Home Page | About Us | Press Enquiries| Reports | Policy Issues | News Items | Press Releases | Mailing Lists | Bookstore |
E-mail: crypto-policy@cyber-rights.org
Copyright ?1996 - 2001 Cyber-Rights & Cyber-Liberties (UK)
These pages by Cyber-Rights & Cyber-Liberties (UK) provide information on the UK Government's Encryption Policy. Apart from our reports, press releases and information about campaigns, these pages also provide information and news items related to the whole of the cryptography policy. The developments within the US and the European Union are closely monitored. Background information on what is cryptography and encryption is provided by the below sections. These background information will be helpful to understand the UK Policy on Encryption.
Developments following the attacks on America on 11 September, 2001
BBC News, Net surveillance 'fatally flawed', 01 October, 2001
The Observer calls
for key escrow, 30 September, 2001
There are, however, important
initiatives that Mr Blunkett could take. By far the most effective would be the
curtailing of the complex encryption terrorists use to protect their
communications. Organisations using encryption codes legitimately should be
obliged to give the electronic key to the appropriate police authority in
advance. European Union proposals for greater information sharing and the
establishment of a EU-wide certificate of arrest for terrorists are also
welcome.
The Straw interview with Sue MacGregor on the BBC Today Programme, 28 September, 2001. You can also listen the Jack Straw interview (MP3 file)
BBC News, Net
freedom fears 'hurt terror fight', 28 September, 2001
UK Foreign Secretary Jack Straw
says "naive" campaigners against stronger Internet surveillance laws
have hurt the anti-terror fight. He suggested that with stronger powers, the
security services might have detected some of the 11 suicide hijackers who are
now known to
have passed through the UK on their way to the US. Note also Straw
takes swipe at liberals, The Guardian, 29 September, 2001
Liberal Democrats, Straw
must produce evidence of need to change Internet surveillance laws, 28
September, 2001
Simon Hughes MP, Liberal Democrat Shadow Home Secretary, responding to the Home
Secretary’s comments that “naïve?civil liberties campaigners against
stronger internet surveillance laws have undermined the fight against terrorism,
said: “The Regulation of Investigatory Powers Bill was the right law to pass
at the time on the evidence available. If the Government think that a law
only just on the statute book needs changing literally a few months later, then
they must come back with the argument and evidence. Reasonable legislation is
always likely to command parliamentary support. Unnecessarily wide legislation
will always be revised. Recent conversations with City of London authorities
lead me to believe that many of the powers that have not been used in the past
are at last being used to good effect. We should not increase powers if the
law as it stands is already sufficient.?The Guardian, The
statutes of liberty: The LibDems say that new encryption laws are not needed,
27 September, 2001
Philip Zimmermann, No
Regrets About Developing PGP, 24 September, 2001.
"....strong cryptography does more good for a democratic society than
harm, even if it can be used by terrorists."
Akdeniz, Y.; Taylor, N.;
Walker, C., Regulation of Investigatory Powers Act 2000 (1): Bigbrother.gov.uk:
State surveillance in the age of information and rights, (2001) Criminal Law
Review, (February), pp. 73-90 at http://www.cyber-rights.org/documents/crimlr.pdf
(Published in this format with permission from Sweet & Maxwell, the
publishers of the Criminal Law Review)
Better
Regulation Task Force Recommendations
related to the Regulation of Investigatory Powers Act 2000 - March
2001.
Note also: Cyber-Rights & Cyber-Liberties (UK) Response
to Better Regulation Task Force Review of E-Commerce, 12 October,
2000. Better
Regulation Task Force Review of e-commerce, Regulating
Cyberspace: better regulation for e-commerce, (PDF
version) was published on 14 December, 2000. See also the Principles
of Good Regulation and the related
pages. The Government
response to the Task Force review is published in March 2001.
Cyber-Rights.Net Launch - November 2000, http://www.cyber-rights.net
Cyber-Rights.Net Forms Alliance with Hush Communications to offer HushMail Private Label to Internet users.
Leeds, UK & Dublin, Ireland—(November 01, 2000) Cyber-Rights & Cyber -Liberties (UK) have partnered with Hush Communications to campaign against the Regulation of Investigatory Powers Act (RIP) 2000, which passed into law in October this year. The Regulation of Investigatory Powers (RIP) Act outlines the extended reach of the UK government’s law enforcement and security agencies in regards to the monitoring and interception of communications across the Internet, and government access to encryption keys. Similar proposals are currently being discussed by the Council of Europe which would give law enforcement agencies extended powers and capabilities for Internet monitoring in more than 40 countries.
