« KEEPING OF RECORDS paras 7.1 to 7.3 | Main | Procedures for dealing with disclosed intelligible material para 8.12 »

PROCEDURES FOR DEALING WITH DISCLOSED MATERIAL paras 8.1 to 8.11

PROCEDURES FOR DEALING WITH DISCLOSED MATERIAL

Procedures for dealing with disclosed key material

8.1 The Act clearly indicates[18] that it is the duty of every person[19] whose officers or employees include persons with duties that involve the giving of section 49 notices to ensure that arrangements are in force to safeguard keys and key material obtained by the imposition of disclosure requirements.

      • [18] Section 55 of the Act.
      • [19] In particular the Secretary of State and every other Minister of the Crown in charge of a government department, every chief officer of police, the Director General of the Serious Organised Crime Agency and the Commissioners of Revenue and Customs.

8.2 Such persons should ensure necessary arrangements are in force:

  • that any disclosed key is used only for obtaining access to, or putting into intelligible form, protected information described in the notice as a result of which the key was disclosed (or could have been described in such a notice had the key not already been disclosed);
  • that the use of any disclosed key is reasonable with regard both to the uses to which the person with the key is entitled to put any protected information to which the key relates and to the other circumstances of the case (in other words only reasonable use may be made of any disclosed key);
  • that the use of and retention of any disclosed key is proportionate to what is sought by its use or retention, and where any key is retained, its retention must be reviewed at appropriate intervals to confirm that the justification for its retention remains valid (otherwise it should be destroyed);
  • that the number of persons to whom any disclosed key is made available and the number of copies made of the key, if any, are each limited to the minimum necessary for the purpose of putting the protected information in an intelligible form;
  • that any disclosed key is stored, for as long as it is retained, in a secure manner. The appropriate level of security for any disclosed key should be proportionate to intrinsic or financial value or to the sensitivity of the information protected by the key;
  • that all records of any disclosed key are destroyed as soon as the key is no longer required for the purpose of enabling protected information to be put into an intelligible form.[20]

      • [20] See paragraph 8.10

8.3 Such arrangements shall be recorded in writing setting out provision for the disclosure, copying, storage and destruction of any disclosed key material, and shall be agreed with the appropriate Commissioner.

8.4 Extra care and security should be afforded to a key (a 'multi-use key') that has been used to protect information in addition to the protected information in the possession of the public authority or likely to come into its possession. Even though a person given notice is able to choose which key to disclose, they may disclose a multi-use key. The person to whom disclosure is made should so far as is practicable ensure that if a multi-use key is disclosed he is aware of that and can protect the key appropriately.

8.5 Key material must be stored in a physically secure way such that it cannot be accessed through any means other than physically. For example the use of a floppy disk or USB stick may be appropriate but a laptop would not as it could theoretically be accessed remotely.

8.6 Data should be secured behind an appropriate number of security zones using, where possible, different methods of security. For example material requiring the highest level of security should be stored in a combination safe, inside a locked store in an access controlled office which itself is within a 24 hour guarded building. Access to the data should not be possible by one person acting alone, requiring at least two people to have to conspire to unlawfully use any key. For example the combination to a safe in a locked store should not be known by a key holder of the store.

8.7 Where keys or copies of keys are made available to a person other than the person to whom the key was disclosed a full audit trail must be maintained and be available for inspection by the appropriate Commissioner.

8.8 The number of persons to whom the detail of any key or the fact of possession of a disclosed key is made available must be limited to the absolute minimum necessary to allow protected information to be made intelligible.

8.9 Neither the key, the detail of any key, nor the fact of possession of a key may be disclosed to any person unless that person's duties are such that he (or she) needs to know the information to carry out his (or her) duties. This obligation applies equally to disclosure to additional persons within an agency or public authority, to disclosure outside the agency or public authority and to any data processing facility.

8.10 Under normal circumstances where protected information is put into an intelligible form using a disclosed key, and that intelligible information is used in evidence or is disclosed in criminal proceedings, copies of the key will similarly be required for evidential or disclosure purposes.

8.11 Where a requirement for disclosure of a key is necessary in relation to protected information obtained in exercise of a statutory power, that key will be handled with the due care and attention required for any sensitive or valuable evidential material. It shall be the duty of the person to whom the key is disclosed or the official in charge of any processing facility to afford it a higher level of security if that is necessary in the particular circumstances of the case and to protect the key material from unauthorised disclosure.

Comments

8.5 Key material must be stored in a physically secure way such that it cannot be accessed through any means other than physically. For example the use of a floppy disk or USB stick may be appropriate but a laptop would not as it could theoretically be accessed remotely.

8.6 Data should be secured behind an appropriate number of security zones using, where possible, different methods of security. For example material requiring the highest level of security should be stored in a combination safe, inside a locked store in an access controlled office which itself is within a 24 hour guarded building. Access to the data should not be possible by one person acting alone, requiring at least two people to have to conspire to unlawfully use any key. For example the combination to a safe in a locked store should not be known by a key holder of the store.


Why does this Code of Practice therefore not explicitly require that UK Government Approved Cryptography, like for example, Kilgetty, must be used to protect such seized Keys or Data stored on laptop computers, USB memory sticks, and other removable media etc. ?

Why should anyone have any confidence in the data security procedures outlined in this section of the Code of Practice, when, for example, the Metropollitan Police Anti-terroism squad to lose a rucksack full of papers and files relating to ongoing terrorism investigations ?

A laptop computer protected by Kilgetty or other hard disk encryption would have been less of a risk, even if lost or stolen, than a rucksack full of papers.

Bag holding police anti-terror files lost in street

Rucksack had details of suspects and plots
ยท Met imposes strict new rules on sensitive material

Hugh Muir, Sandra Laville and Richard Norton-Taylor
Monday June 26, 2006
The Guardian

Anti-terrorist police have been ordered to revamp security procedures after a bag containing details of bomb plots and suspects identified for surveillance was lost in the street.

The Metropolitan police commissioner, Sir Ian Blair, has imposed strict new rules on the carrying of sensitive material after files were accidentally lost in a rucksack in south-east London. Sources yesterday told the Guardian the files held important information and that anti-terrorist officers were desperate to get them back before they fell into the wrong hands.

[...]