Eager student:
Encryption seems to be back in the news. Why has this come up again?
Scholarly lawyer: It never really went away. Ever since David Cameron sounded off about encryption before
meeting Barack Obama in January 2015 it’s been bubbling under.
ES: What did David Cameron
say about it?
SL: He said: “In extremis,
it has been possible to read someone’s letter, to listen to someone’s call, to
listen in on mobile communications, ... The question remains: Are we going to
allow a means of communications where it simply is not possible to do that? My
answer to that question is: no, we must not.” That sounded very much as if he
wanted some kind of encryption ban.
ES: Didn’t Downing
Street row back on that?
SL: At
the end of June 2015 David Cameron said something very similar in Parliament. Downing Street followed up with: “The prime minister did not
suggest encryption should be banned." They said much the same to the BBC in July 2015.
ES: Now the focus seems
to be specifically on end to end encryption.
SL: Yes. Amber
Rudd said in March this year that E2E encryption was “completely unacceptable”.
Downing Street weighed in again: “What the home secretary said yesterday is:
where there are instances where law-enforcement agencies wish to gain access to
messages which are important to an investigation, they should be able to do
so.”
ES: Which brings
us to this weekend?
SL: Yes. Amber
Rudd has disclaimed any intention to ban end-to-end encryption completely, but
at the same time she appears to want providers of E2E encrypted messaging
services to provide a way of getting access.
ES: So where does
that leave us?
SL: The government
evidently wants to do something with end to end encryption. But exactly what is
unclear.
ES: Can we ask
them to make it clear?
SL: Many have
tried. All have failed. That isn’t really surprising, since the very nature
of end to end encryption is that the messaging provider has no way of decrypting it.
ES: So if the
messaging provider does have a way in, it’s no longer true end to end encryption?
SL: Exactly.
ES: But hasn't end
to end encryption been around for years?
SL: In the form of
standalone software like PGP, yes. In fact that is what sparked the First Crypto War in the 1990s.
ES: Which ended up
with universally available public key encryption?
SL: Exactly. The encryption genie couldn’t be put back in the bottle – you can
write a public key encryption algorithm on a T-shirt - and they stopped fighting
it.
ES: So what has changed now?
SL: Apps and the cloud. Software such as PGP is an
add-on, like anti-virus software. I make the decision to get
PGP from somewhere and to use it with my e-mail. It has nothing to do with my
e-mail provider. But now messaging service providers are incorporating E2E encryption as part of
their service.
ES: What
difference does that make?
SL: Commercially,
the provider will be seen as part of the loop and so as a target for regulatory
action. Technically, if the communications touch the provider’s servers someone might think that the provider should be able to access them in response to a warrant.
ES: PGP-encrypted
e-mails are also stored in the e-mail provider’s servers, but the provider can't decrypt those.
SL: Certainly. But
if the messaging service provider itself provides the ability for me to encrypt
my messages as part of its service, then it could be said that it has more involvement. It may store
some information on its servers, for instance so that I can set up a connection
with an offline user.
ES: If the
provider does all that, why can’t it decrypt my messages?
SL: Because I and
my counterparty user are generating and applying the encryption keys. With full
end to end encryption the service provider never possesses or sees the private
key that my app uses to encrypt and decrypt messages.
ES: But that’s the
case only for full end to end encryption, right?
SL: Yes, there are
other encryption models where the service provider has a key that it could use
to decrypt the message.
ES: If it never sees the key and cannot decrypt your message, isn’t the service provider in the same position with end to end encryption as with original PGP? What can the service provider be made to do if it
doesn’t have a key?
SL: Now we need to
delve into the UK’s interception legislation. Buckle your seatbelt.
ES: Ready.
SL: As you know
the new Investigatory Powers Act 2016, like the existing Regulation of
Investigatory Powers Act 2000, includes power to serve an interception warrant
on a telecommunications operator.
ES: Would that
include a messaging provider?
SL: Yes. It shouldn’t include someone who merely supplies encryption software like
PGP, but a messaging service provider would be in the frame to have a warrant
served on it.
ES: What can a
messaging provider be made to do?
SL: It could be
required to assist with the implementation of the warrant. If it does have a key, then
it could assist by using its key to decrypt any intercepted messages.
ES: Is that a new
requirement under the IPAct?
SL: No, RIPA is the same. And even if the provider handed over only an encrypted
message, a separate RIPA power could be deployed to make it use its key to
decrypt the message.
ES: And if the
telecommunications operator doesn’t have a key? How can it assist with the
interception warrant?
SL: All it can do
is hand over the encrypted message. Both RIPA and the new IPAct say that the
telecommunications operator can be required to do only what is reasonably
practicable in response to a warrant. If it has no key it cannot be made to do more.
ES: Is that it?
SL: No, the
government has one more card, which might be a trump. Under both the new IP Act and existing RIPA the
Minister can serve a notice (a 'technical capability notice', or TCN) on a telecommunications operator requiring it to
install a permanent interception capability. This can include the capability to
remove any electronic protection applied ‘by or on behalf’ of the
telecommunications operator.
ES: Does
‘electronic protection’ include encryption?
SL: Yes. But pay attention to ‘applied by or behalf of’. If the encryption is applied by the user,
not the telecommunications operator, then a TCN cannot require the telecommunications operator to remove it.
ES: So a lot could turn
on whether, in the particular system used by the operator, the encryption is
regarded as being applied by or on behalf of the operator?
SL: Yes. If so,
then the TCN can require the operator to have the capability to remove it.
ES: But if the
operator doesn’t have a key, how can that be reasonably practicable?
SL: For an
operator subject to a TCN who is served with a warrant, reasonable
practicability assumes that it has the capability required by the TCN.
ES: So the
operator is deemed to be able to do the impossible. How do we square that circle?
SL: A Secretary of
State considering whether to issue a TCN has to take into account technical
feasibility. Clearly it is not technically feasible for an operator who provides its users
with true end-to-end encryption facilities to have a capability to remove the encryption, since it
has no decryption key. That might mean that a TCN could not require an operator to do that.
ES: But what if
the Secretary of State were to argue that it was technically feasible for the
operator to adopt a different encryption model in which it had a key?
SL: Good
point. If that argument held up then the
service provider would presumably have to stop offering true end to end encryption
facilities in order to comply with a TCN.
ES: Could a TCN be
used in that way, to make a telecommunications operator provide a different
kind of encryption? Wouldn't that be tantamount to making it provide a different service?
SL: That is one of
the great imponderables of this part of the IP Act.
ES: How would we
know whether the Secretary of State was trying to do this?
SL: That’s
difficult, because a telecommunications operator is required to keep a TCN
secret. One possibility is that the new Investigatory Powers Commissioner may
proactively seek out controversial interpretations of the legislation that have
been asserted and make them public.
ES: Is there a
precedent for that?
SL: Yes, the Intelligence
Services Commissioner Sir Mark Waller in his 2014 Report discussed whether
there was a legal basis for thematic property interference warrants. David
Anderson QC’s Bulk Powers Review has supported the idea that the Investigatory
Powers Commissioner should do this.
ES: So what
happens next?
SL: Draft TCN regulations have recently been consulted on and presumably will be laid before
Parliament at some point after the election.
If those are approved, then the ground will have been prepared to approve
and serve new TCNs once the IPAct comes into force, which will most likely be later
this year.
ES:
Thank you.