A CRITIQUE OF
PART III, REGULATION OF INVESTIGATORY POWERS BILL
INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC.
BY CYBER-RIGHTS & CYBER-LIBERTIES (UK)
11 JULY, 2000
This document is an annotated version of Part III of the Regulation of Investigatory Powers Bill in which italic (blue) text has been added where Cyber-Rights & Cyber-Liberties (UK) considers that the proposals still pose serious difficulties in respect of the rights of honest Internet users.
Power to require disclosure
47. Notices requiring disclosure.
47(1) This section applies where any protected information-
(a) has come into the possession of any person by means of the exercise of a statutory power to seize, detain, inspect, search or otherwise to interfere with documents or other property, or is likely to do so;
(b) has come into the possession of any person by means of the exercise of any statutory power to intercept communications, or is likely to do so;
(c) has come into the possession of any person by means of the exercise of any power conferred by an authorisation under section 21(3) or under Part II, or as a result of the giving of a notice under section 21(4), or is likely to do so;
(d) has come into the possession of any person as a result of having been provided or disclosed in pursuance of any statutory duty (whether or not one arising as a result of a request for information), or is likely to do so; or
(e) has, by any other lawful means not involving the exercise of statutory powers, come into the possession of any of the intelligence services, the police or the customs and excise, or is likely so to come into the possession of any of those services, the police or the customs and excise.
47(2) If any person with the appropriate permission under Schedule 2 believes, on reasonable grounds-
(a) that a key to the protected information is in the possession of any person,
(b) that the imposition of a disclosure requirement in respect of the protected information is-
(i) necessary on grounds falling within subsection (3), or
(ii) likely to be of value for purposes connected with the exercise or performance by any public authority of any statutory power or statutory duty,
(c) that the imposition of such a requirement is proportionate to what is sought to be achieved by its imposition, and
(d) that it is not reasonably practicable for the person with the appropriate permission to obtain possession of the protected information in an intelligible form without the giving of a notice under this section,
the person with that permission may, by notice to the person whom he believes to have possession of the key, impose a disclosure requirement in respect of the protected information.
47(3) A disclosure requirement in respect of any protected information is necessary on grounds falling within this subsection if it is necessary-
(a) in the interests of national security;
(b) for the purpose of preventing or detecting crime; or
(c) in the interests of the economic well-being of the United Kingdom.
In the case of Amann v. Switzerland, (Application no. 27798/95), European Court of Human Rights judgment, Strasbourg, 16 February 2000, the Court stated that
"tapping and other forms of interception of telephone conversations constitute a serious interference with private life and correspondence and must accordingly be based on a law that is particularly precise. It is essential to have clear, detailed rules on the subject, especially as the technology available for use is continually becoming more sophisticated."
This ruling suggests that Section 47(3) above is now an inadequate basis for disclosure powers since it would not meet the requirement for clear detailed rules.
Section 47(3)(c) in particular can be interpreted in many different ways and needs to be more precisely articulated to avoid the possibility that it is intended to allow for government assisted industrial or commercial espionage. This clause is especially dangerous if the clauses giving access to keys remain in the Bill since it can be interpreted to allow key seizure in support of such activities. The need to provide clearer and more detailed definitions of the above scope is especially important in the light of the current controversy in Europe about US/UK intelligence collection activities using the ECHELON surveillance system.
47(4) A notice under this section imposing a disclosure requirement in respect of any protected information-
(a) must be given in writing or (if not in writing) must be given in a manner that produces a record of its having been given;
(b) must describe the protected information to which the notice relates;
(c) must specify the matters falling within subsection (2)(b)(i) or (ii) by reference to which the notice is given;
(d) must specify the office, rank or position held by the person giving it;
(e) must specify the office, rank or position of the person who for the purposes of Schedule 2 granted permission for the giving of the notice or (if the person giving the notice was entitled to give it without another persons permission) must set out the circumstances in which that entitlement arose;
(f) must specify the time by which the notice is to be complied with;
(g) must set out the disclosure that is required by the notice and the form and manner in which it is to be made
(h) subject to paragraph (a) and subsections (5) and (6), may take such form and be given in such manner as the person giving it thinks fit.
