Analysis of Part III of the (draft) Electronics Communications Act 1999
An intelligible form
Clause 11 requires the recipient of a Section 10 notice to render information into an "intelligible form". There is no specific definition of this, so it has its usual English meaning. This doesn't help much ! However 'putting into an intelligible form' is not the same as 'rendering intelligible'. If someone sends you an encrypted copy of "Finnegan's Wake" your Clause 10 obligations are met by returning to Joyce's original text.
However, Clause 11 applies to material found in many circumstances (including post arrest PACE seizures). It will apply to material found in public places (like a website). If it was applied to material which a cryptographer would regard as plaintext then Clause 11 could become tantamount to being asked to explain the hidden meaning within a book (very Gulag Archipelago!)
The protection against such excesses should be found in the definitions of what is meant by "protected information" and "encryption". Sadly, these are rather generalised and so the protection may be illusory. Clause 19 does state that "protected information" has to be in electronic form though the definition is flawed in failing to make clear the burden of proof would be on a prosecutor to show that there was ever any information there. That apart, "key" includes "any data", and clause 23(3) is cast very wide. The result is that if you receive an email proposing a meeting at "the pub where your mother had that funny turn", a decryption notice could apparently require you to identify the pub.
But let's start from the position that this might well be nonsense and see where the discussion takes us...
I could conceive of a system of hiding a message in a large body of plain English (passages from the Bible, for example). I could send this body of text to a recipient. The key to extracting the hidden message has already been agreed but is not known to the authorities. I have also agreed a second key that extracts a different hidden message from this plain text.
The text I send electronically is not "protected text" by the definitions of Clause 19 because it is already in "intelligible form" and can be "readily accessed".
On what basis could it be argued that this message falls within the ambit of the ECA?
But let us say that this particular body of plain English text is held to fall within the ambit of the ECA because the LEA believes that there is a message hidden in it so I am served a Section 10 notice.
I would argue with the LEA that what you see is what you get; plain, intelligible English text. But then they start twisting my arm a bit and and slapping me around demanding to know where the hidden message is in that text. I give them the second key and the method by which to apply it to extract a hidden message.
The LEA people apply this key and recover the clear text "you are a lot of evil bastards".
Surely I have met my obligation under the ECA? In this sort of system a number of different keys will extract different messages "into an intelligible form"; that is, plain English.
I accept that this is not a very practical system as it stands but I think it might be helpful in illustrating the point.
Anthony B Sylvester
the key is a 'data-thing' which facilitates the doing of a specified act to electronic data, which specified act can't (very easily) be done without the 'data-thing'. The definitions are interconnected and circular.
The feature which defines how large the circle is (geometrists back off!) is the specified act. The specified act which wants doing is 'putting' the 'electronic data' in 'intelligible form'.
If sufficient to 'put into intelligible form', then the scope of the 'data-thing' has been circumscribed. Anything more than sufficient to put into intelligible form should (in theory) lie outside the 'key to the protected information' required by Clause 10. Indeed there may even be room to exploit in the 'facilitate' word, as well.
'Intelligible form' is the expression used because what is wanted is more than just visible or legible - as the clever chap from the spooks said before the Select Committee while holding up an ascii version of a supposedly kiddieporn binary.
There may be some scope for PC Plod to argue that 'intelligible' is a context sensitive variable, but I wouldn't think much. To update an old example from the Untouchables, imagine an encrypted spreadsheet with amounts of payouts to corrupt police, politicians and judges all set out, but with codewords inserted for the names. Getting to the unencrypted spreadsheet is as far as s.10 would reach. Demanding the explanation under a section 10 notice would go too far - although as Quentin points out it can be requested using the phonebook technique in a secluded cell.
Anthony B Sylvester
In practice, this is the roundabout way of the accused saying, 'I'll take my chances with whatever inference you raise from my silence on the substantive crime rather than cop to the offence of failing the magic decoder ring test during your enquiries'.
Anthony B Sylvester
Almost by definition, many (a majority?) of those served with such notices will have no criminal involvement, and be under no suspicion. The terms of the notice are deliberately left open, but he requires you to make the information he believes to be protected, intelligible. If you fail, then the basics of the offence are established. You will be convicted unless you can establish one of the defences. One is to show that you do not have the means to make it intelligible.
The way this is phrased , by using the word 'show' rather than 'prove' suggests that the drafter was slightly embarrassed about the whole thing.
William Geiger III
Basically what we have here is a proposed law that makes everyone guilty and allows the state to pick and choose who they want to throw in jail.
Return to the Draft E-Commerce 1999 Bill Review front page.