"All Your Encryption Keys Are Belong To Us" - RIPA Part III to come into force on 1st October 2007
Almost a year since the Public Consultation held last summer, and over 7 years since the legislation was passed, the Home Office the seems to be intent on bringing the controversial Regulation of Investigatory Powers Act 2000 Part III - Investigation of Electronic Data Protected by Encryption etc. into force on 1st October 2007.
- See the relevant Home Office Encryption Code of Practice web page.
Draft Statutory Instrument 2007 No. -
The Regulation of Investigatory Powers (Investigation of Protected Electronic Information: Code of Practice) Order 2007- The full text of the Investigation of Protected Electronic Information Dreft Code of Practice (.pdf 51 pages)
- See also our RIPA3 sub-blog which helped to gather some responses to last summer's public consultation.
It does seem that some of our (and obviously other people's suggestions) have been listened to, but some sensible , practical ones have been ignored:
The published Draft Code of Practice puts the National Technical Assistance Centre (which is no longer part of the Home Office bureaucratic empire, but has been absorbed by GCHQ under the Foreign and Commonwealth Office) firmly in the role of a SIngle Point of Contact (SPoC), through which all requests for Encryption Keys or plaintext material de-crypted material has to be approved by, in an analogous manner to the SPoC concept used in practice for several years regarding Communications Traffic Data requests.
If NTAC are sane and professionally competent, they will publish a public PGP Signature Key for their email address, and set up a contact website indexable by search engines, with an SSL/TLS protected web contact form and official 24 hour contact telephone numbers.
NTAC may be contacted at: ripaiii@ntac.gsi.gov.uk
Even though there is still no explicit mandatory use of DIgital Signatures to help with rapid authentication, especially outside of normal office hours, of Section 49 Disclosure Notices, this could perhaps happen in practice:
4.22 It is essential that any person who is given a notice is able to confirm its authenticity should they need to do so. Where such assurance is required the person given notice or their professional legal adviser should contact NTAC to seek confirmation that the notice is authentic and lawful. Doing so will not breach any secrecy requirement of the notice.[...]
4.26 Public authorities must provide a means for authenticating any notice they give at whatever time the notice is given.
[...]
Incredibly, and despite our suggestions via the public consultation process, this Draft Code of Practice still does not mandate the use of UK Government Approved Cryptography e.g. Kilgetty,or similar commercial products, to protect either disclosed cryptographic key material or plaintext disclosed "intelligible material" in transit.
We foresee future scandals involving the accidental loss or theft of portable computers or USB memory stick devices etc. containing such sensitive material.
The amendment to RIPA brought in by the controversial terrorism Act 2006, which increased the penalty for "national security investigations", does not have any extra safeguards introduced by this Draft Code of Practice, except to stste the primacy of MI5 and Scotland Yard's Counter Terrorism Command, over other public bodies which may wish to invoke the magic words "national security".
There is still no clarification of how a regulated financial industry or e-commerce company is meant to cope with the optional secrecy and anti-tipping off demands under RIPA Part III, which may well be in conflict with the unlimited financial snooping powers granted to the Treasury by the then Chancellor Gordon Brown last year.
Comments
The UK government is going to deprive honest an law-abiding citizens of their liberties while criminals can carry on theirs businesses as usual, with just a little software upgrade.
Free software like TrueCrypt can conceal encrypted material in a way that prevent its detection.
In case the Police forces you to reveal your password, TrueCrypt provides and supports two kinds of "plausible deniability":
1. Hidden volumes. The principle is that a TrueCrypt volume is created within another TrueCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it is impossible to prove whether there is a hidden volume within it or not, because free space on any TrueCrypt volume is always filled with random data when the volume is created* and no part of the (dismounted) hidden volume can be distinguished from random data. Note that TrueCrypt does not modify the file system (information about free space, etc.) within the outer volume in any way.
2. It is impossible to identify a TrueCrypt volume. Until decrypted, a TrueCrypt volume appears to consist of nothing more than random data (it does not contain any kind of "signature"). Therefore, it is impossible to prove that a file, a partition or a device is a TrueCrypt volume or that it has been encrypted.
FreeOTFE also offers similar features.
Off-the-Record (OTR) Messaging, offers true deniability for instant messaging.
Posted by: Bril | July 6, 2007 5:42 PM
TrueCrypt provides an “aleatory” defence against RIPA, and, indeed, against any similar legislation. This defence works because TrueCrypt makes encrypted material indistinguishable from pseudo-random data. And before the authorities can insist that you hand over an encryption key, they would first be obliged to prove to the satisfaction of a court that you were in possession of encrypted material. Depending on how TrueCrypt is set up it might be obvious that you have some pseudo-random data in an atypical location on your computer, and you might well be asked how it got there. Now, there are many computer processes that produce pseudo-random data, and you are not obliged by the legislation to account for the origins of every file on your computer that contains such data—given the tens of thousands of files on the average PC this would be an impossible task. However, TrueCrypt can also provide you with an excellent and highly plausible reason as to why you possess such a file of pseudo-random data irrespective of where it is found.
Posted by: Bril | July 6, 2007 5:47 PM
Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR provides perfect forward secrecy and deniable encryption.
1. Perfect forward secrecy: Messages are only encrypted with temporary per-message AES keys, negotiated using the Diffie-Hellman key exchange protocol. The compromise of any long-lived cryptographic keys does not compromise any previous conversations, even if an attacker is in possession of ciphertexts.
2. Deniable authentication: Messages in a conversation do not have digital signatures, and after a conversation is complete, anyone is able to forge a message to appear to have come from one of the participants in the conversation, assuring that it is impossible to prove that a specific message came from a specific person.
Posted by: Bril | July 6, 2007 5:49 PM
I believe it is also possible to use DriveCrypt Plus Pack to achieve "plausible deniability"
DCPP is supposed to enable the user to hide an entire operating system inside the free disk space of another operating system. Two passwords are required: One password is for the visible operating system, the other for the invisible one. The first "fake" password grants access to a pre-configured operating system (outer OS), while the other gives grants access to the real working operating system. This functionality is extremely useful if the user fears that someone may force them to provide the DCPP password; in this case, the user simply gives away the first (fake) password so that the snoop will be able to boot into the system, but only see the prepared information that they wishes them to find. The attacker will not be able to see any confidential and personal data and he will also not be able to understand that the machine is storing one more hidden operating system. On the other hand, if the user enters the private password (for the invisible disk), the system will boot a different operating system (the working system) giving the user the access to all the confidential data.
The creation of a hidden operating system is not obligatory and as such, it is not possible for anyone who does not have the hidden OS password to know or find out, if a hidden operating system exists or not.
Posted by: Bril | July 6, 2007 5:52 PM