RIP FOR INDIVIDUAL RIGHTS?
BY CHARLES CLARKE M.P., Minister of State, Home Office
Posted to ukcrypto mailing list on 13 March, 2000
Listen to some commentators and you would believe that the Governments Regulation of Investigatory Powers (RIP) Bill ushers in an Orwellian nightmare of unfettered mass surveillance. Not true.
The Bill tackles a big issue - the balance between protecting individual rights and ensuring that effective powers are in place to catch criminals. We believe that weve struck the right balance. Misconceptions abound concerning the Governments proposals to help law enforcement agencies read encrypted data. This is a voguish subject. Encryption technology is good for individuals privacy and vital for the e-commerce revolution. But the same technology is also a boon to criminals.
The decryption proposals are not draconian. What we are saying is that law enforcement agencies should be able to understand the contents of material that they lawfully obtain, notwithstanding the fact that it has been protected with some unbreakable new code. But that is the limit of our ambition. The new decryption powers require proper authorisation; contain stringent safeguards covering the use and retention of any material obtained under the Bill; and are subject to independent judicial oversight. The Bill does not give the authorities any new powers to obtain material which they cannot already do. It is simply a matter of shoring up existing provisions. Todays criminals, like their predecessors, are latching onto the latest technologies in an effort to evade detection. Society will suffer if we do nothing.
Accusations that the Bill reverses the burden of proof are simply wrong. This is important. The burden, and it is a significant one, falls on the prosecution to prove, beyond reasonable doubt, that an accused person is, or has been, in possession of a key to unlock particular protected data. There are statutory defences for individuals who have lost or forgotten a key. These need only to be established on the lower level of proof - the balance of probabilities. There are many existing offences which work in a similar way. And, of course, the CPS will need to be satisfied that it is in the public interest to pursue a prosecution in a particular case. Innocent people are not going to suffer under these proposals.
The accusation that the Bill brings in key escrow through the back door is a nice sound bite but isnt true. We have explicitly ruled out mandating the storage of copies of encryption keys with a third party. It remains purely up to the individual, or business, to decide which type of encryption product to use. Key escrow is firmly off the agenda.
It is also suggested that the Bill leaves vulnerable any keys seized under its provisions. We are acutely sensitive to the need to protect securely any material obtained under the Bill. But questions of what levels of security should be deployed are not, largely, matters for primary legislation. We are establishing a new dedicated resource to assist law enforcement over encryption - the Government Technical Assistance Centre (GTAC) - which will handle keys. Deploying the highest level of protection for such keys is a specific objective of the ongoing technical project to establish GTAC. And in any case, we envisage that the disclosure of an intelligible version of protected data, rather than a key, will be sufficient in most cases in complying with the new proposals. Cases where keys themselves are required will be in the minority.
The Government also stands accused of acting unilaterally and that the Bill will drive e-business elsewhere. We are certainly ahead of the game as regards updating our laws for the digital age. And we make no apologies for that. But the Government has no intention of imposing unreasonable burdens on industry. Our aim is to make the UK the best and the safest place in the world to do e-commerce. We know that business too wants a secure environment in which to operate. The Bill will help us achieve that.
So does the Bill mean RIP for individual rights? No. I would encourage people to read what the Bill actually says - not what some commentators say it says. We have examined the issue of rights in its widest sense. This includes the rights of those who do not yet have Internet access, who may not know what asymmetric encryption is all about, but who nevertheless have the right to live in a society free from crime. The Bill is not about Big Brother. It is all about helping the Government fulfil one of its primary responsibilities - ensuring that the UK is a safe place for everyone to live and work.