The concerns addressed herein are mostly in relation to the provisions of Part III of the Bill, which deals with lawful access to "protected information" which has been encrypted. Each of the little stories which follows describes some (possibly unintended, but nevertheless undesirable) feature of this part of the Bill. A few scenarios, starting with scenario 22, address problems identified in Part I of the Bill.
The latest version of this present text may always be downloaded from <http://www.cs.man.ac.uk/~chl/scenarios.html>.
See my Roadmap of Schedule 1 for the convoluted arrangements that are proposed for issuing Notices under Section 46 of the Bill.
Please see my document "Where we are at" and my "Comments on Report Stage Amendments" for the present state of progress (or lack of it).
Please see the companion document Amendments proposed by Dr C. H. Lindsey for some proposed solutions to the problems identified in Part III of the Bill, and Part I Amendments proposed by Dr C. H. Lindsey for further amendments specifically related to Part I.
This matter assumes particular importance because the Minister, when explaining why some particular matter is not covered in the Bill, has regularly been saying that it would be covered by the Code of Practice (and claiming much benefit in this approach insofar as the code would take full account of consultations "with industry"). However, the absence of any draft code makes it exceedingly hard to discern the effect of certain parts of the Bill, and it should moreover be born in mind how relatively easy it will be for the Secretary of State to change the code as time goes by, even though an affirmative resolution of both Houses will be needed for any such change.
Alice | A person who sends and receives encrypted messages, and is entirely innocent of all criminal intent. |
Bob | A person who sends and receives encrypted messages, and not an innocent party in some of the scenarios. |
Chase | A large international banking corporation. |
Dodge | A British manufacturing company. |
Eve | An eavesdropper, who intercepts communications (legally or otherwise) and would wish to decrypt them. |
Frites | A French manufacturing company. |
Grundy | A malicious person who harasses Alice, with the intent of getting her sent to prison. |
Hazard | An officer of the Health and Safety Executive. |
Isaac | An Internet Service Provider (ISP) |
Justin | A lawyer |
Plod | A police officer (or, as the case may be, a customs officer, or a member of the intelligence services). |
Alice and Bob each have two "key pairs", one for "signature", and one for "encryption". Each key pair is composed of two keys, a "Public Key" (which everyone in the world can know) and a "Private Key", which must be a secret known only to its owner (Alice or Bob, as the case may be).
When Bob sends a message to Alice
And so Plod, even when it is Bob's criminal activities that he is investigating, has to serve his Section 46 Notice on the innocent Alice in order to find out what is in the message. Moreover, if Plod obtains Alice's Private Key as a result of his notice, he is thereby enabled to decrypt all communications received by Alice, from whomsoever they may come, and indefinitely far into the future. Which is why the Bill gives Alice the option to decrypt the message upon Plod's request, rather than handing over her cherished Private Key. Except that the Bill gives that option grudgingly, with the possibility of insisting on the key in "special" circumstances.
Note that if Plod were able to demand Bob's Private Signature Key, then he would be in a position to impersonate Bob. Which is why announced Government Policy and the relevant E.C. Directives, and the wording of the Bill all make it absolutely clear that Plod is not able to demand Signature Keys. Except that the wording of the Bill does not actually prevent such demands (of which, again, more anon).
However, it turns out that clandestine meetings are not really necessary. Bob can easily send Alice a symmetric key using Alice's Public Encryption Key. In fact, for technical reasons, this is absolutely standard practice. The symmetric key is then known as a "session key" and it is typically used for just one communication, and then discarded. Liken the session key to a key that will open just one door, whereas the Public Encryption Key is the Master Key that will open any door in the Hotel. The government claims that disclosure of a session key is always sufficient to satisfy the requirements of the Bill. We shall see.
Symmetric keys (usually in the form of a cryptographic hash of some "passphrase") are also likely to be used for protecting data stored on a hard disc. The Bill also makes provision for disclosure of keys in this case.