In an effort to raise public awareness of these important policy issues and to encourage Internet users to use secure communications, Cyber-Rights & Cyber-Liberties (UK) are launching the Cyber-Rights.Net project. The project offers Internet users HushMail Private Label, an encrypted email solution, that employs Hush’s patent-pending Hush Encryption Engine ™. With HushMail Private Label, Cyber-Rights.Net will be able to offer its visitors and users end-to-end secure email through, http://www.cyber-rights.net. HushMail Private Label fully integrates Hush’s roaming key pair management technology into the Cyber-Rights.Net system enabling its users to send and receive secure mail from any location with access to the Internet throughout the world.
Mr. Yaman Akdeniz, Director, Cyber-Rights & Cyber-Liberties (UK) stated:
"Both the Website and project promote privacy of communications and hope to raise awareness for security on the Internet. In the absence of clearly defined conditions and safeguards protecting the privacy of communications in homes and in working environments, it is time for the individual to take action and protect their communications. Cyber-Rights.Net will be an additional tool for concerned Internet users when securing their communications."
Cyber-Rights & Cyber-Liberties (UK) is dedicated to the promotion of secure and private communications over the Internet and has been influential in the national and international policy making process.
Jon Matonis, CEO of Hush Communications said, "We are excited to be a part of the Cyber-Rights & Cyber-Liberties project. HushMail Private Label will offer Cyber-Rights.Net users the most secure and user-friendly email solution available on the market today. From everyday Internet users to legal and medical professionals, Hush protects online communications."
From its inception, Hush Communications has been dedicated to the privacy rights. The company’s core technology was specifically developed to protect the communications and transactions of anyone with access to the Internet. While Hush offers a variety of products and services for sale, its flagship product, HushMail.Com (www.hushmail.com), provides fully encrypted, Web-based email, free of charge, to the general public. Hush posts its source code for review and download at www.hush.ai.
Chairman: The Rt Hon Tom King CH MP, Intelligence Services Act 1994 Chapter 13. Presented to Parliament by the Prime Minister by Command of Her Majesty, NOVEMBER 1999.
Other Matters
72. In light of the Government's proposals for the regulation of electronic commerce, we asked for evidence from the Home Office and Agencies on the effect that commercial encryption technologies would have on the work of the Agencies. The Agencies and law enforcement organisations stated that the ability to intercept and monitor communications in real time provides both the initial intelligence needed to mount operations and the ongoing intelligence to bring them to a successful conclusion. GCHQ stated in their evidence that ***
***
***
***
***
Currently *** of GCHQ's intelligence reporting results from the successful application of cryptanalytic and other technical skills. The Security Service told us that ***
***
***
The SIS stated that ***
***
***
***
73. The Home Office stated that "It is, however, the potential use of encryption rather than its current application which gives rise to the greatest concern. Communications technologies are converging around common digital protocols in a way which will soon allow new encryption methods to be applied equally to voice as to internet data traffic. When that happens, if nothing were done, the valuable interception capability would be progressively lost to the law enforcement services and to the Agencies". We therefore welcome the Government's proposals under the Electronic Commerce Bill to include powers to issue orders for the production of keys held by any person where they are required in order to decrypt material which has been, or is being, lawfully acquired. We understand that this would include interceptions under the Interception of Communications Act 1985 which is currently also under review. We will report to you as this matter develops.
Home Office Press Release, 28/07/2000,
RIP Bill receives Royal Assent
236/2000 28 July 2000 0207 273 4610
The Regulation of Investigatory Powers Act 2000 (RIPA) updates the law on the interception of communications to take account of technological change such as the growth of the Internet. It also puts other intrusive investigative techniques on a statutory footing for the very first time; provides new powers to help combat the threat posed by rising criminal use of strong encryption; and ensures that there is independent judicial oversight of the powers in the Act. RIPA ensures that individual rights are protected, the interests of business are respected, and effective powers are in place to catch criminals.
