« Over 1000 days waiting for a Freedom of Information Act disclosure | Main | Home Secretary Jacqui Smith cripples the Data Protection Act regarding the London Congestion Charge ANPR Mass Surveillance scheme »

RIPA Part III is now in force - is there a Section 49 Notice being served to grab your Decryption Keys ?

October 1st 2007 is another milestone in the British State Surveillance, when some more of the authoritarian and repressive Labour Government's snooping policies come into legal force. Why were the Opposition parties so feeble and ineffective when these horribly complicated and bureaucratic yet draconian laws and secondary legislation were meant to have been properly scrutinised by Parliament ?

Firstly, Communication Traffic Data, initially for mobile phones and landline telephones and faxes etc. is to be retained by the telecommunications network providers for at least a year i.e. far longer than would otherwise be legal to do so once they have no legitimate business use for the data such itemised phone bills which have been paid.

This extension of the Regulation of Investigatory Powers Act 2000 Part II, which has been in force for years, will obviously take a few weeks or months to start to affect the millions of innocent people whose privacy and security is being put at risk "just in case" there may be some unspecified criminal investigation or intelligence agency snooping in the future

However, there is now a further immediate potential threat to your privacy, security and online financial transactions and money, namely Government access to encryption keys or decrypted data, under the Regulation of Investigatory Powers Act Part III Section 49 Disclosure Notices:

Incredibly, this bit of law, which has lain dormant on the statute books for over 7 years, was amended by the notorious Terrorism Act 2006, so that the penalty for refusing to disclose your secret cryptographic Decryption Key(s) or to provide plaintext decrypted versions of the protected data, has been increased from 2 years in prison to 5 years in prison for catch all and undefined "national security investigations". Since the penalties for terrorism or espionage are longer than this, how is this anything but gesture politics ?

There is also the provision for a "tipping off " offence, again, punishable by up to 5 years in prison, if the law enforcement or intelligence agency bureaucrats tick the "secrecy" box on the still as yet undefined format of a Section 49 Notice demanding your cryptographic keys etc.

It sjhould also be remembered that RIPA Part III also makes the Police or Intelligence Agenciy staff legally liable for breaches of the security of seized cryptographic keys or the protected material disclosed under a Section 49 order.

Even though our good advice during the alleged public consultation on the Code of Practice last year has been ignored, we still feel that is is vital that any such cryptographic keys and / or protected plaintext data should itself be encrypted using UK Government approved cryptography or even reasonable commercially or freely available cryptography, especially when on removable media or laptop computers or when transfered via the internet or WiFi etc

If there are any lost or stolen or computer malware infected laptop computers or removable media or USB flash memory devices or plaintext email attachments or data transfers or data backups etc, then those individuals responsible and their bosses, should be prosecuted for malfeasance in public office, and be made to pay financial compensation and damages to anyone whose innocent data, intellectual property or electronic money etc. has been compromised or put at risk.

If, say, the private encryption key for the SSL / TLS Digital Certificate for an e-commerce or internet banking website is compromised by negligent data handling following a RIPA Section 49 Notice, then the amount of damages which a Court might award could run into millions of pounds.

See our sub-blog published last summer during the so called public consultation process on the Code of Practice for RIPA Part III

Please contact us if you are served with a RIPA Section 49 notice, (obviously not if it has a secrecy rider), as we would like to be able to recognise a genuine one, to differentiate it from the inevitable "phishing" scams which will seek to exploit the secrecy and unfamiliarity of the public and commercial with such Notices.

We demand that the RIPA Commissioners, the Home Office and the supposed Single Point of Contact, the National Technical Assistance Centre (now under the management of GCHQ and the Foreign Office) should keep records of, and provide a breakdown of the actual numbers of RIPA Section 49 Notices which have been served. These figures should include how many Section 49 Notices have the "tipping off" secrecy requirement, and how many, according to the Code of Practice, have required that the Financial Services Authority be informed (e.g. when obtaining financial services cryptographic keys).



Posted by on October 1, 2007 12:01 AM |

Comments

Now I have become very confused. Does this recording and holding of communications data apply only to outgoing calls? Or are they having to collect incoming call information as well? Even though there is absolutely no business need to collect such information for landline calls.

