RIP amendments MK2

Donald Ramsbottom donald at ramsbottom.co.uk
Mon, 06 Mar 2000 08:10:14 +0000 

Below are some amendments sent to Caspar. I did send them here as word
attachments but they seem  not to have turned up (probably because they were
attachments), so a swift bit of cutting and pasting later they are produced
below for your delictaion and perusal. They are basically the same as before
but tidied up a bit.

They are in two parts, the first the suggested Parliamentary style and
secondly the reasons for each change. Happy reading, and try not to fall
asleep before the end!






Suggested amendments to the Regulation of Investigatory Powers Bill prepared
by Donald Ramsbottom Solicitor



Clause 46  (1) (a) page 47 line 11 delete "or is likely to do so"

Clause 46 (1) (b) page 47 line 13 delete "or is likely o do so"

Clause 46 (1) (c) page 47 line 18 delete "or is likely to do so"

Clause 46 (1) (d) page 47 line 23 delete "or is likely to do so"



Clause 46 (3) (b) page 48 line 1 insert "serious" between detecting and crime


Clause 46 (4) page 48 line 3 leave out subsection 4 and replace with:

" A notice in this section requiring disclosure of any key-

must be in writing in the prescribed form and be addressed  to the recipient
of the key and be signed and dated by a person with appropriate authority as
described in schedule 1 and

detail the specific protected information required and

name the person(s) who have the appropriate permission to serve the notice
and order the decryption of the specific protected information sought."


Clause 46 (5) (a) page 48 line 12 delete at end of line "or" and add "and"
Clause 46 (5) (b) page 48 line 13 leave out subsection (b) and insert

"the person(s) to whom the key(s) are surrendered shall not without further
authority disseminate or otherwise give details of key(s) to any third party"



Clause 49 (1) (b) page 49 line 16 leave out subsection (b) and insert

"(b) he is a person who has actual possession of the key and has actual
possession of the key at the time the notice was lawfully served and
wilfully refuses to comply with the lawfully served notice"





Clause 50 page 51 line 17 add new subsection 10

"(10) The duration of the requirement to keep secret the giving of the S:46
notice shall be no longer than one year or for the duration of the specific
investigation for which  it was issued which ever is the shorter and if the
investigation shall last more than one year then renewal of the requirement
to keep secret the giving of the S:46 notice shall be obtained from the
person with appropriate authority under schedule 1 post  and such renewal
shall be requested in writing with reasons for the continuing necessity for
the keeping secret of the giving of the S:46 notice and such renewal shall
be served in the prescribed written form upon the person to whom it relates.


Clause 52  page 52  line 35 leave out definition of key and replace with:

""Key" in relation to protected information, means the specific key(s),
code,  password, algorithm or other data the use of which (with or without
other keys)-

a) Allows access to the protected Information, or
b) Facilitates the putting of the protected information into an intelligible
form"


Clause 52 page 53 line 1 leave out definition of protected information and
insert

""Protected information" means the specific electronic data required, which
without the specific electronic key to that data (such required data to be
set out in detail in the S:46 notice) -

a) Cannot be accessed or
b) Cannot be put into an intelligible form"




Schedule 1 page 78 line 18 leave out subsections 2-7


Reasons for amendments to RIP bill
Prepared by Donald Ramsbottom Solicitor


I have set out the reasons for my proposed amendments to the RIP below. 

The most important amendments (in my opinion) are those relating to the
definition of "protected information" and "Key" as well as the removal of
the vast majority of schedule one which circumvents the judicial controls in
paragraph 1 of that schedule.

Only slightly less crucial are the requirement for a written notice and for
the documentation to specify what is wanted. One can imagine the flight of
international trade from the banking and insurance markets if DC Plod were
able to obtain all encrypted data from Bank X or insurance company Y on all
corporate and individual clients.

The gagging orders section 50 can have the effect of suppressing legitimate
journalistic endeavour and investigation and could be a backdoor to
censoring the press. This coupled with the indefinite nature of the gagging
order is clearly a breach of Human Rights.

>From a privacy point of view it should be remembered that the majority of
S:46 orders would conceivably be served on innocent 3rd parties who have had
something sent to them which they cannot decrypt. Additionally even the most
security conscious and conscientious person can forget a password/phrase or
have data which he thought had been long deleted and to which he no longer
has access. These persons could be criminalised through no fault of their own.

There must be a balance struck between the needs of Law enforcement and the
rights of the individual.



