...Posted by Brian Spector... Secondly, a very important point wasn't printed. GCHQ couldn't, by law, request a blanket back door on the system.
Untrue. A "property warrant" under the Intelligence Services Act 1994 <http://www.legislation.gov.uk/ukpga/1994/13/section/5> can require installation of a backdoor
There are a very rigid set of controls that mean only specific individuals can come under surveillance.
Untrue. A RIPA S.49 decryption order can be applied to a RIPA s.8 "certificated warrant" (which is used for GCHQ trawling of international comms e.g. TEMPORA - bit like a FISA 702 but without the constraints by US nationality/residency).
Even if a S.49 order is applied to a RIPA s.5 warrant targeted at a particular person's comms internal to UK (think Title III), it can require a key for past or FUTURE <http://www.legislation.gov.uk/ukpga/2000/23/section/49> ("is likely to do so") data, so whilst in theory a session key could suffice <http://www.legislation.gov.uk/ukpga/2000/23/section/50> (50(5)) for former, obvious the latter would require a private (assymetric) key, and BTW could also require a stream of PFS transient keys to be logged and handed over thereafter
The legal request for such surveillance has a due process that must be stridently followed.
I think he means stringently. Actually there is no "due process" that would be recognizable US legal terms. There is a possible appeal to a Technical Advisory Board (which at least up until a few years ago had never convened to hear such a case), but only on grounds of technical impracticality
At no time did I or anyone at CertiVox talk about CertiVox in relation to any RIPA warrant, only the generic process by which these warrants are served.
RIPA S.49 decryption orders can carry an indefinitely long secrecy requirement (see here <http://www.fipr.org/rip/CoPsampleGAKnotice.htm> ; numbering is anomalous because it's a draft)
Rather looks as if Certivox trying to dig out of the hole they might have breached secrecy in previous reports, and trying to backpeddle
@CasparBowden (author of www.fipr.org/rip/ - not updated since 2001)
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
