Regulation of Investigatory Powers Bill

Some Scenarios

Prepared by Dr C. H. Lindsey
(Last updated June 15th 2000)

The concerns addressed herein are mostly in relation to the provisions of Part III of the Bill, which deals with lawful access to "protected information" which has been encrypted. Each of the little stories which follows describes some (possibly unintended, but nevertheless undesirable) feature of this part of the Bill. A few scenarios, starting with scenario 22, address problems identified in Part I of the Bill.

The latest version of this present text may always be downloaded from <>.

See my Roadmap of Schedule 1 for the convoluted arrangements that are proposed for issuing Notices under Section 46 of the Bill.

Please see my document "Where we are at" and my "Comments on Report Stage Amendments" for the present state of progress (or lack of it).

Please see the companion document Amendments proposed by Dr C. H. Lindsey for some proposed solutions to the problems identified in Part III of the Bill, and Part I Amendments proposed by Dr C. H. Lindsey for further amendments specifically related to Part I.

Code of Practice

The Bill makes provision (S62, S63) for the Secretary of State to issue (after proper consultation) Codes of Practice governing the exercise of the powers and duties imposed on various people under the Bill. Those exercising such powers shall "have regard to the provisions" of the codes (S63:(1)), but are not liable to any criminal or civil proceedings for failing to observe them (S63:(2)). The Home Office ministers have been promising every month for many months that a draft code would be available "in a month's time". Most recently, during the Report Stage in the House of Commons, the Minister promised that the code would be "published while the Bill is going through the House" (Hansard 8 May Col. 553) which (the Bill having only a couple of hours to remain in that house) I take as meaning "while it is still going through Parliament".

This matter assumes particular importance because the Minister, when explaining why some particular matter is not covered in the Bill, has regularly been saying that it would be covered by the Code of Practice (and claiming much benefit in this approach insofar as the code would take full account of consultations "with industry"). However, the absence of any draft code makes it exceedingly hard to discern the effect of certain parts of the Bill, and it should moreover be born in mind how relatively easy it will be for the Secretary of State to change the code as time goes by, even though an affirmative resolution of both Houses will be needed for any such change.

Dramatis personae

It is traditional, amongst cryptographers, to give names, starting with different letters of the alphabet, to the persons taking part in their scenarios.
Alice A person who sends and receives encrypted messages, and is entirely innocent of all criminal intent.
Bob A person who sends and receives encrypted messages, and not an innocent party in some of the scenarios.
Chase A large international banking corporation.
Dodge A British manufacturing company.
Eve An eavesdropper, who intercepts communications (legally or otherwise) and would wish to decrypt them.
Frites A French manufacturing company.
Grundy A malicious person who harasses Alice, with the intent of getting her sent to prison.
Hazard An officer of the Health and Safety Executive.
Isaac An Internet Service Provider (ISP)
Justin A lawyer
Plod A police officer (or, as the case may be, a customs officer, or a member of the intelligence services).


Scenario 1 - public-key cryptography explained

See Notes on Public Key Cryptography for some pretty diagrams to illustrate how public-key cryptography operates.

Alice and Bob each have two "key pairs", one for "signature", and one for "encryption". Each key pair is composed of two keys, a "Public Key" (which everyone in the world can know) and a "Private Key", which must be a secret known only to its owner (Alice or Bob, as the case may be).

When Bob sends a message to Alice

  1. Bob signs it with his Private Signature Key (which only he knows).
  2. Bob then encrypts the message with Alice's Public Encryption Key (which everybody knows).
  3. Alice decrypts the message with her Private Encryption Key (which only she knows).
  4. Alice checks the message with Bob's Public Signature Key (which everybody knows) and thus she can be sure that the message came from Bob, and that it has not been tampered with.
Thus Eve is unable to decrypt the message (she does not have Alice's Private Encryption Key). In fact, even Bob cannot decrypt his own message.  It is like putting the message in a self-locking box. Anybody can close the box, but only the person with the key can open it.

And so Plod, even when it is Bob's criminal activities that he is investigating, has to serve his Section 46 Notice on the innocent Alice in order to find out what is in the message. Moreover, if Plod obtains Alice's Private Key as a result of his notice, he is thereby enabled to decrypt all communications received by Alice, from whomsoever they may come, and indefinitely far into the future. Which is why the Bill gives Alice the option to decrypt the message upon Plod's request, rather than handing over her cherished Private Key. Except that the Bill gives that option grudgingly, with the possibility of insisting on the key in "special" circumstances.

Note that if Plod were able to demand Bob's Private Signature Key, then he would be in a position to impersonate Bob. Which is why announced Government Policy and the relevant E.C. Directives, and the wording of the Bill all make it absolutely clear that Plod is not able to demand Signature Keys. Except that the wording of the Bill  does not actually prevent such demands (of which, again, more anon).

Scenario 2 - symmetric keys and session keys

In addition to Public/Private key pairs, it is also possible to use "symmetric" keys for encryption (with a symmetric key, both parties have to be in possession of the same key, which maybe they agreed to share at some clandestine meeting). The Bill also covers the use of symmetric keys, of course.

However, it turns out that clandestine meetings are not really necessary. Bob can easily send Alice a symmetric key using Alice's Public Encryption Key. In fact, for technical reasons, this is absolutely standard practice. The symmetric key is then known as a "session key" and it is typically used for just one communication, and then discarded. Liken the session key to a key that will open just one door, whereas the Public Encryption Key is the Master Key that will open any door in the Hotel. The government claims that disclosure of a session key is always sufficient to satisfy the requirements of the Bill. We shall see.

Symmetric keys (usually in the form of a cryptographic hash of some "passphrase") are also likely to be used for protecting data stored on a hard disc. The Bill also makes provision for disclosure of keys in this case.

It also turns out that it is possible for Alice and Bob to agree on a symmetric key without ever meeting at all, and in full view of Eve, so that neither Eve, nor Plod, nor any provision of this Bill will ever be able to decrypt their communications. Indeed, it is always wise to remember that a sufficiently well-informed criminal can always circumvent any provision of Part III of this Bill.

The Form of Notices

Scenario 3 - was it delivered?

