RIP in action

[Richard Clayton]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <B720899F87133940965DFA172C81CC4F010D605B@FDCEM007>, Watkin
Simon <Simon.Watkin@homeoffice.gsi.gov.uk> writes

>> -----Original Message-----
>> From: Ian G Batten [mailto:ian.batten@uk.fujitsu.com]
>> Sent: 12 November 2007 1:01 PM
>> 
>> On 12 Nov 07, at 1205, David Hansen wrote:
>> 
>> > http://www.indymedia.org.uk/en/2007/11/385589.html is the first
>> > mention
>> > I have seen of somebody being affected by the key grabbing activities
>> > of some government official.
>> 
>> And that the legislation is being applied retrospectively, which is
>> normally not the case with laws passed in Britain.
>
>Only the legislation isn't being applied retrospectively.

indeed -- as I presciently pointed out several weeks ago :)

  http://www.lightbluetouchpaper.org/2007/09/30/time-to-forget/

>The criminal conduct, of knowingly failing to comply with a notice, could
>only take place on or after 1 October.  It couldn't happen before then.

It's not at all clear from the IndyMedia story that a s49 notice has in
fact been served!

What seems to have happened is that the CPS (who couldn't issue a notice
anyway) have written asking the person to volunteer their key.

Should they refuse this polite request, they are being threatened with
the subsequent issuing of a notice, which might or might not require the
key to be produced (it might of course just require the putting into an
intelligible form of the data).

Given that this is PGP, it's unlikely that a fake key could be produced
which decrypted the data to an incorrect form -- so I think it is very
unlikely that the conditions (Code of Practice 6.3 to 6.7) for requiring
a key would be met, so the notice would solely be for putting into an
intelligible form.

However, that's not all that's odd here. I note that the Code of
Practice in 3.10 says:

3.10    NTAC is the lead national authority for all matters relating to
        the processing of protected information into intelligible form
        and to disclosure of key material. All public authorities should
        consult with NTAC at the earliest opportunity when considering
        the exercise of the powers in Part III. No public authority may
        serve any notice under section 49 of the Act or, when the
        authority considers it necessary, seek to obtain appropriate
        permission without the prior written approval of NTAC to do so.
        Such approval may be given in specific cases or it can be given
        to a public authority if NTAC assesses the authority is
        competent to exercise the powers in Part III.

I am struggling, for the reasons set out above, to see that NTAC's
advice has been understood by the CPS if they are threatening to ask for
a key :(  [perhaps they didn't quite say that ? the protestor hasn't
posted the correspondence]

Or perhaps they (and of course it would be the police not the CPS who
would need to issue the s49 notice) are not yet at the stage where they
will "seek to obtain appropriate permission".

This appears to be an unforeseen hole in the CoP since it would clearly
be desirable to seek NTAC's views before approaching suspects with
requests for keys (rather than requests to put into an intelligible
form) -- lest the authorities give the impression that they know rather
less about the rules (and the operation of encryption systems) than
everyone else :(

Perhaps Simon have a word with the CPS ? or is this a job for the
Interception Commissioner ?

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBRzhv/ZoAxkTY1oPiEQLjLwCg4Ams34HJfgYzm7BbEhfO7fCKqFQAoKfY
Lvyiy2xaMSJnoTmRnqFc65jw
=hfj6
-----END PGP SIGNATURE-----