It also turns out that it is possible for Alice and Bob to agree on a symmetric key without ever meeting at all, and in full view of Eve, so that neither Eve, nor Plod, nor any provision of this Bill will ever be able to decrypt their communications. Indeed, it is always wise to remember that a sufficiently well-informed criminal can always circumvent any provision of Part III of this Bill.
The same problem arises in S22:(1)(a) and S22:(2)(a) in connection with authorizations and notices regarding access to communications data. With a little bit of luck, there will be some standard procedures set out in the Code of Practice to cover this. See also amendment C46(4)(a).
Was the notice in the proper form? The Bill provides no proper form (it is in such format as the issuer "thinks fit"). But wait! With a little bit of luck, the Code of Practice will specify a standard format.
Who issued it? Well the office, rank or position of the issuer must appear on it (no mention of the name, but I suppose that may be taken for granted), so Alice will be able to check. But she won't be able to check whether the issuer was authorised to issue it, because it will not identify the person (Schedule 1) who gave permission for it to be issued (recall that the issuing of a Section 46 notice is a two-stage process).
Notices sent by electronic means need to be digitally signed, which means that Plod must previously have provided Alice, in writing, with his Public Signature Key. This would only be useful if Plod expected to serve notices on Alice frequently. The Home Office have stated that matters such as these will be covered in the Code of Practice. Verbal notices should have been outlawed entirely (see amendment C46(4)(a)).
Alice | But hasn't that notice expired by now? |
Plod | No! These notices never expire (see the Act). |
Alice | But interception warrants and data communications notices expire (S9:(1), S22:(4)). |
Plod | But not Section 46 notices. |
Alice | Anyway, it seems you are in a new investigation now. Shouldn't you have withdrawn the notice when the previous investigation was complete? I see that interception warrants and data communications notices are supposed to be withdrawn when their purposes have been accomplished (S9:(3), S22:(8)) |
Plod | But not Section 46 notices. |
Concern has also been raised that this lack of a duration of the notice may violate the ECHR.
The key should only be deliverable to the class of persons capable of having permission to issue notices, as in Schedule 1:2. There is suitable wording for this in S22:(3), which covers similar notices regarding communications data. The Minister promised in Committee to look into this further (Hansard Standing Committee F, 4th April, 12 noon) but nothing further has been heard of it. See amendment C46(5).
It would be far simpler to insert the word "reasonable" at the proper place in S46:(4)(c) (see amendment C46(4)(f)). The government rejected an amendment to that effect at the Committee stage, citing S49:(3)(a) as being sufficient.
Plod | I serve you with this Section 46 Notice. Give me your Private Encryption Key. |
Alice | Which key? I have several such keys. |
Plod | The one for the protected information (S52:(1)) which I have described in the notice. |
Alice | I believe that particular protected information can be decrypted with one of several keys. |
Plod | The one I want is the Private Key that decrypts it, key 0x1C24FA3C I believe. |
Alice | No, that key is my main Private Encryption Key. If I give you that one, you will be able to decode all messages sent to me, whether connected with your present investigations or not. |
Plod | But I wouldn't do that. Section 51 of the Act says I mustn't! |
FX | (sounds of raucous laughter from all present) |
Alice | I prefer to give you the "session key" for the particular communication you are holding. |
Plod | Eh? |
Alice | Yes. The protected information in the communication was encrypted with a one-use-only "session key", and the session key was encrypted with my key 0x1C24FA3C which you mentioned. That is absolutely standard practice, you know. I will give you the session key for that particular communication and you will be able to decrypt it. I will have satisfied my obligation under the Act, and the rest of my communications will not have been compromised. |