47(5) Where it appears to a person with the appropriate permission-
(a) that more than one person is in possession of the key to any protected information,
(b) that any of those persons is in possession of that key in his capacity as the officer or employee of any body corporate, and
(c) another of those persons is the body corporate itself or another officer or employee of the body corporate,
a notice under this section shall not be given, by reference to his possession of the key, to any officer or employee of the body corporate unless he is a senior officer of the body corporate or it appears to the person giving the notice that there is no senior officer of the body corporate and (in the case of an employee) no more senior employee of the body corporate to whom it is reasonably practicable to give the notice.
47(6) Where it appears to a person with the appropriate permission-
(a) that more than one person is in possession of the key to any protected information,
(b) that any of those persons is in possession of that key in his capacity as an employee of a firm, and
(c) another of those persons is the firm itself or a partner of the firm,
a notice under this section shall not be given, by reference to his possession of the key, to any employee of the firm unless it appears to the person giving the notice that there is neither a partner of the firm nor a more senior employee of the firm to whom it is reasonably practicable to give the notice.
47(7) Subsections (5) and (6) shall not apply to the extent that there are special circumstances of the case that mean that the purposes for which the notice is given would be defeated, in whole or in part, if the notice were given to the person to whom it would otherwise be required to be given by those subsections.
47(8) A notice under this section shall not require the making of any disclosure to any person other than-
(a) the person giving the notice; or
(b) such other person as may be specified in or otherwise identified by, or in accordance with, the provisions of the notice.
47(9) A notice under this section shall not require the disclosure of any key which-
(a) is intended to be used for the purpose only of generating electronic signatures; and
(b) has not in fact been used for any other purpose.
This clause, which is intended to protect the integrity of signature keys, will very often fail to do this if the clauses giving access to keys remain in the Bill. In many cryptographic products the same password (or key) is used for both signature and confidentiality purposes and this means that access to keys for protected information will also give access to signature keys.
This is confirmed in the draft Code of Practice where paragraph 8.10 states "But where there are reasonable grounds to believe that a key has been used for electronic signature and, additionally, confidentiality purposes, that key may be required to be disclosed under the terms of the 2000 Act."
In practice, therefore, this clause is ineffective in protecting many signature keys if the clauses giving access to keys remain in the Bill. This will undermine the use of digital signatures and hinder the development of e-commerce soon after the enactment of the Electronic Communications Act 2000, which intended to facilitate such developments.
47(10) In this section "senior officer", in relation to a body corporate, means a director, manager, secretary or other similar officer of the body corporate; and for this purpose "director", in relation to a body corporate whose affairs are managed by its members, means a member of the body corporate.
47(11) Schedule 2 (definition of the appropriate permission) shall have effect.
48. Effect of notice imposing disclosure requirement.
48(1) Subject to the following provisions of this section, the effect of a section 47 notice imposing a disclosure requirement in respect of any protected information on a person who is in possession at a relevant time of both the protected information and a means of obtaining access to the information and of putting it into an intelligible form is that he-
(a) shall be entitled to use any key in his possession to obtain access to the information or to put it into an intelligible form; and
(b) shall be required, in accordance with the notice imposing the requirement, to make a disclosure of the information in an intelligible form.
48(2) A person subject to a requirement under subsection (1)(b) to make a disclosure of any information in an intelligible form shall be taken to have complied with that requirement if-
(a) he makes, instead, a disclosure of any key to the protected information that is in his possession; and
(b) that disclosure is made, in accordance with the notice imposing the requirement, to the person to whom, and by the time by which, he was required to provide the information in that form.
48(3) Where, in a case in which a disclosure requirement in respect of any protected information is imposed on any person by a section 47 notice-
(a) that person is not in possession of the information,
(b) that person is incapable, without the use of a key that is not in his possession, of obtaining access to the information and of putting it into an intelligible form, or
(c) the notice states, in pursuance of a direction under section 49, that it can be complied with only by the disclosure of a key to the information,
the effect of imposing that disclosure requirement on that person is that he shall be required, in accordance with the notice imposing the requirement, to make a disclosure of any key to the protected information that is in his possession at a relevant time.
Section 48(3) is very damaging and should be completely removed. If this clause stays, trust and confidence in the use of public key cryptography for both confidentiality and signature purposes will be seriously undermined. And this is certain to have an impact on UK e-commerce aspirations.
Section 48(3)(a) will mean that a key could be demanded simply because the key owner has deleted just one message encrypted with it in the distant past. Since it is good practice to delete protected information when it is no longer needed, this provision will mean that virtually all keys could be subject to seizure. This is directly counter to the Governments assertion that it only wants keys in special circumstances. If powers for Government Access to Keys ("GAK") remain in the Bill the authorities MUST provide copies of the protected information for recipients of disclosure notices so that they can provide results in intelligible form.
