Letwin wants increased penalties for refusal to decrypt
Nicholas Bohm
nbohm at ernest.net
Tue, 20 Aug 2002 16:15:03 +0100
At 15:10 20/08/2002 +0100, Owen Lewis wrote:
> > -----Original Message-----
> > From: ukcrypto-admin@chiark.greenend.org.uk
> > [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Nicholas Bohm
> > Sent: 20 August 2002 11:37
> > To: ukcrypto@chiark.greenend.org.uk
> > Subject: RE: Letwin wants increased penalties for refusal to decrypt
> >
> >
> > At 10:01 20/08/2002 +0100, Owen Lewis wrote:
> >
> >
> > > > -----Original Message-----
> > > > From: ukcrypto-admin@chiark.greenend.org.uk
> > > > [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of
> > Paul Leyland
> > > > Sent: 19 August 2002 15:50
> > > > To: ukcrypto@chiark.greenend.org.uk
> > > > Subject: RE: Letwin wants increased penalties for refusal to decrypt
> > >
> > >
> > > > ....Sorry, I got a bit carried away there.
> > >
> > >De Nada.
> > > >
> > > > Anyway, the point is that he may permit the authorities to search
> > > > his stores of information but, until RIPA, there was nothing to
> > > > say that he has to chose to make the search easy for them either
> > > > as a whole or in part.
> > >
> > >But there was. He would have to unlock his rooms, safes etc and surrender
> > >such items as the investigators thought they might require.
> >
> > Not so.
> >
> > In criminal matters (and the civil side is very different), we
> > are talking
> > about search warrants. Their effect is to relieve the searcher of
> > liability for civil or (some) criminal wrongs involved in searching,
> > nothing more. They impose no duty on the victim to help, nor
> > penalties for
> > failing. And there is of course no duty to say where anything is hidden
> > (and an ECtHR decision to the effect that no such duty can be imposed).
> >
> > Of course, you may prefer to hand over the keys to your safe rather than
> > see it drilled and ruined, but that's your choice. And if the safe is
> > designed to destroy its contents when tampered with, you may
> > prefer to let
> > it perform its function.
> >
> > RIP is different. It imposes a duty to co-operate in a search in a
> > criminal investigation, subject to criminal penalties. This is a wholly
> > new departure in criminal investigation (with the possible exception of
> > some analogy with being compelled to answer DTI inspectors' questions
> > before being prosecuted on the basis of the evidence so obtained, no held
> > to be incompatible with the ECnHR).
> >
> > It certainly seems strange to be proposing changes to penalties for
> > non-disclosure when there is no experience of the usefulness or
> > effectiveness of the requirement.
> >
> > On the civil side, the courts have never hesitated to order disclosure of
> > documents and to impose penalties for contempt of court in case of
> > failure. I have no doubt they would order decryption on the same basis,
> > though disclosure of keys might take some considerable justifying
> > before a
> > court could be persuaded that decryption was not enough.
>
>Thank you.
>
>You do mention the powers of DTI Inspectors but that is a (bad) exception.
>Though it gives a precedent, I let it go for present purposes.
>
>It seems to me that whilst the subject of a search has never been required
>to co-operate with the search neither has he been able, either in fact or in
>law, to thwart it with impunity. He has never been able to maintain 'this is
>my house (or whatever) and you may not search it'. Neither has he been able,
>in practical terms, to prevent the search though there have always been
>possibilities to thwart it and searchers have been and are generally careful
>to pre-empt such opportunities.
The subject can hide the evidence where the searchers cannot find it (or,
see Poe, where they fail to recognise it for what it is), if he is clever
enough. No penalties have ever attached. This is not new.
>The very modern common possession of an invulnerable means of securing
>information does not - should not - in my view alter the position that, if a
>search is ordered upon sufficient suspicion, the law intends that that
>search be thorough. Therefore it cannot intend that the subject be permitted
>absolutely and with impunity to thwart the search. If the law were so to
>allow, then it would become contradictory in its aims and directions.
It has become easier, in principle, to do what was difficult
before. Whether it has become easier in practice is tricky: you yourself
point out that securing information is a lot harder than it looks, and
nobody seems to be able to point to cases where encryption has thwarted law
enforcement in practice. So whether there has been a real change
justifying the radical change in type of legal power applicable seems at
best doubtful.
>I grind no axe here. To me, it would seem unreasonable that the law be made
>contradictory in its aims and directions. If it comes to pass that the law
>is made so, then in some part, the law will surely be changed to eradicate
>the contradiction. If GAK is struck down, there is no reason to suppose that
>any change in the law resulting would leave still possible to thwart,
>deliberately and with impunity, a lawful search of information.
I wonder: what about steganographic filesystems where it is impossible to
prove that they contain hidden information to which keys have not been
provided, so offering plausible deniability?
>I conclude that GAK, ugly as it is, does not substantially shift the balance
>between accuser and accused. Rather, it maintains that balance, albeit
>imperfectly. To this non-lawyer, the law often seems less than a perfect
>instrument.
On that final point I am sure we agree.
>I think there may be mileage in this issue.
>
>Owen
It will run and run.
Regards
Nicholas
Salkyns, Great Canfield,
Takeley, Bishop's Stortford CM22 6SX, UK
Phone 01279 871272 (+44 1279 871272)
Fax 01279 870215 (+44 1279 870215)
Mobile 07715 419728 (+44 7715 419728)
PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint:
9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint:
5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF