Analysis of Part III of the (draft) Electronics Communications Act 1999Session keysIt is common for messages to be encoded with a 'session key' and it is only this key that is sent using 'Public Key Encryption' because PKE can be rather slow. Many people have called for the Bill to recognise that supplying the session key would be a suitable response to a Section 10 notice. The difficulty appears to be that the Bill envisages the authorities demanding a key so that they will be able to decode FUTURE messages. ie: the keys are wanted for reading intercepted traffic as it arrives. There is also the difficulty that there might be some doubt that the plaintext supplied was genuine. In current products the session key will meet this objection. However, it should be noted in passing that if true One Time Pads are in use then if an incorrect OTP is supplied then ANY message can be the result of the decryption! Releasing session keys was seen by some people as being a way of inherently limiting the power of Section 10 orders. However, phrasing this to be technology neutral may be complex. The 'conversation' below brings out some more points:
Alastair Kelman
Brian Gladman
What law enforcement needs is the data that has been encrypted - the government has so far made no case for wanting the ***keys*** and I consider this just key escrow or GAK in a more 'user friendly' guise. Its time that the government made it a lot clearer why they consider access to keys to be necessary. Especially so since it seems that the US may be going down the 'obligation to decrypt' path.
Alastair Kelman
I refrained from putting it this way because the law tries to limit specific performance. Requiring a citizen to hand over his key, on the face of it, appears to be a lessor act than requiring the citizen to use his key to decrypt a particular message. The option for the citizen to perform the decryption without handing over his key should be included in the legislation. That said I have encountered a whole range of problems in computer evidence cases where the prosecution have refused to allow computer evidence to be produced by an accused "because how can we know he has not tampered or forged it?". So the section in the legislation will have to be very clear.
Nicholas Bohm
It should be a precondition of any obligation to disclose a key that the protected information is provided to the person required to produce the key, if they do not already (or any longer) have it." Note that this guards against the message being substituted before delivery_ an issue which there is no discussion about the penalties for (see 16(10)).
Charles Lindsey
Brian Gladman
For this reason I believe it would be much safer to press for a Bill that would (at most): (1) allow decryption orders to impose an obligation to decrypt; (2) allow, where necessary, orders to impose an obligation to prove the correspondence between an encrypted text and a decryption of it. This meets the need without mentioning keys and without imposing any constraints on how (2) might be met. If, however, I have to give up my long term personal decryption keys (session keys are different I admit) than I have put my entire privacy, security and safety in the hands of the State. This is not something I wish to do and for me this is not a technical issue even though it has a technical basis.
David Swarbrick
20.--(1) Every power which is conferred by an enactment to which this section applies on a constable who has entered premises in the exercise of a power conferred by an enactment shall be construed as including a power to require any information contained in a computer and accessible from the premises to be produced in a form in which it can be taken away and in which it is visible and legible.
Ross Anderson
It's not just PGP; I've helped people build PC database apps in which you can fetch only so many records at a time, and which have all sorts of tricks to prevent people stealing the whole database. With such products the source code isn't available (in the case of my client, it's not even in the UK) so the non-compliant implementation route is very much harder. People like Intel and Microsoft are under much pressure from Hollywood to design products that provide ever better support for applications which won't provide information `in a form in which it can be taken away'. The P3 serial number is the start; if you assume that software can be made tamper resistant enough to defeat PC Plod, then P3 already lets you write applications which will only display file X on machine Y, and only if machine Z is currently online. Future processors that have a private key on-chip will raise the bar very much higher.
Nicholas Bohm
It already exists in a very limited format in the Police and Criminal Evidence Act 1984 s21 (Swarbrick) Clause 10(2) depends on it appearing that a person has "a key", and enables a notice to demand disclosure of "the key". Where it appears that a person has both a private key and a session key, I think that the notice could probably specify which had to be disclosed, although the drafting is not wholly unambiguous. What amendments would do the trick? I suggest the following with explanatory comments [in square brackets]: 1 In subclause 10(1)(a) and (b) delete the words ", or is likely to come,". [The session key approach fails if future encrypted data is within the scope of the notice] 2 In subclause 10(3) insert a new paragraph (c) as follows (renumbering accordingly): "(c) must be accompanied by a copy of the protected information in electronic form;" [The keyholder may never have received it, or may have deleted it (or not retained the encrypted form of it)] 3 In clause 11 add a new subclause 11(4) as follows: "(4) Where a direction has been given in accordance with subsection (3) that a requirement to which it applies can be complied with only by the disclosure of the key to protected information, the person required to disclose the key shall be taken for the purposes of this Part to have complied with that requirement if, by the time by which he is required to disclose it to any person, he has provided that person with any key to that protected information." [This ensures that where a key must be given, any key (i.e. including a session key) will meet the requirement] [Note that this does not meet the point raised by Brian Gladman, that the keyholder may not be entitled to see the encrypted information - it may not yet have been released from a restriction under a confidentiality agreement for example, despite having come into the possession of law enforcement bodies. The only way to deal with that point is to limit my suggested clause 10(3)(c) so that the notice can be accompanied by just enough of the encrypted material to enable the session key to be extracted. This would complicate the thing a good deal to meet what I feel must be rather a rare contingency.] |