Analysis of Part III of the (draft) Electronics Communications Act 1999

An intelligible form

Clause 11 requires the recipient of a Section 10 notice to render information into an "intelligible form". There is no specific definition of this, so it has its usual English meaning. This doesn't help much ! However 'putting into an intelligible form' is not the same as 'rendering intelligible'. If someone sends you an encrypted copy of "Finnegan's Wake" your Clause 10 obligations are met by returning to Joyce's original text.

However, Clause 11 applies to material found in many circumstances (including post arrest PACE seizures). It will apply to material found in public places (like a website). If it was applied to material which a cryptographer would regard as plaintext then Clause 11 could become tantamount to being asked to explain the hidden meaning within a book (very Gulag Archipelago!)

The protection against such excesses should be found in the definitions of what is meant by "protected information" and "encryption". Sadly, these are rather generalised and so the protection may be illusory. Clause 19 does state that "protected information" has to be in electronic form though the definition is flawed in failing to make clear the burden of proof would be on a prosecutor to show that there was ever any information there. That apart, "key" includes "any data", and clause 23(3) is cast very wide. The result is that if you receive an email proposing a meeting at "the pub where your mother had that funny turn", a decryption notice could apparently require you to identify the pub.

But let's start from the position that this might well be nonsense and see where the discussion takes us...

Quentin Campbell
The use of the phrase "intelligible form" in Clause 19(1) as suggested by your correspondent seems to give some hope for putting types of confidentiality systems effectively outside the scope of the ECA.

I could conceive of a system of hiding a message in a large body of plain English (passages from the Bible, for example). I could send this body of text to a recipient. The key to extracting the hidden message has already been agreed but is not known to the authorities. I have also agreed a second key that extracts a different hidden message from this plain text.

The text I send electronically is not "protected text" by the definitions of Clause 19 because it is already in "intelligible form" and can be "readily accessed".

On what basis could it be argued that this message falls within the ambit of the ECA?

But let us say that this particular body of plain English text is held to fall within the ambit of the ECA because the LEA believes that there is a message hidden in it so I am served a Section 10 notice.

I would argue with the LEA that what you see is what you get; plain, intelligible English text. But then they start twisting my arm a bit and and slapping me around demanding to know where the hidden message is in that text. I give them the second key and the method by which to apply it to extract a hidden message.

The LEA people apply this key and recover the clear text "you are a lot of evil bastards".

Surely I have met my obligation under the ECA? In this sort of system a number of different keys will extract different messages "into an intelligible form"; that is, plain English.

I accept that this is not a very practical system as it stands but I think it might be helpful in illustrating the point.

Nicholas Bohm
There is a difference between making it impossible for yourself to be convicted of an offence (which you may have done) and not actually having committed the offence. The fact that there seem to be many ways of stepping through this gap will sooner or later destroy the utility of the legislation.

Anthony B Sylvester
The connection between "key" and "protected information" (at least in part (b) of both definitions) is as follows:

the key is a 'data-thing' which facilitates the doing of a specified act to electronic data, which specified act can't (very easily) be done without the 'data-thing'. The definitions are interconnected and circular.

The feature which defines how large the circle is (geometrists back off!) is the specified act. The specified act which wants doing is 'putting' the 'electronic data' in 'intelligible form'.

If sufficient to 'put into intelligible form', then the scope of the 'data-thing' has been circumscribed. Anything more than sufficient to put into intelligible form should (in theory) lie outside the 'key to the protected information' required by Clause 10. Indeed there may even be room to exploit in the 'facilitate' word, as well.

'Intelligible form' is the expression used because what is wanted is more than just visible or legible - as the clever chap from the spooks said before the Select Committee while holding up an ascii version of a supposedly kiddieporn binary.

There may be some scope for PC Plod to argue that 'intelligible' is a context sensitive variable, but I wouldn't think much. To update an old example from the Untouchables, imagine an encrypted spreadsheet with amounts of payouts to corrupt police, politicians and judges all set out, but with codewords inserted for the names. Getting to the unencrypted spreadsheet is as far as s.10 would reach. Demanding the explanation under a section 10 notice would go too far - although as Quentin points out it can be requested using the phonebook technique in a secluded cell.

