Analysis of Part III of the (draft) Electronics Communications Act 1999
The "tipping off" offence has had a rough ride. Its apparent requirement to make you lie about the security of your encryption has come in for specific criticism. The generality of the offence has led to a number of thought experiments as to what it would actually mean in practice and to various ways that one might protect ones security without transgressing the law.
Meantime, some of the more general questions remain unanswered. Would failing to provide ISP service to a child pornographer be "tipping off" ? If so, why isn't this an explicit offence ?
Of course, in some countries "tipping off" is a requirement since the security forces have to inform the intercepted, after the event, that they have been overheard.
Why a "tipping off" offence might be needed
How a Section 10 order will feel in practice
Can you tip off if you have no keys ?
How can one check the validity of a Section 10 notice?
Can I still use my computer ?
Do you have to hand over equipment in response to a Section 10 notice ?
The legality of revoking keys ?
What disclaimers will work ?
"Tipping off" in these circumstances is unlikely and is in any case dealt with by offences and penalties set out in the various sections of the OSA.
The Home Office has to call on a different category of "helper" when it serves a section 10 notice under the proposed EC Bill. These people will neither be vetted nor have signed the OSA. They will have little understanding of, or concern for, or may be actively hostile to, the need for secrecy in such operations.
This may explain why section 14 of the EC Bill prescribes a maximum 5 years imprisonment for "tipping-off" which seems to be considerably longer than that for similar offences in the OSA (as I understand it as a non-lawyer).
One way of looking at the EC Bill is that sections 13 and 14 have to stand in place of the sorts of indoctrinations, restraints and habits of secrecy under which I assume Smiley's People operate.
When seen in that context is Section 13 so unreasonable?
This raises the following intriguing question: If someone who has signed the Official Secrets Act is served with a section 10 notice (which had a requirement to keep it secret) and is subsequently arrested for allegedly "tipping off", which criminal offence takes precedence - the one committed under the OSA or the section 13 offence of the EC Bill?
You also omit the poisonous effect of receiving such notices on family and employment relationships. It seeks to make liars of us all and to destroy any relationship of trust. How can I ever know that an employee has not betrayed my firms private key.
Note also that there is no provision for recompense unless the notice was issued on behalf of the secretary of state. It specifically envisages people having to persist with their lies through all civil and criminal proceedings, and offers them no compensation in return.
It is, quite simply, evil.
The loving wife (who has been served with a Section 10 Notice "requiring [her] to keep secret the giving of the notice") MUST lie to her husband in order to protect him and he family. Otherwise what happens to the kids if they are both carted off to prison for 5 years?
If my understanding of this is correct I would expect soon to see the Tories mocking the government over this Bill's undermining of its attempts to promote "family values".
If I may I would like to add my own concerns to those you express above. In the situation that I describe below I suspect that I am not alone.
This site generates very large volumes of e-mail (13,000+ e-mail users). We have significant numbers of overseas students who, if only because they are Registered Aliens, are of automatic interest to the HO Immigration Dept and Police Special Branch. Some of these students may also be of special interest to other LEAs as well for all I know.
I have no basis for knowing what the actual level of use of encryption is in e-mail here. However indirect evidence suggests that its use is still very limited. This may change and there are no restrictions on its deployment by our users.
I have acted, when requested to do so by the University, as a link with the Police, BT Investigations Branch, etc, during criminal investigations involving users or equipment here.
As a result of these past contacts I sometimes have informal approaches made directly to me from LEA sources. I invariably refer these people to the Registrar of the University. I refuse any assistance unless instructed to provide it by the Registrar.
The EC Bill is likely to change this.
I could be served a section 10 notice directly in order to provide a user's encryption key or other data. If this notice has a requirement to keep its contents secret then section 13 prevents me from referring the notice to the Registrar in order to protect myself [this University makes it a disciplinary offence, punishable by dismissal, for an employee to access computer records without authorisation].
Even if I was willing to act on the section 10 notice I may not be able to meet the requirements of the notice at all or at least without resorting to assistance from colleagues. At worst I still get caught be section 12; at best I will have to lie about what I am doing and why to my colleagues and my employer. It is an unpleasant and worrying prospect.
