UKcrypto mailing list topic, and future

[[EMAIL PROTECTED] [EMAIL PROTECTED]]

> -----Original Message-----
> From: Tom Thomson [mailto:[EMAIL PROTECTED]
> Sent: 29 March 2003 02:35
> To: [EMAIL PROTECTED]
> Subject: Re: UKcrypto mailing list topic, and future
> 
> The core discussions on the list have drifted a long way from
> cryptography.  We spend a lot of time on things like retention
> of and access to communications data, perhaps because the same
> act (RIPA) which provides government access to cryptographic
> keys also provides a new regime for communications data.
> Personally, I find the wider scope useful.

Very much agreed.

> Perhaps the list charter should be broadened to cover UK
> government policy and legislation relating to privacy of access
> to data whether encrypted or not?  Or is that going to be too
> broad (as opposed to the current official scope of the list,
> which I feel is too narrow)?

I could cope with that in a somewhat limited sense (see below).  As I say, I
do fear that too much of a scope change could widen the actual range of
discussion into uselessness, whereas now, the wandering is generally within
a useful and interesting range...  at least subjectively to me.

> If the original scope were enforced, presumably we should only
> discuss identity cards in terms of the cryptographic technology

Um - the list is not meant to be about technology, but policy.

> that might be employed in connection with them, and not discuss
> any other aspect of identity card deployment.

I'm sorry, but the other aspects are both significantly important, and, I
feel, somewhat within the scope of the group's agreed remit.

I just went back and had a very careful look at the topic header:

] The group, supported by a mailing list, 
] is comprised of people with a professional 
] interest in the formulation and content of UK 
] government policy on the provision, use and 
] control of encryption products and services 
] in the UK. It was formed in response to the 
] 1996 announcement of UK policy on the provision 
] of encryption services on telecommunications 
] networks.

Note that it does not require us, at least at this point, to confine our
interest strictly to encryption - it merely sets a focus...   The real meat
comes here:

] The aim of the forum is to exchange information and 
] co-ordinate actions in order to achieve a UK government 
] policy which: 
] 
] 1. preserves existing freedoms within the UK 
] in respect of the design, development, provision 
] and use of encryption products and services 
] 
] 2. is workable in practice given other constraints 
] and factors which are beyond the control or influence 
] of the UK government 
] 
] 3. meets the common interests of people in the UK in 
] combating crime and terrorism whilst minimising 
] intrusion into their lawful activities and any 
] unnecessary erosion of their privacy 
] 
] 4. is set out clearly, precisely and unambiguously 
] to meet clearly stated objectives which are 
] demonstrably achievable in political, legal and 
] technical terms 
] 
] 5. consistent with the above, minimises any 
] (domestic or export) controls on encryption 
] products and services, removing any existing 
] controls which are unachievable whilst clarifying 
] the scope of those that remain and the processes 
] that will be used to implement them 

Now it seems to me that much of the discussion of late has concentrated on
areas covered by (3) above,  with significant spread into (4).   OK, it may
have not been specifically on the cryptographic issues,  but it has been on
the specific issue of making sure that we "achieve a government policy which
... meets the common interests of people in the UK in combating crime and
terrorism whilst minimising intrusion into their lawful activities and any
unnecessary erosion of their privacy".

All right, it has concentrated on privacy issues, data retention issues, and
so on rather than on crypto technology,  but a reasonable case can be made
for arguing that since this is underpinned by a common (if often unspoken)
knowledge of the limitations of the cryptography that government would
perhaps claim to be making such moves necessary, or would claim to use to
make such facilities "safe" and so on, it is still an important aspect of
the purpose of this group in its current remit.

One could even argue that the most off-topic posts are those dealing with
Palladium etc., which are clearly crypto, but are at present purely
technical issues, or commercial "blue sky" and therefore not (at least
currently) bearing any close relationship to government policy - although a
case can be made again that they must have an influence in shaping
government thoughts on future policy.

But actually, I think that the group has stayed remarkably well within the
actual stated purposes, all things considered.  

The ONLY bit of the header page that I disagree with is in fact two words:

] Please try and restrict postings to UK
] **** Encryption law **** and try not to 
] stray onto general cryptology topics. 
] The following topics for instance are 
] not appropriate:

Since few of us are lawyers, requiring the posts to be on encryption LAW as
such, seem s to me to be perhaps restrictive - something like "national
encryption policy" would perhaps be more appropriate.

Given the wide scope that the rest of the header gives us,  if people
actually want the discussion framework widening slightly to legitimise the
recent debates, then changing "** encryption law **" to a phrase such as
"national encryption and information privacy policy" would be the only
suggestion I could make - within such a change, most recent discussion would
be covered, while hopefully not overly extending the scope of the list.

Dave.