RIPA s 12(7)

[Peter Fairbrother]

On 16/06/14 08:04, Caspar Bowden (lists) wrote:
> On 06/16/14 00:26, Peter Fairbrother wrote:
>> On 12/06/14 12:20, Caspar Bowden (lists) wrote:
>>> ....but a s.49 RIP order can require CSP to produce plaintext (or
>>> key) to
>>> any past (or future) data. If the key isn't available (e.g there is
>>> client-side code) a recipient of a s.49 can be required to give all
>>> co-operation necessary to have a defence.
>>
>> I'm beginning to wonder whether that last is actually true.
>> ..
>>
>> Most specifically, you can't be forced to ask someone else for keys to
>> which you only have conditional access to.
>
> don't understand what you mean by "conditional"

Nor do I really, but if you have unconditional access to a key then you 
have it in your possession, and thus you have to give it up under a s.49 
warrant - so presumably if you only have conditional access, you don't 
have it in your possession (and you don't have to give it up).


That's from RIPA ss.58(2):

"References in this Part to a person’s having information (including a 
key to protected information) in his possession include references—

(a) to its being in the possession of a person who is under his control 
so far as that information is concerned;

(b) to his having an immediate right of access to it, or an immediate 
right to have it transmitted or otherwise supplied to him; [...]"


>
>>
>>>
>>> Wonder opinions if this sufficient for UK to (coercively) "do a
>>> Hushmail" ? Or under Intel Services Act, or RIPA Pt.2 ?
>>
>> I'm not sure what you mean here.
>
> http://www.wired.com/2007/11/encrypted-e-mai/
>
> Actually I had forgotten that this case involved server-side extraction
> of key (read above). This is obviously within RIP Pt.3 - I remain
> worried about trying to find combo of UK powers which could coerce a
> client-side attack (e.g. he provider has to inject back-doored
> javascript code)

Will get back to you on that one


-- Peter