Re: TechWeb 10/2/2000: "E-Spying Bill Called 'Escrow By Intimidation'"

2000-02-14 Thread Ian BROWN

>A question on UK legislative terminology:
>Does "published a bill" mean that Parliament approved it?
>Or does it just mean that the ministers are proposing this law
>that they'd _like_ to get Parliament to pass, but it
>hasn't been passed yet?

The latter. A Bill becomes an Act once it has been approved by Parliament. 
However, the Labour government has a large majority (179 as I recall) and is 
ferocious in forcing its MPs to vote the way it wants. This parliamentary 
term, even more than Margaret Thatchers' in the 80s, has been a a real 
demonstration of an "elective dictatorship" in action.

One of our few consolations is that the government has brought the European 
Convention on Human Rights into domestic law, which provides at least some 
remedy against over-encroachment of government power -- though far less than 
the US Constitution.

Ian :)




Re: TechWeb 10/2/2000: "E-Spying Bill Called 'Escrow By Intimidation'"

2000-02-14 Thread Bill Stewart

A question on UK legislative terminology:
Does "published a bill" mean that Parliament approved it?
Or does it just mean that the ministers are proposing this law
that they'd _like_ to get Parliament to pass, but it
hasn't been passed yet?

At 08:20 AM 02/11/2000 -, Caspar Bowden wrote:
>http://www.techweb.com/wire/story/TWB2210S0005
>E-Spying Bill Called 'Escrow By Intimidation'
>(02/10/00, 12:58 p.m. ET) By Madeleine Acey, TechWeb
>
>The British government published a bill Thursday to update law enforcement's
>interception powers to include communications made via company networks and
>ISPs.
>
>The legislation was immediately slammed as threatening human rights and
>labelled "key escrow through intimidation" by Internet think tank the
>Foundation For Information Policy Research (FIPR). Key escrow is a failed
>policy by which users of encryption software lodge copies of security keys
>with third parties approved by government.
..

Thanks! 
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639



TechWeb 10/2/2000: "E-Spying Bill Called 'Escrow By Intimidation'"

2000-02-11 Thread Caspar Bowden

http://www.techweb.com/wire/story/TWB2210S0005
E-Spying Bill Called 'Escrow By Intimidation'
(02/10/00, 12:58 p.m. ET) By Madeleine Acey, TechWeb

The British government published a bill Thursday to update law enforcement's
interception powers to include communications made via company networks and
ISPs.

The legislation was immediately slammed as threatening human rights and
labelled "key escrow through intimidation" by Internet think tank the
Foundation For Information Policy Research (FIPR). Key escrow is a failed
policy by which users of encryption software lodge copies of security keys
with third parties approved by government.

"This law could make a criminal out of anyone who uses encryption to protect
their privacy on the Internet," said FIPR director Caspar Bowden.

Following the recent liberalization of U.S. encryption software export laws,
as tens of thousands of ordinary computer users start to use encryption, a
test case looks inevitable.

Requiring someone to prove they did not possess a key would likely be a
breach of the European Convention of Human Rights, FIPR and civil rights
group Justice concluded.

"The DTI [Department of Trade and Industry] jettisoned decryption powers
from its E-communications Bill last year because it did not believe that a
law which presumes someone guilty unless they can prove themselves innocent
was compatible with the Human Rights Act," Bowden said. "The corpse of a law
laid to rest by [trade secretary] Stephen Byers has been stitched back up
and jolted into life by [home secretary] Jack Straw."

Straw insisted the Regulation of Investigatory Powers Bill ensure citizens'
privacy and comply with the European Court on Human Rights.

He said the interception methods of the past "sometimes led to serious
miscarriages of justice" and that the bill would more closely regulate law
enforcement and security agencies' activities.

Straw added that interception of telecommunications was only legislated for
in 1985.

"There was only one completely dominant [telecom] provider and only
landlines," he said. "No pagers, no mobiles, no e-mail, no Internet, no
encryption. The change in the telecom landscape in less than a generation
has been revolutionary. We have to ensure that the legislation keeps pace."

Straw said interception played a vital role in the fight against terrorists
and encryption "can be misused to devastating effect by criminals, not least
in attempts by pedophiles to conceal their activities on the Internet."
However, in submissions to the DTI last year, IT industry figures -- used as
expert witnesses by law enforcement -- said encryption had never thwarted
police attempts to crack encrypted files, and in some cases, the accused had
handed keys over voluntarily.

When asked at the time, security and police agencies, including the FBI,
were unable to show any case where encryption had been a barrier to
convicting a criminal.

FIPR's Bowden said the Bill incorporated some changes to draft legislation
to address previous criticisms. But, he said this was mere "window
dressing".

"To prove noncompliance with a notice to decrypt, the prosecution must prove
a person 'has or has had' the key," Bowden said. "This satisfies the
objection to the case where a person may never have had the key but leaves
unchanged the essential reverse-burden of proof for someone who has
forgotten or irreplaceably lost a key."