"the most pernicious invasion of privacy ever imposed by a democratic state" Anthony Barnett (Charter 88)

Regulation of Investigatory Powers Information Centre paste the URL non-streaming files into the Location box of Real Player NEW John Abbott (NCIS) Bob Packam(NCS) + Akerman(ACPO) 20/2/01 BBC Radio 4 'Today' (propaganda gone awry?) 23/1/01 Perri 6, Simon Moores, Chris Bailey on Silicon.com 8/12/00 Roger Gaspar, John Wadham on R4 Today 4m 57s 4/12/00 Observer's Political Editor, Kamal Ahmed on National Traffic Data Warehouse streaming 5m 2s 3/12/00 BBC TV on workplace surveillance streaming   24/10/00 Guardian editor Alan Rusbridger on RIP streaming   18/9/00 BBC Radio 4 - Law in Action 5m 48s 29/6/00 BBC1 TV News 1m 46s streaming   19/6/00 BBC Radio 4 - Today 6m 3s 12/6/00 BBC Radio 4 - World Tonight 4m 24s 5/6/00 KABC Los Angeles 14m 4s and BBC1 TV News  streaming 5/6/00 C4 News - Tom King MP and Simon Davies streaming   24/5/00 BBC Radio 5 Nicky Campbell 2m 52s 8/5/00 BBC Radio 4 - Broadcasting House 6m 57s streaming 7/5/00 BBC Radio 4 - You and Yours 7m 43s 26/4/00 BBC Radio 4 - PM  5m 13s 24/3/00 BBC Radio 5 interview with Nicholas Bohm 26/2/00

What's New NEW 4/4/01 Government says yes/maybe then Home Office says no to regulation watchdog's call for INDEPENDENT review of RIP (14/12/00) NEW 29/3/01 Official spy watchdog says Investigatory Powers Tribunal  "quite incapable of carrying out its job" NEW 29/3/01 Home Office takes powers to license IT security contractors and NTAC head  announced - Asst. Chief Constable Ian Humphreys NEW 22/3/01 EU data commissioners issue devastating critique of Cybercrime treaty 19/3/01 PQ: ISP reading e-mail Subject lines for virus checking NOT illegal 19/3/01 Protests over new proposals for HONG KONG  decryption powers 14/3/01 Attempt to increase RIP penalty for failure-to-decrypt to 10 years - only for material seized under Protection of Children Act (as if evidence that the material was child pornography) NEW 2/01 Bigbrother.gov.uk: State surveillance in the age of information and rights, Y.Akdeniz, N. Taylor, C.Walker, Criminal Law Review, (Feb 2001) 22/1/01 Home office refuses to publish, after Hewitt rejects 13/12/00, leaked NCIS submission to Home Office on Communications Data Retention Law 21/8/00 and Observer scoop 3/12/00 ("a scandalous proposal")  23/11/00 Clarke denies ever any problem with burden of proof - "I don't actually myself think that the amendment made any significant difference at all." 1/11/00 Membership of RIP Tribunal announced and rules (28/9/00) that give no right to hear or cross-examine evidence even via a special advocate 14/7/00 Lord Bassam confirms new kind of warrant allows GCHQ to trawl domestic Internet 7/7/00 and explanation of new "over-ride" certificates   10/7/00 Home Office Press Office is at it again	Editorials on RIP
		"....the best way of dealing with this misconceived piece of legislation would still be to scrap it....The danger is that the only criminals caught by the new RIP powers will be stupid and technologically illiterate...The RIP bill will make the UK the sole G8 economy to allow state access to decryption keys." 14/7/00 "It is time for the prime minister to get his home secretary back on message" 15/6/00 "scrap this ill-considered bill in its entirety" 6/6/00
		"Loath as governments are to accept it, the Net has signalled the end of an era for eavesdropping...and law enforcers need to look to the future not the past. It's better for the British government to abandon its bill and start afresh than to alienate business and the public with inappropriate, ineffective laws" 17/6/00   Reply from Charles Clarke 7/10/00 and reader's letters 28/10/00
		"...so misguided as to be practically unamendable. It would be better for 'the economic wellbeing of the United Kingdom' to throw it out" 12/6/00 "The government will look to get royal assent for the bill before the summer recess. But tinkering at the edges is not enough. Instead it should nail down the coffin on RIP" 23/7/00
		"...(FIPR) relentlessly stalked the government. It won major revisions to key parts of the bill, including the assumption that people claiming to have lost their encryption codes are innocent until proved guilty...But it still remains a draconian bill" 27/7/00 "Meanwhile a Labour government is seeking to introduce a law - the RIP bill - which allows for the interception, surveillance and disclosure of journalistic material without prior judicial authorisation. As it stands, a source may be identified and compromised or action taken to prevent the flow of information without a newspaper even being aware of it, still less being able to challenge any applications for authorisation." 22/7/00 "the tone adopted this week by Mr Straw and his henchman Charles Clarke... is not far short of hysterical...The Home Office is saying: trust us . Why should we? Look at the disposition to coerce shown by its pursuit of the press...On display there is the same mind-set... in this repugnant bid to extend government power over the internet." 17/6/00 "People and industry are only just waking up to the enormity of what is proposed and their lordships would do us all a favour if they used their delaying powers to throw this disgraceful bill back to the Commons for a complete rewrite." 12/7/00
		"The Government's crass attempt to claim draconian powers to monitor electronic communications, the (RIP)  Bill, would stifle the development of e-business, e-government or e-anything in the UK. " 13/6/00
		"As Home Secretary, Mr Straw has shown himself to be an unpleasant mixture of weakness and ... He has been ruthless, too, in seeking the power to examine any private e-mail. Weakness and posturing are a nasty combination. The Home Secretary's grip on his job is looking very shaky." 22/7/00 (the RIP Bill) "..still needs a good deal more investigation before it is fit for the Statute Book. This is the second time the paranoiacs in the Home Office have tried to hammer e-commerce with draconian surveillance powers, and the second retreat in the face of general outrage" City 28/6/00 "it is not worth the widescale intrusion into the privacy of computer users that the legislation will inevitably bring.... The legislation as it stands would allow someone to be dragged off in the middle of the night without being able to tell his wife or child why" 27/6/00 "It is bad enough that this Government does not seem able willingly to relinquish the powers that the internet is passing back to the individual. It is intolerable when, seeking to enact regressive legislation, it postures as a force of progressivism acting 'to protect our kids'" 9/3/00
		"The problem lies with the RIP Act itself. It will damage the UK as an e-business destination and undermine confidence in confidential data. It should be scrapped" 7/12/00 "the best thing the House of Lords could do for UK e-commerce in the next few days is to torpedo the Bill completely and ask Jack Straw to start again" 8/6/00
	The "tipping-off" offence is useless. Why ?	SECRECY REQUIREMENT: PLEASE READ PARAGRAPH 7 IMMEDIATELY   First glimpse of what a GAK Notice will look like

