RIP FOR INDIVIDUAL RIGHTS?

Ian BROWN I.Brown at cs.ucl.ac.uk
Mon, 13 Mar 2000 16:06:12 +0000 

Charles Clarke 'wrote':
>The decryption proposals are not draconian.  What we are saying is that law
>enforcement agencies should be able to understand the contents of material
>that they lawfully obtain, notwithstanding the fact that it has been
>protected with some unbreakable new code.  But that is the limit of our
>ambition.

In which case, a requirement for plaintext rather than keys would suffice.

>Accusations that the Bill reverses the burden of proof are simply wrong.
>This is important.  The burden, and it is a significant one, falls on the
>prosecution to prove, beyond reasonable doubt, that an accused person is, or
>has been, in possession of a key to unlock particular protected data.  There
>are statutory defences for individuals who have lost or forgotten a key.
>These need only to be established on the lower level of proof - the balance
>of probabilities

The burden reversal is not in whether a person has or has had a key, but 
whether they have forgotten/lost it, where a "balance of probabilities" test 
is simply inadequate. It should be for the prosecution to prove beyond 
reasonable doubt that the defendent still has access to it.

>Key escrow is firmly off the agenda.

Not off the agenda of those corporate officers who are beginning to realise 
the implications for them and their companies of the "has or has had" 
requirement. How many of them will simply play safe and escrow all corporate 
keys?

>But questions of what levels of
>security should be deployed are not, largely, matters for primary
>legislation.

They certainly should be part of the cost assessment of the bill. And I most 
definitely trust the cost assessment of someone who has worked on these 
matters at the MoD and NATO for 20 years (Brian Gladman) over the Home 
Office's.

>We are certainly ahead of the game as
>regards updating our laws for the digital age.

Acting differently to other countries, certainly. Ahead of the game -- perhaps 
not. Australia is at least 3 years ahead, more if the UK government is going 
to waste another year going down the wrong path.

>We have examined the issue of rights in its widest sense.  This
>includes the rights of those who do not yet have Internet access, who may
>not know what asymmetric encryption is all about, but who nevertheless have
>the right to live in a society free from crime.

"The rights of the many, not of the few"? Simply invalid in relation to human 
rights legislation.

Ian.