return of key-escrow: UK PKI Strategy cites bogus RIPA rationale
Caspar Bowden (lists)
lists at casparbowden.net
Tue Aug 13 12:58:34 BST 2013
Hadn't noticed any commentary on this... ?
(Feb 28 2013) PKI Strategy
<https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/135998/pki-strategy-1.0.pdf>
and Implementation Strategy
<https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/135992/PKI-Implementation-Strategy-1-0.pdf>
(occurs in both)
* "For example key escrow *may be required* for private encryption
keys in some services (*to comply with* Regulation of Investigatory
Powers Act Section 3)"
but FIPR 9/5/2000 <http://www.fipr.org/rip/PR3RHC.htm>
* Surprisingly Mr.Clarke amended S.69
<http://www.publications.parliament.uk/pa/cm199900/cmhansrd/vo000508/debtext/00508-17.htm#00508-17_spnew2>
[Hansard link - at bottom] to exempt company directors from
liability under Part.III - that is, they are no longer personally
liable for failure of their company to comply with a decryption
notice. This was the chief cause of FIPR's diagnosis of government
strategy as being that of "key escrow by intimidation" - however it
still leaves individuals and company employees in the firing line.
?
Caspar Bowden
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20130813/1e7d4e59/attachment.html>
More information about the ukcrypto
mailing list