Human Rights

Reversal of the Burden-of-proof: Who said what ? - I shall make no concessions Charles Clarke MP, Minister of State at the Home Office 

• UPDATE 23/11/00 Clarke denies ever any problem with burden of proof - "I don't actually myself think that the amendment made any significant difference at all, it wouldn't have been the case otherwise. But the Lib Dems did: fine."

• 4/4/00 The Crux of the Debate - The text of the Standing Committee debate on burden of proof has been edited and highlighted to illustrate the key points of dispute

13/6/00 Open Letter from Amnesty International to House of Lords - "(RIP) could undermine... defending human rights and victims of human rights violations throughout the world"

7/6/00 Lords Select Committee on Delegated Powers and Deregulation Eighteenth Report - "The Committee considers that no other amendment is necessary either to the delegated powers in the bill or to the parliamentary control provided for these powers." (a watchdog that didn't bark - but no JUSTICE submission on Pt.III ?)

19/4/00 Home Office refuses Open Government request - "You also ask about the Encryption and Law Enforcement report published in May 1999 by the Performance and Innovation Unit (PIU) of the Cabinet Office.... The Home Office understands that the task force did not take legal advice before making its recommendations." 

26/3/00 Open Government request from FIPR to Home Office to publish Legal Advice (on Human Rights Act compatibility of RIP Part.III) - "Please could you enumerate the opinions Mr.Clarke was referring to...When did the Government first seek external independent legal advice on Part.III (either of draft E-Comms Bill or RIP)? Will you publish advice you have received?" - FIPR

24/3/00 Financial Times: Legal fears over e-mail tapping by Jean Eaglesham

..."As these are significant breaches, we expect the Home Office to engage in open debate on how far this bill will fail to be human rights compliant," said Madeleine Colvin, legal policy director at Justice, the civil liberties group that commissioned the opinion...

...Charles Clarke, the Home Office minister responsible for the bill, said there were a "large number of legal opinions floating around", and insisted the bill could withstand legal challenges...

...The Foundation for Information Policy Research attacked this approach. "The question of the reversal of proof has been festering for eight months," said Caspar Bowden, the foundation's director. "It is time for the Home Office to give a reasoned explanation of how an innocent person who has forgotten their key can be expected to prove this."

