Stephen de Souza
Communications and Information Industries Directorate
Department of Trade and Industry
Room 220, 151 Buckingham Palace Road
London SW1W 9SS
Dear Mr de Souza
Building confidence in electronic commerce (URN 99/642)
1. We are responding to the above consultation document. JUSTICE is an all-party human rights organisation which aims to promote of respect for human rights through law reform. One of our current programmes of work centres around the right to respect for private life, as guaranteed under international instruments such as the European Convention on Human Rights (ECHR) as well as the European Community Data Protection Directive. As you are aware, the Human Rights Act 1998 incorporates into UK law the provisions of the ECHR, while the Data Protection Act 1998 implements the provisions of the EC Data Protection Directive. Any new legislation must take full account of both these Acts.
2. In this letter we confine our comments to the proposals relating to law enforcement and cryptography (paras 49-90). The comments are necessarily brief, and we intend to comment more fully on the Bill which we understand is already in preparation. We hope, however, that the Government will give serious consideration to the doubts already expressed by others (and which we share), on the wisdom of drafting in such haste a Bill which may adversely affect both human rights and commercial interests.
3. In June 1997 we responded to the previous administration's consultation paper entitled Licensing of Trusted Third Parties for the provision of encryption services. We were highly critical of those proposals, particularly where they related to law enforcement. We are by no means reassured that our concerns in that area are alleviated by the present document. For that reason we particularly deplore the decision to fix an unreasonably short consultation period for the present paper. As explained below, we also feel most strongly that law enforcement matters should be entirely separated from those relating to the facilitation of electronic commerce. The draft EU Directive on electronic signatures (COM(98) 297) is strictly limited to the latter area of policy.
The case for separate legislation on law enforcement
4. We believe that, quite apart from the principle of parliamentary custom involved, there are several convincing arguments for drafting the law enforcement legislation separately, and for delaying this until certain highly relevant legislative developments have taken place. Firstly (and most importantly), as the consultation paper explains in para. 58, a review of the Interception of Communications Act 1985 (IOCA) has been under way since early summer of 1998. The Home Office expects to publish its proposals later this year. There is an obvious case for including in any new draft of this Act a section which lays down suitably regulated powers relating to encrypted communications, rather than including them in legislation which in other respects has nothing to do with law enforcement. In particular, it seems quite unnecessary to set up an appeal mechanism of Commissioner and Tribunal which seems to duplicate the IOCA mechanism. That mechanism should, in any case, be subject to radical review to make it more transparent and accountable to Parliament and the highest judicial authority.
5. For reasons which we explain in greater detail below, we are unconvinced by the argument that the matter is too urgent to wait a matter of months for the IOCA review. That review should in particular be dealing with making the Act fully compliant with the European Convention on Human Rights (ECHR), as now incorporated into UK law, and it is imperative that the present proposals are subject to the same detailed scrutiny. We are disturbed to note the absence from the present paper of any specific mention of the need to satisfy ECHR Article 6 (whose case-law deals with self-incrimination and the right to a fair trial) and Article 8 (respect for private life and correspondence). These and related matters are dealt with in Chapter 1 of a research report published recently by JUSTICE (Under surveillance: covert policing and human rights standards), a copy of which is being sent to you by post.
6. Secondly, negotiations are still in progress on a draft Convention on mutual assistance in criminal matters between the member states of the European Union. We gave evidence on this to an enquiry in 1997 by the House of Lords Select Committee on the European Communities (14th Report, Session 1997-98). The draft Convention specifically deals (among other things) with the interception of communications for law enforcement purposes, but agreement on the text has still not been reached. There is no mention of encryption, but the proposals for exchanging the results of intercepting satellite communications are clearly relevant to both the IOCA review and the present proposals.
7. Thirdly, the Council of the European Union has been discussing the Enfopol 98 proposals (and will do so again in May of this year) which do contain references to encryption. This would commit the UK to a set of internationally agreed principles, designated the International User Requirements, drawn up by a working group of that name which includes non-EU countries such as the USA, Canada, Australia, New Zealand and Norway. These will complement the Convention on mutual legal assistance but will not be subject to even the limited parliamentary scrutiny allowed for the Convention, which national assemblies will be unable to amend.
8. The requirements, which originated from the US FBI but are believed to be influenced by the intelligence services of the USA and other countries, have already been approved in principle by an EU Council Resolution adopted in 1995 (but only published at the end of 1996). A key feature is that law enforcement agencies must (when authorised under national law) not only have immediate and unlimited access to telecommunications, but also a right to be given decrypted text wherever the service provider uses some form of encryption before transmission. It would clearly be a logical next step to add the requirement that a user's own use of cryptography must be subject to enforced decoding where necessary, and it is not unreasonable to assume that the present proposals are intended to fill that gap. They come at the end of a long period of controversy in which US-originated proposals for key escrow were vigorously but so far unsuccessfully promoted as the preferred method of ensuring unfettered access to encrypted material.
