GILC Press Release
New Spanish Encryption Policy criticised
Global Internet Liberty Campaign Member
The recently enacted Telecommunications Law 1998 in Spain
gives a right to use "strong cryptography systems" to
Spanish citizens. However, the new law also implies that
some goverment agencies may have access to encrypted
communications, by means of mandatory key recovery system in
which private keys of Spanish citizens would be stored by
the government agencies.
The undersigned members of the Global Internet Liberty
Campaign believe that article 52(2) of this new law, by
stating that "it could be imposed an obligation to notify,
either to a General Administration body, or to a public
organisation, the algorithm or any other encryption
procedure used" opens a door for a mandatory key recovery
system in Spain. This requirement may turn out to have a
negative impact, politically and technically, because:
1) Most experts consider that efficiency of mandatory key
recovery systems to fight against crime is very limited.
2) The fact that private keys are stored in a centralized
system and therefore available to third persons poses a
serious treat to the privacy of Spanish citizens.
3) Because of the intrinsic weakness indicated by item 2,
recovery system engenders creates a lack of trust in network
communications that could be fatal for electronic commerce.
4) It is contradictory with the main article of the law,
that states the right of Spanish citizens to use strong
cryptography for privacy reasons.
5) It is at odds with recent European Union initiatives.
Therefore, the undersigned members of the GILC urge the
Spanish goverment to close the door they just have opened to
mandatory key recovery systems, and let encryption develop
freely as determined byt the technical and bussiness
community, and network users.
In a statement issued this morning David Casacuberta,
president of Electronic Frontiers Spain (FrEE), an
organisation that fights for cyberrights in Spain stated
"Both privacy in an networked environment and electronic
commerce demands a system to transmit data that is secure
and trustful. Strong cryptography is a very good solution to
these demands, as longs as it is not crippled by mandatory
key recovery systems. Now the Spanish goverment has accepted
the idea of using strong cryptography. They should notice
how strong cryptography does not make any sense if there is
a centralized computer system holding private keys. Strong
cryptography is useful as long as no trusted third parties
are involved. "
Supporting the action organised by FrEE, Yaman Akdeniz
head of Cyber-Rights & Cyber-Liberties (UK), an
organisation who opposes the British government's key
recovery initiatives stated that:
"Wider political and social uses of information
technology which might legitimately require the use of
encryption should not be ignored. Such systems as key
recovery or key escrow would, make Spain, Britain, or any
other EU member state a hostile environment for network
development or any other high-tech industry and investment."
This press release is available at
Notes for the Media
Global Internet Liberty Campaign Member Statement: New UK
Encryption Policy criticised, February 1998, is available at
The press release for this statement is available at:
GILC, Cryptography and Liberty: An International Survey
of Encryption Policy, February 1998, at
A world survey of crypto policies released in February has
found that most countries do not restrict the use of
GILC statement, "Human Rights and the Internet," January
GILC Resolution in Support of the Freedom to Use
Cryptography, September 1996,
The Labour Party Policy on Information Superhighway
before the May 1997 elections, "Communicating Britain's
European Commission Communication, "Towards A European
Framework for Digital Signatures And Encryption,"
Communication from the Commission to the European
Parliament, the Council, the Economic and Social Committee
and the Committee of the Regions ensuring Security and Trust
in Electronic Communication, COM (97) 503, October 1997, at
OECD Cryptography Policy Guidelines: Recommendation of
the Council Concerning Guidelines for Cryptography Policy,
27 March 1997, at
Cyber-Rights & Cyber-Liberties (UK), "First Report on
UK Encryption Policy" is available at
Cyber-Rights & Cyber-Liberties (UK) advises Jack
Straw, the UK Home Secretary, on the issue of encryption,
press release, 02 February, 1998, at
British and Foreign Civil Rights Organisations Oppose
Encryption Paper, 9 April 1997. See
"Cryptography and Liberty: Can the Trusted Third Parties
be Trusted? A Critique of the Recent UK Proposals," 1997 (2)
The Journal of Information, Law and Technology (JILT).
"Scrambling for Safety - Privacy, security and commercial
implications of the DTI's proposed encryption policy,"
Conference Report, 1997 (2) The Journal of Information, Law
and Technology (JILT).
Scrambling for Safety Conference web site is at
Internet Engineering Task Force statement, "Internet
groups critical of government proposals to restrict
encryption technology," at
Abelson, Anderson, et al., "The Risks of Key Recovery,
Key Escrow, and Trusted Third Party Encryption," 1997, at
IRIS Report, "Cryptography : on the necessity of totally
liberalising the French law," at
The Walsh Report, "Review of policy relating to
encryption technologies," at
Kryptographie, Cryptography resources in German from