Skip to main content
SpringerLink
Log in

Crypto in Europe — markets, law and policy

  • Conference paper
  • First Online:
Book cover Cryptography: Policy and Algorithms (CPA 1995)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1029))

Included in the following conference series:

Abstract

The public debate on cryptography policy assumes that the issue is between the state's desire for effective policing and the privacy of the individual. We show that this is misguided.

We start off by examining the state of current and proposed legislation in Europe, most of which is concerned with preserving national intelligence capabilities by restricting the export, and in cases even the domestic use, of cryptography, on the pretext that it may be used to hide information from law officers. We then survey the currently fielded cryptographic applications, and find that very few of them are concerned with secrecy: most of them use crypto to prevent fraud, and are thus actually on the side of law enforcement.

However, there are serious problems when we try to use cryptography in evidence. We describe a number of cases in which such evidence has been excluded or discredited, and with a growing proportion of the world economy based on transactions protected by cryptography, this is likely to be a much more serious problem for law enforcement than occasional use of cryptography by criminals.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. RJ Anderson, “Solving a class of stream ciphers”, in Cryptologia v XIV no 3 (July 1990) pp 285–288

    Google Scholar 

  2. RJ Anderson, “UEPS — A Second Generation Electronic Wallet”. in Computer Security — ESORICS 92, Springer LNCS 648, pp 411–418

    Google Scholar 

  3. RJ Anderson, “Why Cryptosystems Fail”, in ACM Conference on Computer and Communications Security (Nov 1993) pp 215–227; journal version in Communications of the ACM v 37 no 11 (Nov 1994) pp 32–40

    Google Scholar 

  4. RJ Anderson, “Liability and Computer Security: Nine Principles”, in Computer Security — ESORICS 94, Springer LNCS v 875 pp 231–245

    Google Scholar 

  5. RJ Anderson, “NHS-wide networking and patient confidentiality”, in British Medical Journal v 311 (1 July 1995) pp 5–6

    Google Scholar 

  6. anonymous, “SESAME”, posted to Internet newsgroup sci.crypt as message 〈154315Z07111994@anon.penet.fi〉, 7th November 1994; and followup postings

    Google Scholar 

  7. C Arthur, news article in New Scientist, 11th March 1995; when accused by a labour spokesman of misquoting, he supplied the tape of his interview to the net. See ‘Re: Britain to outlaw PGP — whats happened so far', posted as article 〈D60F7L.KvH@exeter.ac.uk〉 to sci.crypt, 25 Mar 1995.

    Google Scholar 

  8. RJ Anderson, SJ Bezuidenhout, “Cryptographic Credit Control in Prepayment Metering Systems”, in 1995 IEEE Symposium on Security and Privacy, pp 15–23

    Google Scholar 

  9. Associated Press, “BANKS-ATMS”, wire item 1747, 30 November 1994, New York

    Google Scholar 

  10. KM Banks, Kluwer Security Bulletin, 4 October 93

    Google Scholar 

  11. ED Bartlett, “RMS need to safeguard patient records to protect hospitals”, in Hospital Risk Management v 15 (1993) pp 129–133

    Google Scholar 

  12. MS Baum, ‘Federal Certification Authority Liability and Policy — Law and Policy of Certificate-based Public Key and Digital Signatures', U.S. Department of Commerce Report Number NIST-GCR-94-654

    Google Scholar 

  13. T Berson, private communication

    Google Scholar 

  14. Bank of England, “Crest's security”, in Crest project newsletter, April 1995

    Google Scholar 

  15. S Bortzmeyer, “Data Encryption and the Law(s) — Results”, available from http://web.cnam.fr/Network/Crypto/survey.html (15/12/94)

    Google Scholar 

  16. FP Brooks, ‘The mythical man-month: Essays on software engineering’ (Reading, Massachusetts, 1975)

    Google Scholar 

  17. 'RedCARE — The secure alarm networks', British Telecom, 1993

    Google Scholar 

  18. “Who's Reading Your Medical records?”, in Consumer Reports (Oct 1994) pp 628–632

    Google Scholar 

  19. Cards International has country surveys about once a month; similar information can be found in Banking Technology

    Google Scholar 

  20. Report of 4th Deutschen IT-Sicherheitskongre\, Bad Godesberg, 8–11 May 1995, in Computer Zeitung no 21 (25th May 1995) p 21

    Google Scholar 

  21. S Eisvogel, posting about German ‘Fernmeldeanlagen Ueberwachungs-Verordnung’ of May 4th 1995 to tv-crypt mailing list

    Google Scholar 

  22. Conference debate on security evaluation, ESORICS 94

    Google Scholar 

  23. JL Gailly, “French law on encryption”, posted to Internet newsgroup sci.crypt as message 〈831@chorus.chorus.fr〉, 28 Oct 92 by jloup@chorus.fr (Jean-loup Gailly)

    Google Scholar 

  24. Y Girardot, “The Smart Option”, in International Security Review Access Control Special Issue (Winter 1993/1994) pp 23–24

