From: remail@tamsun.tamu.edu
To: Cypherpunks@toad.com
Message Hash: 42e5f51c395ac6d7e76cd265389d16bab96c3a48fe16b72ebe086856a6e9f310
Message ID: <9309120522.AA22336@tamsun.tamu.edu>
Reply To: N/A
UTC Datetime: 1993-09-12 05:28:16 UTC
Raw Date: Sat, 11 Sep 93 22:28:16 PDT
From: remail@tamsun.tamu.edu
Date: Sat, 11 Sep 93 22:28:16 PDT
To: Cypherpunks@toad.com
Subject: EC isn't great for privacy either...
Message-ID: <9309120522.AA22336@tamsun.tamu.edu>
MIME-Version: 1.0
Content-Type: text/plain
> Wow! And "Gulp." I may have to get my European Community passport
> sooner than I had planned. Does Martinique have a Net connection?
Don't rush out to get your EC passport yet. Below I have included some
exerpts from the EC Information Technology Security Document (ITSEC, aka
Green Book). The referenced sections are from the "Confidentiality" section.
I have put "..."'s where I have skipped over material and all upper case
words are emphasis that I have added.
For those who don't want to read it all, the gist of it is that the EC
folks are also interested in maintaining the government's ability to
intercept private communications. There is also talk about licensing
businesses to use good confidentiality services. Btw. There is also
a mention of PGP which I have left. Its the paragraph right before the
one that mentions Clipper!
--Begin Enclosure
\subsection{Privacy enhancement issues}
\subsubsection{Perception of requirements for privacy enhancement}
\SeiLa{Issue}
Confidentiality is, at times, essential for the good functioning of
administrations, business and human relations.
...
Most business and private users of communication systems are aware of
the conflict between their confidentiality requirements and national
security issues which require the possibility to intercept the
communication in a way regulated by national laws. They accept the
national authorities ability for this interception provided there are
adequate safeguards to prevent unauthorised interception even by
government employees.
...
{\bf Service provision}
The extent to which confidentiality services are provided for a
specific business or citizen could depend on a system of LICENSES or
certificates.
A particular business might qualify for a CONFIDENTIALITY LICENSE
depending on its internal procedures and activities. A general
(minimum) level of confidentiality could be provided to all users.
It should be possible for certain user groups or businesses to use
other confidential services (egproprietary) than the standard ones
provided.
There are strong indications of emerging ``bottom up'' solutions for
these needs (eg the Pretty Good Privacy offering on Internet,
beginning 1993).
Other initiatives (eg the announcement of the ``Clipper Chip'', 16 April
1993) illustrate the growing awareness of governments of the needs of
their citizens for confidentiality services.
...
If a public confidentiality scheme is offered, organised crime could
also subscribe to such a scheme, but as it would include provisions
for legal intercept, it would hardly be attractive. One would expect
that such users would continue to find their own solutions as will the
classified domain.
An open and public service offering a credible level of
confidentiality would therefore provide for the honest user, while not
worsening the situation with respect to public order or national
security.
The combination of international communication and national security
regulations require a common framework for confidentiality services,
which on the one hand interoperate within all Community Member States
as well as with countries outside the Community which themselves may
establish their confidentiality services. This requires either an
overlay approach or gateways which link the different national or
regional services. These gateways are only required where
multinational agreements for co-operation on national security
concerns is not yet established. In this case these gateways may
provide at least an interim solution.
--End Enclosure
Return to September 1993
Return to “remail@tamsun.tamu.edu”