In my life, I

The news has been plagued over the last year with stories of the UK Government and major corporations losing CDs with private information on them. But few days ago I notice in a story on the BBC website that the Italian Government has found a novel way to prevent the unauthorised loss of confidential information

Most of the privacy technology used on the Internet, and in many other places, is under-pinned by public-key cryptography; most notably, public-key key agreement protocols and public-key encryption algorithms. Almost all of this technology is based on two incredibly important mathematical algorithms: the Diffie-Hellman key agreement protocol (publicly discovered in 1976) and the RSA encryption algorithm (publicly discovered in 1978). If we hadn’t had these two algorithms, then the security world would have been a very different place. And we almost didn’t have them…

It’s relatively well known now that, before the whole concept of public-key cryptography was publicly discovered by Whitfield Diffie and Marty Hellman in 1976, it was discovered several years before by the UK Government’s military cryptography group at GCHQ.

The notion of public-key cryptography was first invented by James Ellis in 1969 — seven years before the idea would be re-discovered in the public domain. However, Ellis couldn’t come up with a practical system — just a proof of concept system that would never be useable in practice. A practical system was not discovered until 1973, when Clifford Cocks invented the algorithm that we now call the RSA algorithm. The idea, he says, came to him overnight. A few months later, another researcher at GCHQ, Martin Williamson, invented the algorithm that we now call Diffie-Hellman, also overnight.

What is less well-known, and I only recently discovered, is that the UK government also considered patenting the ideas.

This revelation was announced during an invited talk by the cryptography pioneer Clifford Cocks at the Eurocrypt 2008 research conference — the largest and most highly regarded European conference in cryptographic research — which was held this year in Istanbul, Turkey. Geography buffs will be pleased to hear that it was held on the Western bank of the Bospherus river — if it had been held on the Eastern bank, then it would technically have had to be the Asiacrypt conference.

And so it was to a packed house of cryptographers, that Clifford Cocks announced that the UK Government had considered filing a patent on the Diffie-Hellman protocol and the RSA algorithm — the two algorithms which underpin privacy almost everywhere on the Internet. There was a collective gasp, from myself included, but I don’t think that I fully understood the implication of the revelation at that time. Naively, I only thought of the revenue that could have been created.

It’s not clear whether the UK Government would have actively sought to repress public-key cryptography during the 1980s. I think it’s fair to say that most major powers were worried about the proliferation about strong cryptography. Early attempts by the ISO standardisation committee to standardise the RSA algorithm in that decade were blocked for political reasons. However, it’s not really fair to say that this implies that the UK Government would have sought to control the technology, but if they had wanted to repress it, then a patent would have been the perfect weapon in their arsenal.

Regardless of the political controversy, it is fair to say that it is unlikely that RSA Labs are unlikely to have been formed if someone else had held the patent to the RSA algorithm, and this would have profound effects on the development of security technology. After the ISO standardisation committee failed to standardise public-key cryptography, it was RSA Labs that stepped in to help, by producing the RSA PKCS series of standards. These standards underpin the use of public-key key agreement and public-key encryption everywhere.

No public-key cryptography standards means there wouldn

In asking whether the government has got the business case for ID cards right, we need to understand precisely what that business case is. Plenty has been written on how the government has been changing its mind on what benefits the ID cards provide since the inception of the programme. If we look at the speech made by the Home Secretary Jacqui Smith to Demos on the 6th of March 2008 giving an update on the identity card scheme, the justifications are broadly split into two areas.

Firstly, there are a number of preventative measures which have been previously touted as reasons for the scheme

It is still too early to offer a definitive opinion on what went wrong at Soci

In November last year, the Department of Work and Pensions disclosed that they had lost computer media containing the details of millions of people who were entitled to child benefit whilst it was in the process of being sent to the National Audit Office. Worse still, those details included personal bank identifiers on claimants. Despite investigations, at the time of writing this material had not been recovered and nobody knew where it was, or who has access to it. Worse, it was reported that the data was not encrypted. Well, mishaps occur, but in terms of information security, questions arise on precedent and procedure. As this was discussed in answer to a parliamentary question, the matter quickly became public knowledge, became the focus of media attention and left many families with cause for concern regarding the vulnerability of their financial assets. But is this the first time this has happened? Just by looking back six months to April 2007, in reported worldwide incidents we can see that data loss and disclosure from government departments and large organisations is not something new. Look at these:

April 2007

• USA - Bank of America

Cryptography is currently a very active, thriving area of interdisciplinary academic research. Various new proposals for cryptographic algorithms and protocols are published every year. New proposals are usually followed by extensive public scrutiny, which may often uncover design flaws. Lessons learned are incorporated, often leading to more secure and efficient designs in the future. Algorithms are continuously being analysed by the academic community; the old principle of

Although information security (IS) has always been important, the concept of specialist qualifications in