Investigatory Powers Act - Government mandated backdoors
zenadsl6186 at zen.co.uk
Fri Dec 9 19:57:11 GMT 2016
On 05/12/16 07:54, Roland Perry wrote:
> In article <ecf10e6b-4863-a5bd-1beb-9c32615683dd at zen.co.uk>, Peter
> Fairbrother <zenadsl6186 at zen.co.uk> writes
>> Probably the most important example is Forward Secrecy in eg TLS
>> suites. In order to maintain the ability to produce the plain text,
>> relevant operators can effectively be required to modify their systems
>> to retain the keys used rather than discarding them.
> As with the A5/1 SM encryption it would be far easier to simply
> intercept the plain text *after* it has emerged from the TLS 'decoder'
> at the operator's premises.
>> Some may consider that a required backdoor, but as the relevant
>> operator keeps the keys, and they are not available to Plod etc
>> without a warrant, I don't know whether it really counts. Maybe 1/2 a
>> required backdoor.
> Remember, this is about intercepting transmissions happening *now*, not
> decrypting historic transmissions where for some reason they have been
> stored while still encrypted by the carrier's internal encryption scheme.
(an ISP would not usually use TLS, it's more for websites)
I was thinking more - Plod intercepts an IP (with a warrant) - gets
ciphertext - asks a relevant operator, eg Googlemail, to decrypt.
RO says "no I can't, I used forward secrecy and both the keys and
plaintext are gone".
HO says "you must maintain the capability" (under s. 254, with the
relevant authorisation in Ss.254(1)(a) being a putative but not extant
S.16(1)(a) warrant). See  below.
>> Of course there is a small problem for the SoS and/or Plod here - if
>> an effect of the modification to the system, eg removing the deletion
>> of keys, makes any of the content available to a person other than the
>> sender or recipient then it would be interception, and unlawful.
> Only if you don't have a relevant warrant to hand.
 aiui, the relevant authorisation in Ss.254(1)(a) in regard to which
HO can issue a technical capability order is any relevant authorisation
of the types in Ss.254(1)(a) which might reasonably come along in future.
There doesn't have to be, indeed there cannot reasonably be expected to
be, any specific authorisation covering everything the order might
involve at the actual time the order is served.
However as there is no actual authorisation in existence for everything
the technical capability order might cover, if the behaviour the order
requires involves interception then it would be unlawful.
I suppose HO or FO might, by some chicanery, have a bulk warrant to hand
- but I don't think they could have a targeted warrant at the time they
served the capability order, which covers much more than any targeted
Roland, do you have any historical view on the meaning of 262 (11)
“Telecommunications service” means any service that consists in the
provision of access to, and of facilities for making use of, any
telecommunication system [...]?
There seem to be two separate requirements, firstly the provision of
access, and secondly the [provision of] facilities for making use of -
but I cannot make any sense of that.
More information about the ukcrypto