S:46 (1)

Reason for deletions:

The protected information will either be in the hands of the party serving
the notice  or it will not. If it is not covered by the initial notice then
further judicial authority should be sought.

This will help prevent abuse and fishing expeditions.

To comply with the Human Rights Act and the Data protection Act and their
European equivalents




S:46(3)

Reason for addition:

To be consistent with part 1 of the bill.

To prevent abuse of intrusive powers for minor offences.

To be proportionate and reasonable

To comply with the Human Rights Act and the Data protection Act and their
European equivalents


S:46(4)

Reason for amendment:

To reduce the intrusive nature of the S:46 notice to a minimum.

To avoid intrusive abuses of individual privacy

To be proportionate and to balance the Human Rights of the individual
against the requirements of the State or its institutions.

To ensure there is a standard form of notice in a form which has been approved.

To ensure there is a written tangible notice which cannot be altered at the
whim of those serving it.

To comply with the Human Rights Act and the Data protection Act and their
European equivalents.


S:46(5)

Reason:

The keys to be disclosed should only be disclosed to those named in the
notice and to no other parties without further judicial authority.

The key(s) may give access to more information than was authorised under the
notice

The key(s) may be used to impersonate the person on whom they have been
served which may potentially give rise to Human Rights abuses

The wide dissemination of the key(s) would be neither reasonable, or
proportionate.

To comply with the Human Rights Act and the Data protection Act and their
European equivalents


S:49(1)

Reason:

This is to ensure there is no reversal of the burden of proof

The person must wilfully refuse, so that a person cannot be found guilty for
being forgetful or if a person has no longer got a key in his possession and
/or has forgotten the same.

To comply with the Human Rights Act and the Data protection Act and their
European equivalents

To avoid oppression and abuse. Note that the notice itself must be lawfully
served.


S:50 (10)

Reason

This requirement means that notices restraining freedom of speech will not
be indefinite . There will be effective judicial control over the "gagging"
of persons served with notices and also those who become privy to the S:46
notice but who are not covered by it. This allows for an investigation to
continue in secrecy but once it is concluded then the order can be removed.

If the amendment is not made the gagging orders are infinite in duration.

To comply with the Human Rights Act and the Data protection Act and their
European equivalents

To avoid  direct or indirect gagging of legitimate journalistic inquiry.

 

S:52 definition of "key"

Reasons

This amendment allows for the surrender of the specific key to the
information sought under the terms of the S:46 and/or other warrant and
allows for the surrender of session keys.

There is no reason for any key other than that associated with the protected
information sought to be surrendered. This would enable those entitled to
obtain the key to obtain just that and nothing more thus preserving the
individuals privacy and being both proportionate and reasonable and
complying with the Human Rights Act, Data Protection Act and European
directives and legislation.

Section 52 Definition of "Protected information"

This has been amended as the current definition means that ANY and all data
which is encrypted has to be decrypted whether relevant or the subject
matter of the investigation. Thus a bank which is served with a notice would
have to disclose its entire encrypted data system in relation to all clients
and staff and transactions as would any company individual or professions'
such as solicitors or accountants or doctor.

The amendment allows for the decryption of a specified class of documents
e.g. emails between X and Y from Date A to B, but leaves the remainder of
the documentation private. If further revelations come from the decrypted
data which require further investigation then the persons investigating the
data can return to a Judge for a further order.

This would be both proportionate and reasonable. It would comply with the
Human rights Act and Data Protection Act and European legislation.

It would also help prevent there being massive disruption in the banking and
financial systems as well as retaining client/professional confidentiality
which would be severely compromised  by the current definition.

Schedule 1 

Paragraph one says an order can only be made by a circuit judge which
maintains judicial rather than executive control over these powerful orders.

Paragraphs 2-6 completely removes this judicial control by allowing
Magistrates, senior civil servants, police officers and customs officials,
members of the armed services and security services to issue warrants under
other enactment's which will by-pass the judicial safeguards given in
paragraph 1. Indeed it is hard to see how a judge would ever issue a S:46
notice as the collection of the information to be decrypted will invariably
be associated with some other form of warrant or permission, such as a
search or interception warrant. A Section 46 notice is not a search warrant
and as such the information can only be lawfully obtained by means of
another warrant, unless the information is volunteered in which case the
notice will be irrelevant.


Donald Ramsbottom LL.B, BA (Hons).

RAMSBOTTOM & Co. Solicitors

Internet Law & Global Cryptology Law Specialists