Saturday, 11 July 2015

Ban random numbers

At the moment it is not illegal to send random data - assuming you are not trying to screw up someone's computer by doing it.

Well, sort of. It is slightly more complicated. This is where I am not a lawyer and I know someone will tell me if I have this wrong. There may be some sequence of events where sending random data may be an issue...
  1. Let's say I send random data - something that is completely legal
  2. I, or the recipient, would have to be suspected of something for there to be a legitimate intercept of that - and somehow the random data are seen as key to some case against me
  3. The prosecution will have to show beyond reasonable doubt that the data are encrypted data
  4. They then ask me for keys, or to decode it, as per RIPA
  5. At that point the proof is the other way - I'd have to show that I don't have the keys (because it is random data)
  6. As I cannot show I don't have the keys, I could be in trouble.
That is, I think, how things stand legally, at the moment... There are several problems with the above. For a start, encrypted data normally has headers and protocol elements that say it is encrypted data. It is unusual to send raw encrypted data with no header, but quite valid technically to do so. So, proving my data are encrypted and not random may be hard - it is unusual to send raw encrypted data but also unusual to send raw random data. On a balance of probabilities, maybe that would be assumed to be encrypted data, but I think the proof has to be beyond reasonable doubt. If I had any plausible excuse for sending random data, I should be OK. One excuse would be that I am vocal at the stupidity of such laws, or perhaps I am deliberately running an app that sends random data for that reason. Of course, I could also send some encrypted data occasional, and no way to tell it apart from the random data!

This is a problem for the state - if people start sending raw random data, and people send raw encrypted data with no headers that looks like raw random data, then a prosecutor would not be able to establish that the data are encrypted. Claiming it is random data would be plausible deniability.

So, the only solution would be knee-jerk legislation to ban sending of random data. That way, they catch you either way - encrypted and not handing over keys, or random, either way, you are breaking the law - and a government that ensures everyone is breaking the law one way or another can control the people better. Sorry, paranoia overload there...

Unfortunately that has a huge problem. Random data are everywhere. Anything that samples reality - a phone call, audio recording, photograph, video, anything, has huge amounts of random data and sampling noise. If you ban random data you ban all video and pictures and everything with a random component.

So, let's not ban all random data, quite - let's allow it in funny cat videos shall we?

Sadly, that gets you back where you started - you can include encrypted data in the random noise in images and videos and audio. If you allow that, you allow covert encrypted communications.

So, I guess random data are safe after all - for now - as are cat videos and so are the people wanting to continue to use encryption covertly. I do wonder about making a mobile app that deliberately sends random packets at random intervals just for fun.

22 comments:

  1. I think they have to prove beyond a reasonable doubt that you know the key to the encryption for you to be prosecuted.

    As fair as I am aware "I forgot the key" is a totally valid defence... as long as you give no evidence to the contrary... such as later giving them the key

    ReplyDelete
    Replies
    1. Yeh, but I can forget and later remember - it was a crazy law when it was made, and is just as crazy now.

      Delete
    2. Nope. If there ever was a key not providing it is a breach of the law. The only defense being if there was never a key

      Delete
    3. Tricky - I am sure you (or rather a computer in your possession and control) had the keys for your last Facebook access, but being a transient DH pair, they were deleted automatically. What if asked to provide that key now to decode an intercept of that access?

      Delete
    4. What if I purchased a hard drive that was encrypted and I haven't wiped yet. I do not know the key. It can't provide it.

      "failure to provide" cannot possibly be the wording, it has to be "withholding".

      Delete
    5. There seems to be a bit of confusion here as to exactly what the legislation says, and clarifying this might be useful before getting into the second stage of interpreting it.

      Adrian does not mention it specifically here but, for clarity, it seems to be Part II of RIPA 2000, which deals with the right to require the decryption of, or provision of keys to enable the requesting authority to decrypt, "protected information".