Plod serves a Section 46 Notice on Alice. If the notice is given in writing, it should be possible to prove that it was delivered (as is ordinarily the case when Writs and Summonses are served). If, however, Plod serves the notice by electronic means (S46:(4)(a)), even if he can prove that the notice was sent, as required by the Bill, that is no proof that Alice received it. The Bill does not require such proof.

The same problem arises in S22:(1)(a) and S22:(2)(a) in connection with authorizations and notices  regarding access to communications data. With a little bit of luck, there will be some standard procedures set out in the Code of Practice to cover this. See also amendment C46(4)(a).

Scenario 4 - was it genuine?

Grundy sends a spoofed Section 46 Notice to Alice, by email (or even by snail mail), purporting to come from Plod. How is Alice supposed to know (she is liable to two year's imprisonment if she guesses wrongly)?

Was the notice in the proper form? The Bill provides no proper form (it is in such format as the issuer "thinks fit"). But wait! With a little bit of luck, the Code of Practice will specify a standard format.

Who issued it? Well the office, rank or position of the issuer must appear on it (no mention of the name, but I suppose that may be taken for granted), so Alice will be able to check. But she won't be able to check whether the issuer was authorised to issue it, because it will not identify the person (Schedule 1) who gave permission for it to be issued (recall that the issuing of a Section 46 notice is a two-stage process).

Notices sent by electronic means need to be digitally signed, which means that Plod must previously  have provided Alice, in writing, with his Public Signature Key. This would only be useful if Plod expected to serve notices on Alice frequently. The Home Office have stated that matters such as these will be covered in the Code of Practice. Verbal notices should have been outlawed entirely (see amendment C46(4)(a)).

Scenario 5 - when does the notice expire?

Plod has served a Section 46 Notice on Alice regarding encrypted communications received from Bob (it was one of those notices issued regarding protected information "likely to" come into Plod's possession (S46:(1))), and has on several occasions required her to decrypt such messages. Now, three years later, he suddenly brings her another one.
Alice But hasn't that notice expired by now?
Plod No! These notices never expire (see the Act).
Alice But interception warrants and data communications notices expire (S9:(1), S22:(4)).
Plod But not Section 46 notices.
Alice Anyway, it seems you are in a new investigation now. Shouldn't you have withdrawn the notice when the previous investigation was complete? I see that interception warrants and data communications notices are supposed to be withdrawn when their purposes have been accomplished (S9:(3), S22:(8))
Plod But not Section 46 notices.
Notices should contain an expiry date, or should otherwise expire (or be renewable) at the same time as the warrant which gave permission for the notice. Otherwise there will be no time limit on those notices which identify information "likely to" come into the possession of the authorities (S46(1)), which could cover a period of several months. The Minister claimed in Committee that this was already covered (Hansard Standing Committee F, 4th April, 12.15pm), but the Bill nowhere says so. See amendments C46(4)( ) and C46(4a).

Concern has also been raised that this lack of a duration of the notice may violate the ECHR.

Scenario 6 - who does the key have to be given to?

Plod serves a Section 46 Notice on Alice which requires her to deliver her key to the cleaning lady at the Police Station (S46:(5)(b)). We assume, for the sake of argument, that said cleaning lady is covered by the safeguards referred to in S51:(2).

The key should only be deliverable to the class of persons capable of having permission to issue notices, as in Schedule 1:2.  There is suitable wording for this in S22:(3), which covers similar notices regarding communications data. The Minister promised in Committee to look into this further (Hansard Standing Committee F, 4th April, 12 noon) but nothing further has been heard of it. See amendment C46(5).

Scenario 7 - how soon?

Plod serves a Section 46 Notice on Alice which requires her to disclose her key within 5 minutes (S46:(4)(c), which makes no requirement for the time to be reasonable). It is quite impossible for Alice to comply (these things take time). But her only recourse is to refuse to comply, wait till she comes to trial, and then advance the defence provided under S49:(3)(a).

It would be far simpler to insert the word "reasonable" at the proper place in S46:(4)(c) (see amendment C46(4)(f)). The government rejected an amendment to that effect at the Committee stage, citing S49:(3)(a) as being sufficient.

Scenario 8 - which key?

Plod I serve you with this Section 46 Notice. Give me your Private Encryption Key.
Alice Which key? I have several such keys.
Plod The one for the protected information (S52:(1)) which I have described in the notice.
Alice I believe that particular protected information can be decrypted with one of several keys.
Plod The one I want is the Private Key that decrypts it, key 0x1C24FA3C I believe.
Alice No, that key is my main Private Encryption Key. If I give you that one, you will be able to decode all messages sent to me, whether connected with your present investigations or not.
Plod But I wouldn't do that. Section 51 of the Act says I mustn't!
FX (sounds of raucous laughter from all present)
Alice I prefer to give you the "session key" for the particular communication you are holding.
Plod Eh?
Alice Yes. The protected information in the communication was encrypted with a one-use-only "session key", and the session key was encrypted with my key 0x1C24FA3C which you mentioned. That is absolutely standard practice, you know. I will give you the session key for that particular communication and you will be able to decrypt it. I will have satisfied my obligation under the Act, and the rest of my communications will not have been compromised.
Plod But the Act does not mention any of that fancy stuff. It just says that if there is protected information and a key that will decrypt it, then that is the key I am entitled to get. It says "the key" (S46:(2)(b)), and that is obviously the principal one. If the Act had intended me to get bogged down with all the internal workings of your decryption program, it would have said so. Everybody knows that you have a Private Key, that you give it to your program along with the protected information, and out comes the plaintext. So "the key" is the one you give to your program to do the decryption. That is the obvious meaning of the Act, and where there is an "obvious" meaning, that is the one a Court would follow.
Alice Well I invite you to read the definition of "key" in the Act (S52:(1)). It says that a "key" is "any key, code, password, etc." that will do the decryption, so my session key is certainly one of the possibilities.
Plod Maybe so. Perhaps the Act could be interpreted that way, but it does not look like the obvious meaning, so I doubt a Court would interpret it that way.
Alice But when the Bill was going through Parliament, the Minister of State at the Home Office said, during the Committee Stage, "If there is more than one [key] that enables protected data to be put into an intelligible form, it is up to those who are disclosing to decide which key to use." (Hansard Standing Committee F, 4th April, 4.30 pm), and he justified this by reference to that definition of "key".
Plod So? Ministers don't make the law. The Court will look at the Act, and what the Act says is what the Act means, and if it turns out to be ambiguous, the Court will resolve it in the obvious way.
Alice Actually, No! According to the doctrine in Pepper vs Hart, where there is any doubt of that sort, the Court will be bound to follow the intention as expressed by a Minister in Parliament.