22/3/00 PRESS RELEASE: DECRYPTION POWERS FAIL HUMAN RIGHTS AUDIT AGAIN (and as MS-Word .doc) - "to avoid unjustified suspicion and possible wrongful conviction...good practice to...use steganographic file systems...not to admit to ever having had a key"

20/3/00 LEGAL OPINION: FIPR/JUSTICE Updated Human Rights Audit of RIP Decryption Powers (and as MS-Word)

20/1/00 Government replies to T&I Sel. Ctee request to "publish detailed analysis to substantiate its confidence" that decryption powers are ECHR compliant: "...very happy to explain why it believes the provisions to be ECHR compatible when faced with specific argument to the contrary..." 

26/10/99 Trade &Industry Select Committee 14th Report: Human Rights : "Justice and the Foundation for Information Policy Research commissioned a human rights audit of part III of the draft Bill which reported serious concerns that the draft Bill would, if enacted, contravene articles 6 and 8 of the ECHR.....Having certified that legislation does not contravene the European Convention on Human Rights, Ministers must be able to demonstrate, when challenged, that this is indeed the case. We recommend that the Government publish a detailed analysis to substantiate its confidence that part III of the draft Bill does not contravene the European Convention on Human Rights, dealing with the points made to the contrary." 

25/10/99 PRESS RELEASE: DTI draft E-Comms Bill decryption powers fail human rights audit  

7/10/99 LEGAL OPINION: FIPR/JUSTICE original Human Rights Audit of Draft E-Comms Bill decryption powers by Tim Eicke and Prof. Jack Beatson QC

• NEW 11/00 JUSTICE's  response (as MS-Word) to consultation on draft Codes of Practice on Interception, Covert Surveillance, and Covert Human Intelligence Sources 
• JUSTICE's HoC Second Reading Briefing as .pdf (and as MS-Word)
• JUSTICE's Human Right's Audit of Part.I (also as MS-Word file)
• JUSTICE's Human Rights Audit of Part.II (also as MS-Word file)
• JUSTICE/FIPR updated Human Rights Audit of Part.III (decryption powers) (and as MS-Word .doc)
• JUSTICE's Human Right's Audit of Part.IV - Commissioners & Tribunal (also as MS-Word file)

• LIBERTY's HoC Second Reading Briefing 
• Cyber-Rights and Cyber-Liberties (UK) briefing on RIP

• 13/2/96 Self Incrimination and Cryptographic Keys Greg S. Sergienko

£20m BLACK-BOXES, £25m GTACNTAC, & FBI's CARNIVORE

3/11/00 see also Intelligence And Security Committee Annual Report 1999-2000

20/4/00 Technical and cost issues associated with interception of communications at certain Communication Service Providers (.pdf)

Report commissioned by the Home Office from the  Smith Group

For an idea of what off-the-shelf kit can do visit Applied Signals Technologies, Xanalys, and TextFinder

25/4/00 FIPR RELEASE: £30 million (or more) to tap the Internet in the UK

1/12/00 FaxYourMP.com - Fax Your MP For Free !

STAND's campaign against the RIP Bill, detailed Guide to RIP (in need of updating !)

UK Online Public Discussion forums (10 Downing St. website forum on Internet Policy closed 4/12/00)

Call for an Open Europe campaign by the European Federation of Journalists and Statewatch

RIP Resources - links, briefings, press releases, and analyses

• 29/3/01 Commons annual debate on Intelligence Agencies

  Alan Beith MP (ISC member) : ...the support available to the commissioners and the tribunal. The new amalgamated tribunal deals with a wide range of public complaints about security and intelligence issues. The several bodies involved are dependent on a tiny support structure which is quite incapable of carrying out the job. As we reported, there was not even anybody to open the mail, let alone process it, for many months. That was ludicrous.

  ...We have been advised that urgent steps have been taken to remedy the present situation, but we have not yet had the chance to check on that. The new Committee, when it is appointed, will have to do so at an early stage because great reliance is placed on the mechanisms. They are Britain's  defence in relation to the European convention on human rights, so that an individual who believes that his civil liberties are being damaged has a mechanism through which he can appeal. If those involved in that mechanism cannot even open his letter--let alone process it or put it in front of the judicial authority who is to adjudicate upon it--we are not providing a safeguard that should be there.

