Firstly, the foreword by the previous minister, Ian Taylor, states
These proposals have been developed to address those concerns, but at the same time are aimed at striking a balance with the need to protect users and the requirement to safeguard law enforcement, which encryption can prevent.
No case has ever been made that law enforcement has been significantly `prevented' or even significantly hindered by the existence of encryption, or that it is likely to be in the future. Police forces do not feel the lack of access to encryption keys, for the simple reason that criminals do not make significant use of cryptography for message confidentiality. There is no reason to expect this state of affairs to change.
I made this point in the paper `Crypto in Europe - Markets, Law and Policy' which is appended and hereby incorporated; briefly, criminals require their communications to be unobtrusive rather than encrypted, and so use traffic security techniques instead of content protection techniques. Examples are stolen or reprogrammed mobile phones, and telephone calls made through large switchboards (such as at business service bureaux or large hotels). This issue has been discussed repeatedly at the Cambridge conferences in economic crime (which I help organise) and at special seminars such as that on `Liberty, Licence and Privacy' at the IEE this January, which was attended by a number of senior police officers.
It is supported by an examination of the relevant professional literature. We find, for example, a number of articles in the `International Journal of Forensic Computing' that set out the actual problems encountered by police forces investigating computer related crimes in a number of countries. The experience of the Royal Canadian Mounted Police is recounted in `Old Laws, New Crimes ... and a Shrinking Planet', (M Duncan, IJFC Mar 97 pp 10-12), and the abstract is:
This article presents the Royal Canadian Mounted Police's view of forensic computing and its problems. They consider themselves to have been generally successful, but there are increasing numbers of court challenges to the integrity and authenticity of computer evidence, as well as problems with training and jurisdiction.
The Israeli experience is in `Israel -- Computer Forensics the Hard Way' (R Hatley, IJFC Feb 97 pp 5-7):
This article describes the Israeli police's computer forensics team and some of the problems they face, from multiple alphabets through a law that forces them to hand seized computers back to their owners after 48 hours unless evidence of a crime is found in them. It also describes a technique for finding hidden disk partitions, even when the BIOS settings have been changed.
In `Case Study -- Operation Cybertrader', (P Ford, P Verreck, IJFC Jan 97 pp 7-9) the authors relate UK experience in prosecuting kiddie porn dealers. They mention that although they usually find utilities such as PGP and Norton on a PC when they confiscate it, the villains never use them effectively.
In short, computer crime investigators face lots of problems -- securing evidence in admissible ways, reconstructing deleted files, and all the rest of it -- and these are much the same whichever country one looks at. Encryption is not among them (at least not insofar as it is used to provide communications or file content secrecy services).
The most recent problem facing the Metropolitan police (which I assist in such matters) is the use of mobile phones registered overseas. Here the main operational problem is not breaking the encryption of the air link, but the protection afforded to the local memory of the last few numbers dialled. When a drug dealer is arrested and a mobile phone is confiscated from him, it is standard procedure to get an unlock code for the SIM card from the phone company. The nastiest drug dealers in London are presently Russian gangsters, who have learned that mobile phones rented in the UK are vulnerable in this way. They therefore bring SIM cards from phone companies in Eastern Europe. Although we can get access to unlock codes through the `usual channels', this typically takes three weeks -- and as the typical Russian gangster visits the UK for a few days, three weeks is often adequate `cover time'. This is one motivation for wanting to penetrate the tamper resistance of of the actual smartcards, a topic on which I have recently published.
Given that the government is committed to adopting the European Convention on Human Rights into British law, the advocates of key escrow must prove that there is a `pressing social need' for a government infringement of personal privacy such as the previous government's proposed key escrow legislation would undoubtedly be, or such an infringement will be unlawful. This burden of proof has not been discharged, and in my view it cannot be.
I have no doubt that the advocates of key escrow can eventually persuade a policeman, or perhaps an employee of NCIS, to claim that escrow would be nice to have. However such a claim will carry little credibility, given the published literature, the agendas of police conferences in recent years, the public statements of senior policemen and others, and for that matter the complete absence of the topic from the draft agenda of NCIS' third organised crime conference next month. It is at present an incontrovertible fact that Britain's police forces do not consider encryption to be an issue and have not pressed in any public forum for warranted access to encryption keys.
In passing, it is noteworthy that the only escrow system of interest to police -- for the recovery of SIM card unlock codes as opposed to key material -- has failed because of regulatory arbitrage. It is reasonable to expect that, in the unlikely event that content encryption ever did become a significant policing issue, criminals would similarly use those encryption services that were least tractable from the point of view of the police. For that reason (as pointed out by IFIP TC11 -- appended) it is imprudent to rely on key escrow schemes when addressing the issue of criminal intelligence gathering.