.. I should really sort out which e-mails I have a clue about.. On Wed, 2016-05-04 at 16:30 +0100, Steve Karmeinsky wrote: > On Wed, May 04, 2016 at 03:38:18PM +0100, keith wrote: > > > This UK legislation will have impact elsewhere. > > Currently encryption isn't banned, however say you encrypt an email and > send it to someone and the 'authorities' want to read it, they can then > force you to hand over the keys and if you refuse, you go to jail until > you do ... > > There are other major issues like equipment interference and bulk > interception to name a few. > > Steve >
Thanks.. Having listened further, I was just going through it when I posted my original message.. and gone to Hansard, http://www.publications.parliament.uk/pa/cm201516/cmpublic/InvestigatoryPowers/160503/am/PBC_Investigatory%20Powers%2015th%20sit%20(am)%203.5.16.pdf ..There should be a linkable online version somewhere but my skills are broken.. From Page 14 of 20, [651|652] "Joanna Cherry: I am sorry to interrupt the Solicitor General’s flow, but I sense he is coming to the end of his argument. Will he clarify something? Am I right in understanding that there is nothing in the clause to prevent someone who is intent on evading surveillance from using open-source encryption software that is personally generated by the user? That would mean they could encrypt files and email communications themselves, independent of any provider, and therefore remain untouched by this legislation. The Solicitor General: That question is about the definition of the provider. I am sure we will be able to provide some clarity on that before I draw my remarks to a conclusion. I am grateful to the hon. and learned Lady for raising that point. - - The hon. and learned Lady made the powerful point that the clause does not relate to personally applied encryption. However, measures in part 3 of RIPA 2000 provide for where law enforcement agencies can require an individual to remove encryption that he or she has applied themselves. We know that the Bill generally does not cover all the agencies’ powers. This is perhaps a welcome opportunity to remind ourselves of the existing provisions in part 3, so I am grateful to her." Then as you suggest they are relying on or appear to be relying upon RIPA 2000 whereby the person who applied the original encryption can be 'forced' to hand over their keys. Being me I still would not trust them to not be seeking ways or means to back door encryption. It's got something to do with their lips moving :-) I also note your point about equipment interference and bulk interception. You can add ICRs and indeed the rest of the bill to the list of concerns. Personally I almost realise that some of this may be needed and/or indeed necessary but I am concerned that the direction and level of intrusion might be misplaced. Regards Keith _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