    Google Scholar 

  25. J Gordon, “How to Steal a Car”, talk given at 4th IMA Conference on Cryptography and Coding, December 1993

    Google Scholar 

  26. R Hanson, “Can wiretaps remain cost-effective?”, in Communications of the ACM v 37 no 12 (Dec 94) pp 13–15

    Google Scholar 

  27. N Hawkes, “How to find the money on lottery street”, in The Times (8/10/94) weekend section pp 1 & 3

    Google Scholar 

  28. A Heuser, writing on behalf of BSI to U Möller, copied at http://www.thur.de/ulf/krypto/bsi.html

    Google Scholar 

  29. P Inman, “Bank of England share system ‘open to fraud’ ”, in Computer Weekly, 23rd March 1995, pp 1 & 18

    Google Scholar 

  30. 'Banking — Key management by means of asymmetric algorithms — Part 1: Principles, procedures and formats; Part 2: Approved algorithms using the RSA cryptosystem, International Standards Organisation, 15th November 1994

    Google Scholar 

  31. L Jackson, “NHS Computer is ‘Paparazzi's Dream’ ”, Press Association report 1520, 1st June 1995.

    Google Scholar 

  32. HM Kriz, “Phreaking recognised by Directorate General of France Telecom”, in Chaos Digest 1.03 (Jan 93)

    Google Scholar 

  33. Labour party policy on the information superhighway, at URL http: www.poptel.org.uk/labour-party/content.html

    Google Scholar 

  34. C Lloyd, “Place your bets while on the hoof”, in the Sunday Times 2nd October 1994 section 2 p 11

    Google Scholar 

  35. N Luck, J Burns, “Your Secrets for Sale”, in Daily Express, 16th February 1994 pp 32–33

    Google Scholar 

  36. S Landau, S Kent, C Brooks, S Charney, D Denning, W Diffie, A Lauck, D Miller, P Neumann, D Sobel, “Codes, Keys and Conflicts: Issues in US Crypto Policy”, Report of the ACM US Public Policy Committee June 1994

    Google Scholar 

  37. W Madsen, “NCIC criticised for open security and privacy doors”, in Computer Fraud and Security Bulletin (Oct 93) pp 6–8

    Google Scholar 

  38. W Madsen, “Norwegian encryption standard moves forward”, in Computer Fraud and Security Bulletin (Nov 94) pp 10–12

    Google Scholar 

  39. Ulf Moeller, “Kryptographie: Rechtliche Situation”, at http://www.thur.de/ulf/krypto/verbot.html

    Google Scholar 

  40. M Newman, “GSM moves past analog”, in Communications Week issue 135 (28 November 1994) p 40

    Google Scholar 

  41. S Orlowski, “Encryption and the Global Information Infrastructure, An Australian Perspective”, this volume

    Google Scholar 

  42. N Pattinson, Schlumberger, personal communication

    Google Scholar 

  43. Racal Research Ltd., “GSM System Security Study”, 10th June 1988

    Google Scholar 

  44. “Counterfet Software Operations”, press release no. OTC 06/27 1135 on CompuServe.

    Google Scholar 

  45. J Randall, “BSkyB set for record £5bn stock market debut”, in The Sunday Times (2nd October 1994) section 2 p 1

    Google Scholar 

  46. MNR Remijn, “Tekst van de memorie van toelichting van de wet tegen crypto”, posted to Internet newsgroup nlnet.cryptografie as message 〈1994Apr15.124341.20420@news.research.ptt.nl〉

    Google Scholar 

  47. D Robinson, “Cellular phones offer chip opportunity”, in Cards International no 98 (24th November 1993) p 10

    Google Scholar 

  48. I Ryan, “Market diversity points way forward”, in Cards International no 111 (13th June 1994) p III

    Google Scholar 

  49. Discussion at Singapore National Computer Board, 30th June 1995

    Google Scholar 

  50. “German Motorway Toll Trial is GSM-Based”, in Smart Card News v 3 no 3 (March 94) pp 41–44

    Google Scholar 

  51. Discussions with staff of Tollpass Ltd., Edinburgh

    Google Scholar 

  52. A Torres, “Commission wants black box, smart cards to enforce road safety”, Reuters RTec 09/02 0804

    Google Scholar 

  53. B Yeltsin, Decree no. 334, 3rd April 1995; English translation at http://www.eff.org/pub/Privacy/

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Cambridge University Computer Laboratory, UK

    Ross J. Anderson

Authors
  1. Ross J. Anderson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Ed Dawson Jovan Golić

Rights and permissions

Reprints and permissions

Copyright information

© 1996 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Anderson, R.J. (1996). Crypto in Europe — markets, law and policy. In: Dawson, E., Golić, J. (eds) Cryptography: Policy and Algorithms. CPA 1995. Lecture Notes in Computer Science, vol 1029. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0032347

Download citation

  • DOI: https://doi.org/10.1007/BFb0032347

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-60759-5

  • Online ISBN: 978-3-540-49363-1

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation