Requests made to the DTI in relation to the UK encryption policy - On September 1, 1998, Cyber-Rights & Cyber-Liberties (UK) made a request under the Code of Practice on Access to Government Information through the DTI in relation to UK Government's policy on encryption. At the time we did request "background papers and communications between January 1996 and April 1998 concerning UK governments encryption proposals which were prepared by the Department of Trade and Industry. More specifically, we request the background documents involving the following policy documents published by the DTI during this period:
Responses received from the DTI in relation to the above request
(1) - DTI letter dated 4 September, 1998 - This letter confirms the receipt of our request and states that the Information Security Policy Group will process this specific request.
(2) DTI letter dated 19 November, 1998 - The DTI letter states that they "have identified a whole range of papers (in up to 15 separate files) which fall within the boundaries of your request." Furthermore, the letter states that "policy developments during that period you specified (Jan 96 - April 98) was intensive and therefore there are a great deal of letters, papers and internal minutes which cover the subject. To subject such documents to the rigorous analysis required (before any information in them could be considered for release) would be a substantial, and time consuming, task." Therefore, the DTI offered to discuss a "slightly narrower search criteria" together with the offer of a "verbal account of the main developments during that period" which lead into the policy initiatives of June 96 and the revised policy in April 98. The DTI also offered to visit the CR&CL(UK) offices in Leeds for this purpose.
(3) CR&CL(UK) response dated 2 December, 1998 - We did reject the idea of a "narrative" and that "we really want specific papers or information that we can study and refer to." We also requested an "inventory" of what the DTI have identified so far to be able to analyse and narrow our request.
(4) DTI letter dated 22 December, 1998 - The DTI insists on a face to face meeting in order to take things forward. The DTI appreciate that "a narrative is not a substitute for the papers," and we would "appreciate that [they] are not in a position to simply 'hand' the papers over". "The majority are classified and hence we would have to seek permission to release the information from their authors." In relation to our request for an "inventory", the DTI letter state that they are "not at liberty to provide an inventory of possibly relevant papers." However, the DTI did sent "a list of documents (only for us at this stage) in which the main UK policy developments on encryption (since 1994) are charted." The DTI asked us to agree that a "focus" could be made on these documents and if we did agree they would be "happy to start the process of seeing whether any of them could be released."
(5) CR&CL(UK) response dated 24 February, 1999 - CR&CL(UK) once again rejected the idea of having a meeting and insisted on having access to papers rather than a narrative. We also stated that we did find "useful to some extent the list of the documents that you have provided which (according to the above DTI letter) the main UK policy developments on encryption are charted". "We would like you to focus on two items which we believe of interest to us. These are the June 1994 reference (the first one) to a "Ad Hoc Committee on Cryptography". We were not aware of such a Committee and therefore we would like to know more about the activities of that Committee and therefore our request under the Code would now focus on the activities, meetings, constitution, papers and reports, and the membership of this Committee. We would like the process for disclosing such documents which fall within this specific request to start immediately."
In addition, referring to paragraph three of the DTI letter dated 22 December 1998, which states that "you are not at a liberty to provide [us] with an inventory of possibly [all] relevant papers," but we need further information on this issue and if this is not possible we would like to receive an explanation with references to the Open Code of Government Conduct. So we still insist that a full list should be provided as you have provided us a "selective and partial list" so far which did not reveal anything but the existence of the above mentioned Committee. In addition, we would like to see a list of documents which were so far disclosed to the members of the public (if any) in relation to the governments encryption policy through the DTI.
(6) DTI letter dated 18 May, 1999 - In relation to the above mentioned "Ad Hoc Committee on Cryptography", the DTI letter stated that "in developing a Government policy on cryptography, the different parts of Government with an interest in the subject met in committee chaired by the Cabinet Office. We have identified, by their title, some 80 documents which together might give a full account of the workings of the interdepartmental discussions from 1994 onwards. From an examination of a small sample of these documents, it is clear that the information in them is covered by several of the exemptions allowed under the Code, but in particular exemptions 1 and 2. In that connection, I am in no doubt that the harm likely to arise from such disclosure of this information would outweigh the public interest in making the information available. Moreover, the documents often touch on the work of the Security and Intelligence Agencies and such information falls outside the scope of the Code."
In relation to our request for an "inventory", the DTI letter states that "we are not obliged under the Code to produce additional documentation. We believe that the work necessary - perhaps some 15-20 man-days of effort - to prepare inventories of thousands of documents in some 20 files is simply not justified."
In relation to our request to see a list of documents released under the Code to the members of the public, the answer of the DTI is straight forward. "THE ANSWER IS NONE."
(7) So far CR&CL(UK) has not responded to the above DTI letter and instead decided to set up this FOIA section to deal with this issue in public as 9 months of exchange of letters resulted with the release of no papers at all. The next stage will be to take our case to the Parliamentary Ombudsman for a review of our case.
(8) However, see the interesting documents received under the US Freedom of Information Act in relation to David Aaron's visit to London in December 1996 to discuss the UK-USA encryption policies at http://www.cyber-rights.org/foia/usfoia.htm
(9) The Parliamentary Ombudsman ( the Parliamentary Commissioner for Administration) published its report in relation to the UK Government Encryption Policy and access to documents related to such policy through the Department of Trade and Industry (Case No.A23/99). The DTI refused to release information relating to the development of encryption policy. See http://www.parliament.ombudsman.org.uk/pca/document/hc21/hc21-04.pdf or http://cryptome.org/dti-mrj.htm - Please note that this case is not related to CR&CL(UK)'s actions and requests for information through the DTI. If those links do not work please try http://www.ombudsman.org.uk/pca/document/hc21/8915-a23.htm