   

• 19/3/01 PQ by Earl of Northesk: ISP reading e-mail Subject lines for virus checking NOT illegal (cf. Network News story of 24/1/01, repeated 14/3/01)
• 14/3/01 Amendment by Paul Beresford MP attempting to increase penalty for failure-to-decrypt to 10 years - only for material seized under Protection of Children Act (as if that was evidence that the material was child pornography)
• NEW  Bigbrother.gov.uk: State surveillance in the age of information and rights, Y.Akdeniz, N.Taylor, C.Walker, Regulation of Investigatory Powers Act 2000: Criminal Law Review, (Feb 2001), pp. 73-90
• 5/2/01 Robert Henderson's appeal to the Data Protection Tribunal
  • MI6 pleadings - The  principal  role  of the Secret  Intelligence  Service  is  the production of secret intelligence...
  • MI5 pleadings - ... The Appellant may complain to the Investigatory  Powers Tribunal established by the Regulation of Investigatory Powers Act 2000(which replaced the Security  Service Tribunal and  the  Interception  of Communications Tribunal, each established under earlier legislation) in respect of any  alleged act by the intelligence services or any alleged interception of communications.... Moreover,  the Investigatory Powers Tribunal is the sole forum able to  consider personal data obtained as the result of the issue  of an interception  warrant  (under  either RIPA or IOCA)  and  therefore a subject access request relating to any such data is not a  matter  that can considered by this Panel. That is the result of the provisions  of sections 17 and 18 of RIPA.
• 1/2/01 PQ by Earl of Northesk: Data Protection Code of Practice: E-mail Monitoring 
• 30/1/01 Russell Jones and Walker's RIP seminar
• 26/1/01 PQ by Derek Wyatt MP: "Home Office Ministers have met John Carr informally on several occasions and have met him in a formal capacity once or twice since May 1997. There are also plans for him to meet with Ministers in the near future."
• 24/1/01 ECLIP Workshop on Interception of Computer Crime - NEW Human Rights and RIP 
• 15/1/01 Cryptography services for the NHS
  • Strategy for cryptographic support services in the NHS (.pdf)
    • 3.12 Whilst it is possible to encrypt electronic information stored on computer media such as hard disks, such arrangements are currently outside the scope of this initial strategy and will need to be carefully considered for their purpose, impact and practice including those issues of data retention, archive and recovery.
    • 4.11 The Regulation of Investigatory Powers Act 2000 describes provisions for legitimate use of encryption in the UK (WRONG) and law enforcement compliance arrangements  (not any more !!).
    • 5.13 It is therefore essential that the NHS adopt the international X509 digital certification standard
  • Interim guidance for potential uses of cryptography in the NHS  (.pdf)
  • Public Key Infrastructure - Frequently Asked Questions 
    • The principal function of a PKI is to manage cryptographic keys and certificates. More specifically, however, it must enable the functions detailed below: ...
      • 9.   Manage key histories so that content encrypted in the past can still be recovered
      • 10. Provide a mechanism to recover encryption keys
• 14/12/00 Regulating Cyberspace Better Regulation Task Force Report

  Recommendation 10: The Home Office should commission an independent impact assessment of the effect of the Regulation of Investigatory Powers Act 2000 (RIPA) on business confidence and investment one year after its implementation.

  3/01 Government Response - Accepted in part (can this be true ?)... The Government agrees that a continuing review of the effectiveness of the Act is necessary (!!). The Government undertakes to keep ... RIPA under review (oh I see, one of those reviews) ... The Government will consider whether an independent element might be introduced at an appropriate point (so you haven't really accepted the recommendation, even in part - you've just said you'll think about, at an appropriate point - Cor, fanks Guv'nor you're a real gent)... 

  As the Task Force has recognised, a number of changes were made to RIPA during its Parliamentary passage, specifically to address the concerns of business (and civil liberties had nothing to do with it, oh no, what do you think we are, a bunch of softies?). The Government is not complacent though about the amount of work still to be done in this area (we still don't seem to be terribly popular). 

  ... powers which are vital in combating serious crimes more generally, and threats to national security. As the Government stated in the Regulatory Impact Assessment for Part I of RIPA published in February 2000, these aims are highly valued but difficult to quantify (so don't blame us if it turns out we got it wrong yet again). But any assessment of the effectiveness of the Act must be viewed in this wider context, having command of (no-one independent could judge) the full picture. It also means that any meaningful review will need to encompass the practical use (if you knew what we knew) of interception by the limited number of agencies empowered to utilise the relevant provisions of the Act. As the Task Force will recognise, interception is, by its very nature, a covert intelligence-gathering activity (so don't act all surprised when we don't tell you anything about it). There are sensitivities involved for the agencies carrying out interception operations (so I'm afraid you'll just have to trust them). And there are, importantly, sensitivities too for CSPs (except those offering customers offshore encrypted relays). RIPA already provides for independent oversight of the interception power. The Interception of Communications Commissioner has a statutory responsibility to oversee the operation of the relevant provisions in Part I of the Act, and to publish an annual report. There is a similar statutory oversight mechanism for Part III (well that's all right then)

  .

