GLOBAL INTERNET LIBERTY CAMPAIGN NEWS  GILC Actions   Presswire  ISSUES  Free Speech   Privacy   Cryptography  Access RESOURCES  GILC Alert   Mailing List  GILC Events  ABOUT GILC  Principles  Members   Mail GILC  Home Page US Site European Mirror

GILC Press Release New Spanish Encryption Policy criticised Global Internet Liberty Campaign Member Statement July 1998 The recently enacted Telecommunications Law 1998 in Spain gives a right to use "strong cryptography systems" to Spanish citizens. However, the new law also implies that some goverment agencies may have access to encrypted communications, by means of mandatory key recovery system in which private keys of Spanish citizens would be stored by the government agencies. The undersigned members of the Global Internet Liberty Campaign believe that article 52(2) of this new law, by stating that "it could be imposed an obligation to notify, either to a General Administration body, or to a public organisation, the algorithm or any other encryption procedure used" opens a door for a mandatory key recovery system in Spain. This requirement may turn out to have a negative impact, politically and technically, because: 1) Most experts consider that efficiency of mandatory key recovery systems to fight against crime is very limited. 2) The fact that private keys are stored in a centralized system and therefore available to third persons poses a serious treat to the privacy of Spanish citizens. 3) Because of the intrinsic weakness indicated by item 2, recovery system engenders creates a lack of trust in network communications that could be fatal for electronic commerce. 4) It is contradictory with the main article of the law, that states the right of Spanish citizens to use strong cryptography for privacy reasons. 5) It is at odds with recent European Union initiatives. Therefore, the undersigned members of the GILC urge the Spanish goverment to close the door they just have opened to mandatory key recovery systems, and let encryption develop freely as determined byt the technical and bussiness community, and network users. In a statement issued this morning David Casacuberta, president of Electronic Frontiers Spain (FrEE), an organisation that fights for cyberrights in Spain stated that: "Both privacy in an networked environment and electronic commerce demands a system to transmit data that is secure and trustful. Strong cryptography is a very good solution to these demands, as longs as it is not crippled by mandatory key recovery systems. Now the Spanish goverment has accepted the idea of using strong cryptography. They should notice how strong cryptography does not make any sense if there is a centralized computer system holding private keys. Strong cryptography is useful as long as no trusted third parties are involved. " Supporting the action organised by FrEE, Yaman Akdeniz head of Cyber-Rights & Cyber-Liberties (UK), an organisation who opposes the British government's key recovery initiatives stated that: "Wider political and social uses of information technology which might legitimately require the use of encryption should not be ignored. Such systems as key recovery or key escrow would, make Spain, Britain, or any other EU member state a hostile environment for network development or any other high-tech industry and investment." This press release is available at http://www.gilc.org/crypto/spain/gilc-crypto-spain-pr-798.html Notes for the Media Global Internet Liberty Campaign Member Statement: New UK Encryption Policy criticised, February 1998, is available at http://www.leeds.ac.uk/law/pgs/yaman/crypto-uk.html. The press release for this statement is available at: http://www.leeds.ac.uk/law/pgs/yaman/crypto-ukpress.html GILC, Cryptography and Liberty: An International Survey of Encryption Policy, February 1998, at <http://www.gilc.org/crypto/crypto-survey.html>. A world survey of crypto policies released in February has found that most countries do not restrict the use of encryption. GILC statement, "Human Rights and the Internet," January 1998, <http://www.gilc.org/news/gilc-ep-statement-0198.html>. GILC Resolution in Support of the Freedom to Use Cryptography, September 1996, <http://www.gilc.org/crypto/oecd-resolution.html>. The Labour Party Policy on Information Superhighway before the May 1997 elections, "Communicating Britain's Future," <http://www.labour.org.uk/views/info%2Dhighway/content.html>. European Commission Communication, "Towards A European Framework for Digital Signatures And Encryption," Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions ensuring Security and Trust in Electronic Communication, COM (97) 503, October 1997, at <http://www.ispo.cec.be/eif/policy/97503toc.html>. OECD Cryptography Policy Guidelines: Recommendation of the Council Concerning Guidelines for Cryptography Policy, 27 March 1997, at <http://www.oecd.org/dsti/sti/it/secur/prod/e-crypto.htm>. Cyber-Rights & Cyber-Liberties (UK), "First Report on UK Encryption Policy" is available at <http://www.leeds.ac.uk/law/pgs/yaman/ukdtirep.htm>. Cyber-Rights & Cyber-Liberties (UK) advises Jack Straw, the UK Home Secretary, on the issue of encryption, press release, 02 February, 1998, at <http://www.leeds.ac.uk/law/pgs/yaman/crclukpr-3.html>. British and Foreign Civil Rights Organisations Oppose Encryption Paper, 9 April 1997. See <http://www.leeds.ac.uk/law/pgs/yaman/crypto_b.htm>. "Cryptography and Liberty: Can the Trusted Third Parties be Trusted? A Critique of the Recent UK Proposals," 1997 (2) The Journal of Information, Law and Technology (JILT). <http://elj.warwick.ac.uk/jilt/cryptog/97_2akdz/>. "Scrambling for Safety - Privacy, security and commercial implications of the DTI's proposed encryption policy," Conference Report, 1997 (2) The Journal of Information, Law and Technology (JILT). <http://elj.warwick.ac.uk/jilt/confs/97_2cryp/>. Scrambling for Safety Conference web site is at <http://www.privacy.org/pi/conference/dti/>. Internet Engineering Task Force statement, "Internet groups critical of government proposals to restrict encryption technology," at <http://info.isoc.org:80/whatsnew/cryptog.html>. Abelson, Anderson, et al., "The Risks of Key Recovery, Key Escrow, and Trusted Third Party Encryption," 1997, at <http://www.crypto.com/key_study/>. IRIS Report, "Cryptography : on the necessity of totally liberalising the French law," at <http://www.iris.sgdg.org/documents/rapport-ce/annexe7.html> The Walsh Report, "Review of policy relating to encryption technologies," at <http://www.efa.org.au/Issues/Crypto/Walsh/>. Kryptographie, Cryptography resources in German from FITUG, at <http://www.fitug.de/ulf/krypto/>.