Previous Section Back to Table of Contents Lords Hansard Home Page

Lord Lucas: My Lords, I am grateful to the Minister for that reply. I hope that he will be able to tell me, in correspondence or otherwise, how I get round the fact that I am not authorised to provide anybody with a copy of a commercial program. I shall get into all sorts of trouble if I start copying Microsoft Word to provide it to other people. That is effectively what I should have to do if the police required me to produce the key because the program itself is the key.

All I need is some comfort that I am protected from any consequences from the author of the program for providing the police or whoever with a copy of it so that they can use it on the files which they need to understand. But I do not need an answer now and I beg leave to withdraw the amendment.

Amendment, by leave, withdrawn.

Lord Phillips of Sudbury moved Amendment No. 50:

(a) it is intended to be used for the purpose only of generating electronic signatures and has not in fact been used for any other purpose; or
(b) the protected information to which that key relates is itself a further key whose disclosure could not be required by virtue of this subsection.").

The noble Lord said: My Lords, this amendment is to protect signature keys. We believe that the Bill as drafted inadvertently creates a problem. Signature keys are normally numbers with special mathematical properties which are thousands of digits long. That is intended to prevent any possibility of being penetrated. In turn, that means that no one can remember his signature key numbers and thus a simple memorable pass phrase is needed in order to obtain access to the real signature key.

This matter is beyond my ken but we are informed about it by those assisting us--Caspar Bowden in particular. The problem is that under the Bill as drafted the encrypted private signature-only key is itself protected information. That is under Clause 54(1) and (4). However, if that were to come into the possession of an officer--for example, by seizure of

12 Jul 2000 : Column 358

a computer--the officer may by notice under Clause 47(9)(a) demand the owner's pass phrase, notwithstanding that he would then hold the owner's signature-only key.

The officer would not be in breach of Clause 47(9)(a) in asking for that and he is asking for the pass phrase which is undoubtedly an encryption key and for which he is thus entitled to ask. So the purpose of this wording is to close that loophole. I beg to move.

Lord Lucas: My Lords, perhaps I may point out an oddity in the groupings list. We are now discussing Amendment No. 50 which should be grouped with Amendment No. 52 and then Amendments Nos. 51 and 53 go together. The noble Lord, Lord Phillips, has not spoken to Amendments Nos. 51 and 53, which go together conveniently as the next grouping because they deal with the word "recently". Amendments Nos. 50 and 52 deal with the problem of how keys are held by people and they go together.

I entirely support what the noble Lord, Lord Phillips, said. Nobody keeps his private key in his head or anywhere. It is a long succession of digits or symbols, 128 of them, and they are not memorable. They are protected with a pass phrase. So people will carry around their digital signature in their head as a pass phrase. But, as the Bill is written at the moment, that pass phrase can be demanded and received by the police, even though it only protects one's digital signature to which the police have no right. As the noble Lord, Lord Phillips, said, Caspar Bowden has spotted a technical but important error which should be put right, if not by this amendment then by something similar.

Lord Cope of Berkeley: My Lords, I agree with noble Lords who have spoken. This is something which needs to be put right. We are given a choice of drafting here. I express a preference for my noble friend's drafting, not merely on grounds of friendship.

Lord Phillips of Sudbury: My Lords, I should have dealt with Amendments Nos. 51 and 53. There is no pride at this hour of night and if the drafting of the noble Lord, Lord Lucas, appeals to the Government, I do not care so long as the problem is resolved. Amendments Nos. 51 and 53 are designed to ensure the protection of subsection (9), which states that a notice,

    "shall not require the disclosure of any key which ...

    (b) has not in fact been used for any other purpose".

The insertion of the word "recently" seems sensible and reasonable. Amendment No. 53 simply defines what "recently" means.

11.15 p.m.

Lord Bassam of Brighton: My Lords, I shall deal with Amendments Nos. 50, 51, 52 and 53. In Committee there was discussion of electronic signature keys and I said then, as I say now, that we recognise the importance of maintaining the security

12 Jul 2000 : Column 359

of electronic signature keys. The whole point about electronic signatures is to ensure the integrity and authenticity of data, but the reality of the technology is that it is possible for signature keys to be used for confidentiality purposes to protect or to encrypt the content of data or messages. After all, Part III of the Bill is all about that.

Where keys have been used for both purposes, it seems right that the Bill should provide for power to require disclosure in certain circumstances. That is the reality of the technology. As before, your Lordships' amendment recognises that in paragraph (a) of Amendment No. 50. If paragraph (b) is intended to allay fears in cases where persons may have stored their electronic signature on their computer and, to protect it, encrypted it with a password or passphrase, the rationale is that that becomes protected information which, if the computer is seized, a law enforcement officer could demand to be disclosed under the Part III powers.

I see what this tries to achieve, but I do not believe that it is necessary. I recognise the concern and I shall try to address it. First, law enforcement will be able to serve a notice only if the tests in Clause 47 are met. Trying to obtain a key by describing it as protected information would have to be necessary. I cannot predict all future circumstances in which keys may be sought but those tests look pretty high in the example that we are discussing here.

Secondly, we are interested to ensure that these provisions are not abused or avoided by practitioners. For the record, if law enforcement officers want to gain access to decrypted information, they should do so by following the procedure set out in the Bill. They should not do so by treating the key as protected information. I am grateful to noble Lords who have raised this issue. We shall address it as a matter of good practice in the code of practice. There is a similar concern in Part II where it would theoretically be possible for someone to achieve what amounts to telephone interception by planting a bug and avoiding Part I of the Bill. Already the code of practice under the Police Act 1997 effectively prevents that and we shall repeat the inhibition in our code under Part III of this piece of legislation. What I have said probably covers Amendment No. 52, referred to by the noble Lord, Lord Lucas.

Turning to Amendments Nos. 51 and 53, they seek to insert a cut-off point for access to keys used for both electronic signature and confidentiality purposes. I understand the concern about it being asked for keys to be disclosed that were last used for confidentiality purposes some time ago. I understand what these amendments seek to achieve, but we believe that they would cause difficulties.

It is important to remember that permission for Section 47 notices to be served may be given only in respect of information that has been or is likely to be obtained under some lawful authority. The combined effect of Amendments Nos. 51 and 53 causes a difficulty. Suppose permission to serve a Section 47 notice is given, following only a week-long

12 Jul 2000 : Column 360

investigation, and although there are not sufficient grounds to justify it, protected information is lawfully seized, including material last encrypted with a key, say, some six months ago, are we saying that that key should not come under the ambit of the Part III power? Under the terms of this amendment, that would be damaging. There are difficulties in setting down timescales as envisaged by the amendments.

Indeed, general difficulties have been raised by noble Lords. Many are thrown up by the nature of the technology itself, ever-evolving as it does. We tried to provide protection against the set of keys used only for electronic signature purposes in Clause 49, and it is right that we do so. Safeguards are in place, but the reality is that the Bill needs to cater for occasions when signature keys are also being used for confidentiality purposes. That, too, we believe to be right in the circumstances.

I accept that that is a lengthy explanation. But I hope it helps the noble Lord to feel able to withdraw his amendment.

Lord Phillips of Sudbury: My Lords, I listened to the Minister's explanation with less than a perfect understanding of all its working parts. I shall look at Hansard carefully. It may be that I shall have to come back to this later. In the meantime, I beg leave to withdraw the amendment.

Amendment, by leave, withdrawn.

[Amendment No. 51 not moved.]

Lord Lucas had given notice of his intention to move Amendment No. 52:

    Page 54, line 1, at end insert ("; and

Next Section Back to Table of Contents Lords Hansard Home Page