      The bit relevant to the defence is s53, in particular s53(2)-(4): http://www.legislation.gov.uk/ukpga/2000/23/section/53


      (A small side point but, in terms of your second point, about the "legitimate intercept", it is not necessarily true that you must be suspected of something for an encrypted email of yours to be intercepted: you may be communicating with someone who is an intercept target, such that any email you send to that person are intercepted. Probably a silly point, but worth flagging perhaps.)

      Delete
    6. Part III, not Part II. A bad time for a typo. My apologies.

      Delete
    7. You make a very good point about intercept - I could be quite innocent, but if I send to or receive from someone that is under suspicion, I could find my communications with them intercepted and be expected to decrypt it. If I make an app to send random data, I should make sure its "intended recipient" is Theresa May.

      Delete
  2. As a thought experiment shift the thinking away from public key crypto and towards an xor-based one time pad.

    I send you some random data... Or is it just random data? Perhaps it's a key (a pad)? Or a cyphertext for a pad that you already have? Or maybe I'll just send you a pad for it later.

    Only when both parts are generated does any "intent" become clear and if I am compelled to produce "the missing half" then I can then provide something that generates whatever other plaintext I like.

    There are cypher systems that extend this approach via public key crypto to provide plausible deniability by allowing me to produce any one of several possible keys under compulsion that create a legitimate looking decryption - just not the plaintext that was originally intended.

    ReplyDelete
    Replies
    1. Indeed, bans will only impact legitimate use by the 64 million people in the UK that are not terrorists. The criminals will be able to use encryption in many ways without detection.

      Delete
  3. As I see it, there is one big flaw with your blogs about the proposed encryption ban and that is the following.

    - Most of the people reading (and commenting) on your posts understand and agree [albeit perhaps to varying levels] with you about the absurdity behind trying to ban it.

    --

    Thus, the only task we're left with is the job of trying to argue amongst ourselves as to exactly what level of { craziness / impracticality / poorly thought-through / knee-jerkiness [sp?] ) the concept is in the first place.

    ---

    Now if only someone could find a way of teaching politicians about common-sense and simple logic...

    How about the following for starters ...

    1. Email [random politician] an encrypted copy of your blog
    2. Make sure that you actually do keep the key (in case you are asked for it)
    3. In order for "them [the powers that be]" to be certain that you are not issuing any coded threats to the government, they would need to decode the message and examine the contents

    (Ah, just spotted a flaw in my idea .. You might not be allowed to create a random number to work out which politician to send it to)

    ReplyDelete
  4. Just ban all communication. It's the only way to be 100% sure people are not sending coded message.
    Also ban children, just to be sure nothing bad happen to them.
    Alternatively just redefine "communication" and "encryption", it seems to have worked with "poverty".

    ReplyDelete
    Replies
    1. I'll admit; I chuckled at your suggestion of banning children.

      Delete
  5. 1.) Someone calls the police and says that you've been committing an indictable offence (theft, fraud, sending a picture of the fallen Madonna with the big boobies in the post [s85 Postal Services Act 2000]).

    2.) The police don't bother getting a search warrant and instead arrest you and then get an inspector to authorise a s18 PACE search. They then search your house and take your laptop.

    3.) You've been sending your mate, Barry, some random data (you have a true random number generator based on a Geiger counter and he wants regular samples) via email. You keep telling the police this in interview, but you've annoyed them by not confessing immediately.

    4.) PC Pickles then says to a superintendent that you're a fraudster and that he needs to give you a s49 RIPA notice. The superintendent rubber stamps it after considering if you have the key to the encrypted data, if it's necessary to prevent crime, that it's proportionate and that it's not reasonably practicable to get it any other way. N.B. the act seems to assume that PC Pickles will be infallible in his detection of protected information, and doesn't even include a proviso that he have reasonable grounds to believe that the information is protected information.

    5.) You're then handed a s49 notice. If you knowingly fail to comply, you commit an offence under s53 of RIPA.

    As a side note, offences include caveats such as 'without reasonable excuse'. Forgetting a password would definitely provide a 'reasonable excuse' but, since s53 doesn't include that caveat, it remains to be see if forgetting a password would be a 'knowing failure'.