Phew! Alice is perfectly correct, as it happens. But Plod still has one straw left to clutch at:
Plod Ah! But you said that your "session key" was encrypted with your Private Key. So that makes the session key protected information. And in that case I am entitled to ask you for the key that decrypts it (i.e. your Private Key). Observe that this notice is a "special circumstances" notice (S47:(4)(a)), which means that I can have the actual key, not just the plaintext.
Alice Yes, you would indeed be entitled to ask for my Private Key as you say, but for one thing. I have just offered to give you the session key, so you can hardly say you believe that the Private Key is "necessary" under S46:(2)(b)(i), or that it fulfils S46(2)(d). Moreover, you can be certain that the session key I am giving you is the correct one because you will see that you are able to decrypt the body of the protected information with it.

Alice had to follow a tortuous route to establish her point. It could even be argued that the Bill is in contravention of the ECHR at this point, because the right it gives to the noticee could hardly be described as "foreseeable". Indeed, many lawyers who have studied the Bill have failed to notice what the Minister has now established as the correct interpretation.

And it is still not entirely certain that Alice's response to Plod's final ploy would stand up in Court, and I have therefore prepared an amendment C46(2)c to cover it.

It is vital that the Bill should give Alice the right to deliver a session key, where one is available and will satisfy Plod's need to decrypt the protected information, and it is vital that the availability of this right should be widely known, as the next scenario shows. See amendments C46(2)a, C47(2)a and C47( ).

The Plaintext Alternative

The bill provides that, as an alternative to disclosing the key, it will suffice for the noticee to decrypt the protected information (or provide access to it, as the case may be), except where the notice directs that the actual key is required, which it may only do if there are "special circumstances of the case" (S47:(4)(a)).

It is hard to envisage what those special circumstances might be, and the Government has consistently failed to give examples of how it is intended to be used, in spite of being repeatedly so asked. The most we have heard is that the power might be used where the noticee was not to be trusted (and, indeed, production of a session key could reasonably be required in that case). Also, it might be used where there were time constraints (but it takes no longer to provide plaintext than it does to provide a session key, and we are told that session keys will always suffice). And it might be used in cases involving "security", whatever that might mean (Hansard Standing Committee F, 4th April, 4.30 pm).

But, with a little bit of luck, the Code of Practice will set out in full what those "special circumstances" might be.

Scenario 9 - is our Private Key safe?

Justin is a lawyer who is advising Chase concerning the R.I.P. Bill. He has read the Bill carefully (but he has not read Hansard - why should he?). So he has not spotted the possibility that disclosure of session keys would always suffice (see scenario 8), which is not surprising in view of the fact that I know of several lawyers who failed to spot this "feature" of the Bill. Justin is discussing with a senior manager of Chase.
Chase We have a widely known Public Encryption Key which is used by our clients worldwide when sending us instructions to make substantial transfers of money. We have elaborate procedures in place to protect the corresponding Private Key. Our reputation as a trustworthy international banker would be ruined if that Private Key should be compromised - even a rumour to that effect would be disastrous. Is there any possibility under this Bill that we could be required to disclose this key to some agency of the British Government?
Justin The Bill makes provision for you to disclose the plaintext of any communication instead of disclosing the key. I think they would expect you to provide a very rapid turnaround when they sent you a request for the plaintext to a given message, though.
Chase No problem there. Assuming the request was lawfully authorised, we should be happy to decrypt it and send it back within seconds, if needs be. But if plaintext is what they want, why does the Bill speak all the time about disclosing keys?
Justin They are alternatives. The government has stated that it expects plaintext rather than keys to be handed over in the overwhelming majority of cases, especially in the case of respectable businesses such as yourselves.
Chase So we would get to choose which to hand over then?
Justin Yes. ... Well almost. ... Actually, if there were "special circumstances of the case" such that the whole purpose of their investigation would be defeated without the actual key, then they can insist on the key. But I cannot see that happening in practice.
Chase But there is a theoretical possibility that it could?
Justin Yes.
Chase Even a theoretical possibility is exceedingly worrying to us. If we give them our Private Key, will they keep it secure. Keeping a key secure costs serious amounts of money you know.
Justin Yes. Various government agencies have considerable expertise in that area.
Chase And the Bill requires them to take all necessary steps in that regard?
Justin Er. ... No.
Chase Another theoretical possibility to worry about then. Now suppose it becomes publicly known that an agency of the British Government has our Private Key. What then?
Justin The British Civil Service is the most trustworthy such service in the world. They would never allow such a leak to occur.
Chase What never?
Justin Well hardly ever!
Chase Well the stories I hear are that such leaks do occasionally occur. Stories get posted on the Internet, and then the British Security Services run around like scalded cats trying to shut down the offending websites, with the immediate consequence that the story pops up on hundreds of other sites around the world, amidst a huge blaze of publicity in the media.
Justin But even if the information does leak, remember that the Bill forbids the agency from using your key to decrypt anything unconnected with the particular investigation, so the security of the communications of your other clients is not affected.
Chase Yes. You know that, and maybe even I know that. But try explaining that to our clients in Ankara, or in Moscow, or in Jakarta. Not only would they not believe it, they would think we were crazy for even contemplating such a dumb thing. And in our business, having clients that think you are crazy is not a good thing - such clients tend to take their business elsewhere.

Moving on, then, suppose we just plain refused to hand over our key. What then?