Plod | But the Act does not mention any of that fancy stuff. It just says that if there is protected information and a key that will decrypt it, then that is the key I am entitled to get. It says "the key" (S46:(2)(b)), and that is obviously the principal one. If the Act had intended me to get bogged down with all the internal workings of your decryption program, it would have said so. Everybody knows that you have a Private Key, that you give it to your program along with the protected information, and out comes the plaintext. So "the key" is the one you give to your program to do the decryption. That is the obvious meaning of the Act, and where there is an "obvious" meaning, that is the one a Court would follow. |
Alice | Well I invite you to read the definition of "key" in the Act (S52:(1)). It says that a "key" is "any key, code, password, etc." that will do the decryption, so my session key is certainly one of the possibilities. |
Plod | Maybe so. Perhaps the Act could be interpreted that way, but it does not look like the obvious meaning, so I doubt a Court would interpret it that way. |
Alice | But when the Bill was going through Parliament, the Minister of State at the Home Office said, during the Committee Stage, "If there is more than one [key] that enables protected data to be put into an intelligible form, it is up to those who are disclosing to decide which key to use." (Hansard Standing Committee F, 4th April, 4.30 pm), and he justified this by reference to that definition of "key". |
Plod | So? Ministers don't make the law. The Court will look at the Act, and what the Act says is what the Act means, and if it turns out to be ambiguous, the Court will resolve it in the obvious way. |
Alice | Actually, No! According to the doctrine in Pepper vs Hart, where there is any doubt of that sort, the Court will be bound to follow the intention as expressed by a Minister in Parliament. |
Phew! Alice is perfectly correct, as it happens. But Plod still has
one straw left to clutch at:
Plod | Ah! But you said that your "session key" was encrypted with your Private Key. So that makes the session key protected information. And in that case I am entitled to ask you for the key that decrypts it (i.e. your Private Key). Observe that this notice is a "special circumstances" notice (S47:(4)(a)), which means that I can have the actual key, not just the plaintext. |
Alice | Yes, you would indeed be entitled to ask for my Private Key as you say, but for one thing. I have just offered to give you the session key, so you can hardly say you believe that the Private Key is "necessary" under S46:(2)(b)(i), or that it fulfils S46(2)(d). Moreover, you can be certain that the session key I am giving you is the correct one because you will see that you are able to decrypt the body of the protected information with it. |
Alice had to follow a tortuous route to establish her point. It could even be argued that the Bill is in contravention of the ECHR at this point, because the right it gives to the noticee could hardly be described as "foreseeable". Indeed, many lawyers who have studied the Bill have failed to notice what the Minister has now established as the correct interpretation.
And it is still not entirely certain that Alice's response to Plod's final ploy would stand up in Court, and I have therefore prepared an amendment C46(2)c to cover it.
It is vital that the Bill should give Alice the right to deliver
a session key, where one is available and will satisfy Plod's need to decrypt
the protected information, and it is vital that the availability of this
right should be widely known, as the next scenario
shows. See amendments C46(2)a, C47(2)a
and C47( ).
It is hard to envisage what those special circumstances might be, and the Government has consistently failed to give examples of how it is intended to be used, in spite of being repeatedly so asked. The most we have heard is that the power might be used where the noticee was not to be trusted (and, indeed, production of a session key could reasonably be required in that case). Also, it might be used where there were time constraints (but it takes no longer to provide plaintext than it does to provide a session key, and we are told that session keys will always suffice). And it might be used in cases involving "security", whatever that might mean (Hansard Standing Committee F, 4th April, 4.30 pm).
But, with a little bit of luck, the Code of Practice will set out in full what those "special circumstances" might be.
