« Some privacy and security improvements to the NetIDme website | Main | Criminal Records Bureau Enhanced Disclosures and the ACPO "step down model" for the Police National Computer »

Scrambling for Safety 8 - meeting some interesting and influential people

On Monday, Spy Blog attended the Scrambling for Safety 8 conference, held at University College London, during which the public consultation on the Regulation of Investigatory Powers Act 2000 (RIPA) Part III on Government Access to Encryption Keys and the RIPA Part 1 Chapter II public consultation on Communications Traffic Data, were discussed by eminent experts, before an extremely well informed audience.

In the pub afterwards, Spy Blog managed to chat with Members of the House of Lords, academics, internet and telecomms experts, cryptographers, technical journalists, privacy and human rights campaigners, and Home Office civil servants and some fellow political bloggers. We missed out on talking with other interesting people such as members of the Police who deal with child porn investigations, and a RIPA Commissioner (?), and someone from the Financial Services Authority, all of whom will be affected by this proposed legislation.

Given the potential multi-billion pound impact of this legislation on the United Kingdom economy, on law and order, and on individual human rights, it is worth examinining in detail, exactly what is being proposed, since the consquences of getting the checks and balances wrong, will be immense.

The agenda and the slides from some of the talks are now online at the Foundation for Information Policy Research website

Our elected Members of Parliament have proven themselves to be incapable of understanding most of the complex technical and ethical issues involved, without being briefed by some of the knowlegable people in the Scrambling for Safety audience.

Even then, they managed to let through the amendments to RIPA in the Terroism Act 2006, with virtually no debate at all, although the Conservative and Liberal Democrat opposition spokesmen did realise that Parliament was voting to increase the criminal penalties of a bit of criminal legislation which had lain dormant and unenacted on the Statute Book for over 5 years, despite it having been rushed through at the time, with curtailed scrutiny and debate.

See our mini-blogs if you want to contribute comments (anonymously if you prefer) to our planned submissions to these Public Consultations, or send in your own submissions, which formally close at the end of this month. Simon Watkin, the senior Home Office civil servant in charge of these consultations did intimate that he would be open to representations for some time after that, presumably until the Draft Codes of Practice are presented to Parliament in the Autumn. If only the other parts of the Home Office empire were as reasonable and open to well informed debate and consultation.

It is hard to estimate just how infliuential the Scrambling for Safety conferences have been over the years. Their audiences have provided most of the heavyweight intellectual and technical analysis in opposition to the dubious "technological magic fixes for social and political problems" which this Labour Government (and the previous Conservative one) have been trotting out over the years, including, for example, the ill conceived compulsory centralised biometric database national Identity Register and ID Cards scheme.

However, the Labour Government has nevertheless succeeded in churning out badly draughted legislation and ineffective polices, despite losing the technological, intellectual and moral arguments.

Comments

I was rather interested in meeting you there, but alas, our paths never crossed. I agree that, as with the ID card bill, the government(or more precisely Tony Blair) may completely ignore the arguments and just proceed anyway. Either way, the speakers at the meeting were excellent and the event overall was fantastic.


As seems to be the norm for this most stupid of governments, we're likely just to get a show of "listening to comments", then they fools will go right back and do what they wanted to do in the first place, regardless of the utter stupidity of the act.

Most modern encryption systems are very, very carefully designed to be as hard to crack as they can be; OpenSSH for instance explicitly keeps session keys in memory and disgards them as a session terminates to prevent their use in decrypting a sniffed session.

Twin-key encryption is designed to be highly infeasible to decrypt, provided secure passphrases are given. Ditto for disk volume encryption, the most likely thing police are likely to want to break.

So, if a policeman does get into the situation of having a suspected paedophile on his hands, where the only evidence is locked in an encrypted volume on a disk and the suspect claims to have forgotten the passphrase. At this point, what can that policeman actually do?

The answer is, not a great deal. Yes, he can rant and rave and threaten the suspect with the RIP Act, but this is a paper tiger compared to what'll happen if the volume actually has prohibited material in it. Odds are any sane suspect will simply sit tight and repeat the words "No comment" over and over.

This is the root of the issue. The Government cannot bear the fact that physical laws and human ingenuity can make it impossible to decrypt information; that in effect a criminal can sit and laugh at them and they can do nothing to that criminal. So, they are merely doing what any irritated government does in the circumstances: blow smoke, make noise and hope that the proles wilt before the force of this fury.

It won't work on the criminals, but it will make life a lot more difficult for a lot of completely innocent people, and stands a fair chance of convicting people for having done no wrong at all.

This, then, is what is so evil about the RIP Act.


Post a comment