RIPA s 12(7)

[Peter Sommer]

One of the reasons I provided a link to the RIPA Pt 3 Code of Practice 
is that it shows the steps involved and tests that must be applied 
during any attempt to enforce a s49 Order.  If the CSP has merely 
advised their customers to use encryption,  pointed them in a few 
specific directions but has no further role in setting up the encryption 
system then they can say that in this instance they are a mere conduit.  
It would be different if they were offering an encrypted webmail 
service, though if the keys are generated by the client or by a third 
party then plainly the CSP has nothing that would help the authorities. 
For conviction under s 49 the authorities have to prove, among other 
things, a reasonable belief that the key or the power to decrypt, is in 
the possession of the person or entity being accused.


Peter Sommer


On 12/06/2014 12:20, Caspar Bowden (lists) wrote:
> On 06/12/14 08:43, Peter Sommer wrote:
>> ..
>> GMail or any of the non-UK webmail service providers could however 
>> embed encryption into their offerings but the UK government would not 
>> be able to force them to introduce an interception capability;  it 
>> would have to be done by agreement.
>
> ..but a s.49 RIP order can require CSP to produce plaintext (or key) 
> to any past (or future) data. If the key isn't available (e.g there is 
> client-side code) a recipient of a s.49 can be required to give all 
> co-operation necessary to have a defence.
>
> Wonder opinions if this sufficient for UK to (coercively) "do a 
> Hushmail" ? Or under Intel Services Act, or RIPA Pt.2 ?
>
> CB
>
>


-- 
THE INFORMATION CONTAINED IN THIS E-MAIL IS CONFIDENTIAL AND LEGALLY PRIVILEGED.  IT IS INTENDED ONLY FOR THE ADDRESSEE NAMED ABOVE. IF YOU ARE NOT THE ADDRESSEE ANY DISTRIBUTION, COPYING OR DISCLOSURE OF THIS E-MAIL IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED IT IN ERROR PLEASE NOTIFY THE SENDER BY E-MAIL IMMEDIATELY AND DESTROY THE ORIGINAL