Chase | We have a widely known Public Encryption Key which is used by our clients worldwide when sending us instructions to make substantial transfers of money. We have elaborate procedures in place to protect the corresponding Private Key. Our reputation as a trustworthy international banker would be ruined if that Private Key should be compromised - even a rumour to that effect would be disastrous. Is there any possibility under this Bill that we could be required to disclose this key to some agency of the British Government? |
Justin | The Bill makes provision for you to disclose the plaintext of any communication instead of disclosing the key. I think they would expect you to provide a very rapid turnaround when they sent you a request for the plaintext to a given message, though. |
Chase | No problem there. Assuming the request was lawfully authorised, we should be happy to decrypt it and send it back within seconds, if needs be. But if plaintext is what they want, why does the Bill speak all the time about disclosing keys? |
Justin | They are alternatives. The government has stated that it expects plaintext rather than keys to be handed over in the overwhelming majority of cases, especially in the case of respectable businesses such as yourselves. |
Chase | So we would get to choose which to hand over then? |
Justin | Yes. ... Well almost. ... Actually, if there were "special circumstances of the case" such that the whole purpose of their investigation would be defeated without the actual key, then they can insist on the key. But I cannot see that happening in practice. |
Chase | But there is a theoretical possibility that it could? |
Justin | Yes. |
Chase | Even a theoretical possibility is exceedingly worrying to us. If we give them our Private Key, will they keep it secure. Keeping a key secure costs serious amounts of money you know. |
Justin | Yes. Various government agencies have considerable expertise in that area. |
Chase | And the Bill requires them to take all necessary steps in that regard? |
Justin | Er. ... No. |
Chase | Another theoretical possibility to worry about then. Now suppose it becomes publicly known that an agency of the British Government has our Private Key. What then? |
Justin | The British Civil Service is the most trustworthy such service in the world. They would never allow such a leak to occur. |
Chase | What never? |
Justin | Well hardly ever! |
Chase | Well the stories I hear are that such leaks do occasionally occur. Stories get posted on the Internet, and then the British Security Services run around like scalded cats trying to shut down the offending websites, with the immediate consequence that the story pops up on hundreds of other sites around the world, amidst a huge blaze of publicity in the media. |
Justin | But even if the information does leak, remember that the Bill forbids the agency from using your key to decrypt anything unconnected with the particular investigation, so the security of the communications of your other clients is not affected. |
Chase | Yes. You know that, and maybe even I know that. But try explaining
that to our clients in Ankara, or in Moscow, or in Jakarta. Not only would
they not believe it, they would think we were crazy for even contemplating
such a dumb thing. And in our business, having clients that think you are
crazy is not a good thing - such clients tend to take their business
elsewhere.
Moving on, then, suppose we just plain refused to hand over our key. What then? |
Justin | Your Company would be liable to an unspecified fine, but you personally, as a manager would be in the clear (S69:(1)). But there is a problem. That would apply if they served the notice on the Company. But they might decide to serve it on your computer administrator Bob, and the notice might require him to keep it secret (S50), even from you (though, with a little bit of luck, the Code of Practice might allow you to be told). So Bob would have to disclose your key, and the Company would not even be aware that it had happened. |
Chase | That's all right. I shall just instruct Bob never to disclose the key in such circumstances. |
Justin | No, that won't work because Bob, not being a "director, manager, secretary or similar" of the Company is not protected by S69:(1). He could go to prison for 2 years. |
Chase | Then we shall arrange for our important keys to be kept in a tamper proof iron box, so that it is impossible for even even Bob to get them out of it. In fact nobody, but nobody will be able to get them out. For backup, we shall have arranged to split each key into, say, 8 parts so that at least 6 are needed to put the key together again, and we shall give each part to a different person, with enough of them being based outside the United Kingdom. |
Justin | No, that won't work either, because they will just require you to order each of those key keepers to send his piece in to you (according to S52:(2) you are considered to be in possession of the key yourself if one of your underlings has it). It might just work if the person abroad is a senior manager of the Company who is not answerable to you. But then, if there were reciprocal arrangements in force, they would just go after him in his own country. |
Chase | So, to summarize, we are quite OK except in the unlikely but theoretically possible event that they demand our actual key, or in the unlikely but theoretically possible event that our key gets stolen from their possession, or in the unlikely but theoretically possible event that the fact that they hold our key becomes publicly known, or if we are unlucky and this Code of Practice, which has not been published yet, allows the key to be taken without our knowledge? |
Justin | Yes, that about sums it up. |
Chase | But do you realise what would be the consequences to our Company if
one of those unlikely but theoretically possible events were actually to
occur? We are a Company who are absolutely dependent upon the trust and
confidence in us of our clients worldwide. Loss of that confidence, if
it could even be expressed in financial terms, might amount to £100,000,000.
Even if we were immediately to revoke our key, and generate a new one,
and inform all are clients to use it, that would still cost a lot of money,
and the loss of confidence would be almost as bad.
