Experts slam RIP bill on encryption

Privacy activists, legal experts say Regulation of Investigatory Powers bill could mean RIP for practical crypto enforcement

Privacy campaigners and legal experts are warning that the forthcoming Regulation of Investigatory Powers (RIP) bill could appropriately enough mean the death of practical encryption in Britain.

The new bill is to include a definition of encryption that experts say is so broad, almost anything could count as encryption. The role of legally defining encryption was inherited from the proposed E-communications Bill, published Friday.

Lawyer and privacy campaigner Nicholas Bohm says RIP could make things difficult for anyone using any form of encryption. "At the moment common sense tends to rule, but if the bill provides this broad definition it would make things much harder. More things would count as encryption. The meaning is quite general and pushes the boundary of what could conceivably be interpreted as encrypted."

Bohm gives this simple example to illustrate his point: "If we have a conversation in French, you need to have an understanding of French in order to understand it. Most people would understand that that doesn't really mean encryption though."

As Caspar Bowden of the Foundation for Information Policy Research (FIPR) points out, this would tighten the net around those facing prosecution, but might also result in innocent people being hounded by law enforcers. "The reason it is difficult to define is that an encrypted message doesn't necessarily have a sign on the front saying that it is encrypted. If a policeman comes across a random number, is he to assume that it is an encrypted message?"

Bowden says that the government should wake-up and realise how important it is for the Bill to contain a workable definition of encryption; without it, the bill could be the death knell for practical law enforcement on encryption issues.

"The Bill will be absurd if it doesn't contain a proper definition of encryption. Unfortunately the home office doesn't work in a way to help the legal system, just to try and catch as many people as possible. The solution is that for the police to realise the absurdity of the situation and realise that they are going to have to shoulder the burden of proof that something is encrypted."

What do you think? Tell the Mailroom . And read what others have said.