Commenting on RIPA, Home Secretary Jack Straw
said:
"The Regulation of Investigatory Powers Act 2000 (RIPA) will
ensure that the UK's law enforcement and security agencies have
the powers they need to do their job effectively in a changed
technological world. "New communications tools such as the
Internet offer up huge legitimate benefits for us all. But
serious criminals too have always been quick to jump on the
latest technological bandwagon in their efforts to evade
detection. The "e" prefix can apply to today's
criminals as well as to commerce. RIPA will play a vital role in
combating this very real threat. "In updating law
enforcement powers, we have been careful to see that individuals'
rights are properly protected. We recognise that powers such as
interception are intrusive. That is precisely why they should be
very closely regulated. RIPA ensures that this is the case. And
it also ensures that other traditional law enforcement techniques
- such as the use of agents - are, for the very first time,
subject to proper statutory controls and safeguards. "We
have also listened to industry's views throughout the passage of
the legislation and made changes as a result. This is all about a
balance. We believe that RIPA strikes the right one. This is an
important Act. And not just for those who are hooked up to the
Internet now. We all have an interest. The RIPA powers, simply
put, are essential to help keep the UK a safe place for everyone
to live and work."
Background
Interception and access to communications data (Part I)
Part I of the Act updates the previous interception law
(Interception of Communications Act 1985- IOCA) to encompass all
communications service providers. This includes Internet Service
Providers (ISPs). Interception must be personally authorised by
the Secretary of State and only when the strict criteria laid
down in the Act are met. There is a provision in section 12 of
the Act which enables the Secretary of State to require
individual communication service providers to maintain a
reasonable intercept capability, by means of a notice. But this
must be subject to a consultation process involving industry and
any draft notice must be approved by both Houses of Parliament.
The Government has announced that it will set aside ?0m over
three years from April 2001 to 2004 to ease the introduction of
the new arrangements. The Act also includes a provision to
establish a Technical Advisory Board, which will be comprised of
Government and industry members, to oversee notices served on
communications service providers requiring the maintenance of an
intercept capability. The Government will be working with
industry over the proper make up of the TAB. Part I of the Act
also introduces comprehensive statutory controls, for the first
time, governing access to communications data (e.g. billing
information). Access must be properly authorised, for specified
purposes only, and is subject to independent oversight.
Surveillance and covert human
intelligence sources (Part II)
Part II of the Act regulates techniques (e.g. use of
agents/informants) which have been used for many years by law
enforcement, security and intelligence agencies, but which have
up until now
Encryption (Part III)
Part III establishes a power to require any person
served with an appropriate notice to disclose protected (e.g.
encrypted) information in an intelligible form ("plain
text"). The power is ancillary to all statutory and
non-statutory powers and functions of public authorities. Its use
requires proper and specific permission. A number of statutory
requirements must be met before any such permission can be given
to exercise the disclosure power. There are extra requirements
where a decryption key - rather than plain text - is desired. The
Act sets out statutory safeguards for the protection of all
information obtained under the Part III power. There are
associated offences.
Oversight and complaints (Part IV)
Part IV of the Act sets out the oversight and complaints
mechanisms for the powers in the legislation. This includes
independent Commissioners (who must be judicial figures) with a
statutory responsibility to oversee the exercise of the powers
and an independent Tribunal to hear complaints. Part IV also
deals with codes of practice, covering all parts of the Act,
which will be admissible as evidence in criminal and civil
proceedings.
Further details
The text of the Act, explanatory notes and initial draft
codes of practice can be found on the Home Office website at: http://www.homeoffice.gov.uk/oicd/ripbill.htm
Text of the RIP Bill as amended on Report in the House of Lords, (13th July 2000)
Discussions
related to Part III, INVESTIGATION OF ELECTRONIC DATA
PROTECTED BY ENCRYPTION ETC
House of Lords, Report Stage, Regulation of
Investigatory Powers Bill, Wednesday 13 Jul 2000
In relation to Clause 52 ("tipping-off offence"), Lord Bassam of Brighton stated that "We do not believe that those criticisms are justified. The clause is carefully worded and contains safeguards and restrictions. Indeed, I believe that some commentators have now begun to acknowledge that. However, we do believe that these amendments would damage the position. I am sure that that would not be the intention either of the Leeds University CyberLaw Research Unit (a reference to the submission of the Cyber-Rights & Cyber-Liberties (UK) on 11 July, 2000) or of the noble Lord, but that would be the effect." Lord McNally: My Lords, I am sure the Minister knows that, almost while he speaks, the CyberLaw Research Unit will be looking at every word. In the meantime, until I receive a response from the group, I beg leave to withdraw the amendment. Amendment no 77, by leave, withdrawn. The point raised by Cyber-Rights & Cyber-Liberties (UK) was explained by Lord McNally:
Clause 52 [Tipping-off]:
Lord McNally moved Amendment No. 77:
Page 57, leave out lines 6 to 9 and insert ("that any of the matters falling within subsection (1A) not be disclosed to any person such that--
(a) the safety or well-being of any person;
(b) the effectiveness of any investigation or operation; or
(c) the effectiveness of a specific investigatory technique,
would be affected by such a disclosure.
