Re: UK RIPA Pt 3
Peter Fairbrother wrote: The UK Home Office have just announced that they intend to bring the provisions of Pt 3 of the Regulation of Investigatory Powers Act 2000 into force on 1st October. This is the law that enables Policemen to demand keys to encrypted material, on pain of imprisonment, and without judicial approval of these demands. There is one last Parliamentary process to go through, the approval of a code of practice, but as far as I know there has never been a case of one of these failing to pass - though a related one was withdrawn a few years ago. We will try to prevent it happening, the chances of success are against us but it is not impossible. You are not required to keep keys indefinitely, or give up a key you don't have, but the rules regarding the assumption that you know a key at least partially reverse the normal burden of proof. I forgot to mention that Pt.3 also includes coercive demands for access keys - so for instance if Mr Bill Gates came to the UK, and if there was some existing question about Microsoft's behaviour in some perhaps current EU legal matter, Mr Gates could be required to give up the keys to the Microsoft internal US servers. Or go to jail. Though I'd quite like to see that :), I don't think it would be entirely appropriate ... -- Peter Fairbrother - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
UK RIPA Pt 3
The UK Home Office have just announced that they intend to bring the provisions of Pt 3 of the Regulation of Investigatory Powers Act 2000 into force on 1st October. This is the law that enables Policemen to demand keys to encrypted material, on pain of imprisonment, and without judicial approval of these demands. There is one last Parliamentary process to go through, the approval of a code of practice, but as far as I know there has never been a case of one of these failing to pass - though a related one was withdrawn a few years ago. We will try to prevent it happening, the chances of success are against us but it is not impossible. You are not required to keep keys indefinitely, or give up a key you don't have, but the rules regarding the assumption that you know a key at least partially reverse the normal burden of proof. m-o-o-t will be there on the day. m-o-o-t is a freeware live CD containing OS and applications, including an ephemerally keyed messaging service, and a steganographic file system. If anyone knows of any other technologies to defeat this coercive attack I would be glad to hear of them, and perhaps include them in m-o-o-t. -- Peter Fairbrother www.m-o-o-t.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: UK RIPA Pt 3
* Peter Fairbrother: I forgot to mention that Pt.3 also includes coercive demands for access keys - so for instance if Mr Bill Gates came to the UK, and if there was some existing question about Microsoft's behaviour in some perhaps current EU legal matter, Mr Gates could be required to give up the keys to the Microsoft internal US servers. Or go to jail. Well, if Mr Gates is a witness and not a suspect, such coercive measures are well within the legal framework of most countries. As a witness, you must testify. It simply does not matter if the information you are asked to provide is encrypted, or is stored in a database and needs significant preprocessing to obtain. It would be quite surprising if this was any different in the UK. So it's purely the self-incrimination part that is questionable from a legal POV. I think this bears repeating because we face a similar discussion in Germany regarding covert data seizure using technological measures, and the discussion focuses almost entirely on the technological measures. But the legal obstacle is just the covertness. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]