RIPA s 12(7)
peter at pmsommer.com
Thu Jun 12 17:49:25 BST 2014
One of the reasons I provided a link to the RIPA Pt 3 Code of Practice
is that it shows the steps involved and tests that must be applied
during any attempt to enforce a s49 Order. If the CSP has merely
advised their customers to use encryption, pointed them in a few
specific directions but has no further role in setting up the encryption
system then they can say that in this instance they are a mere conduit.
It would be different if they were offering an encrypted webmail
service, though if the keys are generated by the client or by a third
party then plainly the CSP has nothing that would help the authorities.
For conviction under s 49 the authorities have to prove, among other
things, a reasonable belief that the key or the power to decrypt, is in
the possession of the person or entity being accused.
On 12/06/2014 12:20, Caspar Bowden (lists) wrote:
> On 06/12/14 08:43, Peter Sommer wrote:
>> GMail or any of the non-UK webmail service providers could however
>> embed encryption into their offerings but the UK government would not
>> be able to force them to introduce an interception capability; it
>> would have to be done by agreement.
> ..but a s.49 RIP order can require CSP to produce plaintext (or key)
> to any past (or future) data. If the key isn't available (e.g there is
> client-side code) a recipient of a s.49 can be required to give all
> co-operation necessary to have a defence.
> Wonder opinions if this sufficient for UK to (coercively) "do a
> Hushmail" ? Or under Intel Services Act, or RIPA Pt.2 ?
THE INFORMATION CONTAINED IN THIS E-MAIL IS CONFIDENTIAL AND LEGALLY PRIVILEGED. IT IS INTENDED ONLY FOR THE ADDRESSEE NAMED ABOVE. IF YOU ARE NOT THE ADDRESSEE ANY DISTRIBUTION, COPYING OR DISCLOSURE OF THIS E-MAIL IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED IT IN ERROR PLEASE NOTIFY THE SENDER BY E-MAIL IMMEDIATELY AND DESTROY THE ORIGINAL
More information about the ukcrypto