(1A) The matters that may be provided for under subsection (1)
are--
(a) the giving of the notice;
(b) the content of the notice; or
(c) the things done in pursuance of the notice.").
The noble Lord said: My Lords, we reach Clause 52, the famous "tipping-off" clause. I notice that the noble Lord, Lord Cope, the noble Viscount, Lord Astor, and the noble Earl, Lord Northesk, have tabled amendments to this clause as well. Perhaps I may make a general comment, on which I should be interested to receive a response from the Minister. The CyberLaw Research Unit of the University of Leeds--a new name for the noble Lord to put in his little black book--says of the tipping-off clause:
"The tipping-off offence in respect of key seizure is effectively useless for its presumed purpose of preventing those whose keys are seized from tipping-off their colleagues about the Government interest. It has been accepted by the Government that a person whose keys are seized is free to issue a new key immediately although they cannot say that they have done this because of key seizure. But if, on all other occasions in which they issue a new key, they simply say 'here is my new key--my old key is now insecure but not as a result of key seizure', their criminal colleagues can immediately see that the absence of an explanation identifies a law enforcement interest".
I wonder whether there is such a glaring loophole, because, as the Minister knows, of general concern is not the malicious tipping-off but the dilemmas in which it would put wholly innocent people. Amendments No. 77 to 80, standing in my name and that of my noble friend Lord Phillips, seek to tip the balance in tipping-off away from accidental incrimination by making it clear that such accidental incrimination will not fall foul of the law, and that the offence will require actual damage before prosecution. I beg to move.
Lord Bassam of Brighton: My Lords, I must say that I am not as intimately familiar with the findings or practices of the Leeds University CyberLaw Research Unit, nor do I share the absolute knowledge apparently shown by the noble Lord as regards issues such as key seizure, which for a moment I thought might be a form of ghastly malady.
The proposed amendments are the first of a number relating to the circumstances when a secrecy provision may be included in a Section 47 notice. Several general points need to be made on this issue, to which no doubt we shall come when we discuss Amendment No. 85 in the name of the noble Lord, Lord Lucas. At this point I shall confine myself to giving an explanation of why I believe that Amendments Nos. 77 to 80 are undesirable. Ultimately they are undesirable because we believe them to be unnecessary.
We would argue that the present construction of Clause 52 contains a clearly stated requirement in subsection (1) and a secrecy provision can be imposed only when the tests set out in subsection (3) of that clause are fulfilled. In our view, the proposed amendments in this grouping would jumble things around and, we believe, cause difficulties as a consequence. The recipient of a notice would be left needing to exercise some judgment as to whether any disclosure would "affect"--to use the phrase proposed here--any of the matters listed in subsection (1) of the proposed changed clause. We do not believe that this can be right. Furthermore, we are not sure that the word "affect" is either appropriate or right in those circumstances.
More important, Amendment No. 78 would have the effect of removing one of the important safeguards in Clause 52. I do not think that that is what the noble Lord wishes to achieve. Subsection (3) of Clause 52 is there for a purpose. It limits the occasions when a secrecy requirement may be imposed. It says that a secrecy requirement may be included in a Section 47 notice only where this relates to information which has come, or is likely to come, into the possession of the police, HM Customs or the intelligence services--and then only in restricted circumstances. This is an important restrictive safeguard which would be lost through the change proposed by Amendment No. 78. As I said, I do not believe that that is the intention of the noble Lord, but it most certainly would be the effect. It would open things up so that any public authority could consider asking for a secrecy provision to be included in a Section 47 notice. It would widen the possible use of the secrecy requirement. We do not believe that that is right. There is no operational necessity for it.
I know that the Government have been criticised over the proposed tipping-off offence in Clause 52. We do not believe that those criticisms are justified. The clause is carefully worded and contains safeguards and restrictions. Indeed, I believe that some commentators have now begun to acknowledge that. However, we do believe that these amendments would damage the position. I am sure that that would not be the intention either of the Leeds University CyberLaw Research Unit or of the noble Lord, but that would be the effect. I trust, with that explanation, that the noble Lord will feel able to withdraw the amendment.
Lord McNally: My Lords, I am sure the Minister knows that, almost while he speaks, the CyberLaw Research Unit will be looking at every word. In the meantime, until I receive a response from the group, I beg leave to withdraw the amendment.
Amendment, by leave, withdrawn. [Amendments Nos. 78 to 80 not moved.]