Posted by: Yokel | October 1, 2007 12:39 PM

@ Yokel - yes it does. There is no "business case" for any of the following data to be retained for a year, especially after the bills have been paid ok, so it all would have been illegal under the data Protection Act principle of no excessive storage or processing, hence the new legislation.

http://www.opsi.gov.uk/si/si2007/20072199.htm

Data to be retained 5. —(1) The following data concerning fixed network telephony and mobile telephony generated in the United Kingdom must be retained in accordance with regulation 4(1):

(a) the telephone number from which the telephone call was made and the name and address of the subscriber and registered user of that telephone;

(b) the telephone number dialled and, in cases involving supplementary services such as call forwarding or call transfer, any telephone number to which the call is forwarded or transferred, and the name and address of the subscriber and registered user of such telephone;

(c) the date and time of the start and end of the call; and

(d) the telephone service used.

(2) The following data concerning mobile telephony must be retained in accordance with regulation 4(1):

(a) the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI) of the telephone from which a telephone call is made;

(b) the IMSI and the IMEI of the telephone dialled;

(c) in the case of pre-paid anonymous services, the date and time of the initial activation of the service and the cell ID from which the service was activated;

(d) the cell ID at the start of the communication; and

(e) data identifying the geographic location of cells by reference to their cell ID.

They (i.e. the UK Labour Government during their presisdency of the European Union when they pushed this onto the rest of the European Union) also wanted this data to include "uncompleted calls" as well - everyone (not just criminal suspects under active investigation) seems to be suspected of sending a covert subliminal channel signal by, say, hanging up after three rings, without the other party actually picking up the handset, rather than the vast majority of cases where this is simply due to a human or technical error.

That provision seems to have been lost, in what may be the only small victory for common sense during the passage through the European Parliament.

Remember that there is other Communications Traffic Data wich can be obtained under RIPA, which may or may not be available for a year after the call has been made.

Internet and VOIP telephony Communications Traffic Data is planned to be similarly retained from 2009.

Posted by: wtwu | October 1, 2007 1:46 PM

TrueCrypt thrawts RIPA III

The UK government is going to deprive honest an law-abiding citizens of their liberties while criminals can carry on theirs businesses as usual, with just a little software upgrade.

Free software like TrueCrypt can conceal encrypted material in a way that prevent its detection.

In case the Police forces you to reveal your password, TrueCrypt provides and supports two kinds of "plausible deniability":

1. Hidden volumes. The principle is that a TrueCrypt volume is created within another TrueCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it is impossible to prove whether there is a hidden volume within it or not, because free space on any TrueCrypt volume is always filled with random data when the volume is created* and no part of the (dismounted) hidden volume can be distinguished from random data. Note that TrueCrypt does not modify the file system (information about free space, etc.) within the outer volume in any way.

2. It is impossible to identify a TrueCrypt volume. Until decrypted, a TrueCrypt volume appears to consist of nothing more than random data (it does not contain any kind of "signature"). Therefore, it is impossible to prove that a file, a partition or a device is a TrueCrypt volume or that it has been encrypted.

FreeOTFE also offers similar features.

Off-the-Record (OTR) Messaging, offers true deniability for instant messaging.

Posted by: Anon | October 1, 2007 4:53 PM

TrueCrypt's "aleatory" defence against RIPA

TrueCrypt provides an "aleatory" defence against RIPA, and, indeed, against any similar legislation. This defence works because TrueCrypt makes encrypted material indistinguishable from pseudo-random data. And before the authorities can insist that you hand over an encryption key, they would first be obliged to prove to the satisfaction of a court that you were in possession of encrypted material. Depending on how TrueCrypt is set up it might be obvious that you have some pseudo-random data in an atypical location on your computer, and you might well be asked how it got there. Now, there are many computer processes that produce pseudo-random data, and you are not obliged by the legislation to account for the origins of every file on your computer that contains such data given the tens of thousands of files on the average PC this would be an impossible task. However, TrueCrypt can also provide you with an excellent and highly plausible reason as to why you possess such a file of pseudo-random data irrespective of where it is found.

Posted by: Anon | October 1, 2007 4:54 PM

Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR provides perfect forward secrecy and deniable encryption.

1. Perfect forward secrecy: Messages are only encrypted with temporary per-message AES keys, negotiated using the Diffie-Hellman key exchange protocol. The compromise of any long-lived cryptographic keys does not compromise any previous conversations, even if an attacker is in possession of ciphertexts.

2. Deniable authentication: Messages in a conversation do not have digital signatures, and after a conversation is complete, anyone is able to forge a message to appear to have come from one of the participants in the conversation, assuring that it is impossible to prove that a specific message came from a specific person.

Posted by: A Non | October 1, 2007 4:56 PM

DriveCrypt Plus Pack and "plausible deniability"?