No! We, as a Company, cannot afford to take that risk, however slight it might be. So what can we do? |
Justin | My advice would be to relocate the centre of your operations to Dublin. |
Sigh! If only Justin had known what Alice knew in the previous scenario. But the significance of session keys as a complete solution to all the problems above seems to have been completely overlooked, not least by the government. Everybody involved in this business (government included) has been talking and behaving as if loss of Private Keys were a real possibility. Real-life lawyers have already been giving the same advice as Justin. And why should this be so? Because the government has failed to point out the true situation, not least by drafting the Bill in such a way as to suggest the exact opposite of what it actually says.
I believe the Prime Minister has said he wants Britain to be the best country in which to carry on electronic business. The Bill, if interpreted as above, would make it one of the worst.
Evidently, the encrypted key is "protected information" (by S52:(1),(4)). Hence, if it comes into the possession of Plod (by seizure of Alice's computer, for example) Plod may, by notice (S46:(1)(a)), demand Alice's passphrase, notwithstanding he would then hold Alice's signature-only key. Observe that Plod is not in breach of S46:(6)(a). He is not asking for Alice's signature-only key (which he is prohibited from doing). He is asking for her passphrase, which itself is undoubtedly an encryption key.
The Home Office take the view that a Court would regard S46:(6)(a) as prohibiting such indirect access to the signature-only key, but I regard this as being optimistic given the clear chain of reasoning exhibited above. Therefore the possibility should be explicitly prohibited (amendment C46(6)b).
The box will decrypt cheques upon receipt of an authorizing token digitally signed by one of Chase's transaction processing computers, which itself will only issue such tokens under the circumstances programmed into it, which will include the presence of some further token digitally signed by Bob (who is an official in the company), doubtless in conjunction with a further token digitally signed by several members of the Board of Directors authorizing Bob to exercise that authority.
Thus Bob can use his Private Signature Key (which he uses to sign all sorts of other documents within the company) to create tokens which grant access to the decryption engine inside the iron box. Thus, the present definition of "key" in S52:(1) would appear to cover
For the removal of all doubt, the definition of electronic signature (S52:(1)) should be strengthened to cover such situations. See amendments C52(1)a) and C52(1)(b).
She last used it for decrypting a message 5 years ago. Nevertheless, that is enough to give Plod the right to force her to disclose it (S46:(6)(b)). But why should Plod do such a thing? Suppose Grundy, with malicious intent, sends Alice a message encrypted with the corresponding Public Key (or worse, if it really was a signature-only key, manipulates it so as to be used for encryption - not a difficult feat, technically speaking, with most systems). Of course, he ensures that Plod becomes aware of the fact, together with other suitably incriminating "evidence", and Plod decides to issue a Section 46 Notice. Alice is required to comply (and the fact that she never even decrypted Grundy's message is irrelevant).
S46:(6)(b) should merely require that the signature key had not been used for encryption within some timescale relevant to the matters that are under investigation (amendment C46(6)a).
Plod | This document is in an unintelligible format, therefore it is protected information (S52:(1)). Give me the key to it. |
Alice | Eh? That document is not encrypted. It is just just a textual document written in Microsoft Word, and the only key needed to understand it is the Microsoft Word program, which you can buy for yourself for a modest consideration from any computer store. You had no business using the RIP Act in this situation - there are powers in PACE that are appropriate in these cases. |
Plod | Maybe so. But the wording of the Act evidently covers this case, and so I chose to use it. |
Indeed Plod is using an inappropriate sledgehammer to crack this nut, but the present definition of "key" in S52:(1) is on his side. It should be reworded to require that a key, as used for encryption purposes, should be accompanied by an intent to conceal (amendment C52(1)c).
Now Grundy sends her a message using her Public Key from 5 years ago (and provides Plod with incriminating "evidence" as before). Plod serves a Section 46 Notice, and when she fails to comply (she cannot, even though she is otherwise perfectly willing) she is prosecuted under S49, on the grounds that she "has or has had possession" of that key.
The prosecution has to show
In her defence, Alice is invited to show (S49:(2)(a)) that the key was not in her possession at the relevant time. But how can anyone ever prove that he does not possess something, especially something as intangible as a key? It is impossible, so Alice gets sent to prison for 2 years.
