From: Caspar Bowden [cb@fipr.org] Sent: 26 May 2000 14:48 To: cb@fipr.org Subject: FIPR News Release 26/5/00: LORDS FLAY "MASS-SURVEILLANCE" BILL FOUNDATION FOR INFORMATION POLICY RESEARCH ========================================== News Release - Friday 26th May 2000 Contact: Caspar Bowden - Director of FIPR 020 7354 2333 cb@fipr.org See RIP Information centre at www.fipr.org/rip and Parliamentary coverage http://www.fipr.org/rip/parliament.html ...for references and live links The House of Lords is set to give the RIP Bill the roughest possible ride when it returns for its Committee Stage on 12th June. The Lords have the power to inflict massive damage to the Bill, which one peer said "we should not be afraid to destroy". Backbench support for the controversial decryption powers came only from Baroness Thornton, who also proposed setting up a quasi-paedophile register to blacklist encryption users who fall foul of the RIP Bill with employers. FIPR highlights Lord Bassam's assertion that RIP's encryption provisions mirror US proposals. Caspar Bowden, director of Internet think-tank FIPR, commented: "The House of Lords has been scandalously misled by the government statement that the American CESA draft bill is similar to RIP. CESA only allows keys to be demanded (where available) from third-parties, and users MUST be informed when this occurs - it is yet another example of Home Office incompetence or extreme disingenuousness" [White House Fact Sheet: "CESA would...ensure that law enforcement maintains its ability to access decryption information stored with THIRD PARTIES...Law enforcement MUST INFORM person whose key is obtained using court process" http://www.cdt.org/crypto/CESA/CESArevfactsheet2.shtml] Quotations from the debate ========================== Lord Cope (Conservative front-bench) : "..if the Bill is to become acceptable, then a great deal of...work will have to be done" Lord McNally (LibDem front-bench): "..the House has a responsibility not to be 'bounced' into accepting a pig in a poke. I give the Minister fair warning that he faces a thorough Committee stage" Baroness Thornton: "Perhaps there is a case for having a new register--a register simply of those people who refuse to hand over their keys to decrypt and who are subsequently successfully prosecuted for that offence.... the fact that someone has been using strong encryption software and has deliberately refused to co-operate with a police investigation into what it is concealing is a material fact that many potential employers would like to know...Even though it would not in itself be grounds for refusing to offer someone a job, it would at least alert potential employers and cause them to ask questions." (for the avoidance of doubt, the selection of this quotation should NOT be taken to imply endorsement by FIPR) Lord Lucas: "How will we prosecute someone for what may be an underlying offence if it is impossible to produce the evidence that there actually is an underlying offence? ...I think that the Bill's current wording is entirely unacceptable." Baroness Harris of Richmond: "What will happen to the innocent defendant who will have to prove to the court that he is not lying about having lost or otherwise forgotten his key number? It appears that he can be punished as a criminal for failing to prove that he does not have the information. That is a CRAZY state of affairs. ... It will cost 25 million to set up the GTAC monitoring centre, which may be obsolete fairly quickly because of the speed of technological advances. Would not that money be better spent developing the tools that the police could use for what is known in the trade as 'forensic hacking'?" The Earl of Northesk: "...it will be lawful for any public authority to obtain this vast wealth of 'communications data' on anyone without a ministerial or judicial warrant. However inadvertently, the Bill sanctions MASS DOMESTIC SURVEILLANCE. I make the point in passing that measures such as this are without parallel anywhere outside, of all places, Zimbabwe. This, combined with the scope of the Bill in terms of its inferential endorsement of increasingly sophisticated analytical techniques such as data-mining, triangulation of data, 'friendship trees', 'traffic analysis' and so forth, has huge implications for the privacy of the individual. Just as significantly, it begs the question of the extent to which the Government understand the needs of the e-commerce industry in respect of trust and confidence. The proposals (quoting FIPR) <>." Lord Bassam (Govt. front-bench): "The United States has proposed a package of new law enforcement measures to combat the encryption threat. I refer to the Cyberspace Electronic Security Act, whose provisions are very much along the lines of our own approach to the problems." Notes for editors ----------------- 1. FIPR is an independent non-profit organisation that studies the interaction between information technology and society, with special reference to the Internet; we do not (directly or indirectly) represent the interests of any trade-group. Our goal is to identify technical developments with significant social impact, commission research into public policy alternatives, and promote public understanding and dialogue between technologists and policy-makers in the UK and Europe. The Board of Trustees and Advisory Council (http://www.fipr.org/trac.html) comprise some of the leading experts in the UK.