New Press release: RIP Code of Practice safeguards are inadequate
Yaman Akdeniz
lawya at lucs-01.novell.leeds.ac.uk
Wed, 12 Jul 2000 15:50:47 +0000
Press Release - 12 July, 2000, Cyber-Rights & Cyber-Liberties (UK)
Code of Practice safeguards are inadequate & Select Committee
recommendations and EU Parliament resolution has not been taken
into account by the Home Office.
Apart from what we published yesterday on Part III and related Code
of Practice on Part III of the RIP Bill, we would like to bring the
following information to your attention.
The Trade and Industry Committee on its Fourteenth Report on the
Draft Electronic Communications Bill, HC 862, 25 October, 1999
stated on paragraph 34 in relation to codes of practices related to
Part III that:
"Provision has been made for the Secretary of State of Home Affairs
to issue a code of practice 'in connection with the exercise or
performance by persons (other than proposed Commissioner and
Tribunal) of their powers an
d duties' under part III of the draft Bill. Such persons are to 'have regard for the code of practice' when performing their duties; but it is expressly provided that failure to comply with any provision of the code will
NOT of itself lead to criminal or civil proceedings against the person concerned."
Therefore the Committee stated that "the proposed code of practice may prove to be toothless" and "the impression is given by the legislation that infringements of the code of practice will go unpunished".
Therefore, in Cyber-Rights & Cyber-Liberties (UK)’s view, the safeguards within the Code of Practice are inadequate as there is not even a mention of such offences that may be related to failure to comply with any provisi
ons of the draft Code of Practice.
Moreover, the Government responded on 26 January, 2000, in the Third Special Report of the Trade and Industry Committee, HC199 and stated that:
"The Government is considering carefully how the proposed statutory Code of Practice is to be best operated. The view of the Committee, ......, will be taken into account in bringing forward the RIP Bill".
Furthermore, section 11 of the draft Code of Practice on Part III of the RIP Bill is entitled "Safeguards" but there is no mention of "a specific offence" as it has been recommended by the Select Committee even though par
agraph 1.5 (overview section) states that there are "associated offences" BUT there are not.
However, according to Yaman Akdeniz, director of Cyber-Rights & Cyber-Liberties (UK), "the views of the Committee and the concerned parties were not taken into account while the draft Code of Practice (Part III) was draft
ed. The government once again failed to provide adequate safeguards for the protection of seized encryption keys. We will continue to oppose government access to keys (GAK)."
Dr. Brian Gladman, Technology Policy Advisor, for Cyber-Rights & Cyber-Liberties (UK) stated that:
"The Bill has finally set a requirement for seized keys to be kept safe but the draft Code of Practice sets no standards for this purpose; in consequence the interests of key owners are still at risk. I really cannot see
anyone who takes their security seriously being willing to risk their keys in such an inadequate regime."
Cyber-Rights & Cyber-Liberties (UK) would also like to point the interested parties to the European Parliament Resolution which recognised the importance of encryption technology in May 1998. The European Parliament resol
ution emphasised in paragraph 20 that:
"legal rules on access to keys should not be introduced, as the measure is not commensurate with the expected result, particularly in view of the increased possibility of misappropriation of the keys, invasion of personal
privacy, cost, and lack of efficacy."
Yaman Akdeniz, director of Cyber-Rights & Cyber-Liberties (UK), added: "So despite the issue being recognised at the European Parliament, the UK government decided to push forward its desire to access encryption keys. The
views of the European Parliament should have been taken into account and GAK should have never been introduced."
Press Information:
This press release is at http://www.cyber-rights.org/press/
Cyber-Rights & Cyber-Liberties (UK), A Critique of Part III, Regulation of Investigatory Powers Bill, 11 July, 2000, at http://www.cyber-rights.org/reports/part-iii.htm
Brian Gladman's comments on Draft Home Office Code of Practice on Part III (Investigation of electronic data protected by encryption etc) of the Regulation of Investigatory Powers Bill, 11 July, 2000 is at http://www.cybe
r-rights.org/reports/p3copcom.pdf. Brian Gladman states that "fears about the impact of this Bill on trust and confidence in the provision of Internet security services are well founded. The UK’s e-commerce aspirations ar
e now at risk." An important conclusion of the Gladman paper is that "this code of practice is seriously deficient in respect of the requirements for seized encryption key protection" by the UK government.
European Parliament Resolution on the communication from the Commission to the Council, the European Parliament, the Economic and Social Committee and the Committee of the Regions on ensuring security and trust in electro
nic telecommunication - towards a European framework for digital signatures and encryption (COM(97)0503 - C4-0648/97), 20 May 1998, A4-0189/98.
The Home Office published the Preliminary draft codes in relation to RIP: These documents are circulated by the Home Office in advance of enactment of the RIP Bill as an indication of current thinking. They will be subjec
t to changes and additions. See http://www.cyber-rights.org/crypto/ for details and links.
Contact Information:
Mr. Yaman Akdeniz, Director of Cyber-Rights & Cyber-Liberties (UK),
CyberLaw Research Unit, Centre for Criminal Justice Studies,
University of Leeds, Leeds, LS2 9JT,
Tel: +44 (0) 498 865116, Fax: +44 (0) 7092199011
E-mail: lawya@cyber-rights.org
Dr. Brian Gladman, Technology Policy Advisor, Cyber-Rights &
Cyber-Liberties (UK)
Worcester, UK
E-mail: brg@cyber-rights.org
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mr. Yaman Akdeniz,
Director, Cyber-Rights & Cyber-Liberties (UK)
URL: http://www.cyber-rights.org
E-mail: lawya@cyber-rights.org
Tel: +44 (0)498 865116
Read the CR&CL (UK) Reports at:
http://www.cyber-rights.org/reports/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~