RIPA Part III and Certificate Authorities
The events of the past week made a return to discussion of Part III of the UK Reulation of Investigatory Powers Act all but inevitable. The BBC report is typical. Under part III of the act the police can in certain circumstances obtain a court order requiring a party to provide information necessary to decrypt encrypted material.
Sooner or later there will be another round of questions about how RIPA part III affects the operation of a Certification Authority. The business of a Certification Authority is to manage use of cryptography after all. People get suprised that the commercial CAs are not engaged in a major lobbying effort over this issue.
There are many good reasons why a US based public corporation should not insert itself into highly controvertial issues in UK politics. It is one thing to assist a government with an explanation of what are frequently highly technical issues, quite another to actively campaign on an issue.
In this case there is another reason that is even more fundamental. Certification Authorities manage public keys used for encryption or verification of digital signatures and private keys used to create digital signatures. Except in highly unusual circumstances a Certification Authority does not have access to any decryption key other than its own. Hence RIPA part III has no implications for a well run Certification Authority. There are no decryption keys, hence nothing for the court to demand.
Another point that bears making is that the UK has a long tradition of expertise in cryptography and signals intelligence. Public Key cryptography was discovered by two British mathematicians working at GCHQ before its rediscovery at MIT. Government bills in the UK are drafted by the civil service and it is inconceivable that a bill of this type would have been drafted without expert review from cryptographic experts at GCHQ who know all about techniques such as perfect forward secrecy that ensure that in the case of transport encryption the decryption keys are deleted as soon as they are no longer required. Perfect forward secrecy does not apply to stored data.
Legislation is a blunt tool and nobody is more aware of this fact than legislators and courts. It may be impossible to prove with absolute certainty that a person is deliberately witholding a decryption key or is genuinely unable to supply it. This is not a new problem for the courts and that is why the standard of proof is reasonable doubt in a criminal trial or the balance of probabilities in a civil matter.
It is much harder to build a cryptographic system that is designed to support criminal activity than prevent criminal activity. All of the commonly used cryptographic tools including PGP are much better at preventing criminal atacks by third parties than they are for plotting a conspiracy. If you are engaged in a conspiracy you have much greater need of steganography than of cryptography. It is more important to conceal the fact of the communication than the content.
If a suspect has been arrested after extensive email and chat communications with known paedophiles and has a large stock of encrypted data that has been collected over a long period of time a reasonable person will make the obvious inference.