• 13/12/00 Evidence of Patricia Hewitt (Minister  for E-Commerce) before Trade and Industry Select Committee 

(Lindsay Hoyle MP): 93. Can you comment on the suggestion made by the National Criminal Intelligence Service, GCHQ and all the other spooks which are around, that companies should keep all their communications for seven years. Would you agree with those comments? 

(Ms Hewitt): I do not agree with the proposals. I saw them in the press, I think, ten days ago. I have not had formal communications with the Home Office, I have discussed it informally with Charles Clarke and I understand it is his view as well that that proposal should not be implemented.

• 12/00 Electrohippies communiqué - Cyberlaw UK: Civil rights and protest on the Internet
• 29/11/00 MOOT! - open-design, open-source cryptography project to defeat RIP
• ?? PwC/Landwell briefing on RIP 
• ?? Olswang briefing on RIP 
• 27/11/00 TUC report Surveillance at work: sensible solutions
• 17/11/00 FIPR and JUSTICE response (MS-Word) to consultation on draft Code of Practice on Interception 
• 16/11/00 Living with the RIPA - Journalist's Guide to Surviving Cyber-Regulation (seminar for journalists only)
• 14/11/00 Charles Lindsey's Living with RIP seminar slides, and (old) scenarios analysing serious problems with RIP, ECU comments, and  ukcrypto thread responding.
• 23/10/00 Question by Diana Wallis MEP on legality of RIP and answer by Commissioner Liikanen
• 23/10/200 Institute of Directors concerned about the Regulation of Investigatory Powers Act
• 6/10/00 Data Protection Commissioner's  consultation (.pdf or Word) on Draft Code of Practice on Use of personal data in employer/employee relationships (.pdf or Word) deadline 5/1/01
• 22/9/00 International Forum on Surveillance by Design - public meeting on the development of global surveillance strategies for law enforcement and national security 
• 6/9/00 James Hammerton's RIP page and MagnacartaPlus RIP page
• 23/8/00 Alliance for Electronic Business - Response to Consultation on LBPR
• 22/8/00 e-centreUK Legal Advisory Group - Response to Consultation on LBPR
• 1/8/00 E-Commerce: Policy Development and Co-ordination in the EU, House of Lords Select Committee on the European Union (and assessment of RIP Act - we have found that the continuing adverse perception of the Bill has weakened the impression that Government understands and supports the e-commerce-based sector and has threatened the Prime Minister's objective of making "the UK the best environment in the world for e-commerce")
• 12/7/00 Data Protection Commissioner's Annual Report for 2000 on RIP

The Government's Regulation of Investigatory Powers Bill is now before Parliament.   A paper setting out our views on the draft legislation has been prepared for parliamentarians.  Broadly we are concerned that warrants for interception of communications and other forms of surveillance are available through administrative rather than judicial procedures and that forms of surveillance which are equally intrusive are treated differently.  In this context, we are particularly concerned that the Bill appears to allow access to encrypted electronic information without a warrant, simply on the basis of a notice issued by a specified law enforcement authority.  We contend that this notice should only be served where a judge or another independent authority has ruled that there are grounds for approving its issue.  Our concerns about the Regulation of Investigatory Powers Bill are linked to our concerns about various international initiatives to combat cybercrime (see Chapter 8).

• 12/7/00 Charter 88 Analysis of RIP proceedings in the Lords
• 11/7/00 Brian Gladman's comments on the Part.III Code of Practice (.pdf)
• 18/7/00 Alliance for Electronic Business - Remaining Issues of Concern
• 11/7/00 GreenNet statement on implications of RIP Bill and contingency planning
• 4/7/00 Brian Gladman's annotated guide to remaining problems of Part.III, after government amendments in Lords' Ctte (.pdf)
• 29/6/00 Further Open Letter to the House of Lords from Cyber-Rights and Cyber-Liberties (UK)
• 20/6/00 Letter from Operational Research Society to Jack Straw  - "...we think it best that the RIP Bill be withdrawn"
• 19/6/00 ISPA response to the Smith Group Report (on Technical and Cost Issues Associated with Interception of the Internet) - "in the round we are now firmly against the RIP bill and believe there is no doubt that it will devastate e-business in the UK"
• 13/6/00 Open Letter from Amnesty International to House of Lords - (RIP) could undermine... defending human rights and victims of human rights violations throughout the world
  • 5/7/00 Reply from Lord Bassam
• 16/6/00 Alliance for Electronic Business - Lords Brief
• 16/6/00 ISPA AEB LINX BCC Press Release on RIP
• 12/6/00 Claranet proposes three amendments to the RIP bill 
• 9/6/00 Institute of Directors voices concerns over RIP  

Is it really the intention to provide Inland Revenue or VAT inspectors or DTI Company investigators with these powers?  Even the car park attendant at the Home Office seems to have them under current drafting!

