return of key-escrow: UK PKI Strategy cites bogus RIPA rationale
Adrian Midgley
amidgley at gmail.com
Tue Aug 13 20:27:23 BST 2013
Zombie ideas.
>From Dr Adrian Midgley's hand
On 13 Aug 2013 16:20, "Caspar Bowden (lists)" <lists at casparbowden.net>
wrote:
> Hadn't noticed any commentary on this... ?
>
> (Feb 28 2013) PKI Strategy<https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/135998/pki-strategy-1.0.pdf>and Implementation
> Strategy<https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/135992/PKI-Implementation-Strategy-1-0.pdf>(occurs in both)
>
> - "For example key escrow *may be required* for private encryption
> keys in some services (*to comply with* Regulation of Investigatory
> Powers Act Section 3)"
>
> but FIPR 9/5/2000 <http://www.fipr.org/rip/PR3RHC.htm>
>
> - Surprisingly Mr.Clarke amended S.69<http://www.publications.parliament.uk/pa/cm199900/cmhansrd/vo000508/debtext/00508-17.htm#00508-17_spnew2>[Hansard link - at bottom] to exempt company directors from liability under
> Part.III - that is, they are no longer personally liable for failure of
> their company to comply with a decryption notice. This was the chief cause
> of FIPR's diagnosis of government strategy as being that of "key escrow by
> intimidation" - however it still leaves individuals and company employees
> in the firing line.
>
> ?
>
> Caspar Bowden
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20130813/4e007dd3/attachment.html>
More information about the ukcrypto
mailing list