Justin Your Company would be liable to an unspecified fine, but you personally, as a manager would be in the clear (S69:(1)). But there is a problem. That would apply if they served the notice on the Company. But they might decide to serve it on your computer administrator Bob, and the notice might require him to keep it secret (S50), even from you (though, with a little bit of luck, the Code of Practice might allow you to be told). So Bob would have to disclose your key, and the Company would not even be aware that it had happened.
Chase That's all right. I shall just instruct Bob never to disclose the key in such circumstances.
Justin No, that won't work because Bob, not being a "director, manager, secretary or similar" of the Company is not protected by S69:(1). He could go to prison for 2 years.
Chase Then we shall arrange for our important keys to be kept in a tamper proof iron box, so that it is impossible for even even Bob to get them out of it. In fact nobody, but nobody will be able to get them out. For backup, we shall have arranged to split each key into, say, 8 parts so that at least 6 are needed to put the key together again, and we shall give each part to a different person, with enough of them being based outside the United Kingdom.
Justin No, that won't work either, because they will just require you to order each of those key keepers to send his piece in to you (according to S52:(2) you are considered to be in possession of the key yourself if one of your underlings has it). It might just work if the person abroad is a senior manager of the Company who is not answerable to you. But then, if there were reciprocal arrangements in force, they would just go after him in his own country.
Chase So, to summarize, we are quite OK except in the unlikely but theoretically possible event that they demand our actual key, or in the unlikely but theoretically possible event that our key gets stolen from their possession, or in the unlikely but theoretically possible event that the fact that they hold our key becomes publicly known, or if we are unlucky and this Code of Practice, which has not been published yet, allows the key to be taken without our knowledge?
Justin Yes, that about sums it up.
Chase But do you realise what would be the consequences to our Company if one of those unlikely but theoretically possible events were actually to occur? We are a Company who are absolutely dependent upon the trust and confidence in us of our clients worldwide. Loss of that confidence, if it could even be expressed in financial terms, might amount to £100,000,000. Even if we were immediately to revoke our key, and generate a new one, and inform all are clients to use it, that would still cost a lot of money, and the loss of confidence would be almost as bad.

No! We, as a Company, cannot afford to take that risk, however slight it might be. So what can we do?

Justin My advice would be to relocate the centre of your operations to Dublin.

Sigh! If only Justin had known what Alice knew in the previous scenario. But the significance of session keys as a complete solution to all the problems above seems to have been completely overlooked, not least by the government. Everybody involved in this business (government included) has been talking and behaving as if loss of Private Keys were a real possibility. Real-life lawyers have already been giving the same advice as Justin. And why should this be so? Because the government has failed to point out the true situation, not least by drafting the Bill in such a way as to suggest the exact opposite of what it actually says.

I believe the Prime Minister has said he wants Britain to be the best country in which to carry on electronic business. The Bill, if interpreted as above, would make it one of the worst.

Signature-only keys

The Bill purports to ensure (S46:(6)(a)) that a person can never be compelled to disclose his Private Signature Key. Nevertheless, there are circumstances where a person could be so compelled, as the following scenarios show. Moreover, it needs to be realized that it is technically impossible to prevent a genuine signature-only key from being used for encryption (depending on the cryptographic system employed, this can range from trivially easy through to difficult-but-by-no-means-impossible).

Scenario 10 - protection of Private Keys

Alice keeps a Private Signature(-only) Key which is stored in her computer. To prevent improper use of it, it is encrypted with a password (more likely a lengthy "passphrase") which she keeps in her head, and which she has to type in every time she signs a document.

Evidently, the encrypted key is "protected information" (by S52:(1),(4)). Hence, if it comes into the possession of Plod (by seizure of Alice's computer, for example) Plod may, by notice (S46:(1)(a)), demand Alice's passphrase, notwithstanding he would then hold Alice's signature-only key. Observe that Plod is not in breach of S46:(6)(a). He is not asking for Alice's signature-only key (which he is prohibited from doing). He is asking for her passphrase, which itself is undoubtedly an encryption key.

The Home Office take the view that a Court would regard S46:(6)(a) as prohibiting such indirect access to the signature-only key, but I regard this as being optimistic given the clear chain of reasoning exhibited above. Therefore the possibility should be explicitly prohibited (amendment C46(6)b).

Scenario 11 - authority to access Private Encryption Keys

Chase accepts electronic cheques encrypted with its Public (and widely known) funds transfer Encryption Key. The corresponding Private Key is kept inside a tamper-proof iron box, and the computer inside that box is the only point at which actual decryption of cheques is possible. The compromise or disclosure of the key would have dire consequences for Chase, as has already been described.

The box will decrypt cheques upon receipt of an authorizing token digitally signed by one of Chase's transaction processing computers, which itself will only issue such tokens under the circumstances programmed into it, which will include the presence of some further token digitally signed by Bob (who is an official in the company), doubtless in conjunction with a further token digitally signed by several members of the Board of Directors authorizing Bob to exercise that authority.

Thus Bob can use his Private Signature Key (which he uses to sign all sorts of other documents within the company) to create tokens which grant access to the decryption engine inside the iron box. Thus, the present definition of "key" in S52:(1) would appear to cover

  1. The Private Key in the iron box
  2. The various tokens recognized by the iron box
  3. Bob's Private Signature Key
since any one of those can be used, directly or indirectly, to cause the decryption of electronic cheques. Thus Bob's Private Signature Key is, according to different definitions in the Bill, both a decryption key  and a signature key (even though the technical manner of its use is always to sign things - in this case tokens).

For the removal of all doubt, the definition of electronic signature (S52:(1)) should be strengthened to cover such situations. See amendments C52(1)a) and C52(1)(b).

Scenario 12 - signature keys previously used for encryption

Alice has a key generated long before the Bill was passed which could be used for both signature and encryption (that was the standard practice in those days). She regularly uses it for signatures, and would be greatly inconvenienced if forced to generate a new signature-only one - for the greatest assurance that her publicly known key indeed belongs to her is the fact that she has consistently been using it these many years.

She last used it for decrypting a message 5 years ago. Nevertheless, that is enough to give Plod the right to force her to disclose it (S46:(6)(b)). But why should Plod do such a thing? Suppose Grundy, with malicious intent, sends Alice a message encrypted with the corresponding Public Key (or worse, if it really was a signature-only key, manipulates it so as to be used for encryption - not a difficult feat, technically speaking, with most systems). Of course, he ensures that Plod becomes aware of the fact, together with other suitably incriminating "evidence", and Plod decides to issue a Section 46 Notice. Alice is required to comply (and the fact that she never even decrypted Grundy's message is irrelevant).

