Standing Committee F
Tuesday 4 April 2000
[Mrs Ray Michie in the Chair]
Disclosure of information in place of key
Question proposed, That the clause stand part of the Bill.
The Chairman: With this it will be convenient to discuss new clause 3-Provision of alternative key-
`.-(1) Subsection (2) applies where a person is required by a section 46 notice to disclose a key to any protected information.
(2) The person required to disclose the key shall be taken for the purposes of this part to have complied with the requirement to disclose the key if, by the time by which he is required to disclose it to any person, he has instead provided another key which is capable of putting in an intelligible form the protected information.'.
Mr. Oliver Heald (North-East Hertfordshire): New clause 3 would clarify one aspect of compliance with a section 46 notice. We must ask ourselves whether such a notice can require a specific key to be produced or any key that can decrypt the protected information. The new clause would provide that, when a person is required to disclose the key, he will be taken to have complied if, by the time the notice period ends, he has instead provided another key that is capable of putting in an intelligible form the protected information.
In some ways, the new clause is a technical measure. However, considerable concern has been expressed to me by business and those who use the internet that it may not be possible to provide a session key that would open the lock to the protected information. It might be the view of the authorities that a more general key should be provided. The situation was described to me by an internet user as being like keys to a hotel: the key to the front door opens the entire hotel, there is the master key for a particular floor and there are keys to the doors of particular rooms. If the authorities can ask for the key to the entire hotel, would it be possible for a compliant receiver of the notice to provide the key to the door-the session key? I should be interested to hear the Minister's views on that, as it has a relationship to the definitions of keys later in the Bill.
Mr. Richard Allan (Sheffield, Hallam): We wish to raise another issue in the clause stand part debate, although we recognise the merit of new clause 3.
I shall follow on from the hotel analogy of the hon. Member for North-East Hertfordshire (Mr. Heald). The key would be a credit-card-type key that is set up for only the period in which a person is staying in the hotel. When the person leaves, his contractual obligations in respect of having access to the room would end. Will the Minister allow a situation whereby an individual can revoke his key? Clearly, when the law comes into force, individuals will be aware of its provisions, and when they finish particular work they may wish to say that they no longer have any such responsibility for such data-in other words, they have checked out of the hotel.
In those circumstances, it would be useful to have a system supplied by the commercial provider or the cryptography assistant whereby an individual can formally revoke the possession of the key to make it clear that he does not have it. In the context of clause 47 and disclosing information in place of the key, one may wish to have a system whereby the agency that is requesting access to data would accept a revocation certificate in which the individual, because he has taken action in the past as part of ordinary business, can make it clear that he no longer has possession of the key. If people have certain access to data, it is usual practice in business when an individual leaves to ensure that he no longer has access to either the computer system or to data. Businesses may wish to have a formal arrangement under which it specifies that the individual is out of the encryption loop from that point onwards.
Has the Minister considered such a provision? Is there scope in the disclosure of information provisions for an individual to disclose a revocation certificate rather than a key itself? The police or those who have responsibility for such matters could ask the current occupier of the room for the key, which they will be able to use contractually and provide to the investigating authorities.
The Minister of State, Home Office (Mr. Charles Clark): I understand what the new clause is trying to achieve, but we believe that that is unnecessary. It is up to the party who is served with a decryption notice to decide what type of decryption key to disclose. If there is more than one that enables protected data to be put into an intelligible form, it is up to those who are disclosing to decide which key to use. In most circumstances, it will be up to the party to decide whether to hand over a key or plaintext. We expect plaintext to be good enough in most circumstances.
Let us consider a scenario in which there must only be a key. The flexibility sought by the new clause exists in the Bill. For example, if a symmetric-or session key-exists that will decrypt the data, the party served with a section 46 notice may prefer to disclose that rather than a private asymmetrical master key. The Bill permits that to happen. Section 46 notes require the disclosure of the key to protected information. I draw the attention of the hon. Member for North-East Hertfordshire to the definition of ``key'' under clause 52(1). It states:
in relation to any electronic data-
the emphasis is on the word ``any''-
means any key, code, password, algorithm or other data the use of which (with or without other keys)-
(a) allows access to the electronic data, or
Mr. Allan: It may become usual practice to revoke keys ahead of an investigation by the law enforcement agencies. It is not a question of doing that subsequently; but when a particular individual ceases to use the key, he can make it clear in a public declaration that it not longer belongs to him. The law enforcement agencies could come along later and wish to present a revocation certificate, not as a response to, but as part of, ordinary practice.
