EU: Euro-Clipper Chip scheme proposed
01 September 1995
Thirty-four European nations have agreed to outlaw some of the strongest encryption protocols used in communications networks and make "keys" similar to the controversial US "Clipper Chip" available to governments. Such keys would give governments access to information on any public network, including mobile and data networks. In modern public cryptographic systems, users have two keys: One is public and is used to encrypt messages sent to that user; the other is private and is used to decrypt the message.
The 34-member Council of Europe recommends banning certain forms of encryption unless the government has access to the users' private keys. The policy was approved by the Strasbourg-based Council on 8 September and coincides with a European Commission proposal for a pan-European encryption standard.
Unlike the European Union, the 34-member Council of Europe -which stretches from Iceland to Turkey and includes all EU members - has no statutory powers to enforce its recommendations. However, it is rare for countries to reject Council of Europe recommendation, said Peter Csonka, administrative officer of the Council's division of crime problems and chairman of the committee that drafted the document. But the policy will meet staunch opposition from users who say the proposal threatens corporate security and the development of the Internet in Europe.
The policy has parallels to the Clipper chip, developed by the US National Security Agency to provide officials with a decipher key that serves as a network "peephole". Clipper has been held up because of disputes between legislative bodies, government agencies and industry.
The Council of Europe proposal would: ban the strongest encryption technologies in both public and private networks; provide governments with access to all public networks; telecoms operators responsible for decryption; change national laws to allow judicial authorities to chase hacker across borders.
Csonka said the proposal is an attempt to bridge the divide between modern networks and legal procedure. "The main feel of the piece is that modern information technology should not hinder the police," he said. The document pinpoints complex encryption codes, used in all kinds of networks, as a barrier to European law enforcement.
The recommendation says that the operators should be responsible for cracking encryption codes when requested to do so by the governments. Where operators are unable to crack the codes, governments themselves would be responsible. However, "it remains possible that cryptography is available to the public which cannot be deciphered," the document says. "This might lead to the conclusion to put restrictions on the possession, distribution or use of cryptography."
Computer Weekly International, 21.9.95.