Section 48(3)(c) creates a direct risk to keys and hence to the information that they are being used to protect. As indicated earlier, it also undermines the integrity of many signature keys. This remains the most damaging clause in the Bill despite later attempts to provide safeguards (s49).
48(4) Subsections (5) to (7) apply where a person ("the person given notice")-
(a) is entitled or obliged to disclose a key to protected information for the purpose of complying with any disclosure requirement imposed by a section 47 notice; and
(b) he is in possession of more than one key to that information.
48(5) It shall not be necessary, for the purpose of complying with the requirement, for the person given notice to make a disclosure of any keys in addition to those the disclosure of which is, alone, sufficient to enable the person to whom they are disclosed to obtain access to the information and to put it into an intelligible form.
(a) subsection (5) allows the person given notice to comply with a requirement without disclosing all of the keys in his possession, and
(b) there are different keys, or combinations of keys, in the possession of that person the disclosure of which would, under that subsection, constitute compliance,
the person given notice may select which of the keys, or combination of keys, to disclose for the purpose of complying with that requirement in accordance with that subsection.
48(7) Subject to subsections (5) and (6), the person given notice shall not be taken to have complied with the disclosure requirement by the disclosure of a key unless he has disclosed every key to the protected information that is in his possession at a relevant time.
This is a very odd clause since it seems to undo all the good work of 48(5) and 48(6) in allowing a person to only disclose those keys that are necessary and which are least harmful from their point of view. Charles Lindsey assumes that it is an attempt to deal with split keys that are held by different people. This seems likely but the current wording cannot stand since this is in direct conflict with 48(5) and 48(6). Keys are split in this way because they are of extreme value and this means that disclosure, or even the prospect of disclosure, is unthinkable. Just the thought that the Government is actually contemplating the need to collect and reassemble such keys is enough to ensure that those who provide high grade Internet and e-commerce security services will never locate their critical security facilities in the UK. It is also worth noting that split keys will almost invariably be held in hardware, in a form in which the process of reassembly of the complete key requires highly specialised equipment. It is unrealistic in cost terms to believe that the Government will purchase copies of the many different equipments needed to reassemble such keys just in case they might be needed.
It is inconceivable that split keys could (or would) be needed to verify the correspondence between protected information in encrypted and intelligible form. Moreover, unless the Government already holds the special equipment needed to reassemble split keys for the many different schemes in use, the time needed to prepare for the reassembly of a split key will be weeks or even months. The absolute security of such keys will be crucial for the key owning company and they will have no option but to revoke them as soon as they are seized. And this means that, by the time the Government is ready to reassemble such a key, it will no longer be in use. It is completely nonsensical to suggest that split keys might be needed for near real-time access.
Last but not least, the cost of purchasing all the many different equipments needed for reassembling split keys will be enormous the cost of reassembling even a single split key will be very high. It is very hard to believe that such key seizures would ever make sense.
48(8) Where, in a case in which a disclosure requirement in respect of any protected information is imposed on any person by a section 47 notice-
(a) that person has been in possession of the key to that information but is no longer in possession of it,
(b) if he had continued to have the key in his possession, he would have been required by virtue of the giving of the notice to disclose it, and
(c) he is in possession, at a relevant time, of information to which subsection (9) applies,
the effect of imposing that disclosure requirement on that person is that he shall be required, in accordance with the notice imposing the requirement, to disclose all such information to which subsection (9) applies as is in his possession and as he may be required, in accordance with that notice, to disclose by the person to whom he would have been required to disclose the key.
48(9) This subsection applies to any information that would facilitate the obtaining or discovery of the key or the putting of the protected information into an intelligible form.
48(10) In this section "relevant time", in relation to a disclosure requirement imposed by a section 47 notice, means the time of the giving of the notice or any subsequent time before the time by which the requirement falls to be complied with.
49. Cases in which key required.
49(1) A section 47 notice imposing a disclosure requirement in respect of any protected information shall not contain a statement for the purposes of section 48(3)(c) unless-
(a) the person who for the purposes of Schedule 2 granted the permission for the giving of the notice in relation to that information, or
(b) any person whose permission for the giving of a such a notice in relation to that information would constitute the appropriate permission under that Schedule,
has given a direction that the requirement can be complied with only by the disclosure of the key itself.
