Analysis of Part III of the (draft) Electronics Communications Act 1999Some ways forward in the Part III debateSeveral UKCrypto contributions suggested ways that the debate around Part III of the Bill might be taken forward.
Ross Anderson
They simply preserve the status quo, namely that the government can open anybody's mail, but it cannot open everybody's mail.
Nicholas Bohm
Brian Gladman
The reason for this is that governments will not be able to get at your email unless governments convince those in power - the technical community - that what they want is reasonable. Phil Zimmerman took control over cryptography away from governments and gave it to the technical community. As technologists we owe it to others not to do things that are bad for society and this means that we must give 'power to the people' through lists such as 'ukcrypto' but we most certainly don't have to listen to, or care about, policies set by civil servants in Whitehall. But e-commerce is more complex since it involves industry and it could be that industry will line up with government and support the current proposals in their current form. In fact two companies - BT and IBM - were on the COJET group that made the proposal for GAK and LEAK that we now see. So I have to assume that both companies are backing the government in their wish to gain access to the personal decryption keys of entirely honest and law abiding citizens.
David Swarbrick
Donald Ramsbottom
I know of no solicitors, or other commercial organisations for that matter, of more than one or two people where, the principal or even IT manager knows what is on the system ALL the time and has access to it. The Justification for all of this is the usual "Four Horsemen of the Net" (Terrorism, Mafia, Kidporn and Drugs), but as far as I am aware there is not a single authority (other than security service related institutions) who believe that the four horsemen will be brought to book as a result of these measures. The arguments are trite and I will not rehearse them hear. Suffice to say that the real reason for all this legislation around the world is more to to do with control than Law enforcement, knowledge being power. That is just on the domestic front!
David Swarbrick
I think the bill fails to acknowledge that the powers now sought go way beyond anything previously open to the police. As an attempt to maintain the balance, where has there been any past equivalent of the tipping off offence. It is a wicked clause, and should simply be dropped. As to the s10 notice, the officer should have to have first had good reason:
If he wants the key as well as intelligible text, that should be required only on straightforward judicial authority and on notice. The Bill does not acknowledge that the likely recipients of such notices are _not_ suspected criminals, but just as likely people who are not suspected of any crime. PACE already allows this distinction happily and easily. Why cannot it be allowed here, so that innocent witnesses are not turned into liars-for-the-state? An officer says that either the recipient of a notice is under suspicion of an offence or is not. Once that has been made clear, it becomes very much easier to apply appropriate protocols. The Bill ought to make it clear that where economic loss flows, full compensation will be payable. The Kafka-like tribunal should be dropped entirely, and the procedures should be in standard courts and open.
Charles Lindsey
Alice is (purporting to be) sending messages to Bob. Larry is the LEA chap (I don't think there is a regular name for him yet in the Pantheon, is there?) who is a Person entitled to serve a Notice. So Larry is serving a notice on Bob. Now what the Bill needs to say is that Larry may demand to see "a" key that will decrypt the given Protected Information (there may be several private keys that would do it, assuming it was encrypted to several recipients, including perhaps Alice's employer's recovery key, plus one session key). Bob can satisfy the Notice by delivering _any_ of those keys that he has to hand (so, if he has any sense, he delivers the session key). All this implies that the Notice must contain the Protected Information, or at least so much of the protected information as will enable _all_ the keys that might decrypt it to be extracted, and the Bill needs to say this. Next as to the time allowed for the key to be delivered. The Bill says it must be "reasonable". The Bill should also say that it must be "reasonable" having regard to the facilities and expertise available to Bob. If Bob is a TTP (or whatever euphemism we are using this week) with an ironclad tamper proof box where all the important secrets are kept, then a "reasonable" time might be measured in millisecinds in some situations. But if Bob was clueless newbie with a windoze system in his spare room, then it would be unreasonable to expect instantaneous delivery to a notice served at 3 o'clock in the morning, and even if served at a sensible hour of the day, it would have to allow time for him to consult his manuals, and struggle with the incomprehensible menus in his Billyware, in order to extract that which was demanded (even assuming he genuinely wished to be helpful). Now to the matter of those "likely to come into Larry's possession" Protected Items. Again, the initial Notice must specify the class of messages covered by the Notice (the Bill is exceeding vague on this point). E.g. "all messages from Alice to Bob between certain dates", or "all messages encrypted to public key XXX". And in this case, Bob must have the right to say "show me each Protected Message (or a sufficient part of it)" and I will then give you a key for it. The only difference here is that a "reasonable" time to comply is now much shorter for each individual message than for the original request, because Bob only has to read the manual, etc, once. So in the case where Bob is a TTP, milliseconds really are appropriate, whereas when he is a clueless newbie, it would still be "unreasonable" to expect him to stay up all night waiting for requests. And finally, in order to do the above, plus some other cases mentioned, the Bill needs to recognise that there may be several keys involved in decrypting a message, and that sometimes ANY ONE may suffice, and other times ALL may be required, and, in general, there may be any weird AND/OR combination of keys involved. |