Home Office : NTAC FAQ

David Hansen davidh at spidacom.co.uk
Tue, 12 Mar 2002 14:09:44 -0000 

On 12 Mar 2002 at 10:48, Caspar Bowden wrote:

> http://www.homeoffice.gov.uk/oicd/ntac/ntacfaq.htm 

> Without NTAC, the ability of the Agencies to derive intelligence from
> the interception of standard telephony will gradually erode as new
> technologies using Internet Protocols predominate.

Complete and utter nonsense, even by Home Office standards.

Internet protocols have undoubtedly been the greatest boon ever for 
spying agencies. It is so much easier to spy when people send 
information in a form that is far easier to intercept than the post 
and is already presented in easy to scan digital format.

What the spies dislike is the idea that the public ("criminals" in 
their little world) may protect themselves with encryption from 
snooping. Tricks such as Microshit software "accidentally" not 
encrypting attachments can help the spies here.
 
> Use of encryption to protect stored computer files is increasing and
> threatens the prosecution of those with the greatest motivation to
> conceal the content of those files, such as pornographers and
> paedophiles.

I have a great motivation to conceal the content of files. None of 
them are pornographic (btw the Home Office may have forgotten that 
pornography is not illegal) or involved with molesting children (or 
adults for that matter).

It's is the usual Home Office childish nonsense. Only criminals want 
to restrict access to things, everyone else is perfectly happy for 
government officials to examine every detail of their life.

> Respond to the threat to public safety from criminal use of
> encryption.

A threat which the Home Office failed to come up with a convincing 
description of on this list during their "open" phase before the RIP 
disaster.

> Make a difference between serious crime being prevented or
> punished and criminals going unpunished and free to continue their
> activities.

Waffle.

Exposed here as nonsense by those who know what they are talking 
about.

> NTAC will make technically possible the provisions included in Part
> III of the Regulation of Investigatory Powers Act 2000 requiring the
> disclosure of keys to lawfully obtained protected electronic data.

On the say so of any Tom, Dick or Harriet; without us being protected 
by even the minimal protection of a court order.

People can either give in to the Home Office or fight them on this 
matter. Personally I see no reason to give in to bullies, even if the 
bullies are the Home Office and those hiding behind them.

> NTAC will undertake any processing necessary to make lawfully
> intercepted material intelligible.

Will it really? It will be fascinating to see how they manage to do 
this under certain circumstances.

> NTAC will not analyse the
> intelligible content of any intercepted material. That will remain a
> function for the agency which applied for the interception warrant.

But did not have to apply for any sort of warrant to steal people's 
keys.
 
> Any decryption keys lawfully obtained will be subject to high levels
> of security

Which this waffle fails to specify.

> The highest level of security for keys and other sensitive information
> relating to key holders will be afforded by NTAC.

Will it really? "The highest level of security" in the UK presumably 
relates to things like the control of nuclear weapons. I think the 
chances of applying the same level to keys are zero. Perhaps our Home 
Office lurkers could enlighten us on the reality behind this waffle.

> Where decryption keys are retained they will be 
> given the appropriate security.

More waffle.
 
> The
> security considerations relating to a lawfully seized key that the key
> holder knows has been seized are quite different to a lawfully
> disclosed key that protects data of significant value to the key
> holder where compromise of that key and the data it protects would
> have consequences beyond the matters under investigation.

At one time we were told that all stolen keys would be treated with 
the security classification SECRET. It appears that yet again we were 
lied to by government.

The Home Office waffle above fails to explain the claimed difference.

> Keys protecting the most sensitive material and requiring the highest
> level of physical security will go to NTAC and be held there as
> necessary under the safeguards provided in the legislation.

There were no safeguards in the legislation, other than some waffle.
 
> Keys and data overtly acquired from the data owner may go to NTAC to
> be processed there and then be stored locally.

So, every Tom, Dick and Harriet from the whole of government can have 
my stolen keys and data on their laptop, which can then be stolen 
from the railway booking office. That is really reassuring.
 
> Law enforcement is well used to protecting valuable transports,
> whether that is valuable evidence being moved or valuable prisoners.

Ha ha.


--
  David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
 I will always explain revoked keys, unless the UK government
 prevents me using the RIP Act 2000.