[rah at shipwright.com: [Clips] UK Government to force handover of encryption keys]

Eugen Leitl eugen at leitl.org
Thu May 18 19:34:11 UTC 2006


I have no keys, and I must disclose.

----- Forwarded message from "R.A. Hettinga" <rah at shipwright.com> -----

From: "R.A. Hettinga" <rah at shipwright.com>
Date: Thu, 18 May 2006 14:17:16 -0400
To: cypherpunks at jfet.org
Subject: [Clips] UK Government to force handover of encryption keys

--- begin forwarded text


  Delivered-To: rah at shipwright.com
  Delivered-To: clips at philodox.com
  Date: Thu, 18 May 2006 14:10:20 -0400
  To: Philodox Clips List <clips at philodox.com>
  From: "R.A. Hettinga" <rah at shipwright.com>
  Subject: [Clips] UK Government to force handover of encryption keys
  Reply-To: rah at philodox.com
  Sender: clips-bounces at philodox.com

  <http://www.zdnet.co.uk/print/?TYPE=story&AT=39269746-39020330t-10000025c>




  Government to force handover of encryption keys

  Tom Espiner

  ZDNet UK

  May 18, 2006, 12:10 BST

  The UK Government is preparing to give the police the authority to force
  organisations and individuals to disclose encryption keys, a move which has
  outraged some security and civil rights experts.

  The powers are contained within Part 3 of the Regulation of Investigatory
  Powers Act (RIPA). RIPA was introduced in 2000, but the government has held
  back from bringing Part 3 into effect. Now, more than five years after the
  original act was passed, the Home Office is seeking to exercise the powers
  within Part Three of RIPA.

  Some security experts are concerned that the plan could criminalise
  innocent people and drive businesses out of the UK. But the Home Office,
  which has just launched a consultation process, says the powers contained
  in Part 3 are needed to combat an increased use of encryption by criminals,
  paedophiles, and terrorists.

  "The use of encryption is... proliferating," Liam Byrne, Home Office
  minister of state told Parliament last week. "Encryption products are more
  widely available and are integrated as security features in standard
  operating systems, so the Government has concluded that it is now right to
  implement the provisions of Part 3 of RIPA... which is not presently in
  force."

  Part 3 of RIPA gives the police powers to order the disclosure of
  encryption keys, or force suspects to decrypt encrypted data.

  Anyone who refuses to hand over a key to the police would face up to two
  years' imprisonment. Under current anti-terrorism legislation, terrorist
  suspects now face up to five years for withholding keys.

  If Part 3 is passed, financial institutions could be compelled to give up
  the encryption keys they use for banking transactions, experts have warned.



  "The controversy here [lies in] seizing keys, not in forcing people to
  decrypt. The power to seize encryption keys is spooking big business,"
  Cambridge University security expert Richard Clayton told ZDNet UK on
  Wednesday.

  "The notion that international bankers would be wary of bringing master
  keys into UK if they could be seized as part of legitimate police
  operations, or by a corrupt chief constable, has quite a lot of traction,"
  Clayton added. "With the appropriate paperwork, keys can be seized. If
  you're an international banker you'll plonk your headquarters in Zurich."

  Opponents of the RIP Act have argued that the police could struggle to
  enforce Part 3, as people can argue that they don't possess the key to
  unlock encrypted data in their possession.

  "It is, as ever, almost impossible to prove 'beyond a reasonable doubt'
  that some random-looking data is in fact ciphertext, and then prove that
  the accused actually has the key for it, and that he has refused a proper
  order to divulge it," pointed out encryption expert Peter Fairbrother on
  ukcrypto, a public email discussion list.

  Clayton backed up this point. "The police can say 'We think he's a
  terrorist' or 'We think he's trading in kiddie porn', and the suspect can
  say, 'No, they're love letters, sorry, I've lost the key'. How much
  evidence do you need [to convict]? If you can't decrypt [the data], then by
  definition you don't know what it is," said Clayton.

  The Home Office on Wednesday told ZDNet UK that it would not reach a
  decision about whether Part 3 will be amended until the consultation
  process has been completed.

  "We are in consultation, and [are] looking into proposals on amendments to
  RIPA," said a Home Office spokeswoman. "The Home Office is waiting for the
  results of the consultation" before making any decisions, she said.

  The Home Office said last week that the focus on key disclosure and forced
  decryption was necessary due to "the threat to public safety posed by
  terrorist use of encryption technology".

  Clayton, on the other hand, argues that terrorist cells do not use master
  keys in the same way as governments and businesses.

  "Terrorist cells use master keys on a one-to-one basis, rather than using
  them to generate pass keys for a series of communications. With a
  one-to-one key, you may as well just force the terrorist suspect to decrypt
  that communication, or use other methods of decryption," said Clayton.

  "My suggestion is to turn on all of Part 3, except the part about trying to
  seize keys. That won't create such a furore in financial circles," he said.

  --
  -----------------
  R. A. Hettinga <mailto: rah at ibuc.com>
  The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
  44 Farquhar Street, Boston, MA 02131 USA
  "... however it may deserve respect for its usefulness and antiquity,
  [predicting the end of the world] has not been found agreeable to
  experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
  _______________________________________________
  Clips mailing list
  Clips at philodox.com
  http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060518/f51dc9b8/attachment.pgp>


More information about the tor-talk mailing list