49(2) A person shall not give a direction for the purposes of subsection (1) unless he believes-
(a) that there are special circumstances of the case which mean that the purposes for which it was believed necessary to impose the requirement in question would be defeated, in whole or in part, if the direction were not given; and
(b) that the giving of the direction is proportionate to what is sought to be achieved by prohibiting any compliance with the requirement in question otherwise than by the disclosure of the key itself.
( ) The matters to be taken into account in considering whether the requirement of subsection (2)(b) is satisfied in the case of any direction shall include the extent and nature of any protected information, in addition to the protected information in respect of which the disclosure requirement is imposed, to which the key is also a key.
This new amendment seems to be intended to ensure that anyone who seizes a key has to take account of the need to provide protection for the key that is appropriate in the light of all the information that the key protects. But since the authorities do not have a right to know the extent or the nature of the information protected by a key, this clause is only effective if the key owner is prepared to reveal this information to the authorities.
This is problematic since the revelation that a key protects high value information is likely to result in an increased risk to the key. The key owner is hence placed in an intolerable position of needing to reveal information in order to ensure that the critical nature of the key is taken into account before key seizure is contemplated and yet knowing that the risks to their information might well be substantially increased by such a revelation.
Such attempts to find a friendly form of GAK are doomed to failure GAK and the cryptographic capabilities required for e-commerce are completely incompatible.
More generally, this section provides no effective constraints on requirements for key disclosure since the scope of the phrase special circumstances in section 49(2)(a) is not defined. Even if this phrase is covered in the Code of Practice, the latter is not a legal document and any scope defined there would not be limited by any clauses in this Bill and would hence be subject to unconstrained change. The Government has only stated two examples in support of the need for access to keys:
(a) To demonstrate the correspondence between protected information in its encrypted and intelligible forms;
(b) Highly urgent access to protected information in life or death situations.
The first of these is better met by stating the requirement directly that is, by allowing the authorities to impose a requirement on a person who is required to provide protected information in intelligible form to also show that the latter is genuine (Charles Lindsey has proposed an amendment for this).
The second requirement is unrealistic unless UK law enforcement authorities are truly ready to counter real-time life or death threats revealed by decrypted messages at locations anywhere in the UK. In practice, they are not capable of meeting such threats and seem most unlikely to be able to do so in the near future. The UK Ministry of Defence can do this for some types of threat but it would be impossible to do this if the first indication of a problem came without prior warning in the form of a decrypted intercept.
Although such threats can be postulated, it seem highly doubtful that the provisions for Government Access to Keys ("GAK") will play any significant part in countering them. But, by undermining confidence and trust in the provision of security in cyberspace, such powers will impact on the safety, security and privacy of honest Internet users. Moreover, any money spent on this would be far more effective in countering the criminal misuse of the Internet if it were spent in other ways (such as in providing expert support for Law Enforcement authorities).
50. Arrangements for payments for disclosure.
50(1) It shall be the duty of the Secretary of State to ensure that such arrangements are in force as he thinks appropriate for requiring or authorising, in such cases as he thinks fit, the making to persons to whom section 47 notices are given of appropriate contributions towards the costs incurred by them in complying with such notices.
50(2) For the purpose of complying with his duty under this section, the Secretary of State may make arrangements for payments to be made out of money provided by Parliament.
51. Failure to comply with a notice.
51(1) A person to whom a section 47 notice has been given is guilty of an offence if he knowingly fails, in accordance with the notice, to make the disclosure required by virtue of the giving of the notice.
51(2) In proceedings against any person for an offence under this section, if it is shown that that person was in possession of a key to any protected information at any time before the time of the giving of the section 47 notice, that person shall be taken for the purposes of those proceedings to have continued to be in possession of that key at all subsequent times, unless it is shown that the key was not in his possession after the giving of the notice and before the time by which he was required to disclose it.
This requirement is stated in a way that places the burden of proof on the accused to show that they no longer have a key that they may have had in the past. A person who has been served a section 47notice under section 51(2) will have to show that the key was not in his or her possession after the giving of the notice. The presumption of continued ownership is unfair to the accused since it should remain a burden on the prosecution to show that the accused is in a position to provide the key and deliberately refuses to do so.
51(3) For the purposes of this section a person shall be taken to have shown that he was not in possession of a key to protected information at a particular time if-
(a) sufficient evidence of that fact is adduced to raise an issue with respect to it; and
(b) the contrary is not proved beyond a reasonable doubt.