Discussions
related to Part III, INVESTIGATION OF ELECTRONIC DATA
PROTECTED BY ENCRYPTION ETC
House of Lords, Report Stage, Regulation of
Investigatory Powers Bill, Wednesday 12 Jul 2000
Press Release - 12 July, 2000, Cyber-Rights & Cyber-Liberties (UK)
Apart from what we published yesterday on Part III and related Code of Practice on Part III of the RIP Bill, we would like to bring the following information to your attention.
The Trade and Industry Committee on its Fourteenth Report on the Draft Electronic Communications Bill, HC 862, 25 October, 1999 stated on paragraph 34 in relation to codes of practices related to Part III that:
"Provision has been made for the Secretary of State of Home Affairs to issue a code of practice 'in connection with the exercise or performance by persons (other than proposed Commissioner and Tribunal) of their powers and duties' under part III of the draft Bill. Such persons are to 'have regard for the code of practice' when performing their duties; but it is expressly provided that failure to comply with any provision of the code will NOT of itself lead to criminal or civil proceedings against the person concerned."
Therefore the Committee stated that "the proposed code of practice may prove to be toothless" and "the impression is given by the legislation that infringements of the code of practice will go unpunished".
Therefore, in Cyber-Rights & Cyber-Liberties (UK)’s view, the safeguards within the Code of Practice are inadequate as there is not even a mention of such offences that may be related to failure to comply with any provisions of the draft Code of Practice.
Moreover, the Government responded on 26 January, 2000, in the Third Special Report of the Trade and Industry Committee, HC199 and stated that:
"The Government is considering carefully how the proposed statutory Code of Practice is to be best operated. The view of the Committee, ......, will be taken into account in bringing forward the RIP Bill".
Furthermore, section 11 of the draft Code of Practice on Part III of the RIP Bill is entitled "Safeguards" but there is no mention of "a specific offence" as it has been recommended by the Select Committee even though paragraph 1.5 (overview section) states that there are "associated offences" BUT there are not.
However, according to Yaman Akdeniz, director of Cyber-Rights & Cyber-Liberties (UK), "the views of the Committee and the concerned parties were not taken into account while the draft Code of Practice (Part III) was drafted. The government once again failed to provide adequate safeguards for the protection of seized encryption keys. We will continue to oppose government access to keys (GAK)."
Dr. Brian Gladman, Technology Policy Advisor, for Cyber-Rights & Cyber-Liberties (UK) stated that:
"The Bill has finally set a requirement for seized keys to be kept safe but the draft Code of Practice sets no standards for this purpose; in consequence the interests of key owners are still at risk. I really cannot see anyone who takes their security seriously being willing to risk their keys in such an inadequate regime."
Cyber-Rights & Cyber-Liberties (UK) would also like to point the interested parties to the European Parliament Resolution which recognised the importance of encryption technology in May 1998. The European Parliament resolution emphasised in paragraph 20 that:
"legal rules on access to keys should not be introduced, as the measure is not commensurate with the expected result, particularly in view of the increased possibility of misappropriation of the keys, invasion of personal privacy, cost, and lack of efficacy."
Yaman Akdeniz, director of Cyber-Rights & Cyber-Liberties (UK), added: "So despite the issue being recognised at the European Parliament, the UK government decided to push forward its desire to access encryption keys. The views of the European Parliament should have been taken into account and GAK should have never been introduced."
Press Information:
This press release is at http://www.cyber-rights.org/press/
Cyber-Rights & Cyber-Liberties (UK), A Critique of Part III, Regulation of Investigatory Powers Bill, 11 July, 2000, at http://www.cyber-rights.org/reports/part-iii.htm
Brian Gladman's comments on Draft Home Office Code of Practice on Part III (Investigation of electronic data protected by encryption etc) of the Regulation of Investigatory Powers Bill, 11 July, 2000 is at http://www.cyber-rights.org/reports/p3copcom.pdf. Brian Gladman states that "fears about the impact of this Bill on trust and confidence in the provision of Internet security services are well founded. The UK’s e-commerce aspirations are now at risk." An important conclusion of the Gladman paper is that "this code of practice is seriously deficient in respect of the requirements for seized encryption key protection" by the UK government.
European Parliament Resolution on the communication from the Commission to the Council, the European Parliament, the Economic and Social Committee and the Committee of the Regions on ensuring security and trust in electronic telecommunication - towards a European framework for digital signatures and encryption (COM(97)0503 - C4-0648/97), 20 May 1998, A4-0189/98.
