Interesting People mailing list archives
IP: UK RIP bill : FIPR and Minister, 3 exchanges of open letters
From: David Farber <farber () cis upenn edu>
Date: Sat, 8 Apr 2000 16:49:21 -0400
From: "Caspar Bowden" <cb () fipr org> To: "Dave Farber \(E-mail\)" <farber () cis upenn edu> Date: Sat, 8 Apr 2000 10:18:54 +0100 Dave - would you consider running this on IP list? It's the lengthiest piece carried in the press so far, and tries to get to the root of the trouble with the RIP Bill. -- Caspar Bowden Tel: +44(0)171 354 2333 Director, Foundation for Information Policy Research RIP Information Centre at: www.fipr.org/rip#media http://www.newsunlimited.co.uk/online/story/0,3605,153479,00.html Feelings are running high in the e-world over the RIP - regulation of investigatory powers - bill. Here, Peter Sommer gives the background to a debate between two of the leading protagonists Thursday March 30, 2000 To law enforcement officers it's a simple matter of retaining existing powers of surveillance under warrant as correspondence goes digital and encrypted. As many cyber-libertarians see it, the plods and spooks want easy, under-supervised access to any private activity anywhere anytime. Businesses - and not just internet service providers (ISPs) and e-commerce outfits - are becoming seriously alarmed about the cost of additional equipment and the administrative impact on their staff. Britain is in danger of having one of the least enabling regimes in the world as Home Office attempts at "balanced" legislation too often favour the needs of plod/spook over those of citizens and business. Ireland, France, Germany, even Singapore and other countries to which many UK e-businesses could easily migrate, appear to be taking a much more liberal line. The regulation of investigatory powers (RIP) legislation is yet another Home Office bill in trouble. Few quarrel with its aims: to bring into a single law the disparate regimes for the interception of telephone traffic, use of bugs and opening of letters, as well as defining circumstances to compel decoding of encrypted data. But assessment of "balance" needs detailed knowledge - not widely available among politicians - of datacomms, e-commerce and crypto protocols, and the practicalities of surveillance. And the result must comply with human rights and data protection laws. The outcome has to be turned into precise wordings that can be applied by warrant-issuers and the courts. Finally, since so much of the enforcement depends on the co-operation of private sector communications service providers (CSPs) - including telephone companies and ISPs - the laws and associated codes of practice have to become part of a manageable, affordable regime. That's the trick the RIP bill must pull off. The 1985 telephone tapping provisions (in the Interception of Communications Act) assume voice traffic only and BT as the main significant operator; RIP recognises new realities. There are now more than 150 telco operators, land and cellular, and even more acting as ISPs. It properly includes data, and covers private as well as public systems. CSPs have to make "reasonable" provision to facilitate warrants and to do so without alerting suspects; but as suspects may have several phone numbers and multiple email accounts, will telcos and ISPs have to prepare for one interception per 16,000 lines (the current figure for telephones) or one in 500 (as touted by the Internet Service Providers Association)? It's unclear how far the government will fund this. Even here, Home Office rhetoric that it doesn't want new powers but simply to maintain existing capability runs into difficulty: a single telephone conversation is easy to identify and isolate; not so data traffic where many simultaneous emails, world wide web requests and file transfers all occupy the same pipe and look pretty similar as data packets. How do we stop the intercept from exceeding the intended scope of a warrant? It's in relation to encrypted data that many of the problems lie. The first situation is stored data that is seized under warrant in a raid and which once decrypted might become evidence. RIP makes it an offence not to provide plain text or a key - but who does the asking and how does a court assess if a key has been genuinely rather than conveniently lost? And on whom does the burden of proof lie? It is much more difficult where there is a warrant for covert interception of data in transmission which turns out to be encrypted. Here the recipient of a decryption demand will be an innocent third party. He or she may have severe contractual and data protection obligations to other users of the same crypto system but faces criminal sanctions both for non-compliance with a RIP demand and for any action which might lead to a suspect being tipped off. And if legitimate users of the crypto system suffer because of law