Individuals in multi-national businesses may find themselves placed in an invidious position through the operation of this Bill.  If an employee is served with an order to release highly sensitive encryption keys, they are likely also to be served with a ‘gagging order’

• 8/6/00 Letter from Institute of Directors to Jack Straw and Stephen Byers  

the drafting is littered with “is likely to” references such as “information likely to come into possession …”.  These lead to substantial doubt as to the level of exposure to cost, risk and disruption for business..

If full decryption (as opposed to our preferred option of session) keys are demanded using as Section 46 notice with an associated ‘tipping-off’ order, individuals working for multi-national companies may be placed in a perilous position...A much higher level of judicial authorisation should be required for demands to access general decryption keys

• 5/6/00 British Chambers of Commerce release study : The Economic Impact of the Regulation of Investigatory Powers Bill - £46bn in 5 years (download .pdf here) and letter to Home Secretary  
• 26/5/00 Letter from Law Society to Charles Clarke MP  - "The Law Society believes that (RIP)...must...offer adequate protection to legal professional privilege and the right to a fair trial...the Bill...is unsatisfactory...as presently drafted"
• 12/5/00 Professional Contractors Group - RIP briefing  
• 10/5/00 Internet Society writes to Prime Minister asking RIP not be enacted, and their analysis of RIP
• 13/4/00 Open letter from ISPA & LINX to e-Envoy Alex Allan  - "the Home Office...might be under the misconception that ISPs are content with RIP. This is not the case....during our private discussions between ourselves and the Home Office, no Government representative, nor the text of the Bill, has given any commitment to ISPs that they will not have to bear the entire costs of interception"
• 12/4/00 Alliance for Electronic Business - RIP ExecSumm Position
• 9/4/00 NCH Press Release: Children's organisations brief MPs on Regulation of Investigatory Powers Bill - "The full text and background of the briefing is available on this site" (?? NOT ??)
• 29/3/00 Open Letter from Oliver Heald MP, Opposition spokesman on RIP
• 10/3/00 Alliance for Electronic Business - RIP Initial Analysis
• 3/00 Anne Campbell MP supports the Government’s position on RIP
• 3/00 Data Protection Commissioner's briefing to Parliamentarians on RIP

"..questions the distinction made in the Bill between the requirements for gaining access to data contained within an intercepted communication and those for gaining access to other communications data such as traffic and billing information.  Both sets of data provide insight into the private lives of individuals and should therefore be subject to equivalent controls and safeguards"

"...unlikely that individuals will be informed where the integrity of their private keys has been jeopardised and they may continue to use these keys without being aware that their security has been compromised.  Third parties whose personal data forms part of any protected electronic information may also be unaware of the risks posed to their data"

"..judicial warrant should be the general standard for authorisation.  Unlawful interception of communications, unlawful surveillance and unlawful access to encrypted data should all be subject to criminal penalty"

• 3/3/00 House of Commons Library Research paper on RIP (as.pdf)
• Black Information Link - Quick guide to RIP
• Society for Computers and Law: Commentary by Rico Calleja, Theodore Goddard

(International)

• NEW  (Hong Kong)  1/12/00 Release and streaming video (GAK starts 7m 30s) of Press Conference on Report of the Inter-Departmental Working Group on Computer Related Crime  (9/00) and chapter on Encryption

  5.22 The Working Group recommends...“production orders” .. be adopted...to allow access to encoded computer information relevant to an investigation. The access may be provided in the form of the plain or decrypted text or the necessary passwords, encryption codes, decryption codes, software, hardware and any other means to enable comprehension of the computer information in question....

  5.25 ... we recommend that an extra safeguard be built in by limiting the disclosure power to offences of a more serious nature. Only offences attracting a maximum penalty on conviction of not less than, say, 2 years’ imprisonment should be subject to this disclosure requirement.

  5.27 ...A mere fine would not be a sufficient deterrent, as it could be treated just as an operating cost. We recommend that the penalties should in principle be commensurate with those for the specific offence under investigation (!!!!!).

