[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI ] (Fwd) RIPlist Bulletin 21/3/01: Hong Kong proposes decryption powers similar to RIP

------- Forwarded message follows -------
From:           	"Caspar Bowden" <cb@fipr.org>
To:             	"Ukcrypto (E-mail)" <ukcrypto@chiark.greenend.org.uk>,
  	<cyber-rights-UK@cyber-rights.org>, "'David Farber'" <dave@farber.net>,
Subject:        	RIPlist Bulletin 21/3/01: Hong Kong proposes decryption powers similar to RIP
Date sent:      	Wed, 21 Mar 2001 05:24:27 -0000
Send reply to:  	ukcrypto@chiark.greenend.org.uk

RIPlist Bulletin 21/3/01:

 Hong Kong proposes decryption powers similar to RIP

Hong Kong proposed decryption powers similar to RIP on 1st December.
There is streaming video (GAK starts 7m 30s) of the government Press
Conference that is well worth a listen.

I cannot find reports of this until
Register 19/03/01: Hong Kong ISPs slam encryption demands
(from South China Morning Post 19/3/01 : Stream of protest at proposed
e-crime policies - anyone have this?)

There was a public consultation between through December and January
(responses or summary published ?).

In some respects the proposed law is harsher than RIP...."penalties
[for non-disclosure] should in principle be commensurate with those
for the specific offence under investigation", but on the other hand
disclosure could only be required in connection with a serious crime -
at least 2 years sentence - (RIP can require decryption in relation to
any crime).

There is no reference to the burden-of-proof issue, the only mention
is of (5.27) "the failure, without reasonable excuse, to comply with
an order to allow access to encrypted information".

There does not appear to be any secrecy obligation provision

Excerpts below and relevant links at http://www.fipr.org/rip#HongKong
- would appreciate others to hongkong@fipr.org -- Caspar Bowden       
       Tel: +44(0)20 7354 2333 Director, Foundation for Information
Policy Research RIP Information Centre at:          www.fipr.org/rip

5.22 The Working Group recommends...“production orders” .. be
adopted...to allow access to encoded computer information relevant to
an investigation. The access may be provided in the form of the plain
or decrypted text or the necessary passwords, encryption codes,
decryption codes, software, hardware and any other means to enable
comprehension of the computer information in question.

...5.25 To cater for the above considerations, we recommend that an
extra safeguard be built in by limiting the disclosure power to
offences of a more serious nature. Only offences attracting a maximum
penalty on conviction of not less than, say, 2 years’ imprisonment
should be subject to this disclosure requirement.

5.27 ...A mere fine would not be a sufficient deterrent, as it could
be treated just as an operating cost. We recommend that the penalties
should in principle be commensurate with those for the specific
offence under investigation.

14/3/01 Law Society Submission

In deciding whether such investigatory powers should be given to the
law enforcement agencies and the scope and manner of exercising such
power, the Committee has the following concerns: (a) implications of
the proposed legislation on the development of e-commerce; (b)
potential infringements of privacy; (c) implications for the
disclosure of encrypted information, which may include legally
privileged information; (d) the right of individuals against
self-incrimination, (e) the need for disclosure of keys when access to
plain text would be sufficient; and (f) the need for the empowered
agencies to be fully accountable to democratic institutions and
subject to public scrutiny. It should be noted also that cryptography
is usually used to thwart criminals rather than to help them and care
should be exercised before breaking security.

The Committee recommends that the following safeguards be embodied in
the proposed legislation regarding access to encryption keys: (a)
there should be disclosure only where obtaining the key is really
necessary; (b) disclosure should be "proportionate" to what might be
achieved; (c) there should be provisions for the protection of the
relationship between solicitors and clients; (d) there should be
provision for the destruction of the encrypted information once it is
obtained; and (e) there should be a right to sue law enforcement
agencies if any material is leaked as a result of the negligence of
the law enforcement agencies

------- End of forwarded message -------