UK Investigatory Powers Bill

keith gnupg at soondae.co.uk
Wed May 4 19:04:55 CEST 2016 

.. I should really sort out which e-mails I have a clue about..

On Wed, 2016-05-04 at 16:30 +0100, Steve Karmeinsky wrote:
> On Wed, May 04, 2016 at 03:38:18PM +0100, keith wrote:
> 
> > This UK legislation will have impact elsewhere.
> 
> Currently encryption isn't banned, however say you encrypt an email and
> send it to someone and the 'authorities' want to read it, they can then
> force you to hand over the keys and if you refuse, you go to jail until
> you do ...
> 
> There are other major issues like equipment interference and bulk
> interception to name a few.
> 
> Steve
> 

Thanks..

Having listened further, I was just going through it when I posted my
original message.. and gone to Hansard,

http://www.publications.parliament.uk/pa/cm201516/cmpublic/InvestigatoryPowers/160503/am/PBC_Investigatory%20Powers%2015th%20sit%20(am)%203.5.16.pdf

..There should be a linkable online version somewhere but my skills are
broken..

>From Page 14 of 20, [651|652]

"Joanna Cherry: I am sorry to interrupt the Solicitor
General’s flow, but I sense he is coming to the end of his
argument. Will he clarify something? Am I right in
understanding that there is nothing in the clause to
prevent someone who is intent on evading surveillance
from using open-source encryption software that is
personally generated by the user? That would mean
they could encrypt files and email communications
themselves, independent of any provider, and therefore
remain untouched by this legislation.

The Solicitor General: That question is about the
definition of the provider. I am sure we will be able to
provide some clarity on that before I draw my remarks
to a conclusion. I am grateful to the hon. and learned
Lady for raising that point.

-
-

The hon. and learned Lady made the powerful point
that the clause does not relate to personally applied
encryption. However, measures in part 3 of RIPA 2000
provide for where law enforcement agencies can require
an individual to remove encryption that he or she has
applied themselves. We know that the Bill generally
does not cover all the agencies’ powers. This is perhaps a
welcome opportunity to remind ourselves of the existing
provisions in part 3, so I am grateful to her."

Then as you suggest they are relying on or appear to be relying upon
RIPA 2000 whereby the person who applied the original encryption can be
'forced' to hand over their keys.

Being me I still would not trust them to not be seeking ways or means to
back door encryption. It's got something to do with their lips
moving :-)

I also note your point about equipment interference and bulk
interception. You can add ICRs and indeed the rest of the bill to the
list of concerns. Personally I almost realise that some of this may be
needed and/or indeed necessary but I am concerned that the direction and
level of intrusion might be misplaced.

Regards

Keith

More information about the Gnupg-users mailing list