9. All these related developments have taken place with the close involvement of the Home Office, the law enforcement agencies and the security services. We therefore feel that it would be quite improper for the interception features of the present proposals to be presented in a Bill by a Department of State having responsibility for neither their content nor their implementation. And, as importantly, we are concerned that to include one element of interception in a Bill at this stage when the whole issue is under review both nationally and internationally runs the serious risk of legislating in a piecemeal fashion. As we stress in our recent report at page 15, the ad hoc fashion in which surveillance laws have developed in this country in the past has resulted in a confusing and inconsistent regime with significant legislative gaps. We believe that it is essential - and the opportunity is now there - to adopt an integrated approach based on a coherent set of principles as required by the European Convention on Human Rights.
The arguments for new powers
10. The European Commission's 1997 Communication, Ensuring security and trust in electronic communication: towards a European framework for digital signatures and encryption (COM(97) 503) is quoted in para. 11 of the consultation paper. The Communication represents a substantial shift in Commission policy, which had previously focused on EU-sponsored initiatives to establish a system of Trusted Third Parties and key escrow. The change in policy is a response to the widespread opposition to such ideas in the business community, and doubts about the cost and effectiveness of such arrangements.
11. On the question of how urgently alternative powers are needed, the Communication gives a rather different impression to that conveyed by the consultation paper, which asserts (on the basis of selected case-studies) that there is a widespread and increasing problem in law enforcement because of the use of encryption by criminals. The Communication states in section III(3):
Problems caused by encryption to crime investigation and the finding of evidence are currently limited, but they may increase in the future. As with any new technology, there will be abuse of encryption and criminal investigations will be hindered because data was encrypted. However, widespread use of encryption can also prevent crime. ... Criminals cannot be entirely prevented from having access to strong encryption and from bypassing escrowed encryption. Benefits of regulation for crime fighting are therefore not easy to assess and often expressed in a fairly general language. However, control measures could make use of encryption for criminal activities more difficult and cumbersome.
12. The Communication goes on to point out that 'traffic analysis (e.g. who communicates with whom?) is also important', an observation borne out by the increasing use of this technique by UK police forces. Furthermore:
Information, even encrypted for communication, can often be found unencrypted at the source, just as with traditional forms of communication, for instance with banks, shops, travel agencies involved in communication with a suspect, or can be tapped unencrypted at certain points in a communication link ...
13. It is in this context that the Communication goes on to suggest (as quoted in the consultation paper) that 'regulation could require access to encrypted information upon legally authorised request'. Thus, the suggestion seems to relate mainly to the ability of law enforcement authorities to oblige service providers and others to hand over plain-text versions of communications which are routinely encrypted by them, rather than the personal use of encryption by criminals. As discussed below, the latter represents a much more intractable problem which the proposed powers may do little to solve. It is claimed in press reports and specialist seminars that the police are already intercepting e-mail communications either under an IOCA warrant or by way of print-outs from service providers under section 45 of the Telecommunications Act 1984 (and a similar provision in data protection legislation). Although, as discussed in our report, the latter practice should be changed as it wrongly allows for the IOCA safeguards to be circumvented (see para.23 below), it nevertheless currently provides the police with the ability to obtain access to such communications and therefore undermines the argument for immediate legislation.
14. We are therefore not convinced that the case for urgent legislation on new powers of access to e-mail communications has been made out. As stated above, we believe that it is far more important to reach a coherent and integrated approach to surveillance legislation that ensures both effective law enforcement and compatibility with human rights standards. We would therefore urge that no provisions should be introduced until this has been achieved, following a full consultation exercise that also takes account of the various developments outlined in paragraphs 4 to 9. It has been claimed in press reports and specialist seminars that the police already achieve (by persuasion rather than enforcement) the aim of obtaining access to communications handled by service providers. If that is so, the argument for immediate legislation loses much of its force.
The partnership approach
15. The consultation paper, together with reported comments by the Prime Minister, suggests that industry is expected to provide solutions to the problems posed by encryption in the absence of mandatory key escrow. A task force has been set up with the aim of examining over a three-week period the technical alternatives. In such a short time scale, the task force will only be able to bring to the Government's attention the various proposals which have already been published and debated in recent years; there is little possibility of a new and viable initiative emerging in that period.
16. It is therefore relevant to refer to the report of a two-day 'expert hearing' held in Copenhagen in April 1998, sponsored by the European Commission and the Danish Ministry of Research and Information Technology (available on the Internet at http://www.fsk.dk/fsk/div/hearing or via the DGXIII site). It was attended by representatives of the DTI, together with delegates from other governments and a range of invited experts. The hearing was devoted to digital signatures and encryption, and included a section on law enforcement and cryptography. The theme paper for the hearing introduced the topic as follows:
While cryptography systems that allow for lawful access have been proposed and demonstrated for specific applications (mainly e-mail and voice encryption), the technical feasibility of employing these systems on a large scale for a wide range of applications is disputed. Furthermore business is concerned with the possible costs of employing these cryptography systems compared with cryptography systems without law enforcement access.
