RIPA s 12(7)

Sun Jun 15 20:33:11 BST 2014

On 14/06/14 21:49, Peter Fairbrother wrote:
> On 12/06/14 12:20, Caspar Bowden (lists) wrote:
>> On 06/12/14 08:43, Peter Sommer wrote:
>>> ..
>>> GMail or any of the non-UK webmail service providers could however
>>> embed encryption into their offerings but the UK government would not
>>> be able to force them to introduce an interception capability;  it
>>> would have to be done by agreement.
>>
>> ..but a s.49 RIP order can require CSP to produce plaintext (or key) to
>> any past (or future) data. If the key isn't available (e.g there is
>> client-side code) a recipient of a s.49 can be required to give all
>> co-operation necessary to have a defence.

Actually there is another and perhaps rather amusing issue here:

RIPA ss.50(2)

"A person subject to a requirement under subsection (1)(b) to make a 
disclosure of any information in an intelligible form [ie the recipient 
of a s.49 notice] shall be taken to have complied with that requirement if—

(a) he makes, instead, a disclosure of any key to the protected 
information that is in his possession; and [...]"

However, RIPA s.26

" (1) [...] “key”, in relation to any electronic data, means any key, 
code, password, algorithm or other data the use of which (with or 
without other keys)—
(a) allows access to the electronic data, or
(b) facilitates the putting of the data into an intelligible form; "

and

"(2) References in this Part to a person’s having information (including 
a key to protected information) in his possession include references—

(a) to its being in the possession of a person who is under his control 
so far as that information is concerned;

(b) to his having an immediate right of access to it, or an immediate 
right to have it transmitted or otherwise supplied to him; [...]"

so make sure the Swiss lawyer only gives out keys at his discretion ...

[ as I understand this, Plod can then issue a s.49 notice. You reply 
"the only key I have in my possession is the datum that the Swiss lawyer 
may be able to supply a key."

You have then given them the only key in your possession, and complied 
with the notice as defined in ss.50(2) - and they cannot then use the 
notice to require you to do anything more, such as ask the Swiss lawyer 
for the key, as you have already complied with the notice ]

I am not a lawyer ...

-- Peter Fairbrother

>
> Not entirely.
>
> RIPA subsection 49(2) "If any person with the appropriate permission
> under Schedule 2 believes, on reasonable grounds—
>
> (a)that a key to the protected information is in the possession of any
> person, [and ...]"
>
> he can issue a notice which can require more cooperation than the use of
> the key. However if it is unreasonable for him to so believe then no
> such notice can be issued.
>
> The first time, maybe the cops would get away with it - but afterwards,
> when it is known that no relevant key is in the possession of the ISP,
> then no notice can be issued - even if it is known that the ISP could
> otherwise provide plaintext.

>
> -- Peter F
>
>
>>
>> Wonder opinions if this sufficient for UK to (coercively) "do a
>> Hushmail" ? Or under Intel Services Act, or RIPA Pt.2 ?
>>
>> CB
>>
>>
>
>
>