FITUG e.V.
Förderverein Informationstechnik und Gesellschaft
FITUG e.V.Förderverein Informationstechnik und Gesellschaft |
|
------- Forwarded message follows ------- From: "Caspar Bowden" <cb@fipr.org> To: "Ukcrypto (E-mail)" <ukcrypto@chiark.greenend.org.uk>, <cyber-rights-UK@cyber-rights.org>, "'David Farber'" <dave@farber.net>, <ir-l@gn.apc.org> Subject: RIPlist Bulletin 21/3/01: Hong Kong proposes decryption powers similar to RIP Date sent: Wed, 21 Mar 2001 05:24:27 -0000 Send reply to: ukcrypto@chiark.greenend.org.uk
RIPlist Bulletin 21/3/01: =========================
Hong Kong proposes decryption powers similar to RIP ===================================================
Hong Kong proposed decryption powers similar to RIP on 1st December. There is streaming video (GAK starts 7m 30s) of the government Press Conference that is well worth a listen.
I cannot find reports of this until Register 19/03/01: Hong Kong ISPs slam encryption demands (from South China Morning Post 19/3/01 : Stream of protest at proposed e-crime policies - anyone have this?)
There was a public consultation between through December and January (responses or summary published ?).
In some respects the proposed law is harsher than RIP...."penalties [for non-disclosure] should in principle be commensurate with those for the specific offence under investigation", but on the other hand disclosure could only be required in connection with a serious crime - at least 2 years sentence - (RIP can require decryption in relation to any crime).
There is no reference to the burden-of-proof issue, the only mention is of (5.27) "the failure, without reasonable excuse, to comply with an order to allow access to encrypted information".
There does not appear to be any secrecy obligation provision ("tipping-off")
Excerpts below and relevant links at http://www.fipr.org/rip#HongKong - would appreciate others to hongkong@fipr.org -- Caspar Bowden Tel: +44(0)20 7354 2333 Director, Foundation for Information Policy Research RIP Information Centre at: www.fipr.org/rip
5.22 The Working Group recommends...“production orders” .. be adopted...to allow access to encoded computer information relevant to an investigation. The access may be provided in the form of the plain or decrypted text or the necessary passwords, encryption codes, decryption codes, software, hardware and any other means to enable comprehension of the computer information in question.
...5.25 To cater for the above considerations, we recommend that an extra safeguard be built in by limiting the disclosure power to offences of a more serious nature. Only offences attracting a maximum penalty on conviction of not less than, say, 2 years’ imprisonment should be subject to this disclosure requirement.
5.27 ...A mere fine would not be a sufficient deterrent, as it could be treated just as an operating cost. We recommend that the penalties should in principle be commensurate with those for the specific offence under investigation.
14/3/01 Law Society Submission
In deciding whether such investigatory powers should be given to the law enforcement agencies and the scope and manner of exercising such power, the Committee has the following concerns: (a) implications of the proposed legislation on the development of e-commerce; (b) potential infringements of privacy; (c) implications for the disclosure of encrypted information, which may include legally privileged information; (d) the right of individuals against self-incrimination, (e) the need for disclosure of keys when access to plain text would be sufficient; and (f) the need for the empowered agencies to be fully accountable to democratic institutions and subject to public scrutiny. It should be noted also that cryptography is usually used to thwart criminals rather than to help them and care should be exercised before breaking security.
The Committee recommends that the following safeguards be embodied in the proposed legislation regarding access to encryption keys: (a) there should be disclosure only where obtaining the key is really necessary; (b) disclosure should be "proportionate" to what might be achieved; (c) there should be provisions for the protection of the relationship between solicitors and clients; (d) there should be provision for the destruction of the encrypted information once it is obtained; and (e) there should be a right to sue law enforcement agencies if any material is leaked as a result of the negligence of the law enforcement agencies
------- End of forwarded message -------