This situation is grossly unjust. The onus of proof has been reversed, contrary to the European Convention on Human Rights (and notwithstanding the Secretary of State's statement in that regard on the front of the Bill). Indeed FIPR have obtained Counsel's Opinion to the effect that this provision is in breach of the ECHR, whereas the government have blandly stated that the advice they have received is to the contrary, whilst nevertheless refusing, on several occasions, to disclose that advice or to cite cases or precedents in support of their view.
Note that the words "has or has had possession" (S49:(1)(b)) were added to the Bill in order to overcome objections that it contravened the ECHR. In fact, those words have made the situation worse.
This issue has been widely debated, usually with more heat than light. People speak in terms of "well everybody forgets their password from time to time" (one ex-minister even admitted that he relied on his wife to remember his). The fact is that it is the deliberate destruction of keys, as described above, that is the more likely cause of these difficulties. For a business that keeps careful records of what keys it has had and when they were destroyed there may be little problem, but that is of no comfort to a private individual such as Alice.
The Liberal Democrats introduced an amendment whose effect would be to require an "intent to impede access to protected information", and to ensure that there was no offence if, at the time of giving the notice, the accused did not have the key, and did not have any means of recovering it. The Conservatives proposed a different version of the same thing (see below). The government, however, flatly refused any concession at all in this matter.
The very least that is required is some time limit on that "had possession" phrase (amendment C49(1)).
Now Bob knows that the evidence of the pictures, once decrypted, would be sufficient to earn him 10 years in jail (and let us assume that there is insufficient evidence to convict him otherwise). He also knows that the maximum penalty for failure to provide the key (or, equivalently, the plaintext) is a mere 2 years. Therefore he refuses to comply, hence at least avoiding the larger penalty.
The Conservatives have made great play with this scenario, and proposed an amendment to the Bill which went beyond that put forward by the Liberal Democrats by increasing the penalty for non compliance to 10 years, and allowing evidence of previous convictions to be adduced in support of a prosecution. The government has resisted this (whilst promising to review the sentence in the light of actual experience). Moreover, the idea of allowing previous convictions to be disclosed is repugnant to many, including myself, though apparently there are a few precedents in other legislation.
Many of the problems here, however, arise from the requirement that the secret must be kept from everybody, whereas it would have sufficed for the Bill to require the notice to say that the secret was to be kept from some named person, or some named class of persons (with a proviso that anyone else informed of the matter was also to be informed of that requirement of the notice). It is a simple matter of "opt-in" as opposed to "opt-out". See amendment C50(1,3,4).
Moreover, the notice ought to specify some time beyond which (subject to renewal of the notice) the secret need not be kept (such time being normally related to the duration of any warrant which contained permission for the notice to be issued).
It should also be noted that a similar problem arises in S18 in regard to interception warrants.
Alice has disclosed the company's Private Key, but has been instructed
to keep the fact secret - even from her Boss. She speaks to her boss.
Alice | I think we should revoke our Public Key. |
Boss | Why ever would we want to do that? |
Alice | I couldn't possibly say. |
Boss | Ah! I see! Have you been served with one of those Section 46 notices then? |
Alice | I couldn't possibly say. |
Has Alice committed an offence? The secret is clearly out, but Alice has not actually said anything wrong.
The Home Office have now agreed that Alice is not guilty here, but their view is still not consistent with the wording in the Bill.. See amendment C50(4).
So Dodge approaches H.M.Government for assistance. Arrangements are made to intercept communications between Frites and Bob, perhaps by the interception of satellite transmissions. This may require an interception warrant (S5:(1)), but ensuring that Dodge gets the contract surely counts as "safeguarding the economic well-being of the United Kingdom" (S5:(3)(c)) and the information sought clearly "relates to acts or intentions of persons outside the British Islands" (S5:(5)). A notice to disclose the decryption key is served on Bob; surely this too is "in the interests of the economic well-being of the United Kingdom" (S46:(3)(c)).
