Advertisement
Promo

Compliance Toolkit

Government wants your view on encryption keys

Tom Espiner ZDNet.co.uk

Published: 08 Jun 2006 16:10 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The Government has launched a public consultation into a draft code of practice for a controversial UK law that critics have said could alienate big business and IT professionals.

Part III of the Regulation of Investigatory Powers Act 2000 (RIPA) will, as it stands, give police the authority to force organisations and individuals to disclose encryption keys.

The Government issued the public consultation on the code of practice for Part III, which will regulate how police and the courts use powers under the legislation, on Wednesday.

"The Home Office has today issued a public consultation on the investigation of protected electronic data, which invites comments on a draft code of practice relating to the exercise of powers under Part III of the Regulation of Investigatory Powers Act 2000 (RIPA)," said Simon Watkin of the Home Office Covert Investigation Policy Team.

The closing date for the consultation is 30 August.

Cambridge University security expert Richard Clayton told ZDNet UK that any company that was concerned by Part III of RIPA would be "foolish to pass up the opportunity" of voicing their concerns.

"Although in theory the Government's mind is made up, the proposals are so incomplete and confused that they may have a rethink anyway," said Clayton.

The security expert said that there were "a lot of complexities not addressed" by the code of practice, including the rules which will govern how access to keys can be demanded. Clayton predicted in May that financial institutions would consider moving to countries without encryption key disclosure laws.

"The Home Office appear sensitive to the suggestion that every financial institution will remove their keys (and hence a lot of jobs) from the country," said Clayton.

"There is a brand new safeguard in that the head of the FSA [Financial Services Authority] must now countersign requests [for key disclosure]. But this only applies to "financial services" and not to, say, a company like Ebay, or a British competitor."

"It gets worse. There is a brand new suggestion that demanding keys might become commonplace — when there might otherwise be doubt as to whether a decryption has been done correctly. This means that instead of asking for keys being highly exceptional, as parliament clearly intended, it will in fact become common," said Clayton.

The security expert also raised the question of whether an arrested person should be allowed access to their laptop to decode encrypted files.

"If so, how should we avoid the authorities "cheating" and installing some keystroke logging software first?" Clayton said.

"The last issue is whether (when the police don't like your attitude) it should be suggested that your hard disk in fact contains encrypted copies of child pornography — because then they can lock you up for longer," Clayton added.

The code of practice has already been criticised by mathematician and encryption expert Peter Fairbrother.

"This isn't a code of practice — it's just a repetition of RIPA in different words," said Fairbrother on ukcrypto, a public email list.

The Act was passed six years ago, when Part III was held back from becoming law. The Home Office claims it now wants to bring Part III into law as "investigators have begun encountering encrypted and protected data with increasing frequency."

The Home Office also claimed that the law was needed due to the inclusion of encryption technologies in standard operating systems, such as Microsoft's Vista which will include an encryption tool called Bitlocker.

"This, and the rapidly growing availability of encryption products including the advent of encryption products as integrated security features in standard operating systems, has led the Government to judge that it is now timely to implement the provisions of Part III," said the Home Office on its Web site.

Businesses and individuals can raise concerns about the draft code of practice at: http://www.homeoffice.gov.uk/documents/cons-2006-ripa-part3/

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
75 out of 142 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

4 comments

  1. People, get a clue. Your political decision makers... Arthur B.
  2. Only in instances where the police would draw a we... Paul D Young
  3. i fully agree with fighting crime and crime preven... Anonymous
  4. Your concern should not be with the Police but wit... Kate Snow

Related Links

More In Compliance



Company/Topic Alerts

Create a new alert from the list below:



Related Jobs

Contracts Manager, Berkshire, c47k; Contract Management

Applications Support Specialist- SOFTWARE HOUSE- London (35-40K)

Landing Gear Structures Analysis Engineer (In-Service)

Video icon

Video

Cloud Watch Special Report

Five cloud computing myths exploded

Five cloud computing myths exploded

Analysis The cloud is providing a fertile habitat for the marketeers and their exaggerated claims. We examine the hokum and debunk the five most frequently peddled misconceptions about the cloud

Photo Inside IBM's only European Cloud Centre

Comment Cloud savings fail to make up for loss of control

More Special Reports

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

2 comments

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters