FW: RIPA Part III

Peter Fairbrother ukcrypto at chiark.greenend.org.uk
Thu, 15 Jun 2006 19:25:13 +0100 

----------
From: Peter Fairbrother <zenadsl6186@zen.co.uk>
Date: Thu, 15 Jun 2006 19:09:47 +0100
To: Watkin Simon <Simon.Watkin@homeoffice.gsi.gov.uk>
Subject: Re: RIPA Part III

Watkin Simon wrote:

> 
>> From: Peter Fairbrother [mailto:zenadsl6186@zen.co.uk]
>> 
>> And now we come to the actual question - a key has been used to authenticate
>> requests for access. In so doing, has it been used to access?
>> 
> No.  It's been used to authenticate.  I guess your concern is a malicious Plod
> trying to dupe the authenticator to give access to Alice or Bob's data using
> Alice or Bob's authentication token.  But it really doesn't work like that.
> 
My concern was that a (malicious?) person (like me?) might hide his data
behind a requirement for a signature, akin to keeping data in a safety
deposit box in a bank - and that some Judge might think that was preventing
access, and demand the signature key, thereby destroying the entire concept
of a secure electronic signature.

However, now that you mention it,


[...]

> They wouldn't have gone down the route you're suggesting in the first place.
> And Part III is not extra-territorial, so a notice cannot be enforced outside
> the UK.  They would, more than likely, engage the assistance of the local
> authorities using their local legislation.
> 
And if that local legislation did not permit such assistance?

New case. It's easy enough to split a key, keep half, and give half to
someoone in another country, who will not let you access it unless you sign
a sworn statement that you are not the subject of a s49 order. In person,
after you have repudiated the key.

> Remember that Part III requires someone to have the protected information or
> be likely to obtain it.  If the protected information is outside the UK it is,
> more than likely, beyond the jurisdiction of that person.
> 
someone being the Police, usually. In the new case the protected information
would be on the subject's computer, and half the key held offshore.

Just to confuse the matter further, consider an example of the use of an OTP
(one time pad). Once used the ciphertext ("protected information") and the
key are interchangeable, and there is no way to distinguish between them.

Is it a key? Is it protected information? There's no way to tell.

>>> The prosecutor has to prove beyond reasonable doubt that you had it or you
>>> had known it.  Parliament has put a high hurdle in place for the prosecutor.
>>> The defendant only has to "raise an issue" and the prosecutor has to prove
>>> the contrary beyond reasonable doubt.  It's a bit more than just "I don't
>>> know it" but not much more.
>>> 
>> We'd like to know just how much more. We would like to see that spelled out
>> in the CoP.
>> 
> We can think about that, but anything in the code would only be indicative
> rather than prescriptive.
> 
Why? It would have the sanction of Parliament. Would Judges ignore it?

>> The basic flaw is in the idea that people should not be able to keep secrets
>> from their governments. When they cannot there is a tyranny of information.
>> 
> No one is saying people can't keep secrets from the Government.
> 

You are doing precisely that.

Or attempting to, it won't actually work.

None of those awful people in your examples will go to jail because you
introduce part III. It's been too long, they will have forgotten the keys by
now. And are they awful peple? Some of them seem to be, and some are just
suspects.

You will catch a few people unawares in the first few months, perhaps a
year, but then you won't catch anyone significant, as they will have changed
to using gak-resistant crypto. The majority of paedophile picture collectors
will be beyond your reach once again, if you rely on computer evidence to
catch or convict them.


> People can keep their secrets, but if the secret is about something harmful to
> society, or is believed to be something like that, we're saying that in
> accordance with the law people with such secrets will have to disclose just
> what it is they are keeping secret or how they keep that secret.

and how is that not being able to keep secrets from the Government?

> 
So they can't keep the secret if they are doing something harmful. How do
you judge what is harmful? How do you know they are dong something harmful?

> If my secret is abusing my niece, is that a secret I should keep from
> Government?  I may want to keep that secret but should the law which seeks to
> punish me for the abuse protect my secret.
> 
Yes, in these circumstances it should. They are plenty of other ways to
catch you.

I have two neices btw, but nowadays one is a something-th dan in karate with
mafia friends, and the other sleeps with "Mr Pointy", her epee. I wouldn't
exactly pity anyone who tried to abuse them, but I'd certainly advise them
not to ...

>>> Do you think there are law-abiding people out there discussing how to commit
>>> the perfect murder, or the perfect robbery (and who will never commit murder
>>> or robbery) with as much passion as how to evade to section 49 notice (and
>>> who will never be given one)?
>>> 
>> The fundamental difference is that murder and robbery are crimes, and we all
>> agree that they are crimes, and they hurt people, whereas many people think
>> evading a s 49 notice should not be a crime, and it doesn't hurt people. And
>> it isn't a crime anyway, but you know what I mean.
>> 
> You're right.  Murder and robbery, and let throw in child abuse, are crimes
> and they hurt people. If the evidence of those crimes is protected should law
> enforcement just walk away?  No.
> 
I agree. They should look for more evidence.

> If we can make it a requirement that is used appropriately, only necessarily
> and never unnecessarily, only proportionately and never unfairly or
> arbitrarily, and make that requirement enforceable by law,
> 
If ... It would be nice, knowing who is guilty in advance ("But they're all
guilty of something"). Without that it is impossible never to use it
unnecessarily or unfairly.

You spoke of proportionality - is it proportionate to impose this immense
damage on everyone, destroying everyone's privacy whether or not they are
ever the subject of a notice, against what we hope are only a few demands to
catch a few of the easiest-to-catch criimals?

Of course it isn't, it's obscene.

I must conclude that either you are unaware of the damage, you do not care
at all about it, or you have a futher agenda.


> as we do with requirements to give breath samples at the roadside,
> 
Different entirely. I don't drive, and so could never be the subject of such
a demand. It is a requirement placed on drivers, not on the general public.
It ought to be spelled out that way a bit more too.

More, if a half-dozen burly policemen were to forcibly take a sample it
would not require torture, unlike the situation where a half dozen policemen
forced someone to give up a key.

More again, if the unfair demand is made on an innocent person, all that
happens is that the Policeman learns that the subject is not drunk. There is
little or no harm to the subject in this, and the unfair imposition is not a
large imposition. 

The Policeman doesn't learn secrets that are none of his
business, and which may not relate to his investigation at all.


> that is surely in the best interest of the public in order to deal with those
> individuals who hurt people.
> 

again, if that was all you were doing I would applaud - but it's impossible,
you cannot make demands only of the guilty, especially in this type of case
where you do not know who is guilty.

And placing on everyone the possibility that they might be required to
reveal anything they encrypt, apart from making the encryption worthless,
makes them think twice about what they encrypt, it affects their freedom to
use cryptography.

Bruce Schneier has an interesting article about the necessity for privacy,
and the price of surveillance, in his latest  CRYPTO-GRAM.
<http://www.schneier.com/crypto-gram.html> I am out of eloquence.


-- 
Peter Fairbrother