DTI Policy Response

Brown, R Ken brownrk1 at texaco.com
Tue, 28 Apr 1998 07:21:17 -0500 

I know it is not relevant to the development of policy but I can't help
smiling at:
"During this period, around 2600 interception warrants were issued by the
Home Secretary."
I assume someone involved in drafting it has heard of 2600.

More to the point, I don't see that section 14 of the Statement implies a
compulsory infrastructure-based key-recovery GAK. In fact it rules it out
for private users and unlicensed providers. To my non-lawyerly mind it says:
"if you have an encrypted message that we think is evidence, and  you don't
tell us what it says when we ask you, then we will put you in prison". Which
may be bad news but surely is no different from the current law about
witholding evidence?  This seems to be, just about, in line with the
pre-election Labour Party document.   There is no stated  requirement for
anyone other than a licensed encryption provide (& I strongly suspect they
will be like hen's teeth)  to go out of their way to make prior arrangements
to let the spooks in.

Of course it still leaves room for  infrastructure GAK for licensed
providers if the Government wants it;  and we know that some parts of it
want it and some don't. So I guess it is down to Whitehall infighting  Or
"New Open Government" as it is properly called in New Britain (which I
always thought was somewhere off Papua)

The Statement:

> 14. In response to these concerns, the Government intends to introduce
legislation to enable law enforcement
> agencies to obtain a warrant for lawful access to information necessary to
decrypt the content of
> communications or stored data (in effect, the encryption key). This does
not include cryptographic keys used
> solely for digital signature purposes. The new powers will apply to those
holding such information (whether
> licensed or not) and to users of encryption products. They will be
exercisable only when appropriate authority
> has been obtained (for example, a judicial warrant for the purpose of a
criminal investigation or, in the case of
> interception of communications, a warrant issued by a Secretary of State)
and will be subject to strict controls
> and safeguards.

The Old Labour Policy: 

> > It is important that privacy is  rigorously protected over the new
> networks, for both personal and   commercial 
> reasons. We do not  accept the "clipper chip" argument    developed in the
United States for   the authorities to be 
> able to swoop   down on any encrypted message at   will and unscramble it.

> The only power we would wish to  give to the authorities, in order to
pursue a defined legitimate   anti-criminal 
> purpose, would be to  enable decryption to be demanded    under judicial
warrant (in the same   way that a warrant 
> is required in   order to search someone's home). 

(And my favourite bit)

> > Attempts to control the use of   encryption technology are wrong in
> principle, unworkable in practice,   and 
> damaging to the long-term   economic value of the information   networks.
There is no fundamental   difference 
> between an encrypted file   and a locked safe. A safe may be  effectively
impregnable in that the  effort taken to 
> open it would destroy    the contents. An encryption  algorithm,
similarly, may be  effectively unbreakable