A proper law

[David Hansen]

On 5 Mar 2003 at 15:50, Watkin Simon wrote:

> > Why can't they do something useful, like getting rid of RIP and
> > replacing it with a proper law in this area?
> 
> Can you describe what would constitute a proper law?

Brian has answered very well, I agree with everything he said.

I would start off from the basis that a law to regulate investigatory 
powers is a very good idea. Unfortunately the Home Office didn't come 
up with one, I suspect because it only listened to the usual suspects 
and big business. The result was the mess that is RIP, a mess that 
can only be sorted out by ditching RIP. It cannot be redeemed.

We know the history. A long attempt by government to keep knowledge 
of such things out of public view. The nonsense of key escrow, I do 
remeber all "the sky's falling in" speeches from people aho should 
have known better. The daft report by the "performance" unit that 
produced the ideas that the Home Office was daft enough to 
incorporate into RIP. I'm sure it will become a textbook study of how 
to cock things up in a big way.

A law to regulate investigatory powers would start off by getting rid 
of any other "powers", real or imagined by some government body, to 
do the same thing. The APIG mentioned some of these "powers", I'm 
sure there are many more. Then everyone would know where they stand.

It would accept that being an adult is about having secrets. Children 
become adults when they realise this. That does not mean that every 
adult is a criminal.

The number of times that society should interfere with such secrets 
is small. I have so far yet to see convincing examples from the usual 
suspects. Their stories must be very unconvincing as they daren't 
expose them to public scrutiny and instead produce secret briefings 
to misinform gullible party politicians.

As interfering with someone's thoughts is far more intrusive than 
interfering with their posessions the law would need to recognise 
this. That means even more stringent precautions than for physical 
interference, not less as RIP has. Without such precautions those 
interested in the subject will never believe the bland assurances of 
government. Allowing the police, or every Council, to convince 
themselves that if they need some information they can get it without 
any real oversight is simply mad. Removing liability from holders of 
information for releasing information is similarly mad. I can see why 
the holders would want this sort of excuse, but that's no reason for 
them to have it. They must remain responsible for the information 
they hold.

These precuations need to include appropriate punishments for 
officials who fail to behave properly. This includes cretins who 
accept telephoned instructions. Five years in prison would be 
suitable for such people.

The law would acknowledge that there is never a need for keys to be 
grabbed. They should always remain in the posession of those who hold 
them. As well as being matters of life and death (imagine being able 
to forge an instruction from a doctor to change the dosage on some 
medical machine) they can relate to matters of company survival. They 
are also highly personal, I have resolved that under no circumstances 
will I ever give my keys to some official, no matter how many RIPs 
the Home Office passes. I repeat, there is absolutely no need for 
keys to be grabbed. If a communication is really that important 
encryption can be broken by massive computer power. The sky is not 
falling in. This keeps the balance the same as it is for paper 
transmissions. No matter how much guff the usual suspects produce it 
is clear that they will be unable to hold keys properly. I note that 
the initial assertion that keys were to be treated in the same way as 
SECRET government material has been replaced by bland waffle that 
doesn't fool me.

As a long stop a suitable regulator is needed. This must not be 
someone who writes reports that give every impression of being 
written by a smug git. It must be someone who is respectable and they 
must be able to open their post.

There is probably much more that I could write. I may well do so in 
the forthcoming consultation.


--
  David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
 I will *always* explain why I revoke a key, unless the UK 
 government prevents me using the RIP Act 2000.