Analysis of Part III of the (draft) Electronics Communications Act 1999

Some ways forward in the Part III debate

Several UKCrypto contributions suggested ways that the debate around Part III of the Bill might be taken forward.

Ross Anderson
I have for years taken the view that give a choice between key escrow and 40-bit keys, we should choose the latter.

They simply preserve the status quo, namely that the government can open anybody's mail, but it cannot open everybody's mail.

Nicholas Bohm
What's actually needed is debit card protection & the whole thing made supernational

Brian Gladman
I am not sure about e-commerce for reasons that I will come to shortly but ***provided that you understand and manage your own email security*** you can rest assured that your email will be safe from government unless you wish them to see it.

The reason for this is that governments will not be able to get at your email unless governments convince those in power - the technical community - that what they want is reasonable. Phil Zimmerman took control over cryptography away from governments and gave it to the technical community.

As technologists we owe it to others not to do things that are bad for society and this means that we must give 'power to the people' through lists such as 'ukcrypto' but we most certainly don't have to listen to, or care about, policies set by civil servants in Whitehall.

But e-commerce is more complex since it involves industry and it could be that industry will line up with government and support the current proposals in their current form. In fact two companies - BT and IBM - were on the COJET group that made the proposal for GAK and LEAK that we now see. So I have to assume that both companies are backing the government in their wish to gain access to the personal decryption keys of entirely honest and law abiding citizens.

David Swarbrick
Again, it is not the access which particularly pains me but the tipping off regime, which is plainly and straightforwardly evil.

Donald Ramsbottom
As a solicitor, I only currently need reveal a (paper) file to the authorities under the order of a High Court Judge. That order will only apply to a single file and/or client or to those files and/clients specifically named in the warrant. Under the current proposals I would be required to surrender any and all ALL encrypted data on my hard drives, CDs etc in relation to ALL my clients whether or not it was relevant to a specific investigation. I would also be precluded from telling any of my clients that their data was in the hands of the authorities. In addition If I did comply with the order I would be in breach of the Data Protection Act requirements and be liable to be hauled up before the Data Protection Ombudsman! Additionally, I have to make sure that I can access all data on my network and be able to let the authorities in, and if for some reason an employee has encrypted data, as someone who is in "control" of the network I am liable at the very least to be threatened with imprisonment, and it is up to me to prove the "negative" of not knowing the key to avoid imprisonment!

I know of no solicitors, or other commercial organisations for that matter, of more than one or two people where, the principal or even IT manager knows what is on the system ALL the time and has access to it.

The Justification for all of this is the usual "Four Horsemen of the Net" (Terrorism, Mafia, Kidporn and Drugs), but as far as I am aware there is not a single authority (other than security service related institutions) who believe that the four horsemen will be brought to book as a result of these measures. The arguments are trite and I will not rehearse them hear. Suffice to say that the real reason for all this legislation around the world is more to to do with control than Law enforcement, knowledge being power. That is just on the domestic front!

David Swarbrick
I think it would be wrong to start from this bill, but if we have to ...

I think the bill fails to acknowledge that the powers now sought go way beyond anything previously open to the police. As an attempt to maintain the balance, where has there been any past equivalent of the tipping off offence. It is a wicked clause, and should simply be dropped.

As to the s10 notice, the officer should have to have first had good reason:

a) to believe that a file contains protected information, and

b) that the person served has the means to make it intelligible.

If he wants the key as well as intelligible text, that should be required only on straightforward judicial authority and on notice.

The Bill does not acknowledge that the likely recipients of such notices are _not_ suspected criminals, but just as likely people who are not suspected of any crime. PACE already allows this distinction happily and easily. Why cannot it be allowed here, so that innocent witnesses are not turned into liars-for-the-state?

An officer says that either the recipient of a notice is under suspicion of an offence or is not. Once that has been made clear, it becomes very much easier to apply appropriate protocols.

The Bill ought to make it clear that where economic loss flows, full compensation will be payable.

The Kafka-like tribunal should be dropped entirely, and the procedures should be in standard courts and open.

Charles Lindsey

Alice is (purporting to be) sending messages to Bob. Larry is the LEA chap (I don't think there is a regular name for him yet in the Pantheon, is there?) who is a Person entitled to serve a Notice. So Larry is serving a notice on Bob.

Now what the Bill needs to say is that Larry may demand to see "a" key that will decrypt the given Protected Information (there may be several private keys that would do it, assuming it was encrypted to several recipients, including perhaps Alice's employer's recovery key, plus one session key).

Bob can satisfy the Notice by delivering _any_ of those keys that he has to hand (so, if he has any sense, he delivers the session key). All this implies that the Notice must contain the Protected Information, or at least so much of the protected information as will enable _all_ the keys that might decrypt it to be extracted, and the Bill needs to say this.

Next as to the time allowed for the key to be delivered. The Bill says it must be "reasonable". The Bill should also say that it must be "reasonable" having regard to the facilities and expertise available to Bob. If Bob is a TTP (or whatever euphemism we are using this week) with an ironclad tamper proof box where all the important secrets are kept, then a "reasonable" time might be measured in millisecinds in some situations. But if Bob was clueless newbie with a windoze system in his spare room, then it would be unreasonable to expect instantaneous delivery to a notice served at 3 o'clock in the morning, and even if served at a sensible hour of the day, it would have to allow time for him to consult his manuals, and struggle with the incomprehensible menus in his Billyware, in order to extract that which was demanded (even assuming he genuinely wished to be helpful).

Now to the matter of those "likely to come into Larry's possession" Protected Items. Again, the initial Notice must specify the class of messages covered by the Notice (the Bill is exceeding vague on this point). E.g. "all messages from Alice to Bob between certain dates", or "all messages encrypted to public key XXX". And in this case, Bob must have the right to say "show me each Protected Message (or a sufficient part of it)" and I will then give you a key for it.

The only difference here is that a "reasonable" time to comply is now much shorter for each individual message than for the original request, because Bob only has to read the manual, etc, once. So in the case where Bob is a TTP, milliseconds really are appropriate, whereas when he is a clueless newbie, it would still be "unreasonable" to expect him to stay up all night waiting for requests.

And finally, in order to do the above, plus some other cases mentioned, the Bill needs to recognise that there may be several keys involved in decrypting a message, and that sometimes ANY ONE may suffice, and other times ALL may be required, and, in general, there may be any weird AND/OR combination of keys involved.

Back to the analysis of part III