Legal compulsion and crypto

Sylvester, Anthony B. asylvest at Sidley.com
Tue, 7 Jul 1998 05:06:36 -0500 

I would add to this excellent clarification by going back to the source of
this thread, which was discussing the topic that both the Commission and the
UK Gov White Paper propose bringing export of controlled goods by intangible
means within the scope of the export control regime.  Ken Brown asked a
series of questions
(http://www.cs.ucl.ac.uk/staff/I.Brown/archives/ukcrypto/msg00022.html
<http://www.cs.ucl.ac.uk/staff/I.Brown/archives/ukcrypto/msg00022.html>
with thanks to Ian Brown)
essentially pondering what the proposal meant for record keeping and
production.

If and when this proposal takes shape (in whatever form, after the no-doubt
compelling submissions by members of this list on the impracticalities of
the plan) we can expect there will be (remember this is a proposal in
principle, not in detail) an actual duty to maintain records which would
override the general introductory comment Nicholas made in paragraph 1.
  
An example is the duty imposed by section 10 of the Dual-Use and Related
Goods (Export Control) Regulations 1996 on any person who exports goods from
the Community under a Community Licence to keep records (description of
goods, quantity, exporter details, consignee details, end-use and end-user
if known and any other information required by the licence).  The duty
extends to permitting the records to be inspected and copied by
Commissioners for Customs and Excise.  The Regulations also include a stick
- fine and/or up to two years imprisonment (section 11). 
In those same Regulations there is also imposed an obligation on any
exporter of goods (possibly contolled goods only) to give the Commissioners
of Customs and Excise proof to their satisfaction that the goods have
reached either a destination for which a licence had been granted or a
destination for which export without a licence was not prohibited.  Failure
to comply is summarily punishable up to level 4 on the standard scale
(currently ?2500, I'm told) unless the exporter can prove 'no consent or
connivance'.

[those of you who ask 'what if I encrypt all my export records, do I have to
decrypt them for the Commissioners?' please refer to David Swarbrick's
succinct summary!] 

	-----Original Message-----
	From:	Nicholas Bohm [SMTP:nbohm@ernest.net]
	Sent:	Monday, July 06, 1998 7:48 PM
	To:	ukcrypto@maillist.ox.ac.uk
	Subject:	Re: Legal compulsion and crypto

	Some rather different issues have got bundled up together on this
subject.
	I offer some comments with a view to sorting them out (though I do
not have
	the expertise in enough specialist subjects to think I can offer
definitive
	answers):

	In the context of discovery in civil litigation, or of a subpoena to
	produce documents and give evidence, or (with differences of detail)
the
	powers of the Serious Fraud Office to insist on the provision of
information:

	1  Generally you do not have to keep a copy of what you say or send
to
	anyone.  Therefore you cannot be penalised for not providing a copy
unless
	you can be proved to have kept one and to be withholding it in
breach of
	some relevant duty.

	2  If you originally had a copy but you destroyed it (or a key
necessary
	for gaining access to it), you cannot be penalised for not providing
a copy
	(unless you destroyed it after coming under a duty to provide it -
contempt
	of court); but you may be obliged to say when you destroyed it.  You
would
	probably be under a duty to provide ciphertext, however useless it
might
	seem without the key.

	3  If you can decrypt ciphertext I have no doubt that a court would
compel
	provision of plaintext on pain of penalties for contempt of court
	(unlimited fines and/or imprisonment).

	4  You would be obliged to answer questions about the content of the
	communication so far as you could remember where you were subject to
	subpoena or an SFO notice.

	In the context of search warrants, the approach is a little
different.
	Generally they permit what would otherwise be a criminal offence or
a
	trespass.  If you won't open your safe, it can be broken open; but
it is no
	offence not to hand over the key.  PACE says "The constable may
require ",
	but seems to provide no sanction for any failure to comply.
Criminal
	powers are generally interpreted restrictively rather than liberally
(or so
	they say), and on this basis "visible and legible" mean no more than
they
	say, and do not extend to "intelligibly" or "in English" or to
requiring
	any other transformation.

	New legislation ought to confront some of the problems in the
criminal
	context so that we know clearly where we stand.

	Bear in mind, finally, that these are principles.  How they work is
a
	practical matter.  The fact that you cannot produce a copy of a
document
	because you have destroyed it justifies your not producing it on
subpoena,
	in principle.  But if in practice the judge disbelieves you, then
you may
	find yourself in hot water.  The same will no doubt be true of the
	principles which in due course cover compulsory decryption.

		Regards,

			Nicholas Bohm

	Salkyns, Great Canfield,
	Takeley, Bishop's Stortford CM22 6SX, UK

	Phone		01279 870285	(+44 1279 870285)
	Fax		01279 870215	(+44 1279 870215)
	Mobile   	0860 636749  	(+44 860 636749)

	PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
	9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
	PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
	5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF