IP: UK RIP bill : FIPR and Minister, 3 exchanges of open letters

[David Farber <farber () cis upenn edu>]

> From: "Caspar Bowden" <cb () fipr org>
> To: "Dave Farber \(E-mail\)" <farber () cis upenn edu>
> Date: Sat, 8 Apr 2000 10:18:54 +0100
>
>
> Dave - would you consider running this on IP list? It's the lengthiest piece
> carried in the press so far, and tries to get to the root of the trouble
> with the RIP Bill.
>
> --
> Caspar Bowden                Tel: +44(0)171 354 2333
> Director, Foundation for Information Policy Research
> RIP Information Centre at:    www.fipr.org/rip#media
>
> http://www.newsunlimited.co.uk/online/story/0,3605,153479,00.html
> Feelings are running high in the e-world over the RIP - regulation of
> investigatory powers - bill. Here, Peter Sommer gives the background to a
> debate between two of the leading protagonists
>
> Thursday March 30, 2000
>
> To law enforcement officers it's a simple matter of retaining existing
> powers of surveillance under warrant as correspondence goes digital and
> encrypted. As many cyber-libertarians see it, the plods and spooks want
> easy, under-supervised access to any private activity anywhere anytime.
> Businesses - and not just internet service providers (ISPs) and e-commerce
> outfits - are becoming seriously alarmed about the cost of additional
> equipment and the administrative impact on their staff.
> Britain is in danger of having one of the least enabling regimes in the
> world as Home Office attempts at "balanced" legislation too often favour the
> needs of plod/spook over those of citizens and business. Ireland, France,
> Germany, even Singapore and other countries to which many UK e-businesses
> could easily migrate, appear to be taking a much more liberal line.
>
> The regulation of investigatory powers (RIP) legislation is yet another Home
> Office bill in trouble. Few quarrel with its aims: to bring into a single
> law the disparate regimes for the interception of telephone traffic, use of
> bugs and opening of letters, as well as defining circumstances to compel
> decoding of encrypted data.
>
> But assessment of "balance" needs detailed knowledge - not widely available
> among politicians - of datacomms, e-commerce and crypto protocols, and the
> practicalities of surveillance. And the result must comply with human rights
> and data protection laws. The outcome has to be turned into precise wordings
> that can be applied by warrant-issuers and the courts.
>
> Finally, since so much of the enforcement depends on the co-operation of
> private sector communications service providers (CSPs) - including telephone
> companies and ISPs - the laws and associated codes of practice have to
> become part of a manageable, affordable regime. That's the trick the RIP
> bill must pull off.
>
> The 1985 telephone tapping provisions (in the Interception of Communications
> Act) assume voice traffic only and BT as the main significant operator; RIP
> recognises new realities. There are now more than 150 telco operators, land
> and cellular, and even more acting as ISPs. It properly includes data, and
> covers private as well as public systems. CSPs have to make "reasonable"
> provision to facilitate warrants and to do so without alerting suspects; but
> as suspects may have several phone numbers and multiple email accounts, will
> telcos and ISPs have to prepare for one interception per 16,000 lines (the
> current figure for telephones) or one in 500 (as touted by the Internet
> Service Providers Association)?
>
> It's unclear how far the government will fund this. Even here, Home Office
> rhetoric that it doesn't want new powers but simply to maintain existing
> capability runs into difficulty: a single telephone conversation is easy to
> identify and isolate; not so data traffic where many simultaneous emails,
> world wide web requests and file transfers all occupy the same pipe and look
> pretty similar as data packets. How do we stop the intercept from exceeding
> the intended scope of a warrant?
>
> It's in relation to encrypted data that many of the problems lie. The first
> situation is stored data that is seized under warrant in a raid and which
> once decrypted might become evidence. RIP makes it an offence not to provide
> plain text or a key - but who does the asking and how does a court assess if
> a key has been genuinely rather than conveniently lost? And on whom does the
> burden of proof lie?
>
> It is much more difficult where there is a warrant for covert interception
> of data in transmission which turns out to be encrypted. Here the recipient
> of a decryption demand will be an innocent third party. He or she may have
> severe contractual and data protection obligations to other users of the
> same crypto system but faces criminal sanctions both for non-compliance with
> a RIP demand and for any action which might lead to a suspect being tipped
> off. And if legitimate users of the crypto system suffer because of law
> enforcement clumsiness, what remedies do they have?
