Big Brother Awards
quintessenz search  /  subscribe  /  upload  /  contact  
/q/depesche *
RSS-Feed Depeschen RSS
Hosted by NESSUS
<<   ^   >>
Date: 1999-07-25

Kryptogesetz im UK: Kontrolle und Buerokratie

-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-

Hemmt den E-Commerce, gibt der Regierung zuviel Kontrolle
über Krypto und verstösst gegen die Convention of Human
Rights - Sozialdemokraten haben wieder ein E-Kommerz
Gesetz gemacht.

Im Ratzen/rennen der Neo/hegelianer um die Staatsräson
haben die Briten inzwischen wieder die Nase vorn.

-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-

Since the early 1990s, civil service policy advice to
Conservative and Labour Ministers has advocated draconian
legislation restricting the use of encryption on the Internet.
The Conservatives proposed compulsory licensing of
encryption in Government, but recanted in opposition. Labour
opposed controls in opposition, but now propose "decryption
notices" which overturn basic principles of human rights and
civil liberties.

Today the Government published an Electronic
Communications Bill that will give ministers broad powers to
control the use of encryption in electronic commerce.
Although some of the more objectionable aspects of previous
proposals have been dropped from primary legislation, the bill
gives ministers the power to introduce them later as

Caspar Bowden (Director of FIPR) said: "Electronic
businesses can trade from anywhere in the world.
Threatening a mountain of red tape will cause e-business to
move to places with a more supportive climate such as
Ireland or Canada."

"The Home Office argues that being asked to produce a
decryption key is like being asked to provide a DNA sample.
But innocent people might lose a key to stored data, or never
know the key to data that is e-mailed to them - and unless
the court is convinced, it means jail"

Overwhelmed by resistance from industry and users, the
government has been forced to abandon a succession of
elaborate but futile frameworks for regulation, wasting three
years in which UK e-commerce could have established a
world lead.

Big Bureaucracy --------------- Compulsory licensing with
mandatory key escrow subsequently became "voluntary"
licensing linked to key escrow, and now the terminology has
metamorphosed again into a "register of approved providers".
Despite a fiercely critical Trade and Industry Select
Committee report, the DTI has ignored the spirit of their
findings and appears still to want to keep open options for
strict regulation. Six pages of impenetrably worded legislation
could see the return of key escrow through secondary
powers which would allow the Secretary of State to make
escrow a condition of approval.

Businesses already deterred by vacillation and delay, will
have little idea of what to expect until the regulations are
eventually published. Different regulations can be published
by different departments, no timescales are set out, and
businesses will face constant debilitating uncertainty about
whether electronic products and services may in future face
much stricter regulation.

FIPR wishes to see cast-iron curbs on secondary powers
which could require (or coerce) without further primary
legislation: (a) operation of key escrow by approved providers,
(b) linkage of weight or validity of signatures to being an
approved provider, (c) use of approved provider of certificates
or encryption for dealings with Government

Big Brother ----------- There are also serious civil liberties
concerns. The bill will give police the power to demand
decryption keys from anyone they suspect of possessing
them, and failure to hand keys over can lead to a two year jail
sentence. The defence will be presumed guilty of withholding
a key unless they can prove otherwise (a likely contravention
of the European Convention on Human Rights), and
decryption notices will be secret, so it will be impossible to
complain effectively if they are used in an oppressive way.

Handing over a decryption key used for years on end would
give the police access to very much more information than
they need. Decryption notices can also be served on
innocent correspondents of a suspected person, with an
indefinite obligation not to change keys and maintain secrecy.

FIPR believes that criminals should not be able hide behind
encryption, but the way in which the government intends to
deal with this is completely unsatisfactory and infringes basic
human rights.

To obtain power to serve a decryption notice FIPR suggests
that the authorities should establish to a judge with reliable
evidence that the: - data in question contains a hidden or
encrypted message - person on whom the notice is served
possesses a key - data contains evidence of, or would assist
in pursuit or detection of, a serious criminal offence

Decryption Notices and Human Rights
=================================== - penalty of
two years imprisonment for non-compliance - can be served
on a person who "appears" to have a key - there is no
requirement for any evidence to support this - discretion to
demand either keys or decrypted data - access to keys
destroys privacy of all past messages - can be used to
obtain private keys from innocent associates or professional
legal advisers of suspected persons - do not even have to
specify what encrypted data has to be decrypted - can ask
for any and all keys - apply not just to data seized or
intercepted under warrant, but also to anything lawfully
obtained without a warrant (including published or public
domain material) - allows methods of incriminating innocent
persons in ways against which it will be impossible to defend
reliably - will deter Cryptography Service Providers who might
operate key recovery (which could assist law enforcement)
from doing so, by exposing them to strict criminal penalties if
(for some reason) they are unable to comply.

*) No presumption of innocence : burden of proof on defence
to show they DO NOT have a key - how is it logically
possible to PROVE non-possession of key? - asking for a
decryption key is not like asking for a DNA sample - innocent
people lose keys, or might never know the key to data that is
e-mailed to them

*) "Tipping-off" condition - actually an indefinite obligation of
secrecy of excessive width - can impose an indefinite
obligation of secrecy on suspects, associates or legitimate
third-parties - prevents innocent associates from complaining
publicly, with a penalty of five years imprisonment - could
actually be used against suspects themselves (prevent from
"tipping-off" themselves !) - with a penalty of five years

*) Safeguards? - Complainants only recourse is to a Tribunal,
which can hold proceedings in their absence - Tribunal need
not disclose reasons for decisions, and operate special rules
on burden of proof and admissibility of evidence - no "equality
of arms" between the prosecution and the defence. - a
Commissioner to "keep under review" exercise of powers -
abuse of powers breaching the Code of Practice would not "of
itself" create any criminal offence - duty on authorities with
access to keys to maintain only such safeguards "as
considered necessary"

Could key escrow return under secondary powers?
=== The Trade and Industry Select Committee commented in
their report: (115): "A number of respondents_advocated that
statutory instruments should be ratified by affirmative
resolution_we have been critical in the past of Government's
reliance on regulations which escape effective parliamentary
scrutiny." (107). "Powers should not be taken in the
forthcoming Bill to permit the introduction of key escrow or
related requirements at a later date".

Part I: Register of Approved Cryptography Service Providers ---
--- Secondary powers - could compel key-escrow/recovery as
a condition for approval as a Registered Cryptography Service

Part II: Admissibility of E-Signatures and Powers to Amend
Legislation ------- Secondary powers - could prescribe use of
a Registered Provider for citizens or businesses to deal
electronically with Government. - be ratified by affirmative or
negative resolution at the discretion of the government.

Published Bill available at

Contact: Caspar Bowden - Director of FIPR +44 171 354

-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-

- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
edited by
published on: 1999-07-25
comments to
subscribe Newsletter
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
<<   ^   >>
Druck mich


Eintritt zur Gala
sichern ...

25. Oktober 2023
Big Brother Awards Austria
q/Talk 1.Juli: The Danger of Software Users Don't Control
Dr.h.c. Richard Stallman live in Wien, dem Begründer der GPL und des Free-Software-Movements
bits4free 14.Juli 2011: OpenStreetMap Erfinder Steve Coast live in Wien
Wie OpenStreetMaps die Welt abbildet und was ein erfolgreiches Crowdsourcing Projekt ausmacht.