S46:(6)(b) should merely require that the signature key had not been used for encryption within some timescale relevant to the matters that are under investigation (amendment C46(6)a).

Scenario 13 - information in obscure formats

Plod has intercepted (or obtained from a seized computer) a document in an obscure format that he does not recognise, though he has no grounds for believing that it is encrypted. He serves a Section 46 notice on Alice.
Plod This document is in an unintelligible format, therefore it is protected information (S52:(1)). Give me the key to it.
Alice Eh? That document is not encrypted. It is just just a textual document written in Microsoft Word, and the only key needed to understand it is the Microsoft Word program, which you can buy for yourself for a modest consideration from any computer store. You had no business using the RIP Act in this situation - there are powers in PACE that are appropriate in these cases.
Plod Maybe so. But the wording of the Act evidently covers this case, and so I chose to use it.

Indeed Plod is using an inappropriate sledgehammer to crack this nut, but the present definition of "key" in S52:(1) is on his side. It should be reworded to require that a key, as used for encryption purposes, should be accompanied by an intent to conceal (amendment C52(1)c).

The Offence of failure to comply

Scenario 14 - lost or disused keys

Alice now has separate signature and encryption keys. In order to ensure the absolute secrecy of her (perfectly lawful) communications, she regularly generates a fresh Public/Private Encryption Key Pair every six months, and requests all her correspondents henceforth to use the new one. To allow a suitable overlap period, she keeps the old Private Key around for a further six months, after which she destroys it (perhaps having issued a publicly visible revocation certificate first). Observe that such a procedure is considered standard best practice.

Now Grundy sends her a message using her Public Key from 5 years ago (and provides Plod with incriminating "evidence" as before). Plod serves a Section 46 Notice, and when she fails to comply (she cannot, even though she is otherwise perfectly willing) she is prosecuted under S49, on the grounds that she "has or has had possession" of that key.

The prosecution has to show

And that is all the prosecution has to show (S49:(1)). Prima facie, Alice is guilty.

In her defence, Alice is invited to show (S49:(2)(a)) that the key was not in her possession at the relevant time. But how can anyone ever prove that he does not possess something, especially something as intangible as a key? It is impossible, so Alice gets sent to prison for 2 years.

This situation is grossly unjust. The onus of proof has been reversed, contrary to the European Convention on Human Rights (and notwithstanding the Secretary of State's statement in that regard on the front of the Bill). Indeed FIPR have obtained Counsel's Opinion to the effect that this provision is in breach of the ECHR, whereas the government have blandly stated that the advice they have received is to the contrary, whilst nevertheless refusing, on several occasions, to disclose that advice or to cite cases or precedents in support of their view.

Note that the words "has or has had possession" (S49:(1)(b)) were added to the Bill in order to overcome objections that it contravened the ECHR. In fact, those words have made the situation worse.

This issue has been widely debated, usually with more heat than light. People speak in terms of "well everybody forgets their password from time to time" (one ex-minister even admitted that he relied on his wife to remember his). The fact is that it is the deliberate destruction of keys, as described above, that is the more likely cause of these difficulties. For a business that keeps careful records of what keys it has had and when they were destroyed there may be little problem, but that is of no comfort to a private individual such as Alice.

The Liberal Democrats introduced an amendment whose effect would be to require an "intent to impede access to protected information", and to ensure that there was no offence if, at the time of giving the notice, the accused did not have the key, and did not have any means of recovering it. The Conservatives proposed a different version of the same thing (see below). The government, however, flatly refused any concession at all in this matter.

The very least that is required is some time limit on that "had possession" phrase (amendment C49(1)).

Scenario 15 - deliberate refusal to comply

Bob is a paedophile who keeps "naughty" pictures on his computer. But he has them encrypted. Plod seizes the computer under a Magistrate's search warrant, and serves a Section 46 notice on Bob to disclose the key, or to decrypt the pictures.

Now Bob knows that the evidence of the pictures, once decrypted, would be sufficient to earn him 10 years in jail (and let us assume that there is insufficient evidence to convict him otherwise). He also knows that the maximum penalty for failure to provide the key (or, equivalently, the plaintext) is a mere 2 years. Therefore he refuses to comply, hence at least avoiding the larger penalty.

The Conservatives have made great play with this scenario, and proposed an amendment to the Bill which went beyond that put forward by the Liberal Democrats by increasing the penalty for non compliance to 10 years, and allowing evidence of previous convictions to be adduced in support of a prosecution. The government has resisted this (whilst promising to review the sentence in the light of actual experience). Moreover, the idea of allowing previous convictions to be disclosed is repugnant to many, including myself, though apparently there are a few precedents in other legislation.

Tipping Off

Scenario 16 - excessive secrecy

Bob (a suspected criminal) communicates with (innocent) Alice (possibly at at her place of work and using her employer's Public Key). Plod serves a Section 46 Notice on Alice requiring her to provide keys or to decrypt the communications. The notice requires Alice not to disclose the existence of the notice, or of the actions taken pursuant to it, to anyone else (S50). The Bill makes NO exceptions for any of these circumstances. The only exceptions it allows are Note that the many of problems illustrated above could have been avoided if Alice had been aware that a session key would have been sufficient to satisfy Plod (do not confuse this Alice with the Alice in a previous scenario).

Many of the problems here, however, arise from the requirement that the secret must be kept from everybody, whereas it would have sufficed for the Bill to require the notice to say that the secret was to be kept from some named person, or some named class of persons (with a proviso that anyone else informed of the matter was also to be informed of that requirement of the notice). It is a simple matter of "opt-in" as opposed to "opt-out". See amendment C50(1,3,4).

Moreover, the notice ought to specify some time beyond which (subject to renewal of the notice) the secret need not be kept (such time being normally related to the duration of any warrant which contained permission for the notice to be issued).

It should also be noted that a similar problem arises in S18 in regard to interception warrants.

