http://www.techweb.com/wire/story/TWB20000210S0005 E-Spying Bill Called 'Escrow By Intimidation' (02/10/00, 12:58 p.m. ET) By Madeleine Acey, TechWeb The British government published a bill Thursday to update law enforcement's interception powers to include communications made via company networks and ISPs. The legislation was immediately slammed as threatening human rights and labelled "key escrow through intimidation" by Internet think tank the Foundation For Information Policy Research (FIPR). Key escrow is a failed policy by which users of encryption software lodge copies of security keys with third parties approved by government. "This law could make a criminal out of anyone who uses encryption to protect their privacy on the Internet," said FIPR director Caspar Bowden. Following the recent liberalization of U.S. encryption software export laws, as tens of thousands of ordinary computer users start to use encryption, a test case looks inevitable. Requiring someone to prove they did not possess a key would likely be a breach of the European Convention of Human Rights, FIPR and civil rights group Justice concluded. "The DTI [Department of Trade and Industry] jettisoned decryption powers from its E-communications Bill last year because it did not believe that a law which presumes someone guilty unless they can prove themselves innocent was compatible with the Human Rights Act," Bowden said. "The corpse of a law laid to rest by [trade secretary] Stephen Byers has been stitched back up and jolted into life by [home secretary] Jack Straw." Straw insisted the Regulation of Investigatory Powers Bill ensure citizens' privacy and comply with the European Court on Human Rights. He said the interception methods of the past "sometimes led to serious miscarriages of justice" and that the bill would more closely regulate law enforcement and security agencies' activities. Straw added that interception of telecommunications was only legislated for in 1985. "There was only one completely dominant [telecom] provider and only landlines," he said. "No pagers, no mobiles, no e-mail, no Internet, no encryption. The change in the telecom landscape in less than a generation has been revolutionary. We have to ensure that the legislation keeps pace." Straw said interception played a vital role in the fight against terrorists and encryption "can be misused to devastating effect by criminals, not least in attempts by pedophiles to conceal their activities on the Internet." However, in submissions to the DTI last year, IT industry figures -- used as expert witnesses by law enforcement -- said encryption had never thwarted police attempts to crack encrypted files, and in some cases, the accused had handed keys over voluntarily. When asked at the time, security and police agencies, including the FBI, were unable to show any case where encryption had been a barrier to convicting a criminal. FIPR's Bowden said the Bill incorporated some changes to draft legislation to address previous criticisms. But, he said this was mere "window dressing". "To prove noncompliance with a notice to decrypt, the prosecution must prove a person 'has or has had' the key," Bowden said. "This satisfies the objection to the case where a person may never have had the key but leaves unchanged the essential reverse-burden of proof for someone who has forgotten or irreplaceably lost a key."