51(4) In proceedings against any person for an offence under this section it shall be a defence for that person to show-
(a) that it was not reasonably practicable for him to make the disclosure required by virtue of the giving of the section 47 notice before the time by which he was required, in accordance with that notice, to make it; but
(b) that he did make that disclosure as soon after that time as it was reasonably practicable for him to do so.
51(5) A person guilty of an offence under this section shall be liable-
(a) on conviction on indictment, to imprisonment for a term not exceeding two years or to a fine, or to both;
(b) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum, or to both.
52(1) This section applies where a section 47 notice contains a provision requiring-
(a) the person to whom the notice is given, and
(b) every other person who becomes aware of it or of its contents, to keep secret the giving of the notice, its contents and the things done in pursuance of it.
52(2) A requirement to keep anything secret shall not be included in a section 47 notice except where-
(a) it is included with the consent of the person who for the purposes of Schedule 2 granted the permission for the giving of the notice; or
(b) the person who gives the notice is himself a person whose permission for the giving of such a notice in relation to the information in question would have constituted appropriate permission under that Schedule.
52(3) A section 47 notice shall not contain a requirement to keep anything secret except where the protected information to which it relates-
(a) has come into the possession of the police, the customs and excise or any of the intelligence services, or
(b) is likely to come into the possession of the police, the customs and excise or any of the intelligence services,
by means which it is reasonable, in order to maintain the effectiveness of any investigation or operation or of investigatory techniques generally, or in the interests of the safety or well-being of any person, to keep secret from a particular person.
52(4) A person who makes a disclosure to any other person of anything that he is required by a section 47 notice to keep secret shall be guilty of an offence and liable-
(a) on conviction on indictment, to imprisonment for a term not exceeding five years or to a fine, or to both;
(b) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum, or to both.
52(5) In proceedings against any person for an offence under this section in respect of any disclosure, it shall be a defence for that person to show that-
(a) the disclosure was effected entirely by the operation of software designed to indicate when a key to protected information has ceased to be secure; and
(b) that person could not reasonably have been expected to take steps, after being given the notice or (as the case may be) becoming aware of it or of its contents, to prevent the disclosure.
52(6) In proceedings against any person for an offence under this section in respect of any disclosure, it shall be a defence for that person to show that-
(a) the disclosure was made by or to a professional legal adviser in connection with the giving, by the adviser to any client of his, of advice about the effect of provisions of this Part; and
(b) the person to whom or, as the case may be, by whom it was made was the client or a representative of the client.
52(7) In proceedings against any person for an offence under this section in respect of any disclosure, it shall be a defence for that person to show that the disclosure was made by a legal adviser-
(a) in contemplation of, or in connection with, any legal proceedings; and
(b) for the purposes of those proceedings.
52(8) Neither subsection (6) nor subsection (7) applies in the case of a disclosure made with a view to furthering any criminal purpose.
52(9) In proceedings against any person for an offence under this section in respect of any disclosure, it shall be a defence for that person to show that the disclosure was confined to a disclosure made to a relevant Commissioner or authorised-
(a) by such a Commissioner;
(b) by the terms of the notice;
(c) by or on behalf of the person who gave the notice; or
(d) by or on behalf of a person who-
(i) is in lawful possession of the protected information to which the notice relates; and
(ii) came into possession of that information as mentioned in section 47(1).
52(10) In proceedings for an offence under this section against a person other than the person to whom the notice was given, it shall be a defence for the person against whom the proceedings are brought to show that he neither knew nor had reasonable grounds for suspecting that the notice contained a requirement to keep secret what was disclosed.
52(11) In this section "relevant Commissioner" means the Interception of Communications Commissioner, the Intelligence Services Commissioner or any Surveillance Commissioner or Assistant Surveillance Commissioner.
The tipping-off offence in respect of key seizure is effectively useless for its presumed purpose of preventing those whose keys are seized from tipping-off their colleagues about the Government interest. It has been accepted by the Government that a person whose keys are seized is free to issue a new key immediately although they cannot say that they have done this because of key seizure. But if, on all other occasions in which they issue a new key, they simply say here is my new key my old key is now insecure but not as a result of key seizure, their criminal colleagues can immediately see that the absence of an explanation identifies a law enforcement interest.