(b) facilitates the putting of data into an intelligible form.
We recognise, for example, that some of the reservations that business may have about disclosing master keys in response to a lawful requirement may not extend to the disclosure of session keys. That is why the Bill permits a choice.
In response to the hon. Member for Sheffield, Hallam (Mr. Allan), nothing in the Bill will stop revocation of the key after it has been disclosed to law enforcement agencies under a section 46 notice. Businesses may choose to do that for reasons of security.
Mr. Clarke: I did not make myself clear. I accept what the hon. Genteleman is saying. I did not mean to suggest that such action could be carried out subsequently. I meant that businesses may be undertaking such a process as a standard routine, irrespective of whether a law enforcement issue arises. I hope that I have clarified the matter and that Opposition Members will withdraw the amendment.
I come not to the clause stand part debate and wish to return to what I said when we debated clause 46. I shall reveal some of our thinking since the Bill was introduced. Clause 47 provides that, in responding to a decryption notice, a person may deliver up an intelligible version of relevant protected data-plaintext-rather than a decryption key, for example. The exception to that is when a notice contains a direction where only the disclosure of a key is sufficient. That is limited to occasions when imposing such a requirement is believed to be proportionate to what is sought to be achieved by doing so.
We have received many representations from the industry and members of the Committee. We believe that the position set out in the Bill is clear. However, I acknowledge that genuine concerns have been raised about the situation, and I hope that I can offer some comfort to those who have brought such matters to my attention. Many in industry have no difficulty with the principle of handing over intelligible data when they were required to do so under some lawful authority. However, they have some worries about handing over the keys. We have discussed whether those concerns are founded but, as we are constantly reminded, and acecpt, the perception of the use of the powers under the Bill is as important as the reality, because we want to develop co-operation, not to impose the provisions.
As I said on Second Reading, we envisage that the disclosure of the plaintext of protected material, rather than a key, will be sufficient in almost all cases in response to a decryption notice, and I expect that the disclosure of the keys themselves will be required in very few cases. However, our bottom line continues to be that we must retain the flexibility in the Bill to request the disclosure of the key itself in exceptional circumstances.
I use the word ``exceptional'' advisedly, for reasons that relate to the use of the word ``reasonable'', to which the hon. Member for Esher and Walton (Mr. Taylor) referred. I am considering whether to make it clear in the Bill that demanding the key itself should be an exceptional step. We would include guidance in the code of practice on those exceptional circumstances. Those circumstances could include cases in which timeliness is an issue and the plaintext would take longer to produce than a key; in which trust is an issue and the person who hands over the key might not be reliable, so chains of evidence must be protected; or in which security is an issue.
We might consider amending the Bill to allow insistence on producing the key only exceptionally and to state what might be exceptional in the code of practice. We might go further and specify that decisions on what is excepted may be escalated to the highest level, so that the Secretary of State or a chief constable, possibly with the approval of a surveillance commissioner or circuit judge if appropriate, would decide whether a circumstance was exceptional according to the code of practice. Obviously, that would set a higher test in the authority regimes than is currently envisaged under the Bill. I cannot table such an amendment now, but the Committee will want to know that I am considering those matters and that we intend to return to them on Report.
We believe that the Bill is well founded, but we acknowledge that the perception is an important issue as we develop a proper process. Defining the word ``exceptional'', including it in the code of practice and involving a higher authority-the Secretary of State or a chief constable-may give comfort to the industry; it would provide more of a guarantee that keys could not be sought improperly. I should be interested to hear any comment that members of the Committee might like to make on my proposals. The clause should stand part of the Bill, and I urge the hon. Member for North-East Hertfordshire not to press new clause 3 to vote for the reasons that I have mentioned.