return of key-escrow: UK PKI Strategy cites bogus RIPA rationale
Caspar Bowden (lists)
lists at casparbowden.net
Mon Aug 19 12:37:26 BST 2013
On 08/19/13 12:04, Ben Laurie wrote:
> On 13 August 2013 07:58, Caspar Bowden (lists) <lists at casparbowden.net
> <mailto:lists at casparbowden.net>> wrote:
> Hadn't noticed any commentary on this... ?
> (Feb 28 2013) PKI Strategy
> and Implementation Strategy
> (occurs in both)
> * "For example key escrow *may be required* for private
> encryption keys in some services (*to comply with* Regulation
> of Investigatory Powers Act Section 3)"
> but FIPR 9/5/2000 <http://www.fipr.org/rip/PR3RHC.htm>
> * Surprisingly Mr.Clarke amended S.69
> [Hansard link - at bottom] to exempt company directors from
> liability under Part.III - that is, they are no longer
> personally liable for failure of their company to comply with
> a decryption notice. This was the chief cause of FIPR's
> diagnosis of government strategy as being that of "key escrow
> by intimidation" - however it still leaves individuals and
> company employees in the firing line.
> PSN is a company with directors?
No, but the bit Clarke chopped in response to (largely commercial)
campaigning was the only part containing any express "key escrow by
intimidation" aimed at board-level of organizations
So the question I am raising is whether there is some other "public
policy" rationale for arguing that escrow is compelled by the
hypothetical necessity to respond to some particular decrypt request in
future (contrast to arguments about "relevance" in PATRIOT 215 metadata).
AFAIK this falls under Council of Europe R.87 (1987) which forbids ECHR
states from compelling retention of arbitrary data as a matter of public
policy in organs of the state, unless there is a precise authorizing
law. RIPA Part.3 is not that law (but e.g. the EU DRD is such a law - in
that it exists!), and of course compelling escrow in public sector has
huge structural effects on normative practices (that what R.87 fuss was
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ukcrypto