European Union Justice and Home Affairs ministers have been holding a two-day conference in Birmingham to discuss co-operation to combat cyber-crimes. The Home Secretary, Jack Straw, is using Britain's six-month EU presidency to raise awareness of the task facing law enforcement agencies on the Internet. The ministers agreed on Thursday that such agencies must have access to the codes used to scramble information. They warned that unbreakable encryption systems would mean organised crime could pursue its activities unhindered. While there are arguments for police gaining the keys to codes to clamp down on activities such as paedophile rings, there are equally concerns about infringement of civil liberties and privacy. Andrew Orlowski of PC Pro magazine writes for News Online on the great encryption debate:

Turning plain English into scrambled computer code may be a process known only to a select few but, from propeller-headed boffins to Newbies, almost everyone on the Internet seems to have an opinion on encryption.

The temperature of the debate has been raised by the interest now being shown by big business in using the Net and tapping its community of affluent professionals.

Major cost savings have been pinpointed: research by a High Street bank recently costed the overhead of an Internet transaction at 13p, compared to more than a pound for an over-the-counter transaction.

Even more important is the use of the Net for business-to-business transactions, which Netscape dubs the 'Extranet', but is a re-invention of a much older computer industry niche called EDI (Electronic Data Interchange). Research firm IDC predicts that this business will account for 90 per cent of Internet transactions by 2001. And here companies have a problem.

Traditionally EDI took place over secure private networks, rather than the Internet. Unlike these networks, the Internet was designed for reliability, not security, which presents a couple of practical difficulties.

To trade over the Net, a business needs to be convinced that the other party is exactly who they say they are, and also that at the many way-stations through which an electronic messages may pass, no prying eyes can read its contents. This is where encryption comes in.

The most popular solution in use today is public key encryption, one of a number of types of 'strong encryption', so called because of the immense difficulty it takes to unscramble the code by brute force.

Each participant uses two keys - small codes which have been generated from a private pass phrase - one of which is lodged with a third party. This is the public portion, and since it permits access to the communication, must be mutually acceptable to both parties.

But the question of who should be the 'Trusted Third Party' (TTP) is one of the most heated areas of debate.

Naturally, governments are alarmed at criminals using encoded communications and have sought to restrict strong encryption, either by outlawing its use entirely or by licensing trusted third parties.

According to lawyer Alistair Kelman, the bodies suggested for TPT status - our banks, lawyers and accountants - fail to hold the public's trust. He suggests General Practitioners instead.

To complicate matters further, the United States has traditionally classified encryption as a 'munition', and restricted its export.

For Simon Davies, director general of Privacy International, the cure is worse than the illness. In his years of campaigning, he says, "not one law enforcement agency worldwide has produced a substantive, quantified argument for controlling encryption." He fears "an unworkable system used by a minority of 'law-abiding' people."

Davies cites preserving our identity as another defence for allowing strong encryption. In the Middle Ages, when much of the population was illiterate, a person owned their identity...their face. Today, with commercial organizations trading personal information about our incomes and lifestyles, gleaned from a variety of databases and from supermarket 'loyalty' cards, our identity is literally what we consume: a prospect Davies finds alarming.

In principle at least, the EU, committed to 'the free movement of encryption technologies and products', appears to agree.
 

Back to top | BBC News Home | BBC Homepage	©