>
> One needs to look at the whole mechanism of RIP to see the extent of the
> difficulties: different types of activity give rise to a variety of warrants
> and demands, some issued by judicial figures, most by ministers, some simply
> by policemen. The range of bodies that can ask for (but not always issue)
> warrants extends as far as the inland revenue and the benefits agency.
>
> Criteria are sometimes "for the purpose of preventing or detecting serious
> crime" and "safeguarding the economic well-being of the United Kingdom" (in
> clause 5) but elsewhere "for the purposes of preventing or detecting crime"
> and "in the interests of economic well-being of the UK" (clause 21 - on
> traffic data).
>
> MPs in the standing committee reviewing the bill have complained about the
> proliferation of oversight tribunals and commissioners with varying powers
> and to whom the private citizen has variable rights of access as well as to
> information about suspected intercepts that might make such application
> meaningful. Ministers have justified the complexity by saying that the right
> balance has to be struck for many different circumstances.
>
> MPs have also been concerned that some RIP provisions offer a covert means
> for the security service, secret intelligence service and GCHQ to extend
> their territo ries into traditional police and customs territory.
>
> It is possible to guess why the RIP bill has taken this form: the scenario
> builders at NCIS, Cheltenham and the Thames-side fortresses read the same
> internet scare stories as the rest of us. They make projections about the
> powers they might need, partly to increase their influence but also because
> they fear they may not get another slot in a very crowded legislative
> calendar. And ministers lack knowledge to challenge their threat
> assessments.
>
> Peter Sommer is a research fellow at the LSE, special advisor to the commons
> trade and industry select committee and has been an expert witness in
> "computer crime" trials for 15 years.
>
> [Caspar Bowden 1]
> "It will wreck our e-commerce hopes for the UK." Caspar Bowden, director of
> the Foundation for Information Policy Research, opens the debate on the RIP
> bill
>
> The new economy means we need an updated and revised framework for the legal
> interception of communications. But the proposed regulation of investigatory
> powers (RIP) bill won't make Britain a better place to live, and it'll wreck
> our hopes to create in the UK the world's best environment for e-commerce.
>
> RIP proposes powers to demand, even from an innocent person or business, the
> electronic keys that will unlock not just one or two messages, but perhaps
> all one's traffic to date. Though earlier attempts to legislate to secure
> copies of decryption keys have failed, and though other countries have
> turned their backs on the idea, the British government is still trying to
> secure a general right of access to them for a wide range of state authori
> ties, and for loosely defined purposes. Furthermore, at the government's
> whim, you cannot tell anyone, even your wife or your boss, that this has
> happened.
>
> This is intrusive for individuals. Business is slowly waking up to the
> enormity of these proposals, which have no parallel anywhere in the world.
>
> > From this seriously flawed start, the RIP proposals degenerate. They seem to
> have been devised by redeployed cold warriors who want to put Britain on a
> paranoid infowar footing. Meanwhile the rest of the e-world plans a
> prosperous future based on trust in robust security without unwarranted
> interference.
>
> Do you still have every key, password, PIN number, cash card you have ever
> owned? Do you ever lose computer files by mistake? Under RIP, if you don't
> have your decryption key any more, you're liable to two years in jail unless
> you can prove to a court, on balance of probability, that the key was lost
> or destroyed.
>
> I can commend home office minister Charles Clarke for now joining the
> debate, and his boss Jack Straw for conceding in the house that there is
> room for improvement in the bill, but we first pointed out these problems to
> the government two years ago.
>
> Mr Clarke recently said in a letter to this newspaper, "We believe that
> we've struck the balance right", and that "innocent people are not going to
> suffer under these proposals." Ministers come and go, but the legislation
> they leave defines our rights and freedoms. There is nothing in RIP that
> stops these powers being used arbitrarily.
>
> Although we've proposed many amendments, the RIP bill cannot be patched up.
> It must be withdrawn and rewritten. Law enforcement's task is not helped by
> unenforceable laws: we need, instead, a law that suits an aspiring
> e-commerce leader.
>
> [Charles Clarke MP 1]
>
> "The bill does not outlaw any form of encryption."