17. The report of the hearing brought out a serious underlying problem, which makes it unlikely that the Government's expressed hope of a technical solution will be satisfied in the foreseeable future:
There is no technical solution known today that is able to prohibit the use of encryption techniques that do not provide a scheme for Key Escrow or Key Recovery. Due to the widespread availability of software implementing encryption services, criminals will always have easy access to strong encryption that does not provide emergency access to keys for law enforcement agencies. The proposed schemes can therefore be expected to be efficient only in closed systems (e.g., conventional telephony) where it is hard to exchange the underlying encryption services or to integrate an additional level of encryption. With the wide usage of multimedia services the technological trends will more and more remove today's technical barriers between the different types of communication services, making such schemes for law enforcement very easy to overcome.
18. This highly negative prognosis casts doubt on the degree of firmness of the Government's decision (para. 82 of the consultation paper) that consultation is 'on the basis that the licensing scheme will not impose the requirement that TSPs [Trusted Service Providers] providing confidentiality services should have to provide for law enforcement access to keys in this manner.' Earlier in the same paragraph, however, is a statement that 'The Government remains keen to promote key escrow and third party key recovery technologies.' If the fall-back position of the Government will in fact be a system of key escrow, then the Copenhagen hearing offers a further warning:
Almost none of the proposed schemes for Key Escrow or Key Recovery has been tested or implemented to the extent that statements about their operational behaviour, performance overhead and requirements for infrastructure can be made. Especially for encryption services used within lower level communication protocols, it is extremely hard to imagine how law enforcement agencies will ever be able to efficiently use those schemes. Any regulation based on these technologies is therefore on thin ice unless a technical solution that satisfies the requirements of such a regulation has been tested on a large scale basis.
19. It has recently emerged that more than two years ago, doubts about the viability of key escrow were acknowledged by senior officials of the US Government, at a time when the official position was strongly in favour of key escrow. In a confidential memorandum dated 25 November 1996, William A. Reinsch pointed out that escrowed encryption products 'are more costly and less efficient that non-escrowed products. There can be long gaps in reception due to the escrow features - sometimes as long as a ten second pause. Our own police do not use recoverable encryption products; they buy the same non-escrowable products used by their counterparts in Europe and Japan'.
20. The reality of the situation has also been recognised by the US Congress, where for a number of years there has been fierce controversy over the control of encryption and various Acts with opposing aims have been drafted but rejected. Very recently, the House Judiciary Committee has approved a Safety and Freedom through Encryption (SAFE) Act which will in principle lift the long-standing ban on the export of strong encryption products, and contain no provision for key escrow. The Act (equivalent to a Bill in the UK) will next be considered by the International Relations Committee, and will have to go through other stages of scrutiny before passing into law. However, it may foreshadow a definitive abandonment of key escrow as a means of aiding law enforcement. I would also point to developments in France, which in 1996 introduced legislation requiring all encryption keys to be deposited with central agencies. However, the requirement proved unworkable in practice: French computer companies preferred to courier files containing sensitive information to London to be encrypted there rather than having to disclose their encryption keys to the French authorities. In January this year, the French prime minister announced the repeal of the legislation.
21. What the Safety and Freedom through Encryption Act does contain is the creation of a new federal crime for the use of encryption to conceal criminal conduct. Although this has proved controversial in the USA, its possible implications could be considered in the context of UK law. We reserve further comment on possible new offences until definite proposals emerge. At this stage, our concern is to warn against the notion that key escrow could be revived as an option if industry fails to devise an effective alternative.
22. It would thus appear that there are serious technical considerations which undermine the notion that key escrow could be revived as an option if industry fails to devise an effective alternative. We would in any case oppose its use for reasons which have not changed since we outlined them in our 1997 response and which we subsequently analysed in detail in our surveillance report. We have the most serious reservations about adopting the TTP proposals under present laws – in particular, IOCA and the 1984 Telecommunications Act – which provide inadequate and inconsistent privacy safeguards.
23. Notwithstanding the consultation paper’s assertion in para. 86 that ‘The most important requirement of law enforcement agencies is the ability to decrypt communications between serious criminals and other individuals’, we believe that this is on the whole an unrealistic aim, since ‘serious’ criminals communicating with each other will inevitably take steps to evade surveillance. It may therefore have to be accepted that there is at present no viable scheme, whether key escrow or a hypothetical alternative, for obtaining live access to encrypted communications. On the other hand, where law enforcement agencies wish to seek access to the contents of messages (in plain text or otherwise) from service providers, this should be subject to a formalised statutory regime which is fully compliant with the requirements of the European Convention.
Director of Legal Policy
Go back to the start of this document.
Go to the library of current responses.
Go to FIPR home page.
Last Revised: April 14 1999