The Home Office published the Preliminary draft codes in relation to RIP: These documents are circulated by the Home Office in advance of enactment of the RIP Bill as an indication of current thinking. They will be subject to changes and additions. See http://www.cyber-rights.org/crypto/ for details and links.
Contact Information:
Mr. Yaman Akdeniz, Director of Cyber-Rights &
Cyber-Liberties (UK),
CyberLaw Research Unit, Centre for Criminal Justice Studies,
University of Leeds, Leeds, LS2 9JT,
Tel: +44 (0) 498 865116, Fax: +44 (0) 7092199011
E-mail: lawya@cyber-rights.org
Dr. Brian Gladman, Technology Policy Advisor, Cyber-Rights
& Cyber-Liberties (UK)
Worcester, UK
E-mail: brg@cyber-rights.org
NEW: Brian Gladman's comments on Draft Home Office Code of Practice on Part III (Investigation of electronic data protected by encryption etc) of the Regulation of Investigatory Powers Bill, 11 July, 2000 is at http://www.cyber-rights.org/reports/p3copcom.pdf Please report any errors in the transcription of the CoP to brg@gladman.uk.net Brian Gladman states that "fears about the impact of this Bill on trust and confidence in the provision of Internet security services are well founded. The UK’s e-commerce aspirations are now at risk." An important conclusion of the Gladman paper is that "this code of practice is seriously deficient in respect of the requirements for seized encryption key protection" by the UK government.
Cyber-Rights & Cyber-Liberties (UK), Press Release - 11 July, 2000
LEEDS - Cyber-Rights & Cyber-Liberties (UK) today published its comments on Part III of the Regulation of Investigatory Powers Bill (based upon the latest version of the Bill) by taking into account the related Home Office Code of Practice on Part III.
The document (http://www.cyber-rights.org/reports/part-iii.htm) is an annotated version of Part III of the Regulation of Investigatory Powers Bill in which italic (blue) text has been added where Cyber-Rights & Cyber-Liberties (UK) considers that the proposals still pose serious difficulties in respect of the rights of honest Internet users.
The concerns raised in the CR&CL(UK) statement (which has been sent to members of House of Lords) is for the most part, confined to those raised by Part III dealing with the seizure of encryption keys. The statement, furthermore, raises three important questions to be answered by the Government in relation to seizure of encryption keys (see the statement - http://www.cyber-rights.org/reports/part-iii.htm).
In relation to the protection of keys for digital signatures, the CR&CL(UK) document states that, in practice, clause 47(9) is ineffective in protecting many signature keys if the clauses giving access to keys remain in the Bill. We believe this will undermine the use of digital signatures and hinder the development of e-commerce soon after the enactment of the Electronic Communications Act 2000, which intended to facilitate such developments.
Among other points raised, CR&CL(UK) statement argues that section 48(3) is very damaging and should be completely removed. If this clause stays, trust and confidence in the use of public key cryptography for both confidentiality and signature purposes will be seriously undermined. And this is certain to have an impact on UK e-commerce aspirations.
Press Information:
Cyber-Rights & Cyber-Liberties (UK), A Critique of Part III, Regulation of Investigatory Powers Bill, 11 July, 2000, at http://www.cyber-rights.org/reports/part-iii.htm
The Home Office published the Preliminary draft codes in relation to RIP: These documents are circulated by the Home Office in advance of enactment of the RIP Bill as an indication of current thinking. They will be subject to changes and additions. See http://www.cyber-rights.org/crypto/ for details and links.
This press release is at http://www.cyber-rights.org/press/
Contact Information:
Mr. Yaman Akdeniz, Director of Cyber-Rights &
Cyber-Liberties (UK),
CyberLaw Research Unit, Centre for Criminal Justice Studies,
University of Leeds, Leeds, LS2 9JT,
Tel: +44 (0) 498 865116, Fax: +44 (0) 7092199011
E-mail: lawya@cyber-rights.org
Dr. Brian Gladman, Technology Policy Advisor, Cyber-Rights
& Cyber-Liberties (UK)
Worcester, UK
E-mail: brg@cyber-rights.org
Mr. Nicholas Bohm, E-Commerce Policy Adviser, Cyber-Rights
& Cyber-Liberties (UK);
Member of the Law Society’s Working Party on Electronic
Commerce
Salkyns, Great Canfield, Takeley,
Bishop’s Stortford CM22 6SX,
Tel: +44 (0) 1279 871272,
Fax: +44 (0) 1279 870215
E-mail: nbohm@cyber-rights.org
New: The Home Office publishes the Preliminary draft codes: These documents are circulated by the Home Office in advance of enactment of the RIP Bill as an indication of current thinking. They will be subject to changes and additions. This circulation is not the publication referred to in clause 69(3) of the Bill, which can only take place after enactment. This is a preliminary draft on which comments are welcomed. Further, informal consultation will be required before the formal consultation process begins under clause 69(3) of the Bill.