Scenario 17 - indirect disclosure

The Home Office has agreed that, where a Private Key has been disclosed, it is in order for the key owner to publish a public revocation of the key without committing an offence, even though that might drop a strong hint that it had been subject to an order. It is not clear how this can be deduced from the Bill, but it does suggest an intention that "to keep secret the giving of the notice ..." (S50:(1)) is to be interpreted literally.

Alice has disclosed the company's Private Key, but has been instructed to keep the fact secret - even from her Boss. She speaks to her boss.
Alice I think we should revoke our Public Key.
Boss Why ever would we want to do that?
Alice I couldn't possibly say.
Boss Ah! I see! Have you been served with one of those Section 46 notices then?
Alice I couldn't possibly say.

Has Alice committed an offence? The secret is clearly out, but Alice has not actually said anything wrong.

The Home Office have now agreed that Alice is not guilty here, but their view is still not consistent with the wording in the Bill.. See amendment C50(4).

Scenario 18 - a weepie

Bob is a paedophile who has been abusing Alice (who is only 12 years old). He has equipped Alice with encryption software and a Public/Private Key Pair "so that we may keep our little secret". Plod obtains  the key from Alice, but instructs here not to tell anyone (because Bob has been abusing other children, which Plod is continuing to investigate).

Circumstances allowing the issue of Notices

Scenario 19 - economic well-being of the U.K.

Dodge is a U.K. arms manufacturer, negotiating to supply arms to a Sheikh in the Middle East. Frites is a French competitor, after the same business. Frites has an agent Bob, who manages its UK office. Dodge would dearly like to know the size of the Frites tender.

So Dodge approaches H.M.Government for assistance. Arrangements are made to intercept communications between Frites and Bob, perhaps by the interception of satellite transmissions. This may require an interception warrant (S5:(1)), but ensuring that Dodge gets the contract surely counts as "safeguarding the economic well-being of the United Kingdom" (S5:(3)(c)) and the information sought clearly "relates to acts or intentions of persons outside the British Islands" (S5:(5)). A notice to disclose the decryption key is served on Bob; surely this too is "in the interests of the economic well-being of the United Kingdom" (S46:(3)(c)).

Can the notice also forbid Bob from tipping off Frites? Yes indeed, provided only that the police or the intelligence services were involved in the interception (S50:(2)(a) and that the "investigating techniques" needed to be kept secret (S50:(2)) (that is why they took the trouble to intercept satellite transmissions, because simply keeping the information secret from Frites is not itself grounds for requiring secrecy under S50).

But Hey! This is not Cricket!

But this ground of the "economic well-being of the U.K." arises in several places in the Bill (S5:(3)(c), S21:(2)(c), S27:(3)(c), S28:(3)(c), S30:(3)(c), S46:(3)(c)), sometimes with a restriction to matters outside the British Islands, sometimes not. What is the purpose of these provisions, if not for the kind of scenario described? It would seem so, from the rather half-hearted comments made by the opposition during the various debates. But if Parliament wishes to give the authorities those powers, then at least the restriction regarding matters outside the British Islands ought to be applied consistently, and certainly in connection with Section 46 Notices (amendment C46(5a)).

Scenario 20 - fishing

Hazard pays a routine visit to Dodge (as authorized by statute) to inspect Dodge's plant. He asks to see the records of some calibration on the plant from 12 months ago. He is told that the records are stored on Bob's computer (they may even be encrypted) and that Bob is on holiday in the Outer Hebrides for two weeks. Hazard is exceeding wroth, and rushes off to a Judge to get permission to serve a Section 46 Notice on Bob (and flies off to Benbecula to serve it).

Now Hazard is not investigating any crime, nor has he reason to suppose (at this stage) that the data on Bob's computer might reveal any crime (this started out as a routine visit). In plain terms, he is "fishing". Therefore, he cannot claim (S46:(2)(b)(i)) that his key is "necessary" for "preventing or detecting crime" (S46:(3)(b) or for any other purpose in S46:(3)). Therefore he has to rely on S46:(2)(b)(ii), namely that obtaining the key is "likely to be of value" in the performance of his statutory duty.

S46:(2)(b)(ii) is a "fisher's" charter. There is no requirement so weak anywhere else in the bill (cf S21:(2) and S5:(3)). The requirements in S46:(3) provide quite adequate grounds for when Section 46 notices may be issued and are, by and large, the same as those recognized as necessary in the case of interception warrants. Attempts were made to remove this provision at the Committee stage, but were not pursued further. See amendment C46(2)b.

However, the counsel's opinion already alluded to identifies this particular provision as being a further violation of the ECHR, on grounds of its general vagueness when set against the interference with an individual's private life which it seeks to permit.

Scenario 21 - source of protected information

Hazard comes into possession of encrypted data in the course of some inspection or search, as authorized under some statute (S46:(1)(a)). He may then obtain permission (Schedule 1:1:(1) or Schedule 1:2:(2)) to issue a Section 46 Notice.

However, if the encrypted data was brought to him (perfectly legally) by a member of the public (a "whistleblower"), he may not obtain such permission, because he is not a police officer (S46:(1)(e)).

This anomaly should be removed.


I have not been studying Part I of the Bill with the thoroughness of Part III. The remaining scenarios should therefore be regarded as just a sample of the possible problems in that Part.

Scenario 22 - Public, Private and Other systems

The Bill defines the following terms regarding telecommunications (S2:(1)): It is unlawful to intercept communications on a Public telecommunication system or on a
Private telecommunication system unless you have a warrant or, for a private system, you are its operator (well, there is a bit more to it than that). The other difference between a Public and a Private system is that it is not unlawful to intercept a Private transit system (sender and recipient both outside the UK - S2:(4)).

Nothing is said about Closed telecommunication systems, so presumably they are fair game for any eavesdropper (including, but not restricted to, Plod) who can arrange to listen in.

The categorisation of systems where interception is and is not lawful certainly seems odd, and one wonders whether the blanket exemption of Closed systems was intended or not. Certainly, if the requirement for a Private system to be attached to a Public one were removed (bringing its definition into line with common sense) there would be little effect on the rest of the Bill beyond making it unlawful to intercept on what is presently a Closed system (leaving the so-called transit systems unaffected). See amendment C2(1)a.

Scenario 23 - when is a system Public?

