Analysis of Part III of the (draft) Electronics Communications Act 1999
It can be Good Practice to escrow keys so that they can be recovered
in the event of a disaster, death or similar situation where the
working copy has been lost. It is also Good Practice to split up the
escrowed keys so that several people are needed to be present in order
to reconstitute the original key. This leads to some interesting
problems if the fragmented escrowed key has been demanded under a
Section 10 notice.
I hope the lawyers will excuse my ignorance and go some way to dispelling it.
My understanding is that a legal 'person' can be a 'natural person' or a company. Section 13 seems to refer to just to persons so could refer to either. Assuming the legisation was passed as currently drafted how are the courts likely to rule on the following:-
An individual is a company's senior system administrator (as it happens I am; hence the interest) and they have access to company's master encryption keys. However they only have access by dint of their position, not as a private individual. Release of those keys to a third party is summary dismissal offence. If the system administrator was personally served with a warrant, would they be justified in refusing to comply on the grounds that they, as a private person, have no lawful access to the key?
It strikes me that the precise interpretation of this could be very important in organising the security measures protecting keys.
Surely, if they comply with the request, they could then only be dismissed if the company were informed of the disclosure, and that would itself constitute "tipping off" would it not?
If the keys were so important to a company, would it not be wise to have them split between multiple parties specifically to prevent any single employee releasing them without authorization? Several "n from m" schemes are available, such that any n persons can recover a key but any n-1 cannot.
This brings up an interesting half-way house in the requirement that keys be released when demanded by the police. Suppose, for example, I have enough information to generate a key if, and only if, I act in collusion with any two other people picked from a group of five. Do I possess the key within the meaning of the Act? If not, who does? Any three people of the six acting together surely possess the key, but no individual or pair can possibly create the key.
I think this is what clause 12(2)(b) is about: the key is not in your possession, but something is in your possession which, when amalgamated with similar fragments in the possession of others, will yield access to the key.
In that case clause 10 notices have to be served to get the fragments together with information about who else has the other fragments. But awkward when people are in different jurisdictions, some of which don't provide these powers.
It brings up an even more interesting question: suppose any five from seven can deliver the key, and each of the five claims to deliver his component, but the resulting key will not decrypt the message. Then it's clear that at least three are lying about ther component, but four could be telling the truth.
It is for each individual to establish that he has complied with the notice.
There's clearly no way to make a criminal charge stick against any individual, and even in a civil case it can be argued that 4 have complied and 3 haven't so on balance of probabilities any individual is one of the three. (This is different from 3 out of 5 because in the 3/5 case it's clear that the majority are lying and that means the balance of probabilities about any individual is different - in theory that's irrelevant in criminal law, but even there it isn't irrelevant in practice in England and Wales [but probably is in Scotland], and it's definitely relevant in civil law unless I misunderstand English law badly).
Why can't a charge stick against an individual. He was asked for a key, and has not delivered it - or has he. If the key does not work, then is it not for him to establish that he can have done no more?
There have certainly been cases where the prosecution could prove no more than that one out of two defendants committed the offence, without being able to prove which, and without being able to prove any conspiracy. The result is that both are acquitted. The same certainly seems to apply in your example.
Surely not? The notice does not need to suggest that the person served need be able to provide all the answer. The definition of key includes 'any part of a key' If you retain any part of what may be required to decrypt the text, it must be surrendered.
Yes. But if five people each surrender what each of them says is all he has, each claiming that he and the other four together have the necessary components, but the result fails, then it is impossible to prove which of them has withheld something. So it all depends where the burden of proof falls.
A combination of key splitting, steganography and communications using transient keys will clearly defeat this proposed legislation. If deployment of those techniques is in fact good for security generally, and will be promoted by the threat of the legislation, perhaps we should welcome it after all.
The legislation will be 'defeated,' if passed, only by the avoidance of use of cryptography. It will always now be possible to communicate securely, but any users of such security must know that, as against their government, and irrespective of their propriety, they will have privacy only at the cost of risking becoming criminals.
Communications using transient keys are effectively immune to key seizure requirements. Steganographic file systems make it impossible to prove the existence of encrypted material to which to apply the decryption powers.
If they were to comply, and were subsequently dismissed for doing so, would they have any claim to unfair dismissal? If the warrant was served on the company, then presumably the 'company' is deemed to know about the warrant. Under these circumstances who in the company could be told about it? The directors, shareholders, employees?
Probably, since they acted under legal compulsion; but this argues for conferring a special legal immunity for the making of a disclosure in good faith in the belief that it was compelled by a clause 10 notice.
Only if he tipped off his employer that the key had been compromised! He would then have a claim for unfair dismissal which he could no doubt conduct from his prison cell.
But wouldn't it amount to "tipping off" to use the fact of that compulsion in their dismissal case?
Following up, can the legal eagles tell us in general, if to comply with one law requires one to break another, where does one stand? (Other than in the dock on one charge or another.)
Difficult. If the later law expressly requires breach of the earlier, it amounts to an implied repeal of the earlier, and your're not therefore breaking it. But this is rare (and would be a serious failure of parliamentary draftsmanship).
Where the later law imposes an obligation to do something, but the only way, in a particular case, of complying involves a breach of the criminal law, then probably the obligation does not require the breach to be committed.
Back to the analysis of part III