enforcement clumsiness, what remedies do they have? One needs to look at the whole mechanism of RIP to see the extent of the difficulties: different types of activity give rise to a variety of warrants and demands, some issued by judicial figures, most by ministers, some simply by policemen. The range of bodies that can ask for (but not always issue) warrants extends as far as the inland revenue and the benefits agency. Criteria are sometimes "for the purpose of preventing or detecting serious crime" and "safeguarding the economic well-being of the United Kingdom" (in clause 5) but elsewhere "for the purposes of preventing or detecting crime" and "in the interests of economic well-being of the UK" (clause 21 - on traffic data). MPs in the standing committee reviewing the bill have complained about the proliferation of oversight tribunals and commissioners with varying powers and to whom the private citizen has variable rights of access as well as to information about suspected intercepts that might make such application meaningful. Ministers have justified the complexity by saying that the right balance has to be struck for many different circumstances. MPs have also been concerned that some RIP provisions offer a covert means for the security service, secret intelligence service and GCHQ to extend their territo ries into traditional police and customs territory. It is possible to guess why the RIP bill has taken this form: the scenario builders at NCIS, Cheltenham and the Thames-side fortresses read the same internet scare stories as the rest of us. They make projections about the powers they might need, partly to increase their influence but also because they fear they may not get another slot in a very crowded legislative calendar. And ministers lack knowledge to challenge their threat assessments. Peter Sommer is a research fellow at the LSE, special advisor to the commons trade and industry select committee and has been an expert witness in "computer crime" trials for 15 years. [Caspar Bowden 1] "It will wreck our e-commerce hopes for the UK." Caspar Bowden, director of the Foundation for Information Policy Research, opens the debate on the RIP bill The new economy means we need an updated and revised framework for the legal interception of communications. But the proposed regulation of investigatory powers (RIP) bill won't make Britain a better place to live, and it'll wreck our hopes to create in the UK the world's best environment for e-commerce. RIP proposes powers to demand, even from an innocent person or business, the electronic keys that will unlock not just one or two messages, but perhaps all one's traffic to date. Though earlier attempts to legislate to secure copies of decryption keys have failed, and though other countries have turned their backs on the idea, the British government is still trying to secure a general right of access to them for a wide range of state authori ties, and for loosely defined purposes. Furthermore, at the government's whim, you cannot tell anyone, even your wife or your boss, that this has happened. This is intrusive for individuals. Business is slowly waking up to the enormity of these proposals, which have no parallel anywhere in the world.From this seriously flawed start, the RIP proposals degenerate. They seem tohave been devised by redeployed cold warriors who want to put Britain on a paranoid infowar footing. Meanwhile the rest of the e-world plans a prosperous future based on trust in robust security without unwarranted interference. Do you still have every key, password, PIN number, cash card you have ever owned? Do you ever lose computer files by mistake? Under RIP, if you don't have your decryption key any more, you're liable to two years in jail unless you can prove to a court, on balance of probability, that the key was lost or destroyed. I can commend home office minister Charles Clarke for now joining the debate, and his boss Jack Straw for conceding in the house that there is room for improvement in the bill, but we first pointed out these problems to the government two years ago. Mr Clarke recently said in a letter to this newspaper, "We believe that we've struck the balance right", and that "innocent people are not going to suffer under these proposals." Ministers come and go, but the legislation they leave defines our rights and freedoms. There is nothing in RIP that stops these powers being used arbitrarily. Although we've proposed many amendments, the RIP bill cannot be patched up. It must be withdrawn and rewritten. Law enforcement's task is not helped by unenforceable laws: we need, instead, a law that suits an aspiring e-commerce leader. [Charles Clarke MP 1] "The bill does not outlaw any form of encryption." Charles Clarke, home office minister, replies: I welcome a constructive dialogue on the RIP bill. I agree that we need to update