Nieuwe encryptiewetgeving in UK FOUNDATION FOR INFORMATION POLICY RESEARCH
News Release Thurs 10th Feb 2000
Contact: Caspar Bowden
Director of FIPR
+44 (0)171 354 2333
UK PUBLISHES “IMPOSSIBLE” DECRYPTION LAW
Today Britain became the only country in the world to publish a law which could imprison users of encryption technology for forgetting or losing their keys. The Home Office’s “REGULATION OF INVESTIGATORY POWERS” (RIP) bill has been introduced in Parliament: it regulates the use of informers, requires Internet Service Providers to maintain “reasonable interception capabilities”, and contains powers to compel decryption under complex interlocking schemes of authorisation.
Caspar Bowden, director of Internet policy think-tank FIPR said, “this law could make a criminal out of anyone who uses encryption to protect their privacy on the Internet.”
“The DTI jettisoned decryption powers from its e-Communications Bill last year because it did not believe that a law which presumes someone guilty unless they can prove themselves innocent was compatible with the
Human Rights Act. The corpse of a law laid to rest by Stephen Byers has been stitched back up and jolted into life by Jack Straw”
Decryption Powers: Comparison with Part.III of Draft E-Comms Bill (July
The Home Office have made limited changes that amount to window-dressing, but the essential human rights issue remains:
(Clause 46): authorities must have “reasonable grounds to believe” the key is in possession of a person (previously it had to “appear” to authorities that person had a key). This replaces an subjective test with one requiring objective evidence, but leaves unaffected the presumption of guilt if reasonable grounds exist.
(Clause 49): to prove non-compliance with notice to decrypt, the prosecution must prove person “has or has had” possession of the key. This satisfies the objection to the case where a person may never have had possession of the key (“encrypted e-mail out of the blue”), but leaves unchanged the essential reverse-burden-of-proof for someone who has
forgotten or irreplaceably lost a key. It is logically impossible for the defence to show this reliably.
HUMAN RIGHT CHALLENGE “INEVITABLE”
As part of the consultation on the draft proposals last year FIPR and JUSTICE jointly obtained a Legal Opinion from leading human rights experts which found that requiring the defence to prove that they do not posess a key was a likely breach of the European Convention of Human Rights.
Mr.Bowden commented, “following the recent liberalisation of US export laws, as tens of thousands of ordinary computer users start to use encryption, a test-case looks inevitable after the Human Rights Act comes
into force in October.”
R.I.P. RESURRECTS KEY ESCROW BY INTIMIDATION ?
Bowden said: “after trying and failing to push through mandatory key-escrow, then voluntary key-escrow, it now looks like the government is resorting to key-escrow through intimidation.”
FIPR is an independent non-profit organisation that studies the interaction between information technology and society, with special reference to the Internet; we do not (directly or indirectly) represent the interests of any trade-group. Our goal is to identify technical developments with significant social impact, commission research into public policy alternatives, and promote public understanding and dialogue between technologists and policy-makers in the UK and Europe. The Board of Trustees and Advisory Council comprise some of the leading experts in the UK.