53. General duties of specified authorities.
53(1) This section applies to-
(a) the Secretary of State and every other Minister of the Crown in charge of a government department;
(b) every chief officer of police;
(c) the Commissioners of Customs and Excise; and
(d) every person whose officers or employees include persons with duties that involve the giving of section 47 notices.
53(2) It shall be the duty of each of the persons to whom this section applies to ensure that such arrangements are in force, in relation to persons under his control who by virtue of this Part obtain possession of keys to protected information, as he considers necessary for securing-
(a) that a key disclosed in pursuance of a section 47 notice is used for obtaining access to, or putting into an intelligible form, only protected information in relation to which power to give such a notice was exercised or could have been exercised if the key had not already been disclosed;
(b) that the uses to which a key so disclosed is put are reasonable having regard both to the uses to which the person using the key is entitled to put any protected information to which it relates and to the other circumstances of the case;
(c) that, having regard to those matters, the use and any retention of the key are proportionate to what is sought to be achieved by its use or retention;
(d) that the requirements of subsection (3) are satisfied in relation to any key disclosed in pursuance of a section 47 notice;
( ) that, for the purpose of ensuring that those requirements are satisfied, any key so disclosed is stored, for so long as it is retained, in a secure manner;
(e) that all records of a key so disclosed (if not destroyed earlier) are destroyed as soon as the key is no longer needed for the purpose of enabling protected information to be put into an intelligible form.
The Government has now added a sub-clause (above) to set a requirement for the security of seized keys. This is a step forward but the commitment is still quite weak because the above (lead in) clause allows the person who seizes a key to provide only that protection he or she considers necessary. This is not a sufficient commitment since the majority of authorities with powers to seize keys have no experience with cryptography and will not therefore know what protection is needed.
We suggest the following remedy:
1. In the lead clause for 53(2) above, delete "he considers", insert "are".
2. Add a further sub-clause as follows:
"Any person who suffers loss arising out of a breach of the duty imposed by subsection (2) shall be entitled to recover the amount of that loss from any person responsible for that breach; and where more than one person is responsible for that loss, the persons responsible shall be jointly and severally liable for it."
It might also be reasonable to consider criminal penalties for the unauthorised revelation of keys.
53(3) The requirements of this subsection are satisfied in relation to any key disclosed in pursuance of a section 47 notice if-
(a) the number of persons to whom the key is disclosed or otherwise made available, and
(b) the number of copies made of the key,
are each limited to the minimum that is necessary for the purpose of enabling protected information to be put into an intelligible form.
THE SECURITY OF SEIZED KEYS
Although the Government has now accepted that the Bill should include a commitment to the protection of seized keys, there also needs to be a clear commitment to employ the best available methods for key protection. In these respects the Government needs to answer the following questions:
1. Will the Government protect all classified information involved in implementing RIP powers by fully applying all the relevant and approved Government standards for the protection of such information?
2. Will the Government impose a clear duty on authorities with RIP based powers to protect all information and all keys obtained under such powers to standards that are equivalent to the highest standards used by Government for its own information and its own keys?
3. Will the Government publish information on the way in which seized keys will be protected in sufficient detail to allow key owners to determine to their own satisfaction that their keys will remain safe while in the hands of the authorities?
No one who is serious about their security would never willingly hand over a key to another person unless they were completely satisfied that it would remain safe. In consequence, it is normal practice, before a key is given to another party, for the key owner to require full details of the way in which the prospective new key holder will protect the key. Such details allow the key owner to determine that the key will remain safe and are an essential part of any key owners right to exert ultimate control over the protection offered to their keys.
Item 3 above is hence essential if the rights of honest key owners are to be respected.
The Code of Practice related to Part III of the RIP Bill
The draft Code of Practice completely fails in its attempt to provide confidence in the protection of seized keys. Paragraph 11.9 states:
"All keys disclosed under the 2000 Act should be stored in an appropriately secure manner. The person who gave the notice, or the official in charge of any processing facility, is responsible for ensuring that all keys are secured appropriately. *The Government has tabled an amendment to put, on the face of the Bill, a statutory requirement for keys to be stored in a secure manner".
But no guidance of any kind is given on the design, development, implementation and operation of the procedures, standards and technical mechanisms needed to provide protection for keys. Moreover, it appears that keys will be stored centrally at a facility in London and this alone will create a serious vulnerability because the location will become a prime target for attacks.