Part I: Interception of Communications
and Accessing Communications Data (file
size 116 Kb)
Part II: Covert Surveillance (file size 177 Kb)
Part II: Use of Covert Human
Intelligence Sources (file size 107 Kb)
Part III: Investigation of Electronic
Data Protected by Encryption etc (file size 143 Kb)
UPDATE: Cyber-Rights & Cyber-Liberties (UK), A Further Open Letter to the House of Lords concerning the Regulation of Investigatory Powers Bill, 29 June, 2000, at http://www.cyber-rights.org/reports/hl-let2.htm - This is an updated version of the 27 June letter to the House of Lords as on 26 June, 2000 (the day we wrote to the House of Lords), the Government introduced a series of amendments in the House of Lords in an effort to reduce opposition to this legislation. Since these amendments were introduced after we first raised our concerns with the House of Lords, this letter repeats our earlier input but with the addition of comments on the extent to which the Government amendments allay our fears. The new sections are in italic text.
Cyber-Rights & Cyber-Liberties (UK), Press Release - 27 June, 2000
LEEDS - Cyber-Rights & Cyber-Liberties (UK) today sent an open letter to members of the House of Lords in relation to the Regulation of Investigatory Powers ("RIP") Bill. The six page letter expressed concerns of the CR&CL(UK) Board members that the proposed Bill will not achieve the desired result. Indeed, it is our carefully considered opinion that a number of provisions will have the opposite effect and will bring aspects of UK law into direct conflict with the European Convention on Human Rights ("ECHR").
The letter further explains that CR&CL(UK) does not believe that the proposed measures will provide an effective way of dealing with criminal misuse of the Internet but will instead have a detrimental impact on the perceived safety, security and privacy of UK citizens and businesses in Internet use. "This, in turn, will have a highly detrimental impact on the development of electronic commerce in the UK."
The concerns raised in the CR&CL(UK) letter to the House of Lords is for the most part, confined to those raised by Part III dealing with the seizure of encryption keys.
"It is our considered opinion that the powers for key seizure and Internet interception in this legislation fail every one of the CR&CL(UK) tests (that is spelled out in the letter) and also fail the Cabinet Office Regulatory Impact Unit’s principles of good regulation."
The letter concludes urging the House of Lords to reject this legislation and to seek major changes in the Government strategy for countering criminal misuse of the Internet.
Mr. Yaman Akdeniz, Director of Cyber-Rights & Cyber-Liberties (UK) said: "In the absence of widespread public support for the Bill, and with strong criticism from both the civil liberties organisations and the industry, the government should reconsider the content of the Regulation of Investigatory Powers Bill. House of Lords should not support such proposals, which we believe would be a serious curtailment of important and well-established civil rights."
Dr. Brian Gladman, Technology Policy Advisor, Cyber-Rights & Cyber-Liberties (UK) said: "The technical proposals that underpin this legislation will be ineffective against criminals but very costly for both taxpayers and Internet Service Providers; there are more effective and much less costly ways of countering criminal misuse of the Internet."
Mr. Nicholas Bohm, E-Commerce Policy Adviser, Cyber-Rights & Cyber-Liberties (UK) said: "The damage that the Regulation of Investigatory Powers Bill will do to electronic commerce will also hinder the development of the wider social benefits flowing from the Information Society."
Press Information:
The Cyber-Rights & Cyber-Liberties (UK) letter to the House of Lords is available through http://www.cyber-rights.org/reports/hl-lett.htm
This press release is at http://www.cyber-rights.org/press/
British Chambers of Commerce release study : THE
ECONOMIC IMPACT OF THE REGULATION OF INVESTIGATORY POWERS BILL
- ?6bn in 5 years (pdf here)
and Letter
to Home Secretary , 05 June, 2000.
For
extensive coverage of the Regulation of Investigatory Powers
Bill, visit the FIPR RIP Centre at http://www.fipr.org/rip
See also the Home Office Regulation of Investigatory Powers Bill
pages at http://www.homeoffice.gov.uk/oicd/ripbill.htm
which includes a section on Myths and Misunderstandings.