Nicholas Bohm
If the "plaintext" says "Piglet paid Christopher Robin GPB 5M for the honey", in the sort of context you're describing, I think there is a convincing inference that the owner of the document has a means of converting "Piglet", "Christopher Robin" and "honey" into other terms connecting the GBP 5M with the real world. Those means are correctly described as a code (one of the definitions of "key") and are certainly "data" (another definition).

Anthony B Sylvester
I agree there is a (frankly, compelling) inference that the owner has a means of converting all this into real world language. However the logical argument on the side of the accused is that the target information (the names) is not 'protected information' [an ingredient of the s.12 offence] as it is not 'electronic data' [an ingredient of 'protected information'] it's just 'data' in the sense of 'Christopher Robin is what we call the Member for Pooh Corner'.

In practice, this is the roundabout way of the accused saying, 'I'll take my chances with whatever inference you raise from my silence on the substantive crime rather than cop to the offence of failing the magic decoder ring test during your enquiries'.

Nicholas Bohm
Bearing in mind that we are talking about the criminal law and the judges of the criminal courts, and that their instruments for statutory interpretation come closer to the chainsaw than the scalpel, I think they wouldn't let subtleties about the differnce between "putting in intelligible form" and "decoding" obstruct them for long.

Anthony B Sylvester
Fair point, sadly. The 'offence' of not giving up the key is a 'yes/no' test (defences aside). The threshold conditions for the police to 'administer the test' are as woolly as all get-up. To challenge the existence of the threshold conditions on matters of interpretation might be the only way to avoid having to prove the negative which you need to do if you seek to argue on facts come defence time.

Donald Ramsbottom
The warrant holder does not have to identify the key he is after. All the LEA need know is that there is "protected information" (PI)(S:19) and that has come into the person with the "Appropriate permissions" (PWTAP) possession (whether by statuttory or "other lawful means (Police Act, statutes relating to Intelligence services PACE etc.). Then if it **appears** to the PWTAP that you are in possession of a key (any) (S:19), Then you have to give up the key to the PI, which is all PI, which then can be sifted by the PWTAP at leisure.

David Swarbrick
The officer has a file which he believes has protected information (unintelligible to him). It appears to him that you can make it intelligible. He gives you a notice requiring you to do so (no judge's authority required).

Almost by definition, many (a majority?) of those served with such notices will have no criminal involvement, and be under no suspicion. The terms of the notice are deliberately left open, but he requires you to make the information he believes to be protected, intelligible. If you fail, then the basics of the offence are established. You will be convicted unless you can establish one of the defences. One is to show that you do not have the means to make it intelligible.

The way this is phrased , by using the word 'show' rather than 'prove' suggests that the drafter was slightly embarrassed about the whole thing.

William Geiger III
I think that my previous post that enclosed an encrypted message showed the dangers of this proposal. Unless you have cleared your archives (and wiped the files) everyone on this list has an encrypted file in their possession that they can not decrypt! This file was encrypted using PGP's conventional encryption with a passphrase of random keystrokes. I, as the author, can not decrypt the message as I did not write down the passphrase. Everyone here would be guilty under this proposed law. After all how are you going to prove that you don't really know the passphrase?

Basically what we have here is a proposed law that makes everyone guilty and allows the state to pick and choose who they want to throw in jail.

Stanley Houghton
To avoid conviction, what defence can you possibly construct to (as you clearly explain) "show that you do not have the means to make it (the file) intelligible"? It is exactly this that puzzles me. What is acceptable in a court of law in this instance?

David Swarbrick
In a sense almost anything is worth a try, but beyond assertion, there is not much you can do. The context may help. The Plod serving the notice may, if he is incautious, volunteer why it 'appears to him', and that may suggest approaches.

Back to the analysis of part III