    You're then prosecuted like in any other case. In my opinion, the prosecution would have to show, beyond all reasonable doubt, that:

    i.) The information on which the notice is based is indeed protected information and not just random information;

    ii.) That you had the ability to decode it/provide the key for decoding to the police; and

    iii.) That you failed to do so upon receipt of a valid s49 notice.

    ReplyDelete
    Replies
    1. I would hope that, at the point Adrian gets handed a s49, notwithstanding his undoubted skills and interest in dealing with legal issues, he contacts a solicitor knowledgeable in this area!

      > Forgetting a password would definitely provide a 'reasonable excuse' but, since s53 doesn't include that caveat

      It is intended to be caught (arguable whether successfully or not) within s53(3):

      a person shall be taken to have shown that he was not in possession of a key to protected information at a particular time if–
      (a) sufficient evidence of that fact is adduced to raise an issue with respect to it; and
      (b) the contrary is not proved beyond a reasonable doubt.

      Advice I have given in the past around preparing to deal with a potential s49 notice in the case of data which could be mistaken for protected information but which is, in fact, not protected information, was to create a clear, documented recorded of the process of creation of the data, and hyperlink to it in the footer / end of the email in which the data were sent, such that anyone viewing the email content would be able to click through and read it, and thus immediately have a statement of purported fact, which would need to be disproved. Definitely not foolproof, but potentially going some way towards mitigating risk here.

      I'm not aware of any case law on this particular point about random data sending, though (although an animal rights activism case springs to mind in terms of forgetting passwords).

      (FWIW, I'm not of the view that these kind of things get signed off casually — but I can't point to any external data point for this.)

      Delete
    2. I understand you may have reason to believe oy judt hope that those empowered to sign a S49 notice do so with due diligence.

      But what consequences would they face if they didn't?

      I can't think of time a chief inspector has been forced to resign... Which suggests they have a lot of latitude for being over casual.

      Apologies if it sounds like I've an axe to grind, that not my intent - I just wish to highlight what appears to me to be a failure mode of the type of legalisation.

      Delete
    3. Oh, I completely get where you are coming from here. I don't think - but could be wrong - that IOCCO audits s49 notices, so even that degree of oversight is absent. And I would agree that oversight is essential in a self- authorising framework.

      Delete
    4. You're not going to get solicitors much more knowledgeable than me. And that's not because I've studied this area particularly intently, more that the notices aren't that frequent and there isn't much case law...

      "It is intended to be caught (arguable whether successfully or not) within s53(3)"

      It's clumsy, though. Who's to say what 'sufficient' evidence is? Is the oral evidence of the person who's forgotten the key, 'sufficient'? I would rather the legislation were clearer.

      Regarding your s49 countermeasures, Theresa May would say a terrorist would try to make it appear as though protected information wasn't actually protected information, so that wouldn't necessarily take you that far. But I think you appreciate that.

      "(FWIW, I'm not of the view that these kind of things get signed off casually — but I can't point to any external data point for this.)"

      Well s18 searches by inspectors certainly do. Extensions to 24 hours in custody by superintendents do to a lesser extent. Whilst I hate these notices on principle, it irks me even more that it's a policeman making the decision to issue them and not a judge. You simply can't trust the police.

      Delete
    5. The "knowledgeable" point was aimed more at hoping that Adrian would not attempt to advise himself in the event of receiving a s49, but rather seek proper advice, rather than a attempted slight on you, and my apologies if that is how it came across!

      Agreed that s49 is a poorly put together power.

      Delete
    6. Indeed, and if ever in the face of police I would be looking for some proper legal advice, don't worry!

      Delete
    7. Absolutely no need to apologise. I was just trying to say that there aren't tomes about this subject; our discussion on here is pretty much the most comprehensive scholarly discussion on the topic!

      Delete
    8. True enough. Hopefully something which will come up in the context of the current reform, although, despite the focus at the moment on encryption, I would be surprised if s49 was a major issue - it was rather sidelined by the potential for decryption obligations to be imposed on providers under what would have been an order under the draft Communications Data Bill, and I suspect that the push will be for powers more akin to those, separate from s49.

      Delete