  • 19/3/01 South China Morning Post: Stream of protest at proposed e-crime policies - The HKISPA ...also questioned a 'wish list' ...[including]  a proposal for providers to keep records for up to six months - including details of e-mail accounts and Web pages viewed. 'Some of the items in the indicative wish list from the report are not only ridiculous, but also technically impossible,'
  • 16/3/01 South China Morning Post: Law changes threaten privacy, commerce - Hong Kong's Computer Society has dubbed the wish-list 'excessive'. 'Certainly, the public will have privacy concerns, as it is equivalent to all telephone lines being monitored, and all private phone conversations being under watch.'
  • 10/2/01 Agenda of LegCo public hearing with links to submissions
    • ISFS (society for computer security and forensics professionals) - Key-escrow (!!!~&*%#!!) /backup infrastructure should be setup and managed by the Certificate and Digital ID provider. With Court approval, law enforcement entity can be authorized to use the alternative keys...
    • Hong Kong Computer Society - The burden of proof appears to be on the accused: How does the subject ... prove they are incapable of decrypting the material? ... we think it is necessary that it be made quite clear that the burden of proof for failure to comply with a production order is firmly with the prosecution.
    • 14/3/01 Law Society Submission

    In deciding whether such investigatory powers should be given to the law enforcement agencies and the scope and manner of exercising such power, the Committee has the following concerns: (a) implications of the proposed legislation on the development of e-commerce; (b) potential infringements of privacy; (c) implications for the disclosure of encrypted information, which may include legally privileged information; (d) the right of individuals against self-incrimination, (e) the need for disclosure of keys when access to plain text would be sufficient; and (f) the need for the empowered agencies to be fully accountable to democratic institutions and subject to public scrutiny. It should be noted also that cryptography is usually used to thwart criminals rather than to help them and care should be exercised before breaking security.

    The Committee recommends that the following safeguards be embodied in the proposed legislation regarding access to encryption keys: (a) there should be disclosure only where obtaining the key is really necessary; (b) disclosure should be "proportionate" to what might be achieved; (c) there should be provisions for the protection of the relationship between solicitors and clients; (d) there should be provision for the destruction of the encrypted information once it is obtained; and (e) there should be a right to sue law enforcement agencies if any material is leaked as a result of the negligence of the law enforcement agencies

     

  • 7/12/0 Report of Working Group : Brief to LegCo
  • 2/3/00 LegCo Panel on Security brief on Computer Related Crime and minutes of discussion

• 19/1/01 NEW Janos A. Csirik's guide to 3GPP security documents
  • 3GPP
  • ASPECT
    • 23/6/97 Trusted Third Party evaluation report
    • 19/10/98 Legal Aspects of fraud detection 
• European Parliament Committee of inquiry into ECHELON

  - to verify the existence of the communications interception system known as ECHELON, whose operation is described in the STOA report published under the title "Development of surveillance technology and risks of abuse of economic information";

  - to assess the compatibility of such a system with Community law, in particular Article 286 of the EC Treaty and Directives 95/46/EC and 97/66/EC, and with Article 6(2) of the EU Treaty, in the light of the following questions: 

  - are the rights of European citizens protected against activities of secret services? 

  - is encryption an adequate and sufficient protection to guarantee citizens' privacy or should additional measures be taken and if so what kind of measures? - how can the EU institutions be made better aware of the risks posed by these activities and what measures can be taken? 

  - to ascertain whether European industry is put at risk by the global interception of communications; - possibly, to make proposals for political and legislative initiatives;

   

  • 22/3/01 Agenda and list of witnesses for committee hearing and submitted documents

   

• Center for the Study of Technology and Society's RIP coverage
• 9/11/00 Public Key Infrastructure: An Artefact Ill-Fitted to the Needs of the Information Society Roger Clarke
• 13-15/9/00 Global Privacy Summit 2000  (with video coverage)
• 10/7/00 Irish E-Commerce Act 2000 - "28.Nothing in this Act shall be construed as requiring the disclosure or enabling the seizure of unique data, such as codes, passwords, algorithms, private cryptographic keys, or other data, that may be necessary to render information or an electronic communication intelligible."
• 7/6/00 Australia's Telecommunications (Interception) Legislation Amendment Bill 2000  
• German Economics Ministry on cryptography and IT security policy (in English)
  • 16/8/00 NEW Electronic Signature Law in Germany
  • 2/6/00 Key Elements of Germany's Encryption Policy
• a petition against software patents, which could be coming to the European Union soon...
• United States National Infrastructure Protection Center (NIPC)
• Russian Internet Wiretapping Project ("SORM")

  • 21/4/00 Outlook for Freedom conference (Moscow), Bulletin on SORM-2

  • 21/2/00 ABCnews:  Russia Spies on Net Traffic - "The successor to the KGB is now also spying on the Internet... the security service has already forced many of the country’s 350 Internet service providers to install surveillance equipment.."

