Echelon, spooks, stego and the Sexual Offences Bill
Richard Clayton
ukcrypto@chiark.greenend.org.uk
Tue, 23 Sep 2003 14:28:22 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bear with the long introduction... it gets more interesting later on :)
Readers may recall that pedophiles are regularly charged with the
offence of "making" indecent images because a Court of Appeal judgment
holds that since "making" is not specifically defined in the Protection
of Children Act 1978 it should have its dictionary meaning -- and that
meaning extends to the actions involved in copying an image down from a
website and viewing it in your browser.
The exact offence these people were charged with used to matter a lot
because "making" was an offence during a period when mere "possession"
was not... and if you went after people for an arrestable offence then
PACE lets you seize their computer for evidence without all that tedious
search warrant from a magistrate stuff.
Changes to the law have meant that possession is now an arrestable
offence, but we're still stuck with the case law on "making".
However, back in 1978 when Parliament passed the original Act, they
didn't put in a statutory defence for "making" because they couldn't
conceive of any situation where you'd need one. After all if you'd been
pressing the shutter on a camera ("taking") or beavering away in a
darkroom ("making") then you were a wicked person and could never ever
have any excuse for what you'd done.
But the new interpretation of "making" means that all sorts of actions
taken by sysadmins and ISP abuse teams who are dealing with reports of
"kiddie porn" are caught. As indeed is the work by the good people over
at the Internet Watch Foundation (IWF) who operate a hotline and act as
a clearing house for reports of indecent images of children on the Net.
Whenever these sysadmins etc make a forensic copy of disk prior to doing
any checks, or send an email to the IWF, or look at a customer website
to see what it contains.... all perfectly reasonable things to do to
avoid wasting police time on mistaken reports ... then these sysadmins
have been "making" illegal images, a serious offence to which their is
no statutory defence.
Anyway, I - and others - have been campaigning on this matter for some
time (see: http://www.cl.cam.ac.uk/~rnc1/SexualOffencesBill.pdf) with a
view to getting an amendment made to the Sexual Offences Bill that is
currently going through Parliament to give sysadmins a defence (or
perhaps to redefine what "making" means).
The relevant clause was s53 in the Lords, it's now renumbered to s48 in
the Commons and at Committee stage the Government came forward with an
amendment to tackle the problem. They proposed removing the
"authorisation" scheme that is currently on the face of the Bill
(whereby lots of chief police officers and heads of various agencies
such as MI5 and GCHQ) and replacing it with this:
48 Criminal investigations or proceedings
(1) After section 1A of the Protection of Children Act 1978 insert -
"1B Exception for criminal investigations or proceedings
(1) It is not an offence under section 1(1)(a) for a person to make
an indecent photograph or pseudo-photograph of a child if it is
necessary to do so for the purposes of the prevention, detection
or investigation of crime, or for the purposes of criminal
proceedings, in any part of the world.
( ) It is not an offence under section 1(1)(a) for a member of
the Security Service to make an indecent photograph or pseudo-
photograph of a child if it is necessary to do so for the
exercise of any of the functions of the Service.
( ) It is not an offence under section 1(1)(a) for a member of
GCHQ to make an indecent photograph or pseudo-photograph of a
child if it is necessary to do so for the exercise of any of the
functions of GCHQ (and in this subsection "GCHQ" has the same
meaning as in the Intelligence Services Act 1994 (c. 13))."
The "Echelon" issue, I would suggest, is the pedantic parliamentary
draftsman pointing out that some of MI5 and GCHQ's is not strictly to do
with the prevention of crime, but is for more general national security
purposes -- and that if you're tapping links then you're going to be
copying the odd indecent image of a child as well....
Anyway, it turned out the Home Office hadn't consulted quite as much as
they might have done about their amendment and some parts of ACPO
started kicking up a fuss about how this amendment was going to let
paedophiles pretend to be reporting material whereas in fact they were
just looking at it... plus they liked the authorisation scheme because
it allowed them to set conditions internally on people handling the
material. So the Home Office have withdrawn their amendment and will
come back again with a rethink at Report Stage.