> Charles Clarke, home office minister, replies:
> I welcome a constructive dialogue on the RIP bill. I agree that we need to
> update law enforcement powers for the digital age. Not surprisingly though,
> I do not hold with your other assertions about the government's proposals.
>
> The bill is about ensuring, as best we can, that powers crucial to keeping
> this country a safe place for everyone to live and work remain effective in
> the face of technological advancement. Some of these powers, interception of
> communications for example, are particularly intrusive. That's precisely why
> they should, as the bill proposes, be closely regulated.
>
> This is a difficult area. New technologies, the growth of the global
> knowledge economy (and our desire to be a leader in it) and the penchant of
> criminals to exploit whatever new ways they can to evade detection throw up
> new challenges. Encryption raises difficult, some might say unique,
> problems. But we would be putting our heads in the sand if we didn't tackle
> them.
>
> The bill does not outlaw any particular encryption technology or mandate the
> use of any particular key management system. Individuals and businesses
> alike remain free to use whatever technology best suits their needs. What
> the bill does is provide a power, where there are reasonable grounds to
> believe that a person has a key to unlock particular encrypted material, to
> require the disclosure of that key or the data itself in an intelligible
> form. The power only applies to lawfully obtained material. And if you've
> lost or forgotten a key then there is a statutory defence for you.
>
> Neither of us wants to see criminals being able to use the latest
> technologies with impunity. You want to see an individual's rights upheld.
> So do I. You don't want to see business encumbered by unreasonable burdens
> or draconian laws. Neither do I. This is all about a balance and I believe
> that the bill strikes the right one.
>
> The bill will not be withdrawn. There is cross party support for the thrust
> of what is being proposed. But as you (almost correctly) point out, the home
> secretary has said that he hasn't yet introduced a bill that has not
> benefited from careful parliamentary scrutiny.
>
> The RIP bill is important and it deserves such examination. And that's just
> what is happening. We're going through the proposals in committee now,
> clause by clause.
>
> [Caspar Bowden 2]
>
> Mr Bowden replies:
> The RIP bill is about what it says, not necessarily what you say it is
> about. There's nothing criminal about using encryption, but RIP treats
> everyone as suspect. Bad memory - maybe two years in jail will help?
>
> As we use more websites, email, digital TV, and smartcards to live more of
> our lives through cyberspace, use of encryption is essential to stop fraud,
> blackmail, identity theft, and just to preserve a little privacy. But most
> people don't even realise they are using encryption when they make up a
> password. You can't bully people into recording every one as if their
> liberty depended on it. In the real world, 10% of ordinary computer users
> lose data by forgetting keys - passing a law won't change that.
>
> You assume everyone prosecuted will be a villain, refuse to say how they can
> prove they are not guilty, and then assure us that the innocent will not
> suffer! That's not the job of a politician. We have a judiciary to sort out
> the innocent from the guilty, on the basis of evidence.
>
> The trouble with your "statutory defence" is that there is no evidence when
> someone forgets something, so criminals with a lot to hide will always plead
> a bad memory.
>
> The jury or magistrate (if mode of trial goes through, people won't have the
> choice) will simply have to guess whether the defendant is lying. RIP
> requires no evidence (46.2.b.2) of an underlying (let alone serious -
> 46.3.b) crime in order for decryption to be demanded. So here are four
> questions about RIP Part.III that we've been asking for a while:
>
> 1) How can a person who loses a password reliably prove their innocence "on
> the balance of probabilities"?
>
> 2) The handling centre for keys in the MI5 building may be secure, but what
> about keys in transit? MI5 lost a laptop the other day, and an encrypting
> modem disappeared from No.10 in 1998. How much is guarding seized keys
> really going to cost?
>
> 3) Won't RIP encourage "steganography" (or information hiding), which will
> exacerbate law enforcement's problems ?
>
> 4) It's true RIP doesn't insist that companies lodge spare keys with
> "trusted" third-parties anymore, but you are making company directors liable
> to imprisonment (S.69) if they cannot comply with a decryption order. Isn't
> this "key-escrow by intimidation"?
>
> I am sorry that you have closed your mind to the possibility that this part
> of the bill is misconceived. But the opposition parties have clearly
> signalled that they will withdraw support if their serious concerns on these
> and other matters are not met.
>
> There are a hundred amendments tabled before decryption is due to be
> considered. Will you allow the committee to take its time?