  • 5/10/99 Wall Street Journal: Russian ISP Finds Court Victory Sometimes Is No Victory at All

• Cryptographic Software Export Controls in the EU (.pdf) - Thesis of Simo-Pekka Parviainen
• The Complete, Unofficial TEMPEST Information Page
• Journal of Craptology

• tScheme - "provide the regulatory environment that will avoid the need for the Secretary of State for Trade and Industry to invoke his powers under (Pt.I of) the Electronic Communications Act 2000."
• DTI Communications and Information Industries
  • 3/10/00 final Lawful Business Practice Regulations and DTI Response to consultation (and Press Release)

    7. Warning: The Data Protection Act 1998
    Anybody who intercepts a communication will need to be sure that their actions are authorised under the Regulation of Investigatory Powers Act and comply with the requirements of the Data Protection Act 1998. The Lawful Business Practice Regulations make an exception to the rule established in the Regulation of Investigatory Powers Act that consent is needed before an interception can take place. If a business intercepted a communication in accordance with the Regulations, it would not risk civil liability under the Regulation of Investigatory Powers Act for unlawful interception. However, businesses should be aware that any interception which involves obtaining, recording or otherwise processing personal data by means of automated equipment (for example recording calls or filtering emails) also falls within the scope of the Data Protection Act 1998. So too does the holding or processing of personal data after the interception has taken place.

  • 27/7/00 DTI Consultation on Draft Regulations On Lawful Business Practice Regarding The Interception Of Communications - deadline 25/8/00 extended to 15/9/00
  • 19/6/00 Electronic Communications Act 2000 ECA2000
  • 7/99 Promoting Electronic Commerce - DTI consultation on draft legislation [Draft Electronic Communications Bill] CM4417  (mirrored - no longer on DTI site ?)
    • Responses to consultation on DTI draft E-Comms Bill, `Promoting Electronic Commerce' (published in response to FIPR Open Government request)
  • 3/99 Building Confidence in Electronic Commerce - DTI consultation document  - There are concerns about powers to require suspects to disclose their encryption keys, with some arguing that this would result in self-incrimination. The Government does not believe that its proposals would amount to self-incrimination. The proposed power will enable evidence already in the possession of law enforcement agencies to be made comprehensible, rather than requiring a suspect to disclose evidence. There are numerous examples where suspects are required to comply with statutory obligations for the purpose of maintaining the effectiveness of criminal investigations (e.g. requirements to provide fingerprint and DNA samples, or to produce documentary evidence of vehicle insurance cover)
  • 4/98 DTI Secure Electronic Commerce Statement (mirrored)
  • 19/3/97 DTI Consultation Paper on Licensing of Trusted Third Parties (mirrored) - published exactly six weeks before the general election 
    • "The timing of the announcement might uncharitably be construed as an attempt to present a new Government with a policy fait accompli, but not apparently through the political direction of the previous administration"
  • 10/6/96 Regulatory Intent Concerning Use of Encryption on Public Networks (mirrored)
• HOME OFFICE
  • 30/3/01 Head of NTAC announced  - Assistant Chief Constable Ian Humphreys
  •  Home Office RIP Act site (2/8/00)
    • 12/3/01 Summary of responses to consultation on composition  of Technical Advisory Board  - "RIP Section 13. - (1) ...the Secretary of State...may by order provide....(c) that such other persons (if any) as the Secretary of State thinks fit may be appointed to be members of the Board..." (no NGOs proposed) 
    • S.12 "black-box" orders (no deadline) - The interception of the entire communication and the associated data going from or intended for a warranted person, and transmission to government/the intercepting agencies in near real time. For stream-based services the stream shall be copied and forwarded as it happens. The emails of the warranted person will be forwarded as soon as they are available within the CSP infrastructure. This requirement only applies if the warranted person can be associated with a specific telecommunications identifier.
    • 6/00 Myths and Misunderstandings  
    • 3-6/00 Ministerial letters to media  
    • 19/4/00 Report by the Smith Group Ltd  
    • 22/3/00 Charles Clarke's Speech to Scrambling for Safety 5
    • 2/00 Regulatory Impact Assessments for Pt.I and Pt.III
  • 13/11/00 Press Release: National High-Tech Crime Unit
    • 11/1/01 NCIS advertises posts for HTCU Strategic and Tactical analysts £22K
  • ACPO/ISP Internet Crime Forum
    • 29/3/01 Interview with Det Ch Supt Keith Akerman streaming - What is the Internet Crime Forum? .... law enforcement agencies, ISPs, and government representatives. "and a whole host (!!) of other agencies - all (?) of whom can contribute to the debate"
  • Home