law enforcement powers for the digital age. Not surprisingly though, I do not hold with your other assertions about the government's proposals. The bill is about ensuring, as best we can, that powers crucial to keeping this country a safe place for everyone to live and work remain effective in the face of technological advancement. Some of these powers, interception of communications for example, are particularly intrusive. That's precisely why they should, as the bill proposes, be closely regulated. This is a difficult area. New technologies, the growth of the global knowledge economy (and our desire to be a leader in it) and the penchant of criminals to exploit whatever new ways they can to evade detection throw up new challenges. Encryption raises difficult, some might say unique, problems. But we would be putting our heads in the sand if we didn't tackle them. The bill does not outlaw any particular encryption technology or mandate the use of any particular key management system. Individuals and businesses alike remain free to use whatever technology best suits their needs. What the bill does is provide a power, where there are reasonable grounds to believe that a person has a key to unlock particular encrypted material, to require the disclosure of that key or the data itself in an intelligible form. The power only applies to lawfully obtained material. And if you've lost or forgotten a key then there is a statutory defence for you. Neither of us wants to see criminals being able to use the latest technologies with impunity. You want to see an individual's rights upheld. So do I. You don't want to see business encumbered by unreasonable burdens or draconian laws. Neither do I. This is all about a balance and I believe that the bill strikes the right one. The bill will not be withdrawn. There is cross party support for the thrust of what is being proposed. But as you (almost correctly) point out, the home secretary has said that he hasn't yet introduced a bill that has not benefited from careful parliamentary scrutiny. The RIP bill is important and it deserves such examination. And that's just what is happening. We're going through the proposals in committee now, clause by clause. [Caspar Bowden 2] Mr Bowden replies: The RIP bill is about what it says, not necessarily what you say it is about. There's nothing criminal about using encryption, but RIP treats everyone as suspect. Bad memory - maybe two years in jail will help? As we use more websites, email, digital TV, and smartcards to live more of our lives through cyberspace, use of encryption is essential to stop fraud, blackmail, identity theft, and just to preserve a little privacy. But most people don't even realise they are using encryption when they make up a password. You can't bully people into recording every one as if their liberty depended on it. In the real world, 10% of ordinary computer users lose data by forgetting keys - passing a law won't change that. You assume everyone prosecuted will be a villain, refuse to say how they can prove they are not guilty, and then assure us that the innocent will not suffer! That's not the job of a politician. We have a judiciary to sort out the innocent from the guilty, on the basis of evidence. The trouble with your "statutory defence" is that there is no evidence when someone forgets something, so criminals with a lot to hide will always plead a bad memory. The jury or magistrate (if mode of trial goes through, people won't have the choice) will simply have to guess whether the defendant is lying. RIP requires no evidence (46.2.b.2) of an underlying (let alone serious - 46.3.b) crime in order for decryption to be demanded. So here are four questions about RIP Part.III that we've been asking for a while: 1) How can a person who loses a password reliably prove their innocence "on the balance of probabilities"? 2) The handling centre for keys in the MI5 building may be secure, but what about keys in transit? MI5 lost a laptop the other day, and an encrypting modem disappeared from No.10 in 1998. How much is guarding seized keys really going to cost? 3) Won't RIP encourage "steganography" (or information hiding), which will exacerbate law enforcement's problems ? 