Chase and Dodge have leased a private line from British Telecom. They use it only for communications initiated by their employees (i.e. the public do not get to access it). Therefore it is not a Private telecommunication system, so one might suppose it is a Closed one. But, strangely, it might also be considered a Public telecommunication system.

There has been an interception on this line, and the question before the Court is whether this was lawful. The matter hinges on whether the telecommunication system was a Closed or a Public one. Justin1 appears for the side which contends that it is Closed, and his twin brother Justin2 appears for the side that contends it is Public.
Justin1 With respect, M'Lud, I contend this IS NOT a Public Telecommunication system as defined by S2:(1) of the Act.

The line is clearly a "Telecommunication System" under that section, because it facilitates the transmission of communications (those between my clients Chase and Dodge in this present case).

The provision of access to, and facilities for making use of, that Telecommunication System to the employees of Chase and Dodge constitutes a "Telecommunications Service" as defined by that section.

Who provides this service? Why, Chase and Dodge, of course, because they administer it, they determine who (their employees in this instance) may use it, and the purposes for which it may be used, and they have made arrangements to connect the line into their internal networks.

Because Chase and Dodge do not offer this service to the public, nor even to a substantial section of the public, it is not a "Public Telecommunication Service", as defined under that section.

Therefore, this particular Telecommunication System (even though it forms a part of the wider Telecommunication System operated by British Telecom, as envisioned by the definitions) is not a "Public Telecommunication System", because the service it provides is not a Public Telecommunication Service, as required by that section.

Neither is it, as it so happens, a "Private Telecommunication System", as the Act is currently worded, because it is not connected to a Public Telecommunication System (but if it had been, it would have been).

Justin2 With respect, M'Lud, I contend this IS a Public Telecommunication system as defined by S2:(1) of the Act.

The line is clearly a "Telecommunication System" under that section, because it facilitates the transmission of communications. It forms a part of the wider Telecommunication System operated by BT, as envisioned by the definitions.

Chase and Dodge are provided with access to, and facilities for making use of, that Telecommunication System for the purpose of sending communications. Whether the communications are restricted to their employees or not is a matter for Chase and Dodge. My clients British Telecom have provided this service to Chase and Dodge in return for appropriate consideration.

My clients can and do provide this service to any member or section of the public who are able and willing to pay for it. Therefore, the service provided is a "Public Telecommunication Service" as defined in that section.

Therefore, this particular Telecommunication System is a "Public Telecommunication System", because the service it provides is a Public Telecommunication Service, as required by that section.

So who is right? Answer: they both are; there is no flaw in either of those arguments. The problem arises because there are two services being provided:

  1. British Telecom are providing a service to Chase and Dodge
  2. Chase and Dodge are providing a service to those who actually use the line (their employees)
and both these services are "telecommunications services" according to S2:(1). It is not clear how this conundrum is to be resolved, except to say that common sense dictates that this system should be classified as Closed (or otherwise as Private if the distinction between them is removed).

Scenario 24 - Methods of interception

The Smith Report  (see also my commentary upon it) has proposed that "black boxes" should be installed at (at least the major) ISPs to select targeted traffic from all data flowing through that ISP, and to send it via secure lines to GTAC. These boxes would presumably perform a filtering operation to select those communications which had been the subject of interception warrants (S5:(1)) or data communications notices (S21:(4)). The question is "who is to be in control of these boxes"?

It has been suggested by some people that GTAC will be in control, downloading the filtering parameters directly into the boxes in accordance with with whatever warrants and notices are in force. This seems to be contrary to the wording of the Bill, which seems to require that such warrants and notices be served on the ISP (S11:(2), S21:(4)) (the ISP then typing the necessary parameters into the box as indeed the Smith Report implies). Nevertheless, there is considerable disquiet that there might be some intention to proceed in this way (especially as interception of conventional telephone calls currently uses such a procedure).

However, it should be noted that an ISP who permits parameters to be entered into the black box from outside will thereby have

"so modified ... [his telecommunication] system, or its operation ... as to make some or all of the contents of the communication available, while being transmitted, to a person other than the sender or intended recipient of the communication." (S2:(2))
and thereby he will have intercepted each communication passing through his system (S2:(2)), and thus he will have committed an offence under either S1:(1) or S1:(2). But it would be reassuring to have a clear statement from the Government on this matter.

Communications Data

The Bill provides for "communications data" (as defined in S20:(4)) to be disclosed by telecommunications operators (i.e. those who provide telecommunications services - S24:(1)). There is an exemption (S21:(7) - added at the Committee stage) that they may not ask for anything which it is not reasonably practicable to provide, but the general requirement still applies alike to both Public and Private operators. Clearly, any logging data that the operator already keeps is fair game, but it is not clear whether suddenly asking him to instal extra facilities (hardware or software) to capture yet more data would ne "reasonably practicable" or not. Perhaps the Code of Practice will clarify this.

There are, however, weaknesses in the definition of communications data, with the government appearing to take a broader view than the wording may justify. Moreover, it is not entirely clear that the originating computer of a communication is not itself a part of the telecommunication system. I base my understanding on the wording in S2:(1) "for the purpose of facilitating the transmission of communications". I think that was intended to exclude the end points (and S2:(2) gives some credence to this view). It is vital that this be cleared up, because things get much worse if I am wrong, as the following scenario will show. See amendment C2(1)b for an attempt to clarify this situation.

Scenario 25 - What can a notice demand?

Clearly, any communications data that Isaac is already storing as part of his normal operations is accessible under notice, but note that The Telecommunications (Data Protection and Privacy) Regulations 1998, which implement Directive 97/66/EC of the European Union, place severe restraints on what Isaac is allowed to keep. The following are various situations which might or might not be covered under a requirement "to obtain the data" (S21:(4)(a)).
  1. A notice served on the GPO. "Record and disclose to me the addresses, postmarks, return addresses (if present on the envelope), size and weight of all letters and packets delivered to Bob. Seems legitimate, except perhaps for the size and weight bit, but a lot of extra work for the sorting office.