Another interesting little side-line, and one which one can imagine being a problem, is how a section 13 notice would interact with a fraud investigation where witnesses can be compelled to answer questions (in other words, where ``I will not answer that'' is of itself actionable).
This was the sort of enquiry which gave rise to problems in various SFO cases in the mid-90s.
And how would it play against a question asked by a parliamentary select committee, which so far as I understand it can offer absolute privilege?
Exclusion of evidence
A pretty little circle has been described.
You are served with a notice. It is not authorised by the Secretary of State directly so you may not take any matter before the tribunal (and cannot get compensation under this Act). The notes say you fall back upon the general law, but s9 is now intended to be applied to this Act, and therefore _any_ losses suffered other than under the authority of an SS warrant are claimable provided only that you may not actually say that a notice was served etc.
The answer will come from Nigel's friends at the Home Office 'We will never do that' If not, then why take the right?
I must apologise for my earlier post. I spelt Staasi wrong.
Citizens have a collective right to expect that individuals among us will co-operate with us as a group to find and deal with others who act against our interests. But in return we have a duty to those we call on for such co-operation to ensure that we require only what is absolutely necessary of them and that we do this in such a way that any detrmimental impact on them is at an unavoidable minimum.
IMHO seeking the decryption of given encrypted texts, in strictly defined circumstances and with clear legal safeguards, meets this mandate. But to require the revelation of decryption keys goes far too far and is a gross infringement of civil rights that have taken centuries to establish.
This is an action that will, on occasions, seriously imperil the safety, security and privacy of entirely honest and law abiding citizens who, through no fault of their own, have the misfortune to find themselves subject to decryption orders. And to go even further and make honest, law-abiding citizens into potential criminals when all they have done is to use cryptography to protect themselves is the hallmark of the sort of oppressive (communist or fascist) regime that I never thought I would see in the uk.
It is very clear that while the Government has given up on key-escrow, it has not given up on the warped thinking that lies behind it and is now seeking the same unjustified access to decryption keys in another way.
Does the recipient of the s.10 notice (a) lie to their spouse in order to stay within the law --- obviously, for ministers, lying to their spouse is a way of life given the amount of adultery, but for the rest of us it's a bit more serious. Or (b) tell the truth to their spouse, making themselves a criminal for `tipping off'.
Nice choice, eh? Especially since, as I understand it, spouses cannot be compelled to give evidence against each other.
I was told at the time that I should be very careful about packages that I suspected of being "Dodgy", as they were my responsibility between the originators signature and the destinaton signature. I heard of several cases of couriers being had up for drugs offences because of this.
Can I assume that the same would apply to encrypted data tapes if this Bill becomes law? The courier would of course be completely unable to supply keys.
Does the "Tipping Off" offence still work if the subject fails to supply keys? In which case, if the LEAs served notice on a courier and he failed to supply keys and subsequently told his office about the events, he would have committed an offence .. yes?
Could any inference be drawn if I reverted to using FAX, P.O. mail, telephones, presenting myself in person, etc, in place of my "normal" mode of using encrypted e-mail? No court could hold that these were abnormal or unusual behaviours!
What if my correspondents were to regularly ask me in their messages every Friday evening: "are you the subject of an Interception Notice?".
I am an honest person and would not wish to tell a lie. If I am not the subject of an order I could answer honestly "No".
If I was the subject of an order it appears that I am compelled by law to lie and say "No". But what if I answer honestly and tell the enquirer: "under the terms of a Section 10 notice I am not allowed to say"?
This last response would appear to be "tipping off" unless I used it every time I was asked whether I was the subject of an Interception Notice". This is rather like the response of Ministers to questions about "security matters" in the Commons. However in normal circumstances I have absolutely no obligation or reason to use that form of words.
Is the new Bill going to compel us all to start acting like Ministers in the Commons? I am sure Jack Straw and colleagues would say: "what is wrong with that?".
One has the impression that the authors of this machinery have not thought through its workings.
