Analysis of Part III of the (draft) Electronics Communications Act 1999
The Bill distinguishes signature keys from encryption keys - to meet the concerns expressed many times in previous consultations about the undesirability of giving up signature keys to anyone for any reason. But there are doubts that the way this is given expression is good enough and besides, what is the remedy if a signature key is the subject of a Section 10 notice.
A key is not to be 'recovered' under the Bill, if it has only been used for signature purposes. I have mentioned before what I think is an unsafe distinction between privacy purposes and signature purpose. The fundamental public key system is blind to this and the two concepts are more closely linked than it seems at first (PK cryptography has only revealed a link, not created one)
When a chap comes to my office delivering a parcel, I sign for it. I demonstrate my authority to receive it by signing my name.
When I receive a document encrypted with my public key, do I not 'demonstrate my authority to receive it' by signing the encrypted message with my private key?
Is it not the case that my private key is only ever intended to be used to sign a document? I have no intention of hiding the contents since I have published by public key as widely as I can. My intention is that anyone may read my message, and be assured (before the e-commerce act in any event) that my private key is private?
What is my private key ever used for except, in some way or another, to sign?
I fully acknowledge the complexity of cryptography software. I am only talking here about principles only.
Of course that would tend to reduce the forensic value of any (seized rather intercepted - assuming IOCA s.9) digitally signed evidence which the police wished to attribute to me. I could claim it had been forged-up after I disclosed the key (in abscence of crypto timestamps etc.)
But I would like to see the bill spell this out more explicitly, just for safety, perhaps together with some indication of what level of proof would needed to show that you have been using the signature key for encryption.
In some cases that may be easy (e.g. if I reply to a message quoting plaintext when it has been sent to me encrypted under my signing key); in other cases not.
There is no particular process of negotiation 'We can prove this' 'Go'rn then'
It is left as an extremely high risk strategy to refuse.
You are right to the extent that the burden of proof is explicitly on the defendant under s12 defences, but is not so apportioned under s10.
No doubt the defendant would have to give evidence that he had never used the private key to decrypt a message, but as the Bill stands it would be for the Crown to prove that the notice complied with clause 10(5) if challenged. I do not see a conviction being upheld that was based on non-compliance with a ntoice which itself failed to comply with clause 10(5).
Whether the Bill will remain in its present form if this correspondence is studied closely is another matter. One can only hope that the Home Office is not interested in our views.
I apply exactly the same technology in exactly the same way. The only difference is in the choice of key, and whether it is applied to text which has already been encrypted.
I confess that I do not feel I have yet got to the heart of it, but that the whole distinction between signing and encrypting is quite artificial, superficial and dangerously weak.
It can be achieved technically, but each technical solution I have seen described (I do not pretend to be technically adequate) fails fundamentally to achieve any distinction of principle.
It is born out of a fond hope that Mr Nasty Privacy can be divorced Mrs Nice Signature, so that e-commerce can be saved from the Gooks.
Return to the Draft E-Commerce 1999 Bill Review front page.