  3. A notice served on Isaac. "Record and disclose to me the time, the destination and source addresses, and the size of all IP packets passing through your router destined for the Block [123.234.121.*]". Seems legitimate, except again for the size. It involves running a "sniffer" on the router, which would seriously slow it down if a sizeable proportion of packets was to be caught (note that routers do not normally retain such information, except perhaps for statistical data and sampling for monitoring network efficiency).

  5. A notice served on Isaac. "Record and disclose to me the time, addresses, etc. and the port numbers of all TCP handshakes negotiated between Bob and Alice and passed through your router. TCP is a protocol one layer above IP. But nearly every IP packet will have a TCP packet contained within it. If Plod gets to know the port number negotiated, he will at once know whether it is email, file transfer, web access, or whatever else that is passing between Bob and Alice.

  6. However, I would submit that this is not communications data. Isaac is contracted with Bob and Alice to deliver unopened IP packets between them. The TCP information was added by Bob, and need not be examined again until it reaches Alice (or vice versa). Thus it should not be regarded as attached to the communication "for the purposes of any telecommunication system" (S20:(4)(a)) unless Bob's and Alice's computers are held to be a part of the telecommunication system. However, it is sometimes the case that parts of the telecommunication system will look inside the TCP part, for example to prioritise different kinds of traffic, or to divert certain kinds of traffic (for example, traffic for a web site to a local proxy server). Thus this is a rather grey area in need of clarification.
  7. A notice served on Isaac. "Record and disclose to me the time, destination address, source address and length of every email that you deposit in Bob's POP mailbox (or that you store in your mail queue for forwarding to Bob). Also the Message-ID of each such email, and the sites that it passed through on its way (Received: headers). Also the Subject:, Date:, In-Reply-To:, Cc:, Bcc:, etc. headers". Note that this only applies where Bob has contracted with Isaac to provide a mailbox or a mail queue to store Bob's mail until it is convenient for him to dial in. So this one is OK (doubts about 'length' excepted) The source and destination addresses are obviously OK. They are normally contained in the "envelope" which accompanies the email. The other items mentioned are part of the "headers" of the email, so would involve looking inside it. However, the "Received" headers are certainly communications data (they record the route taken by the message so far) and the Message-ID might be if, for example, the operator of the system is in the habit of using it for tracking messages through his system. I would contend that the other headers mentioned are part of the content of the message, and therefore should not be disclosed.

  9. A notice served on British Telecom. "Record and disclose to me every request for Directory Assistance made by Bob using your 192 service, including which names he asked for and which telephone numbers he was given". No way. That is definitely a "communication" between Bob and British Telecom. An interception warrant would be needed.

  11. A notice served on Isaac. "Record and disclose to me every DNS request made by Bob to your nameserver". "DNS" is "Domain Name Service", used for translating "" into an IP address of the form []. It is essentially the same as the 192 example above, and the same rule should apply, even though the request was made entirely automatically by, for example, Bob's Web Browser.

  13. A notice served on Isaac. "Record and disclose to me the URL of every page that Bob requests to be downloaded from a Web Site". No, because this involves looking inside Bob's IP packets to get at the TCP information inside (and even at the HTTP information inside the TCP information). So long as it is established that Bob's and Alice's computers are not part of the telecommunication system they can only ask for the IP address that Bob is sending the packets to (but they  presumably know that this is the address of a web site).

  15. A notice served on Isaac. "Record and disclose to me the URL of every page that Bob requests to be downloaded from a Web Site, using your proxy Web Server". Here, Bob has contracted with Isaac to access the Web through Isaac's Proxy (or more likely Isaac has talked him into doing it to reduce his - Isaac's - telecommunications bill). In this case, the request might be valid (it depends whether the service that Isaac is providing to Bob through his proxy is a "telecommunication service"). An interesting case is where Isaac redirects all port 80 traffic to his proxy whether Bob likes it or not (and without telling Bob). Some ISPs do this, I believe.
My belief is that the correct answers to these questions are: But some clarification of the wording would sure help (see amendment C2(1)b for the  question whether the end-points are part of the telecommunication system, and amendment C20(4)(a) et seq for other clarifications).

In particular, the government have been claiming that logs of accesses to web sites are communications data. I would contend that the wording of the Bill limits this just to who visited which site, and does not extend to the identity of the pages downloaded.

Scenario 26 - What are S21:(3) authorizations for?

A S21:(3) authorisation authorises a constable (Plod, say) to "engage in conduct" for obtaining communications data (as opposed to a S21:(4) notice which requires a telecommunications operator to obtain the data). It is totally unclear what sort of "conduct" is envisaged. It would seem that, provided it is intended to obtain "communications data", the "conduct" can be as outrageous as you could imagine. Plod is exonerated from any criminal act he commits (S20:(2)) and from any civil liability (S20:(3)).

Perhaps it is something like the following. Plod has visited Isaac on some pretext.
Plod Nice set-up you have here.
Isaac Yes indeed. We have to have the most up to date equipment in order to provide a full service to our customers.
FX Just then, Plod forces open the drawer of Isaac's desk (with a jemmy he happens to be carrying), extracts a paper containing "interesting" communications data, takes out his camera and photographs it.
Isaac What the Hell do you think you are doing?
Plod Obtaining and photographing this communications data. I have been authorised, by a person designated by the Secretary of state (S24:(2)), to engage in such conduct in accordance with S21:(3).
Isaac The Heck you have. You have just committed a criminal act. I shall call the Police.
Plod I am the Police. And, in any case, S20:(2) of the Act renders my "criminal act", as you choose to call it, "lawful for all purposes".
Isaac In any case, that is OUR information. You have breached OUR copyright. Let me have the film out of that camera immediately, or I shall sue you in Court.
Plod No you won't, because S20:(3)(a) explicitly excludes me from any civil liability.
Is this over the top? If so, then what sort of scenario is envisaged by the Bill? More realistically, one could imagine that Plod might try to hack into Isaac's computers searching for communications data, in apparent contravention of the Computer Misuse Act.

But if such conduct is not intended (and I hope it isn't), then what scenarios are envisaged by S21:(3), which seems to allow Plod to obtain communications data without troubling Isaac? Where else is he supposed to get it from?

And how can the Bill be compatible with the ECHR if it permits such abuses?

See amendments C20(2) and C21(3) for an extreme cure and C20(2)a for a less extreme cure.