While the security of keys to be used for intercept are to be protected at the SECRET level, keys for stored data and other purposes will be treated as UNCLASSIFIED and this means that the latter will be given no formal protection. Since email messages can be treated as either communications or stored data, this will mean that the keys that are in widespread use for protecting email can be seized as protecting stored data and will hence not need to be given any effective protection.
Passwords and PIN numbers giving access to computer based accounts and services (e.g. Internet and on-line bank accounts) can be seized and used and the Code of Practice indicates that these will be treated as UNCLASSIFIED. There are no formal security provisions for the handling of such information, which can even be published!
Far from giving confidence in the security of seized keys, the code of Practice shows clearer that keys and passwords will very often be at serious risk once seized.
53(4) In this section "chief officer of police" means any of the following-
(a) the chief constable of a police force maintained under or by virtue of section 2 of the Police Act 1996 or section 1 of the Police (Scotland) Act 1967;
(b) the Commissioner of Police of the Metropolis;
(c) the Commissioner of Police for the City of London;
(d) the Chief Constable of the Royal Ulster Constabulary;
(e) the Chief Constable of the Ministry of Defence Police;
(f) the Provost Marshal of the Royal Navy Regulating Branch;
(g) the Provost Marshal of the Royal Military Police;
(h) the Provost Marshal of the Royal Air Force Police;
(i) the Chief Constable of the British Transport Police;
(j) the Director General of the National Criminal Intelligence Service;
(k) the Director General of the National Crime Squad.
Interpretation of Part III
54. Interpretation of Part III
54(1) In this Part-
"the customs and excise" means the Commissioners of Customs and Excise or any customs officer;
"electronic signature" means anything in electronic form which-
(a) is incorporated into, or otherwise logically associated with, any electronic communication or other electronic data;
(b) is generated by the signatory or other source of the communication or data; and
(c) is used for the purpose of facilitating, by means of a link between the signatory or other source and the communication or data, the establishment of the authenticity of the communication or data, the establishment of its integrity, or both;
"key", in relation to any electronic data, means any key, code, password, algorithm or other data the use of which (with or without other keys)-
(a) allows access to the electronic data, or
(b) facilitates the putting of the data into an intelligible form;
"the police" means-
(a) any constable;
(b) the Commissioner of Police of the Metropolis or any Assistant Commissioner of Police of the Metropolis; or
(c) the Commissioner of Police for the City of London;
"protected information" means any electronic data which, without the key to the data-
(a) cannot, or cannot readily, be accessed, or
(b) cannot, or cannot readily, be put into an intelligible form;
"section 47 notice" means a notice under section 47;
"warrant" includes any authorisation, notice or other instrument (however described) conferring a power of the same description as may, in other cases, be conferred by a warrant.
54(2) References in this Part to a persons having information (including a key to protected information) in his possession include references-
(a) to its being in the possession of a person who is under his control so far as that information is concerned;
(b) to his having an immediate right of access to it, or an immediate right to have it transmitted or otherwise supplied to him; and
(c) to its being, or being contained in, anything which he or a person under his control is entitled, in exercise of any statutory power and without otherwise taking possession of it, to detain, inspect or search.
54(3) References in this Part to somethings being intelligible or being put into an intelligible form include references to its being in the condition in which it was before an encryption or similar process was applied to it or, as the case may be, to its being restored to that condition.
54(4) In this section-
(a) references to the authenticity of any communication or data are references to any one or more of the following-
(i) whether the communication or data comes from a particular person or other source;
(ii) whether it is accurately timed and dated;
(iii) whether it is intended to have legal effect;
(b) references to the integrity of any communication or data are references to whether there has been any tampering with or other modification of the communication or data.
Mr. Yaman Akdeniz, Director of
Cyber-Rights & Cyber-Liberties (UK),
CyberLaw Research Unit, Centre for Criminal Justice Studies,
University of Leeds, Leeds, LS2 9JT,
Tel: +44 (0) 498 865116, Fax: +44 (0) 7092199011
Dr. Brian Gladman, Technology Policy
Advisor, Cyber-Rights & Cyber-Liberties (UK)
Mr. Nicholas Bohm, E-Commerce Policy
Adviser, Cyber-Rights & Cyber-Liberties (UK); Member of the
Law Societys Working Party on Electronic Commerce
Salkyns, Great Canfield, Takeley,
Bishops Stortford CM22 6SX,
Tel: +44 (0) 1279 871272, Fax: +44 (0) 1279 870215
Relevant Reports and Papers Published by Cyber-Rights & Cyber-Liberties (UK)