11^th July 2000 : RIP status report in advance of Lords Report Stage debate (12^th/13^th July)

 

See also RIP Information Centre at www.fipr.org/rip, now updated with RIP Bill marked-up to show effect of Government amendments and marshalled list of all amendments

 

·        UK will be only G8 nation with Government Access to Keys (GAK) – see sample Notice

·        ISPs make contingency plans – Poptel, GreenNet and ClaraNet to provide offshore services

·        102 amendments tabled for Report Stage – critical legal and technical issues unresolved

·        Codes of Practice unsurprising (Interception – Pt.I) or evasive (Encryption - Pt.III)

 

Government amendments concede too little, too late:

• New definition of "communications data" excludes trail of web pages, but still allows access to the trail of web sites and geographic location-tracking via new mobile phones without any warrant. Government also takes power to change definition further through secondary legislation.
• Keys demanded for interception of communications to be protected with SECRET classification, but keys demanded to stored data have no guaranteed protection
• Prosecution must now prove failure to decrypt was "knowing"
• Authorities must consider breadth of collateral material protected by a key before demanding it

No change

• Interception Code of Practice confirms FIPR analysis that it is lawful for authorities to use "black-boxes" for interception or getting communications data without telling ISP.
• Decryption can be demanded if "likely to be of value for purposes connected with the exercise or performance by any public authority of any statutory power or statutory duty" - S.47(2)b(ii)
• Patchwork structure allows decryption authorization by police officer, magistrate, judge, or minister – depending on circumstances (Schedule 2)
• Keys (including long-term keys to future information) rather than plaintext can still be demanded if trust or timeliness is an issue

• "Tipping-off" offence still permits lifetime prohibition on disclosure of key access
• interception can be authorised for prevention or detection of any crime involving "a large number of persons in pursuit of a common purpose."

 

Conservative and LibDem peers unite on amendments to curb RIP's worst excesses:

• always require Secretary of State warrant for access to keys
• eliminate loophole allowing "certificated" warrants (GCHQ supercomputer-trawling against arbitrary search factors) to be applied to domestic communications
• statutory Technical Advisory Board to vet Home Office interception impositions on ISPs
• amendments further restricting government amendments and fixes to important technical flaws (such as power to access passwords protecting signature keys).

 

Caspar Bowden, director of FIPR commented: "The sample decryption notices vividly illustrate the chilling reality of government access to keys with an indefinite secrecy obligation. Both structural and technical problems with RIP are still emerging – and faster than government can fix. The Codes of Practice are unconvincing and their contravention is not illegal. The oversight is split between three Commissioners and all pretence of consistency has been abandoned"

 

On key safety: Brian Gladman (FIPR Advisory Council) said: “The Bill at last requires seized keys to be kept safe but only when obtained to decode intercepted information – there is no guaranteed protection for innocent parties whose keys to stored data can be seized for broad purposes under a wide range of other powers"