28th June 2000 Analysis of effects of Government amendments to the RIP Bill


GAK (Government Access to Keys) is Alive and Dangerous

Alternate contact – today only – Richard Clayton +44 (01306) 732302

see also RIP Information Centre at www.fipr.org/rip, now updated with Part.III of RIP Bill marked-up to show effect of government amendments (and hyperlinked version of Third Marshalled list)


The government package of RIP Bill amendments offers two significant concessions, but overall the Bill remains likely to cause critical damage to business confidence. Despite cosmetic re-wording, completely discretionary powers for any public authority to demand keys instead of plaintext (including long-term keys to future information) remain unaltered – as does the Kafka-esque secrecy clause ("tipping-off").

Caspar Bowden, director of FIPR commented:

"These new clauses take RIP beyond the complexity pain barrier. Individuals cannot know where they stand, companies cannot know what is at risk, and the law cannot be enforced. RIP's house of cards is collapsing, and the problem is Government Access to Keys – GAK must go."




Unaltered Sticking Points



Wait and see (until Report Stage – 10th July)

·        New definition of communications data – how will it apply to :

o        clickstreams indicating individual webpages and search engine requests – govt. says this was a drafting mistake – how will they rectify ?

o        log of websites visited – still much more intrusive than a log of telephone numbers dialled

o        "IP numbers" – the addressing system for packets of Internet data

·        Will the govt. make it unlawful to control "black-boxes" directly without serving a warrant (for interception) or a Pt.I Ch.II Notice (for communications data) on the ISP?

·        Sleeper issue: completely new procedure for "trawling" mass-surveillance of domestic Internet messages - S.15(3) – issue raised in debate on 19th July - written answer awaited.

·        Strategy for imposing interception requirements and structure of costs on ISP industry


Appendix A – Reasons for not having Possession At Notice Time of Serving

1.        I still keep that encrypted data on my hard-disk because although I forgot the password several years ago, I might remember it suddenly (as one does), and it contains important records.

2.        That's a key from a key-server when I first tried encryption. I've forgotten the password so can't "revoke” it (and it cannot otherwise be deleted from a globally replicating network of key directories), and people still send me things occasionally with it - which I can't read.

3.        I just changed keys three days ago - I meant to record the passphrase in my organizer but forgot it before I did

4.        It's a perfect-forward-secrecy/ephemeral-key system that automatically destroys/never-retains a decryption key.

5.        My organizer "glitched" and I lost all the data in it, including passphrases

6.        I never wrote it down because I've never forgotten it before

7.        I assumed that the manufacturer had a backdoor to get the data back


Appendix B – Technical Glossary


Internet Service Provider (company providing connection to the Internet) and Communications Service Provider (Home Office term for telephone company or ISP). ISPs generally will NOT possess keys to customer communications that are encrypted – they merely act as a conduit


The process of scrambling/unscrambling information into a jumbled form, by means of a mathematical cipher, which cannot be understood without a key


A long number which acts like the combination of a lock with an astronomical number of permutations. Keys are chosen to be sufficiently long that they cannot be guessed by trial-and-error, even by the most powerful computers that can be reasonably foreseen.

      Session Key

A key uniquely generated for each message. A session key can only decrypt a single message

      Long-term key

Used to protect session keys. If a long-term key is revealed ALL messages can be read


Because people cannot remember numbers with several hundred digits, keys are themselves protected with encryption. A password, or preferably a pass phrase that cannot be guessed by machine, is typed in every time to prepare the actual key for use. 


Data in its original unscrambled form (may in fact be data representing sound/pictures/voice)