4) It's true RIP doesn't insist that companies lodge spare keys with "trusted" third-parties anymore, but you are making company directors liable to imprisonment (S.69) if they cannot comply with a decryption order. Isn't this "key-escrow by intimidation"? I am sorry that you have closed your mind to the possibility that this part of the bill is misconceived. But the opposition parties have clearly signalled that they will withdraw support if their serious concerns on these and other matters are not met. There are a hundred amendments tabled before decryption is due to be considered. Will you allow the committee to take its time? [Charles Clarke MP 2] Mr Clarke replies: The committee is scrutinising the bill carefully. And it will continue to do so. As you assert, it's important to see what the legislation actually says. Innocent people are not going to be imprisoned for having a bad memory. Remember a vital point. The bill does not allow the authorities to get their hands on material which they cannot do now. The new power only works where material is lawfully obtained. If it is encrypted, and someone who is in a position to decode it refuses to do so, only then does the question of a prosecution arise. Where prosecutions occur, the authorities have to prove, beyond reasonable doubt, that a person has, or has had, a key. How do you demonstrate that you've lost or forgotten a key? You explain what has happened and the court will decide whether, on balance, you're telling the truth. There are statutory defences if you hand over as much information as you can. If you've forgotten your key, you might explain how it was generated, when you last used it and what you normally do if you forget it. Your earlier analogy of losing a PIN is inappropriate. I can't think of an occasion when a bank would be unable to provide details of an account when required to do so under existing powers. This isn't escrow by intimidation. The cost of establishing the technical facility which will handle keys obtained under the bill will be met from the money the chancellor has provided for tackling crime in the capital modernisation fund. Deploying the highest level of security for such keys is a top priority. Will criminals turn to other forms of information hiding post-RIP? We cannot tell what the future holds by way of other technologies that may or may not be taken up by criminals. Experience tells us that they will use what most readily suits their needs. The implication that the bill treats encryption users as suspect is wide of the mark. We know the technology is good for e-business, individuals' privacy and helps prevent certain crimes. It's also important to our e-government agenda. The bill does not criminalise the use of encryption. It targets the criminals, such as paedophiles, who use it to conceal their insidious activities. [Caspar Bowden 3] Mr Bowden: RIP doesn't target anyone at all - it's a blunderbuss which an extreme government could abuse for its own purposes. It's a pity that once again you seek to justify an unworkable encryption policy by associating it with an abominable crime. Child pornographers should be severely punished and deterred, but a responsible government would begin to give law enforcement the training and resources to defeat encryption when necessary through technical surveillance devices, and put in place an oversight framework with teeth to see that these powerful new capabilities can never be abused. The course on which your officials have ill-advisedly committed you will enmesh us further in a culture of secrecy, which will corrode our democracy long after you have left office and anodyne reassurances have been long forgotten. A law which replaces the presumption of innocence with a medieval trial-by-ordeal is simply wrong, not "a question of balance". [Charles Clarke MP 3] Mr Clarke: The RIP powers are necessary. But we've never said that they represent a panacea for all law enforcement's ills. We know that simplistic answers no longer work in today's fast changing technological environment. Last year's joint government/ industry task force on encryption and law enforcement recommended that a package of measures is needed if we are to have any hope of addressing effectively the threat posed by the criminal use of encryption. We're putting that package in place. Providing new powers, specifically recommended by the task force, forms an integral part of our approach. They require authorisation and are subject to independent oversight. But we're also providing law enforcement with a dedicated resource to assist over encryption and forging a new co-operative relationship with industry. These too are vital elements of the package, on which I place great store. This isn't about "corroding" democracy. It's about helping keep society safe. Web addresses Home Office RIP Bill www.homeoffice.gov.uk/ oicd/ripbill.htm Consultation paper www.homeoffice.gov.uk/ oicd/ioc.htm House of Commons library research paper on RIP www.parliament.uk/ commons/lib/research/ rp2000/rp00-025.pdf Report from the Cabinet Office, Encryption and Law Enforcement, May 1999 www.fipr.org/polarch/piu.pdf National Criminal Intelligence Service (NCIS): Project Trawler report, June 1999 www.ncis.co.uk/newpage1.htm Foundation for Information Policy Research: RIP Bill Information Centre www.fipr.org/rip/index.html Campaign against RIP bill: www.stand.org.uk
Current thread:
- IP: UK RIP bill : FIPR and Minister, 3 exchanges of open letters David Farber (Apr 08)