FW: RIPA Part III

Peter Fairbrother ukcrypto at chiark.greenend.org.uk
Tue, 13 Jun 2006 22:26:58 +0100 

----------
From: Watkin Simon <Simon.Watkin@homeoffice.gsi.gov.uk>
Date: Tue, 13 Jun 2006 17:58:14 +0100
To: 'Peter Fairbrother' <zenadsl6186@zen.co.uk>
Subject: RE: RIPA Part III


> From: Peter Fairbrother [mailto:zenadsl6186@zen.co.uk]
> Sent: 09 June 2006 11:29 AM

> 
> Thanks for the unexpected reply. Can I repost it elsewhere?

Of course you may.

> Some comments are below.

<snip>

> And now we come to the actual question - a key has been used to
> authenticate
> requests for access. In so doing, has it been used to access?

No.  It's been used to authenticate.  I guess your concern is a malicious
Plod trying to dupe the authenticator to give access to Alice or Bob's data
using Alice or Bob's authentication token.  But it really doesn't work like
that.  

> > That a person cannot be required to disclose a key used only for
> > authentication is absolute.
> 
> Good. It would be nice to see this stated in the CoP.

That's what paragraphs 3.14 and 3.15 are intended to convey.

> And if the database is in a country which does not have GAK laws, what
> then?
> do they just give up trying?

They wouldn't have gone down the route you're suggesting in the first place.
And Part III is not extra-territorial, so a notice cannot be enforced
outside the UK.  They would, more than likely, engage the assistance of the
local authorities using their local legislation.

Remember that Part III requires someone to have the protected information or
be likely to obtain it.  If the protected information is outside the UK it
is, more than likely, beyond the jurisdiction of that person.

> > The prosecutor has to prove beyond reasonable doubt that you had it or
> you
> > had known it.  Parliament has put a high hurdle in place for the
> prosecutor.
> > The defendant only has to "raise an issue" and the prosecutor has to
> prove
> > the contrary beyond reasonable doubt.  It's a bit more than just "I
> don't
> > know it" but not much more.
> 
> We'd like to know just how much more. We would like to see that spelled
> out in the CoP.

We can think about that, but anything in the code would only be indicative
rather than prescriptive.

> The basic flaw is in the idea that people should not be able to keep
> secrets
> from their governments. When they cannot there is a tyranny of
> information.

No one is saying people can't keep secrets from the Government.  People can
keep their secrets, but if the secret is about something harmful to society,
or is believed to be something like that, we're saying that in accordance
with the law people with such secrets will have to disclose just what it is
they are keeping secret or how they keep that secret.

If my secret is abusing my niece, is that a secret I should keep from
Government?  I may want to keep that secret but should the law which seeks
to punish me for the abuse protect my secret.
 
> > Do you think there are law-abiding people out there discussing how to
> commit
> > the perfect murder, or the perfect robbery (and who will never commit
> murder
> > or robbery) with as much passion as how to evade to section 49 notice
> (and
> > who will never be given one)?
> 
> The fundamental difference is that murder and robbery are crimes, and we
> all
> agree that they are crimes, and they hurt people, whereas many people
> think
> evading a s 49 notice should not be a crime, and it doesn't hurt people.
> And
> it isn't a crime anyway, but you know what I mean.

You're right.  Murder and robbery, and let throw in child abuse, are crimes
and they hurt people. If the evidence of those crimes is protected should
law enforcement just walk away?  No.  If we can make it a requirement that
is used appropriately, only necessarily and never unnecessarily, only
proportionately and never unfairly or arbitrarily, and make that requirement
enforceable by law, as we do with requirements to give breath samples at the
roadside, that is surely in the best interest of the public in order to deal
with those individuals who hurt people.

Simon



**********************************************************************
This email and any files transmitted with it are private and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please return it to the address
it came from telling them it is not for you and then delete it from your
system.

This email message has been swept for computer viruses.

**********************************************************************


The original of this email was scanned for viruses by Government Secure
Intranet (GSi)  virus scanning service supplied exclusively by Cable &
Wireless in partnership with MessageLabs.
On leaving the GSI this email was certified virus free.
The MessageLabs Anti Virus Service is the first managed service to achieve
the CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK
Government quality mark initiative for information security products and
services.  For more information about this please visit www.cctmark.gov.uk