COE Recommendation No. R (95) 13
This is that Council of Europe "Ban Crypto" paper. It is of course nothing like what it is claimed to be http://www.privacy.org/pi/intl_orgs/coe/info_tech_1995.html In particular: 6. The law should permit investigating authorities to avail themselves of all necessary technical measures that enable the collection of traffic data in the investigation of crimes. "COLLECTION" - not comprehension 8. Criminal procedure laws should be reviewed with a view to making possible the interception of telecommunications and the collection of traffic data in the investigation of serious offenses against the confidentiality, integrity and availability of telecommunications or computer systems. This is simply to fix the German data protection laws and similar, some of which might prevent a sysop monitoring a hacker on a system they were hacking. I think the majority of the text is well thought out and very much in line with what we would want. The piece on encryption is a cop out to please the French and Dutch. Read it carefully and you will see it says absolutely nothing. We have been had again... Rule number one of politics, always assume that the enemy are misrepresenting their case. Council of Europe declarations are almost always implemented because they say almost nothing. It is a very clear statement of some concerns which it would be nice if the US authorities understood - separation of search and seizure. This is not a trend in which Europe is following the US. We are simply thinking about the effect of technology on law enforcement rather than reacting to its effects. Found this written up in cipher, well worth a visit. http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/ -- Phillip M. Hallam-Baker Not speaking for anoyone else hallam@w3.org http://www.w3.org/hypertext/WWW/People/hallam.html Information Superhighway -----> Hi-ho! Yow! I'm surfing Arpanet!
On Wed, 15 Nov 1995, Phillip M. Hallam-Baker wrote:
I think the majority of the text is well thought out and very much in line with what we would want.
How about this: ________________________________________________________________________ 9. Subject to legal privileges or protection, most legal systems permit investigating authorities to order persons to hand over objects under their control that are required to serve as evidence. In a parallel fashion, provisions should be made for the power to order persons to submit any specified data under their control in a computer system in the form required by the investigating authority. ________________________________________________________________________ Is this 'what we would want'? It clearly means that one can be ordered to reveal the password to encrypted data and punished by law if one refuses. Suppose they suspect you of being a child pornographer and get a court order to search your encrypted system. You know you are innocent. Is it acceptable to put you in jail for not giving them access to your encrypted, very personal diary (in which you describe in detail your sexual encounters with the wife of the Chief of Police)? And how about this: _______________________________________________________________________ 14. Measures should be considered to minimise the negative effects of the use of cryptography on the investigation of criminal offenses, without affecting its legitimate use more than is strictly necessary. _______________________________________________________________________ Is this really just a toothless statement to give to the French? Couldn't it as easily be interpreted as not wanting to go into details yet (since no real system is available) but stating that some form of GAK is on the agenda? Surely, law enforcement bureaucrats would not consider GAK to affect the 'legitimate use' of cryptography 'more than is strictly necessary'. Mats
How about this: ________________________________________________________________________ 9. Subject to legal privileges or protection, most legal systems permit investigating authorities to order persons to hand over objects under their control that are required to serve as evidence. In a parallel fashion, provisions should be made for the power to order persons to submit any specified data under their control in a computer system in the form required by the investigating authority. ________________________________________________________________________
Is this 'what we would want'? It clearly means that one can be ordered to reveal the password to encrypted data and punished by law if one refuses. Suppose they suspect you of being a child pornographer and get a court order to search your encrypted system. You know you are innocent. Is it acceptable to put you in jail for not giving them access to your encrypted, very personal diary (in which you describe in detail your sexual encounters with the wife of the Chief of Police)?
Well if you want to eliminate all search and seisure powers of the courts then that is a valid point to make. The point of the directive though is to point out to the legislatures that they have to consider their position on this one. I'm not particularly keen on the idea that we should hope that the legislatures let this type of change happen by default. They are not going to do that, they may let things slide but they then are more likely to do something reactionary when they realise they have been had. And that reaction is likely to be anal.
_______________________________________________________________________ 14. Measures should be considered to minimise the negative effects of the use of cryptography on the investigation of criminal offenses, without affecting its legitimate use more than is strictly necessary. _______________________________________________________________________
Is this really just a toothless statement to give to the French?
Parse it carefully, its implications depend heavily on the interpretation of "legitimate use" and "strictly necessary". Point is that it is not a directive to implement a Euro-Clipper program which is what various spin doctors were claiming. The deputy director of the NSA tried to use it as evidence to support his claim that other countries are following the US position. Mind you I may be wrong about the French. Someone suggested today that they would prefer there to be no debate on crypto because they don't want people to find out what they are up to. Phill Phill
participants (3)
-
hallam@w3.org -
Mats Bergstrom -
Phillip M. Hallam-Baker