Can the notice also forbid Bob from tipping off Frites? Yes indeed, provided only that the police or the intelligence services were involved in the interception (S50:(2)(a) and that the "investigating techniques" needed to be kept secret (S50:(2)) (that is why they took the trouble to intercept satellite transmissions, because simply keeping the information secret from Frites is not itself grounds for requiring secrecy under S50).
But Hey! This is not Cricket!
But this ground of the "economic well-being of the U.K." arises in several places in the Bill (S5:(3)(c), S21:(2)(c), S27:(3)(c), S28:(3)(c), S30:(3)(c), S46:(3)(c)), sometimes with a restriction to matters outside the British Islands, sometimes not. What is the purpose of these provisions, if not for the kind of scenario described? It would seem so, from the rather half-hearted comments made by the opposition during the various debates. But if Parliament wishes to give the authorities those powers, then at least the restriction regarding matters outside the British Islands ought to be applied consistently, and certainly in connection with Section 46 Notices (amendment C46(5a)).
Now Hazard is not investigating any crime, nor has he reason to suppose (at this stage) that the data on Bob's computer might reveal any crime (this started out as a routine visit). In plain terms, he is "fishing". Therefore, he cannot claim (S46:(2)(b)(i)) that his key is "necessary" for "preventing or detecting crime" (S46:(3)(b) or for any other purpose in S46:(3)). Therefore he has to rely on S46:(2)(b)(ii), namely that obtaining the key is "likely to be of value" in the performance of his statutory duty.
S46:(2)(b)(ii) is a "fisher's" charter. There is no requirement so weak anywhere else in the bill (cf S21:(2) and S5:(3)). The requirements in S46:(3) provide quite adequate grounds for when Section 46 notices may be issued and are, by and large, the same as those recognized as necessary in the case of interception warrants. Attempts were made to remove this provision at the Committee stage, but were not pursued further. See amendment C46(2)b.
However, the counsel's opinion already alluded to identifies this particular provision as being a further violation of the ECHR, on grounds of its general vagueness when set against the interference with an individual's private life which it seeks to permit.
However, if the encrypted data was brought to him (perfectly legally) by a member of the public (a "whistleblower"), he may not obtain such permission, because he is not a police officer (S46:(1)(e)).
This anomaly should be removed.
Nothing is said about Closed telecommunication systems, so presumably they are fair game for any eavesdropper (including, but not restricted to, Plod) who can arrange to listen in.
The categorisation of systems where interception is and is not lawful certainly seems odd, and one wonders whether the blanket exemption of Closed systems was intended or not. Certainly, if the requirement for a Private system to be attached to a Public one were removed (bringing its definition into line with common sense) there would be little effect on the rest of the Bill beyond making it unlawful to intercept on what is presently a Closed system (leaving the so-called transit systems unaffected). See amendment C2(1)a.
There has been an interception on this line, and the question before
the Court is whether this was lawful. The matter hinges on whether the
telecommunication system was a Closed or a Public one. Justin1 appears
for the side which contends that it is Closed, and his twin brother Justin2
appears for the side that contends it is Public.
Justin1 | With respect, M'Lud, I contend this IS NOT a Public Telecommunication
system as defined by S2:(1) of the Act.
The line is clearly a "Telecommunication System" under that section, because it facilitates the transmission of communications (those between my clients Chase and Dodge in this present case). The provision of access to, and facilities for making use of, that Telecommunication System to the employees of Chase and Dodge constitutes a "Telecommunications Service" as defined by that section. Who provides this service? Why, Chase and Dodge, of course, because they administer it, they determine who (their employees in this instance) may use it, and the purposes for which it may be used, and they have made arrangements to connect the line into their internal networks. Because Chase and Dodge do not offer this service to the public, nor even to a substantial section of the public, it is not a "Public Telecommunication Service", as defined under that section. Therefore, this particular Telecommunication System (even though it forms a part of the wider Telecommunication System operated by British Telecom, as envisioned by the definitions) is not a "Public Telecommunication System", because the service it provides is not a Public Telecommunication Service, as required by that section. Neither is it, as it so happens, a "Private Telecommunication System", as the Act is currently worded, because it is not connected to a Public Telecommunication System (but if it had been, it would have been). |
Justin2 | With respect, M'Lud, I contend this IS a Public Telecommunication system
as defined by S2:(1) of the Act.