It is a straight hint, and liable to leave you locked up.
If I am served with a notice to hand over the key, do I have to hand over the physical card? And of course if I do so, I will subsequently be unable to read any messages which people send me. Even without me saying anything, this will show my correspondents that it is necessary to change keys (although it will not show that a compromise has taken place).
If the card is lawfully seized under a search warrant and a section 10 notice is served in respect of the "key" to the card as being an indirect key to protected information, that might work. Awkward if the key is your iris pattern: try not to blink, and you've disclosed it.
Surely if I have a public key which is compromised, and distribute a new public key to every associate of mine except one, I can expect PC Plod to clap me in irons for tipping off. We can expect that arguments about where the line is drawn between the generality of section 13 ("tipping off") and the steps envisaged in the above paragraph will be the subject of fevered negotiation between industry and police/prosecution officials at best, expensive and erratic case law at worst.
Since there is nothing in the legislation that significantly restricts what may be made secret under the section 10 notice, we can however all expect to be instructed to continue to use systems we consider compromised on pain of 5 years imprisonment.
I believe that the practical effect of section 13 will be to force the deployment of systems like IPSEC which defeat the intention of section 10 by ensuring that there is no persistent key to disclose.
Nigel [Hickson], even from your point of view this is a perverse outcome. May we look forward to a government-sponsored amendment to restrict section 13 to cases where there is a criminal conspiracy as described in subsection 13(6)?
Of course, reversing section 13 to *require* disclosure at the conclusion of an investigation is needed. But cynics would not have been surprised at the lack of this basic concession to HRA in a spook-sponsored Part.
No doubt it would be an offence to explain that this was the result of a compromise compelled by the service of a decryption notice (if that notice made itself into a secret). There will be awkward cases where a refusal to explain the reasons for a revocation leads to an inference being drawn that it results from a secret notice; but unless the legislation expressly imposes an obligation to tell a lie. I think it very unlikely that any such obligation would be implied.
This seems to make the service of a notice in respect of information "likely to come" into someone's possession unlikely to be useful, since by the time it does, it will have become less likely that it will be encrypted to the key handed over under the notice (if that is promptly revoked).
So without explicitely stating that my key had been compromised as a result of the service of a decryption order, can I lawfully explain a whole series of compromises that might matter to them but which they need not worry about because they have not happened? If I do so it would be reasonable for them to conclude that the compromise had been the result of a decryption order. It hence seems to me that I would probably be taking a big risk in doing this.
But if I cannot provide this information one serious security consequence of this bill will be to introduce new security vulnerabilities by preventing effective assessments of the consequences of key compromise.
I must say that I find it amazing that, after all the educational effort that many have made, the government has still not done the simple and obvious thing of just requiring access to the decrypted information. It simply has no case for having the keys unless it has motives that go beyond those it claims.
Maybe someone in government can explain to me why the government needs the keys rather than the decrypted information? In other words, why are the two clauses in this part of the bill not the other way round - "give us this specified information in intelligible form or, if you prefer, give us the decryption key".
That's exactly my point; anyone who is surveillance conscious would certainly be suspicious of the unscheduled and unexplained revocation of a long-term confidentiality key.
These keys have not been the subject of any decryption notice under the Electronic Communications Act . If I cease to make this claim, section 13 of that Act may make it an offence for me to explain why.
Brian Morrison If someone said that to me, it would be absolutely clear that nefarious forces were at work. The lack of disclosure of information does not prevent me from inferring my own opinion of what that lack indicates.
Perhaps one could place a widely known rider on the revocation of one's key(s). "Should I revoke a key without explanation, correspondents may infer that I have done so due to a perceived need upon which I cannot comment". If that isn't enough for anyone, they deserve to have their mail read!
All this assumes a knowledgeable enquiry about why a key has been revoked. The relevant knowledge is still only spreading slowly.
"In any legal system that is complex enough that some laws refer to the law-making process itself, there will be some laws that are quite clearly self-contradictory, but cannot be proven to be so."
Return to the Draft E-Commerce 1999 Bill Review front page.