New UK crypto law and an idea on how to defeat it

Sean Rima Sean Rima <thecivvie@penguinpowered.com>
Wed, 1 Dec 1999 17:49:09 +0000 

--gatW/ieO32f1wygP
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Hi Adam!

On Wed, 01 Dec 1999, Adam Lock wrote:


> Sean Rima wrote:

>=20

> > Hi Adam!

> >

> > You ignore a couple of major points of British law, in that the police

> > chief would need reasonable grounds to believe that Bob was involved

> > somehow

> > in a crime. He would not be able to demand Bob's key if he believed that

> > Bob

> > was having an affair with his wife. Don't forget that the police chief =

is

> > also answerable to British law. But I also understand that you were usi=

ng

> > it

> > as an example.

>=20

> Fine, the police chief concocts a phoney charge against Bob and uses that=

 as

> a pretense to get to the files.


Hey that *never* happens :)


> > The second mistake you make is that if Bob used such a program, he would

> > have to hand over both sets of keys. He would not be able to say that

> > there was only one. Should the police chief find that the file was lock=

ed

> > also

> > with a second key then Bob would be automatically guilty of failing to

> > hand over the keys.

>=20

> This is the point. Bob may or may not know both sets of keys. The encrypt=

ion

> tool may have used a random plaintext and a random key or it may not. The

> only person who knows for sure is Bob. The cops can't prove it either way

> assuming that the encryption technique is suitably robust against any

> analysis they might bring against it.


It is true what you say if the tool was powerfull enough but the problem is
that should be the police have enough reasonable doubt that may be enough
for a court to find Bob guilty.


> > Bob would not be able to claim that the files were encrypted using

> > random keys without his knowledge as he would have had to start the

> > process.

>=20

> Yes but Bob can *lie*. The onus is on the police to prove he is lying. How

> do they do that given that they don't know whether the second plaintext is

> random or not?

>=20


It would be difficult to know but I hazard a guess that looking at the
source they may get an idea. As I said in my original reply, the police
would only use it for major criminals and Pedophiles, who it is known use
crypto to ensure that the stuff remains hidden from the police's eye.

Sean

--=20
GPG ID (DSA) 92B9D0CF PGP2 ID 19592A0D Linux User: #124682  ICQ: 679813
To get my PGP Keys send me an empty email with retrieve as the subject
It said "Needs Windows 95 or better". So I installed Linux...

--gatW/ieO32f1wygP
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: See Headers for details about obtaining my key

iEYEARECAAYFAjhFX5QACgkQGdiK9pK50M9nLgCdFd305z9owrxCaPAQSID1AzgS
lmQAnjn7wkYujfVMEdhXP5liCRC6bfx4
=VZmL
-----END PGP SIGNATURE-----

--gatW/ieO32f1wygP--