The line is clearly a "Telecommunication System" under that section, because it facilitates the transmission of communications. It forms a part of the wider Telecommunication System operated by BT, as envisioned by the definitions. Chase and Dodge are provided with access to, and facilities for making use of, that Telecommunication System for the purpose of sending communications. Whether the communications are restricted to their employees or not is a matter for Chase and Dodge. My clients British Telecom have provided this service to Chase and Dodge in return for appropriate consideration. My clients can and do provide this service to any member or section of the public who are able and willing to pay for it. Therefore, the service provided is a "Public Telecommunication Service" as defined in that section. Therefore, this particular Telecommunication System is a "Public Telecommunication System", because the service it provides is a Public Telecommunication Service, as required by that section. |
It has been suggested by some people that GTAC will be in control, downloading the filtering parameters directly into the boxes in accordance with with whatever warrants and notices are in force. This seems to be contrary to the wording of the Bill, which seems to require that such warrants and notices be served on the ISP (S11:(2), S21:(4)) (the ISP then typing the necessary parameters into the box as indeed the Smith Report implies). Nevertheless, there is considerable disquiet that there might be some intention to proceed in this way (especially as interception of conventional telephone calls currently uses such a procedure).
However, it should be noted that an ISP who permits parameters to be entered into the black box from outside will thereby have
"so modified ... [his telecommunication] system, or its operation ... as to make some or all of the contents of the communication available, while being transmitted, to a person other than the sender or intended recipient of the communication." (S2:(2))and thereby he will have intercepted each communication passing through his system (S2:(2)), and thus he will have committed an offence under either S1:(1) or S1:(2). But it would be reassuring to have a clear statement from the Government on this matter.
There are, however, weaknesses in the definition of communications data, with the government appearing to take a broader view than the wording may justify. Moreover, it is not entirely clear that the originating computer of a communication is not itself a part of the telecommunication system. I base my understanding on the wording in S2:(1) "for the purpose of facilitating the transmission of communications". I think that was intended to exclude the end points (and S2:(2) gives some credence to this view). It is vital that this be cleared up, because things get much worse if I am wrong, as the following scenario will show. See amendment C2(1)b for an attempt to clarify this situation.
In particular, the government have been claiming that logs of accesses to web sites are communications data. I would contend that the wording of the Bill limits this just to who visited which site, and does not extend to the identity of the pages downloaded.
Perhaps it is something like the following. Plod has visited Isaac on
some pretext.
Plod | Nice set-up you have here. |
Isaac | Yes indeed. We have to have the most up to date equipment in order to provide a full service to our customers. |
FX | Just then, Plod forces open the drawer of Isaac's desk (with a jemmy he happens to be carrying), extracts a paper containing "interesting" communications data, takes out his camera and photographs it. |
Isaac | What the Hell do you think you are doing? |
Plod | Obtaining and photographing this communications data. I have been authorised, by a person designated by the Secretary of state (S24:(2)), to engage in such conduct in accordance with S21:(3). |
Isaac | The Heck you have. You have just committed a criminal act. I shall call the Police. |
Plod | I am the Police. And, in any case, S20:(2) of the Act renders my "criminal act", as you choose to call it, "lawful for all purposes". |
Isaac | In any case, that is OUR information. You have breached OUR copyright. Let me have the film out of that camera immediately, or I shall sue you in Court. |
Plod | No you won't, because S20:(3)(a) explicitly excludes me from any civil liability. |
But if such conduct is not intended (and I hope it isn't), then what scenarios are envisaged by S21:(3), which seems to allow Plod to obtain communications data without troubling Isaac? Where else is he supposed to get it from?
And how can the Bill be compatible with the ECHR if it permits such abuses?
See amendments C20(2)
and C21(3)
for an extreme cure
and C20(2)a for a less extreme
cure.