Wednesday, July 04, 2007

RIPA Part III Code to Parliament

The Home Office, not that they exist anymore but that is what they have signed themselves off as, have informed me that that final draft (until the poliscum get their hands on it) of the Regulation of Investigatory Powers Act 2000 Part III Code of Practice has been placed before Parliament. If you remember, Parliamentary approval of the CoP is necessary before Part III, and its associated draconian powers, come into effect.

Given that the legislation has been in place for some time and is truly appalling, it was always going to be extremely unlikely that we could (and latterly clear that we wouldn't) get a citizen-friendly exposition of the regulatory limits on the exercise of the legal powers. Now, Sections 3.4 to 3.11 do contain some good advice on limiting the circumstances in which powers, especially key disclosure should be exercised but, as there is no "outside the tent" supervision (neither NTAC nor the Surveillance Commissioners are outside the tent), I am dubious how strictly these will be followed.

Section 3.29 makes sense but I can still see the warrants flying and Sections 3.34 and 3.37 are nicely direct. Sections 4.22 and 4.23, which a number of people specifically requested, gives you a single contact point, nationally, for querying the validity and correctness of a disclosure order, and a unique number for each order. This is seriously good news and should minimise abuse at the local law-enforcement level. 4.45 and 4.46 also provide a degree of protection for the techies who are likely to be tasked with actually complying with the notices - they now get an official record of their (apparent) compliance, especially vital where there is a strict time constraint on the disclosure and where the disclosure would be to a forensics lab or similar facility, rather than directly to the investigating officer.

Costs, Sections 4.43 & 4.44, I can see leading to serious bun-fights. If these make it through Parliament intact, it is going to be interesting to see how this pans out with our cash-strapped police. Ideally, from far-far-away.

Section 6.7 bullet 5, while of itself (in my opinion) a reasonable ground for needing the key as an item of evidence in itself, is rendered completely moot by 6.10 & 6.11 - here, if, for example, I have access to a key and the passphrase makes it clear that it is my key (as my personal and work PGP passphrases certainly do), I can give out a copy of my key (or generate an appropriate sub-key) with a completely different passphrase, possibly even hinting that the key was generated or is used by somebody else.

Sections 6.8 and 6.9 should re-assure the banks - the "must reconsider" in the last sentence is the strongest we could have hoped for. We'll wait and see the final version and the subsequent FSA protocol before casting too many plaudits, though.

Section 8 seems to have been toughened up a bit - I am still disappointed by the restriction to expensive civil action rather than using the offences in the Act itself to charge inappropriate subsequent publication or release of disclosed material but the establishment were never going to let us win that one.

On the whole, better than it had been - we'll see now what happens to it under the nouveau regime.


PS - I note from the draft order itself (statutory instrument) that we all (may) have until 1st Oct 2007 to bin all of our old keys as thoroughly as we can. Get started. Let them see what their mates in the drugs squads have to put up with :)

No comments:

HTTP Error 403: You are not authorised to access the file "\real_name_and_address.html" on this server.

(c) 'Surreptitious Evil' 2006 - 2017.