A new task for Sir Callum McCarthy (was: Adducing etc)

Richard Clayton ukcrypto at chiark.greenend.org.uk
Sun, 11 Jun 2006 14:55:59 +0100 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <E35E1FE4BAB9884997825A00F7DD805004C196B5@EUR-MSG-
21.europe.corp.microsoft.com>, Caspar Bowden <casparb@microsoft.com>
writes

>we both know that officials think CoPs
>should re-state the legislation no more no less.

Careful reading shows that in this case they have (they hope
significantly) added to the legislation -- by a new measure to deal with
the "LSE argument" from the report prepared for the BCC in 2000
[published exactly six years ago tomorrow].

<URL:http://www.vnunet.com/computing/news/2067750/rip-bill-cost-uk-
economy-billion>

<URL:http://web.archive.org/web/20000815054218/http://www.britishchamber
s.org.uk/newsandpolicy/downloads/lsereport.pdf>

     The argument is, at heart: that only a complete clueless security
     officer would ever permit a multi-national financial institution to
     keep their master keys in the UK. Hence security jobs -- looking
     after those master keys -- will migrate elsewhere and hence,
     eventually, so will the rest of the HQ staff; with a consequent
     effect on the UK economy.

They tried to deal with this argument in the House of Lords in 2000 by
adding extra hoops to the legislation, such as serving notices at board
level and getting the notice signed by a Chief Constable. Their latest
innovation is to invent a (non-statutory) role for the Chairman of the
Financial Service Authority when a key is to be disclosed.

According to #6.8 of the draft CoP, he is to be "notified" beforehand
when a key disclosure is to occur.

Presumably when he receives a notification that Law Enforcement are
about to obtain a copy of a bank's master key then Sir Callum McCarthy
will consider all the circumstances and if the bank will be at risk
(shouldn't take long to assess that!) then he will become jolly upset.

In my experience security officers are somewhat cautious individuals. I
predict that "jolly upset" is not going to cut much ice when they're
assessing the risks to their company of storing master keys in London
compared with Paris, Frankfurt, New York or Zurich :(

Whether that's a lot of jobs, and a lot of HQs, we shall see...

... unless, of course, the Government gave up the notion of seizing keys
and concentrated on the rest of their policy -- delivering what Law
Enforcement actually says they need: getting stored material "in an
intelligible form". One might even view their dropping GAK (Government
Access to Keys) as putting their policy into an _intelligent_ form :) 

- -- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBRIwg75oAxkTY1oPiEQL3sQCg/FsBdeOJLtOYcgEFxJIj+SXie/AAnRoy
qoj2d8BlzI07yZXN0t1n4eQ4
=0afl
-----END PGP SIGNATURE-----