RIP Bill just went through / BBC News: 'Snooping Bill technically inept'

[Owen Blacker]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just received a phone call from a friend of mine (at an ISP). 
Apparently, RIP just went through (unamended) in the Commons...   :o(

BBC News article from last night below...


O x
- -----
Owen Blacker
Senior Internet Developer and InfoSec Consultant, pres.co
DSS: 0x7e3c8eab | 2f45 c60d 6a0a 0007 193d  d994 cd36 e021 7e3c 8eab
RSA: 0x38fee6c3 |      7c41 e69c 5b8a 484d  22af 1859 f4c9 307b
- -----
DISCLAIMER: These views are mine own and do not represent those of
any
other organisation I may seem to represent including, but not limited
to, pres.co, Primecom or any of their clients.
- -----

<BQ>
http://news.bbc.co.uk/hi/english/sci/tech/newsid_852000/852510.stm

Wednesday, 26 July, 2000, 22:59 GMT 23:59 UK 
'Snooping Bill technically inept'
By BBC News Online internet reporter Mark Ward 

The UK Government's plans to eavesdrop on criminals that use the
internet are "technically inept", say security experts. 

The technologies that the Regulation of Investigatory Powers (RIP)
Bill would allow police use to spy on computer-literate criminals are
easy to avoid, experts believe. 

They say those likely to suffer most as a result of the proposed
methods would be ordinary citizens who do not know how to safeguard
their privacy. 

The comments came as Lords amendments to the bill passed the House of
Commons without a vote. 

During the debate the government moved to reassure the business
community over the controversial bill. 

Home Office Minister Charles Clarke said firms could be ordered to
hand over only information in plain text, rather than the key to any
code used to encrypt the information. 

Mr Clarke insisted the changes were designed "to give reassurance"
that they were not seeking "a back door route" to obtaining
commercially sensitive computer keys. 

Police powers 

In a report prepared for the Foundation for Information Policy
Research, security experts Brian Gladman and Ian Brown have studied
just how the police are proposing to spy on and catch criminals that
use the internet to commit or plan crimes. 

The RIP Bill gives police the power to install "black boxes" in the
offices of internet service providers to monitor net traffic and pull
out the messages or data in which they are interested.


<quoteout>
"I cannot understand why the government is going through with the RIP
Bill. It is so technically inept" -- Brian Gladman, FIPR Advisor
</quoteout>


It also gives them the power to demand encryption keys so they can
unlock any scrambled data they intercept or find on seized computers.

But the authors of the FIPR report say it is easy for the
computer-literate to avoid the attentions of the security forces and
keep data private. 

"We have been saying for a long time that it is trivially easy to get
round the technology provisions in the Bill," said Mr Gladman, a
former director of the Nato technical centre. "I cannot understand
why the government is going through with the RIP Bill. It is so
technically inept." 

Criminals catch up 

Rather than stop criminals using the net, the methods outlined in the
RIP Bill will "undermine the privacy, safety and security of honest
citizens and businesses", says the report. 

News of the report appeared first in New Scientist. 

As one example, Mr Gladman said it was easy to stop e-mail messages
being intercepted by using an offshore e-mail account that encrypted
messages as they moved across the net. 

The report also mentions that the new version of the Internet
Protocol will make it much harder to intercept data. The protocol
allows two internet-connected computers to use encryption keys that
are destroyed after each exchange of data. 


<boxout>
Protecting e-mail
 * Use an offshore e-mail service
 * Encrypt when sending and receiving 
 * Send messages direct to recipients
 * Use software that supports IPv6
</boxout>


The advent of "always-on" technologies such as ADSL might remove the
need for a mail server that holds mail until you download it, said Mr
Gladman. People may start to send messages direct to each other,
making it much more difficult for them to be caught in flight. 

Mr Gladman said that although there were many ways for people to
avoid the attentions of the security forces, many of them demanded
technical knowledge to set up and use. 

Criminals will be prepared to invest the time and energy to learn how
to use software or techniques that can help them avoid arrest but
others may be left vulnerable. 
</BQ>

- -----
Owen Blacker
Senior Internet Developer and InfoSec Consultant, pres.co
DSS: 0x7e3c8eab | 2f45 c60d 6a0a 0007 193d  d994 cd36 e021 7e3c 8eab
RSA: 0x38fee6c3 |      7c41 e69c 5b8a 484d  22af 1859 f4c9 307b


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOYBeUpAWiIJ2OGWAEQIgtwCeLamH+4JoN4ZhhYKsAko1BqavEqcAoKJ+
dtVrsdD3e9c8YRkm0XyXwZEu
=ZuI2
-----END PGP SIGNATURE-----

_____________________________________________________________________
This message has been checked for all known viruses by UUNET delivered 
through the MessageLabs Virus Control Centre. For further information visit
http://www.uk.uu.net/products/security/virus/