I believe it may also be possible to use DriveCrypt Plus Pack to achieve "plausible deniability"

DCPP is supposed to enable the user to hide an entire operating system inside the free disk space of another operating system. Two passwords are required: One password is for the visible operating system, the other for the invisible one. The first "fake" password grants access to a pre-configured operating system (outer OS), while the other gives grants access to the real working operating system. This functionality is extremely useful if the user fears that someone may force them to provide the DCPP password; in this case, the user simply gives away the first (fake) password so that the snoop will be able to boot into the system, but only see the prepared information that they wishes them to find. The attacker will not be able to see any confidential and personal data and he will also not be able to understand that the machine is storing one more hidden operating system. On the other hand, if the user enters the private password (for the invisible disk), the system will boot a different operating system (the working system) giving the user the access to all the confidential data.

The creation of a hidden operating system is not obligatory and as such, it is not possible for anyone who does not have the hidden OS password to know or find out, if a hidden operating system exists or not.

Posted by: A non | October 1, 2007 4:57 PM

@ Anon - regarding "Off-the-Record Messaging" what is the difference between "deniable authentication" and "plaintext" i.e. no encryption or digital signature at all ?

Posted by: wtwu | October 2, 2007 12:50 AM

4 persone will left the oman(jordan) airprt today are next this 3girle s and 1 man they going to europe uk fisrt and the man is ahmad sadek ibrahem he contact with terroriest organzation .he unlegal.

Posted by: fathy | October 2, 2007 10:00 AM

So, being in possession of a random sequence (theoretically indistinguishable from an encrypted message) puts me at risk of serving 5 years?

Even worse actually.
If they find random data in my hard disk and I cannot convince the court that it's not what they think it is, I get 5 years.
If I fail to convince the court that I genuinely forgot the password, I get 5 years.
If a terrorist can convince the court that the encrypted instructions for an attack is just random noise, he is unaffected by this legislation.

What a bunch of clowns.

Posted by: Feek | October 4, 2007 12:14 PM

There's a posting on indymedia from someone who claims to have been required to reveal encryption keys: http://www.indymedia.org.uk/en/2007/11/385589.html

Posted by: Nur Mi | November 11, 2007 9:16 PM

There is a discussion thread entitled "RIP in action" about some of the issues raised in this Indymedia report on the UK Crypto email list.

Posted by: wtwu | November 12, 2007 11:36 PM

FreeOTFE and FreeOTFE4PDA v3.00 released (16th December 2007)

WWhile remaining easy to use, FreeOTFE's features list includes:

* Source code freely available
* Easy to use; full wizard included for creating new volumes
* Data encrypted on your PC can be read/written on your PDA, and vice versa
* Powerful: Supports numerous hash/encryption algorithms, and provides a greater level of flexibility than a number of other (including commercial!) OTFE systems
* Hash algorithms include: MD5, SHA-512, RIPEMD-160, Tiger and many more
* Cyphers include AES (256 bit), Twofish (256 bit), Blowfish (448 bit), Serpent (256 bit) and many more
* Cypher modes supported include CBC, LRW and XTS (including XTS-AES-128 and XTS-AES-256)
* "Portable mode" included; FreeOTFE doesn't need to be installed before it can be used - making it ideal for carrying your data securely on USB drives!
* Operates under both PC (MS Windows 2000/XP) and PDA (Windows Mobile 2003/2005 and Windows Mobile 6) platforms
* Linux compatibility (Cryptoloop "losetup", dm-crypt and LUKS supported)
* "Hidden" volumes may be concealed within other FreeOTFE volumes, providing "plausible deniability"
* FreeOTFE volumes have no "signature" to allow them to be identified as such
* Encrypted volumes can be either file or partition based.
* Modular design allowing 3rd party drivers to be created, incorporating new hash/cypher algorithms
* Decryption software available to improve transparency, and allow even the most junior software engineer to prove data is being encrypted correctly
* Supports password salting (up to 512 bits), reducing the risks presented by dictionary attacks.
* Allows users to backup and restore the critical areas of volume files.
* Keyfile support included; store volumes and their associated metadata separately.
* Uses per-sector IVs, including support for ESSIV
* Volume file timestamps and attributes are reset after dismounting, increasing "plausible deniability"
* Supports volumes files up to 2^63 bytes (8388608 TB)
* Naturally, fully supported by SecureTrayUtil.
* Plus more...!

Posted by: A. Non | December 19, 2007 5:29 PM

Post a comment