>
> [Charles Clarke MP 2]
>
> Mr Clarke replies:
> The committee is scrutinising the bill carefully. And it will continue to do
> so. As you assert, it's important to see what the legislation actually says.
>
> Innocent people are not going to be imprisoned for having a bad memory.
> Remember a vital point. The bill does not allow the authorities to get their
> hands on material which they cannot do now.
>
> The new power only works where material is lawfully obtained. If it is
> encrypted, and someone who is in a position to decode it refuses to do so,
> only then does the question of a prosecution arise. Where prosecutions
> occur, the authorities have to prove, beyond reasonable doubt, that a person
> has, or has had, a key.
>
> How do you demonstrate that you've lost or forgotten a key? You explain what
> has happened and the court will decide whether, on balance, you're telling
> the truth.
>
> There are statutory defences if you hand over as much information as you
> can. If you've forgotten your key, you might explain how it was generated,
> when you last used it and what you normally do if you forget it. Your
> earlier analogy of losing a PIN is inappropriate. I can't think of an
> occasion when a bank would be unable to provide details of an account when
> required to do so under existing powers. This isn't escrow by intimidation.
>
> The cost of establishing the technical facility which will handle keys
> obtained under the bill will be met from the money the chancellor has
> provided for tackling crime in the capital modernisation fund. Deploying the
> highest level of security for such keys is a top priority. Will criminals
> turn to other forms of information hiding post-RIP? We cannot tell what the
> future holds by way of other technologies that may or may not be taken up by
> criminals. Experience tells us that they will use what most readily suits
> their needs.
>
> The implication that the bill treats encryption users as suspect is wide of
> the mark. We know the technology is good for e-business, individuals'
> privacy and helps prevent certain crimes. It's also important to our
> e-government agenda. The bill does not criminalise the use of encryption. It
> targets the criminals, such as paedophiles, who use it to conceal their
> insidious activities.
>
> [Caspar Bowden 3]
>
> Mr Bowden:
> RIP doesn't target anyone at all - it's a blunderbuss which an extreme
> government could abuse for its own purposes. It's a pity that once again you
> seek to justify an unworkable encryption policy by associating it with an
> abominable crime.
>
> Child pornographers should be severely punished and deterred, but a
> responsible government would begin to give law enforcement the training and
> resources to defeat encryption when necessary through technical surveillance
> devices, and put in place an oversight framework with teeth to see that
> these powerful new capabilities can never be abused. The course on which
> your officials have ill-advisedly committed you will enmesh us further in a
> culture of secrecy, which will corrode our democracy long after you have
> left office and anodyne reassurances have been long forgotten. A law which
> replaces the presumption of innocence with a medieval trial-by-ordeal is
> simply wrong, not "a question of balance".
>
> [Charles Clarke MP 3]
>
> Mr Clarke:
> The RIP powers are necessary. But we've never said that they represent a
> panacea for all law enforcement's ills. We know that simplistic answers no
> longer work in today's fast changing technological environment.
>
> Last year's joint government/ industry task force on encryption and law
> enforcement recommended that a package of measures is needed if we are to
> have any hope of addressing effectively the threat posed by the criminal use
> of encryption.
>
> We're putting that package in place. Providing new powers, specifically
> recommended by the task force, forms an integral part of our approach.
>
> They require authorisation and are subject to independent oversight. But
> we're also providing law enforcement with a dedicated resource to assist
> over encryption and forging a new co-operative relationship with industry.
>
> These too are vital elements of the package, on which I place great store.
> This isn't about "corroding" democracy. It's about helping keep society
> safe.
>
> Web addresses
>
> Home Office RIP Bill
> www.homeoffice.gov.uk/ oicd/ripbill.htm
>
> Consultation paper
> www.homeoffice.gov.uk/ oicd/ioc.htm
>
> House of Commons library research paper on RIP
> www.parliament.uk/ commons/lib/research/ rp2000/rp00-025.pdf
>
> Report from the Cabinet Office, Encryption and Law Enforcement, May 1999
> www.fipr.org/polarch/piu.pdf
>
> National Criminal Intelligence Service (NCIS): Project Trawler report, June
> 1999
> www.ncis.co.uk/newpage1.htm
>
> Foundation for Information Policy Research: RIP Bill Information Centre
> www.fipr.org/rip/index.html
>
> Campaign against RIP bill:
> www.stand.org.uk