4th ECLIP II Workshop on Security Aspects of Computer Crime (24 January 2001) 

Human Rights and the RIP Act

Caspar Bowden (cb@fipr.org), FIPR 

• Is computer analysis of traffic data a qualitatively new form of (mass-)surveillance ?
  • (S.21.6) Big Browser (now moot - but what is "apparatus" ?)
  • chilling effect on individual and society as a whole
  • NCIS & Agencies want mandatory Data Retention for 3 years (CCRC 7 !?)
• Is compelling disclosure of a key or password self-incrimination ? 
  • does it matter whether password written down ?
  • testimonial value - Sergienko ?
  • and Cybercrime treaty ? Article 18.1a & Article 19.4 ?
• Burden-of-proof on key-possession
  • Charles Clarke denies amendment had any effect
  • what will suffice to to "raise the issue" of PANTS (Possession-At-Notice-Time-of-Serving) ?
  • coupling with intrusive & directed surveillance
• What is "proportionate" ?
  • HOW WILL HOME SECRETARY'S JUDGEMENTS ON PROPORTIONALITY STAY IN TUNE WITH THE COURTS?
  • is "proportionate" to be assessed by reference to the individual target ? Perhaps intrusive surveillance (or "forensic hacking") would in fact be less "intrusive" than obtaining a key or intercepting?
  • LBRP and proportionality: use of anonymising web proxies and personal keys by employees at work ?
  • in context of obtaining a key :
    • (S.49.2.b.ii) court order because a public authority considers it necessary ?
    • for prevention/detection of (not serious) crime ?
    • (S.51.5.a) re: "the extent and nature of any protected information, in addition to the protected information in respect of which the disclosure requirement is imposed, to which the key is also a key"; (CJP2001 and fishing expeditions ?)
    • to future information - long-term key not session key (is likely to do so's in S.49.1)
• (S.54.3) Imposing a secrecy condition 
  • "it is reasonable, in order to maintain the effectiveness of any investigation or operation or of investigatory techniques generally, or in the interests of the safety or well-being of any person, to keep secret from a particular person."
  • "generally" vs. "particular person"
  • key revocation - the AA-salute
• Is the Tribunal adequate ?
  • decides cases where authority is non-judicial (SoS, police, customs, military)
  • separate hearings - arguments of extreme technical complexity cannot be tested
  • no special advocate
  • no right to summary of evidence
  • no right to cross-examine
  • likely to be frequently tested (against only 8 cases in 15 years under IOCA)
• Is the Commissioner likely to detect or deter abuse ?
  • "reliable and verifiable technical means" ?
  • independent investigative capability ? (cf. ISC)
  • vast extension of work
  • "over-ride" certificates and cart-before-the horse problem
• S.16.3 allows connection of ISP/telco "backbones" to ECHELON.
  • clarified in meetings with officials and in Hansard that this is intended
  • NTAC say nothing to do with them
  • much broader than "Carnivore"-laws - can trawl using "factors"
• Steganography, stealth channels, encrypting proxies and anonymisers ???

RIP Information Centre www.fipr.org/rip