Apparently we all got it wrong! Here are some official documents
of interest:
The Press Notice issued on the Bill's Introduction is available. The Regulatory Impact Assessments on the Bill Part I and Part III are available.
The Bill builds on the proposals set out in the Government's consultation papers Interception of Communications in the United Kingdom - A consultation paper (Cm 4368) published in June 1999 and on Promoting Electronic Commerce - Consultation on Draft Legislation and the Government's response to the Trade and Industry Committee's Report (Cm 4417) published in July 1999. This is held on the DTI website.
The Responses to the Interception of Communication Act Consultation Exercise are available as is an Analysis of Responses to this exercise. A summary of responses to the Draft Electronic Communication Bill was published by the DTI in November 1999.
Report on technical and cost issues associated with interception of communications at certain Communication Service Providers, (19 April 2000)
Irish
E-Commerce Bill
2000 and Explanatory and Financial memo - "26.
Nothing in this Act shall be construed as requiring the
disclosure of unique data, such as codes, passwords, algorithms,
private cryptographic keys, or other data, that may be necessary
to render information or an electronic communication
intelligible."
Legal
Opinion: FIPR/JUSTICE
Updated Human Rights Audit of RIP Pt.III, 20 March,
2000.
Press
Release: FIPR
on Gladman Report - Provisions for
Government Access to Keys, 28 February, 2000 - The report
analyses the Government's proposals for safeguarding seized keys,
finding that they take no account of the technical security
measures used by government to protect their own keys, and make
no provision whatsoever for keys seized under RIP to enjoy
comparable levels of protection. Hundreds of public authorities
are able to demand keys (set out over five pages in Schedule.1),
but none are required to take concrete security precautions on
behalf of those who are forced to reveal their keys - whether
suspect or innocent parties in an investigation. The report
concludes that the necessary protection measures will be very
costly to implement and are hence likely to place a very high
burden on UK taxpayers if the interests of the owners of seized
keys are to be fully respected. It concludes that there is a
danger that the costs of such measures will not be met and in
consequence those who have their keys seized will sometimes face
extreme risks to their safety and security.
Cyber-Rights & Cyber-Liberties (UK)
Briefing for the House of Commons, Second Reading
Debate of the "Regulation of Investigatory Powers
Bill", 6 March, 2000, at http://www.cyber-rights.org/reports/crcl-rip.htm
Regulation of Investigatory Powers Bill, HoC
Standing Committee F Discussion, 14 March, 2000 - The debate
is provided as a single html file for easy access at http://www.cyber-rights.org/documents/hc-rip2.htm
RIP
for Individual Rights? By Charles Clarke M.P.,
Minister of State, Home Office, Posted
to ukcrypto mailing list on 13 March, 2000 at http://www.cyber-rights.org/documents/rip-clarke.htm
We are willing to publish any responses that you may have in
relation to Mr. Clarke's opinion which was openly distributed
through the ukcrypto mailing list.
Read the House of Commons (Hansard) Debates on
Regulation of Investigatory Powers Bill (which took place on
6 March, 2000) for an insight into the discussions of the Bill at
http://www.cyber-rights.org/documents/hc-rip.htm
- The debate is provided as a single html file for easy access.
Regulation of Investigatory Powers Bill has been published by the Home Office - 9 February, 2000. See the Bill and the explanatory notes. See further the Home Office web site dealing with the Regulation of Investigatory Powers Bill. The Bill regulates investigatory powers in three areas: Interception of Communications, Intrusive Investigative Techniques, and Access to Encrypted Data. See further http://www.cyber-rights.org/interception/ and http://www.cyber-rights.org/crypto/ pages.
See further the House of Commons Research
Paper on The Regulation of Investigatory Powers Bill [Bill 64 of
1999-2000], (No:00/25), 03 March, 2000, at http://www.parliament.uk/commons/lib/research/rp2000/rp00-025.pdf
According to a Home Office Press Release related to the publication of the RIP Bill in relation to Part III – Decryption Powers:
Encryption is vital to the e-commerce revolution but it can also be misused to devastating effect by criminals, not least in attempts by paedophiles to conceal their activities on the Internet. New decryption powers are vital in order to combat the threat – we need to update the law for the digital age.
The Bill contains proposals to enable law enforcement, security and intelligence agencies to require any person to provide a decryption key or the plain text of specified material in response to the service of a properly authorised written notice.
The power would only apply to material which itself has been, or is being, lawfully obtained. There would be strong safeguards and independent oversight to prevent any misuse of these powers. No agency would be able to acquire extra data through the use of this power.
Last Updated 12/07/2000