the Pretty Good Privacy (PGP) cryptography software.
British users should create their own grassroots public key infrastructure where they would not give anyone their message encryption keys and would chose who they trusted to hold their digital signature keys, said Zimmermann, speaking Tuesday at the Infosecurity '98 show in London.
The British government's revised plans, released Monday, proposed the introduction of voluntary licensing of companies that provide third-party security services. These would include certification authorities for digital signatures and key recovery agents for encryption.
New rules would also enable law enforcement agencies to obtain a warrant for access to keys to unscramble encrypted communications or stored data, but not digital signatures. This access would apply whether a key recovery agent was used or not. Individual users could be served with a warrant to hand over keys if they were the subject of investigation.
But voluntary licensing does not necessarily mean you can go the way you want and not do licensing, Zimmermann said. "The government could require all business with government is done with keys licensed by government," he said, adding pressure could be exerted, because the government controls a large proportion of the country's economic output.
A system could be imposed where a certification authority would not sign for a signature key unless users handed over their encryption keys, Zimmermann said. "Don't go for this," he said. "We feared exactly this type of regulation by the government, so we made PGP resistant," he said.
Zimmermann said PGP was used by human rights organizations to protect dissidents, and the global aims of e-commerce meant other countries would follow Britain's lead. "Some of these countries are going to be countries that practice torture and persecution. You can cut down on crime, but how far are you willing to go? In some countries, the police are too efficient, and you don't want to live in those countries," he said.
Try TechWeb's RSS Feed!ISIS Papyrus America seeking Software Pre-Sales Analyst in Southlake, TX
Agilent Technologies seeking Business Manager in Bangalore, IN
Covidien seeking Principal Validation Test in Boulder, CO
T-Mobile seeking Unified Subscriber Database Engr in Bellevue, WA
20th Century Fox seeking Sr. Production Software Engineer in Los Angeles, CA
For more great jobs, career-related news, features and services, please visit our Career Center.
TechWeb's FREE e-mail newsletters deliver the news you need to come out on top.
Get definitions for more than 20,000 IT terms.
Editorial and vendor perspectives
