[Clips] EuroGAK: New RIPA Act powers puts data security at risk
R.A. Hettinga
rah at shipwright.com
Mon Nov 27 06:01:45 PST 2006
--- begin forwarded text
Delivered-To: rah at shipwright.com
Delivered-To: clips at philodox.com
Date: Mon, 27 Nov 2006 09:00:38 -0500
To: Philodox Clips List <clips at philodox.com>
From: "R.A. Hettinga" <rah at shipwright.com>
Subject: [Clips] EuroGAK: New RIPA Act powers puts data security at risk
Reply-To: clips-chat at philodox.com
Sender: clips-bounces at philodox.com
<http://www.itpro.co.uk/news/98805/new-ripa-act-powers-puts-data-security-at-risk.html>
ITPro: News:
New RIPA Act powers puts data security at risk
Posted by Rene Millman at 10:52AM, Monday 27th November 2006
Encryption expert warns that new police powers will open up "a host of
management problems" for companies
New powers to allow police to decrypt data for evidence will risk
compromising data confidentiality and security, an encryption expert warned.
New powers under Part III of the Regulation of Investigatory Powers Act
2000 (RIPA), which comes into effect in the next few months, allows law
enforcement officers to gain access to encryption keys needed to decrypt
data which could be vital for a conviction.
But according to Dr. Nicko Van Someren, chief technology officer at
nCipher, the new powers open up "a host of management problems".
"Company executives will have to disclose encryption keys without opening
up security holes or face up to five years in prison; while law enforcement
officers face legal action if they fail to adequately secure evidentiary
keys leading to loss or consequential damage," said Van Someren. "It is
clear that sophisticated key management systems will be needed to avoid the
possibility of the misuse of disclosed keys or breaches of data protection
laws."
Many financial institutions and other organisations are concerned about
data security and conflicts with data privacy rights as a result of RIPA
part III. Since companies can be held liable for the accidental or
negligent disclosure of customer information, the keys used to protect
customer data are just as valuable as those used for banking transactions.
The new legislation means businesses have to implement strict control over
encryption and to provide authorised access to keys. According to Van
Someren, making copies of cryptographic keys is "not a safe option".
"Businesses and authorities need to adopt best practice already used by
many banks and security conscious companies," he said. "RIPA part III
places a heavy duty of disclosure on companies and organisations; but it
also places a burden of care and security on the law enforcement
authorities."
--
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
_______________________________________________
Clips mailing list
Clips at philodox.com
http://www.philodox.com/mailman/listinfo/clips
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
More information about the cypherpunks-legacy
mailing list