Adducing sufficient evidence to raise an issue (was RE: Consultation on the Draft Code of Practice for the Investigation of Protected Electronic Information: Part III of the Regulation of Investigatory Powers Act 2000

Owen Lewis ukcrypto at chiark.greenend.org.uk
Thu, 8 Jun 2006 13:04:59 -0000 

-----Original Message-----
From: ukcrypto-admin@chiark.greenend.org.uk
[mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Caspar Bowden
Sent: 08 June 2006 11:20
To: ukcrypto@chiark.greenend.org.uk
Subject: Adducing sufficient evidence to raise an issue (was RE:
Consultation on the Draft Code of Practice for the Investigation of
Protected Electronic Information: Part III of the Regulation of
Investigatory Powers Act 2000


> Introduction "This formal consultation provides an opportunity to tell the
Government if
> there is anything more or anything different that should be included in
the code
> before it is put to Parliament for approval."

> "10.5 A person shall be taken to have shown they were not in possession of
a key to
> protected information at a particular time if sufficient evidence of that
fact is
> adduced to raise an issue with respect to their not having had possession
of the
> key. The prosecutor has to prove the contrary beyond reasonable doubt."

> This seems to be the only reference to the heart of the matter of the
reversal of the burden of proof.

That reads to me quite clearly that there is no reversal of proof, beyond
any that might exist where a claim of inability to comply is registered in
response to a demand for any of the other several types of information which
can lawfully be made.

 As ukcrypto veterans will recall, this phraseology ("adducing sufficient
evidence to raise an issue") was introduced in a government amendment under
pressure in the Lords, so presumably the government must have some idea what
this means. I would argue that (aside from other ECHR concerns) to meet a
forseeability test under HRA/ECHR the public needs to have a good idea what
key management/destruction practices will suffice to allow this defence to
be relied on. Of course, the government was pressed on this at the time, and
the best they could come up with is that whatever key management procedures
the individual used should be explained to the authorities, and the courts
would decide whether this was credible.

After six years, we get a new consultation without any further clarification
or elaboration of perhaps the most critical issue in the entire legislation.

If you say so. I'd say that:

		-	A statement of reason for an inability to comply with a lawful demand
requires examined and is not simply to be accepted at face value.

		-	That a court hearing is a suitable occasion for such examination and
testing, where the matter cannot otherwise be disposed of by more immediate
means.

		-	You may ask for but will not get - and nor should you get - a cast iron
'get-out' clause to allow all to exempt themselves at will from compliance
with legislation.

		-	Once again you raise the bogey of HRA. I would not rely upon that too
far. In so far as it is to be looked to for protection, it will be selective
and not blanket in any protection it affords. My guess is that the only
protection it will afford is where the application of Pt III is seen to be
disproportionate to the common good obtained. E.g. it will not protect the
secrets of human traffickers, body part smugglers, drug dealers, the
executives in the next ENRON or BCCI scandal or terrorists.

AIR this issue was last extensively debated in this group about two years
ago. I doubt that there is little to add to the arguments that were aired
then. However, we shall soon see.

Owen

From: ukcrypto-admin@chiark.greenend.org.uk
[mailto:ukcrypto-admin@chiark.greenend.org.uk] On Behalf Of Watkin Simon
Sent: 07 June 2006 15:51
To: 'ukcrypto@chiark.greenend.org.uk'
Cc: 'cyber-rights-UK@mail.cyber-rights.org'
Subject: Consultation on the Draft Code of Practice for the Investigation of
Protected Electronic Information: Part III of the Regulation of
Investigatory Powers Act 2000

Dear colleagues,

The Home Office has today (Wednesday 7 June) issued a public consultation on
the investigation of protected electronic data, which invites comments on a
draft code of practice relating to the exercise of powers under Part III of
the Regulation of Investigatory Powers Act 2000 (RIPA) and on proposals for
amending section 53 of RIPA.  The closing date for the consultation is 30
August.

The consultation paper is online at:
http://www.homeoffice.gov.uk/documents/cons-2006-ripa-part3/

Simon Watkin
Covert Investigation Policy Team
Home Office
2 Marsham Street
LONDON
SW1P 4DF



**********************************************************************
This email and any files transmitted with it are private and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please return it to the address
it came from telling them it is not for you and then delete it from your
system.

This email message has been swept for computer viruses.

**********************************************************************

The original of this email was scanned for viruses by Government Secure
Intranet (GSi) virus scanning service supplied exclusively by Cable &
Wireless in partnership with MessageLabs.
On leaving the GSI this email was certified virus free.
The MessageLabs Anti Virus Service is the first managed service to achieve
the CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK
Government quality mark initiative for information security products and
services. For more information about this please visit www.cctmark.gov.uk