However, the Commons Committee reached s48 last Thursday and a "probing
amendment" was put forward to remove the part of the authorisation
scheme that allows MI5 to authorise their officers to handle kiddie
porn... there was a short debate about the role of the spooks and how
they seem to think that Al Qaeda might be hiding stenographic messages
in kiddie porn images [Good Grief!!]
http://www.publications.parliament.uk/pa/cm200203/cmstand/b/st030918/am/
30918s04.htm
I've snipped several paragraphs that are not 100% relevant, to try and
keep this very long message as short as I can ...
Mr. Grieve:
However I was slightly more curious about subsection (4). Separately
from the other authorisations, there is an authorisation here that
can be
''given by the Director-General of the Security Service if it
appears to him necessary for the exercise of any of the
functions of the Service.''
The Security Service may well get involved, for example, in an
investigation into the trafficking of underage children for sexual
purposes, in which case the photographs will have to be circulated.
The small query that emerged in my mind was whether that would give
a blanket permission to the Security Service to take photographs of
a Ruritanian charge d'affaires having sex with a 13-year-old for the
purposes of inducing him to co-operate with the Security Service
thereafter. Although I know that these are subjects over which
delicate veils are drawn, I wonder whether, before we gave a
statutory sanction to such activities, we might hear from the
Minister what is actually involved.
Beverley Hughes:
In relation to the question of the hon. Member for Beaconsfield, I
would say two things. First, the security services have a remit in
relation to crime anyway. They do not simply deal with intelligence
and security, as the hon. Gentleman is aware. It is important,
therefore, that they are able to give authorisations to their
personnel, as other services would. There is not a neat split
between criminal activity and organised terrorist activity that is
core to the remit of the security services.
To give an example that we have talked about a fair bit,
investigations into al-Qaeda took place to determine how such
organisations communicate. It may be believed that some information
pertaining to national security has been encrypted into a photograph
or an image. It would be important for the security services to be
able to draw down that image to decode and deconstruct the
information that was in the photograph. Use of such images via the
internet is one of the mechanisms that we know organisations use to
communicate with their members in a secret way. That is a tangible
example of why the security services need to be able to give
permission to their staff to draw down certain images when they
think that information is contained within.
The important point is that all the people listed in the clause -
including the director general - are accountable for the way in
which the authorisation will operate in their organisations. That is
the key point. It may be that a particular individual at second tier
may see the detail of the request to make a decision but the
director general will be personally accountable. There is,
therefore, no reason to make the director general of the Security
Service go to a High Court judge, when we accept that other people
included in the clause can be accountable in that way in law for the
decisions that they make when they authorise their staff to draw
down such material.
I hope that that answer satisfies the hon. Gentlemen. We are not yet
satisfied with the drafting of clause 48. The numbers of people who
might, with justification, seek authorisation is actually greater
than we initially thought as we worked through the clause.
Therefore, the clause may be too widely drawn and the system may
become overloaded. We are negotiating with the police services and
others and we shall table our own amendment on Report. For absolute
clarification, we expect to continue to allow the Security Service
to ''make'' such images in pursuit of its functions as the clause
states.
Mr. Grieve:
I suspect that I have got as much information as I am likely to. I
am partly reassured by what the Minister of State has told me.
Having noted that that is why we are putting the Bill on the statute
book in that form, I look forward to seeing the revised list. I
accept that all sorts of people may require such authorisations, and
we will give the matter further scrutiny.
Mr. Randall:
I wondered whether my hon. Friend had received a satisfactory answer
to the Ruritanian question because I did not think that we did.
Mr. Grieve:
I must say that I did not think that I got a satisfactory answer to
the Ruritanian question, and the Minister may acknowledge that. I
have a funny feeling that I will not get a satisfactory answer. On
that basis, I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
- --
richard Richard Clayton
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. Benjamin Franklin
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBP3BKdhfnRQV/feRLEQI+cgCfbQwf6XMh/TqSx+ZX3TT6cc88DL8AnRw3
YCc4t+Las/e91nd217cY32kf
=nydP
-----END PGP SIGNATURE-----