New UK crypto law and an idea on how to defeat it

David Pick D.M.Pick@qmw.ac.uk
Wed, 01 Dec 1999 18:31:41 +0000 


> This is the point. Bob may or may not know both sets of keys. The encryption

> tool may have used a random plaintext and a random key or it may not. The

> only person who knows for sure is Bob. The cops can't prove it either way

> assuming that the encryption technique is suitably robust against any

> analysis they might bring against it.

> 

> > Bob would not be able to claim that the files were encrypted using

> > random keys without his knowledge as he would have had to start the

> > process.

> 

> Yes but Bob can *lie*. The onus is on the police to prove he is lying. How

> do they do that given that they don't know whether the second plaintext is

> random or not?


Several comments more-or-less at random:

1) The last time I saw these proposals there were several elements to them:
   1.1) The police would have to obtain a warrent from a magistrate to
        demand these keys; this would be similar to a search warrent.
   1.2) Something not many people know is that any search warrent must
        state the type of crime the police suspect has taken place and
        what section of the appropriate Act of Parliament authorizes the
        granting of the warrent.
   1.3) Someone would only be required under such a warrent to reveal
        keys necessary to enable data to be decrypted; keys used only
        for signatures could not be obtained.
   1.4) The Police and Criminal Evidence Act, 1984 (PACE) already states
        in section 19 subsection 4 that "The constable may require any
        information which is contained in a computer and is accessible
        from the premises (to be searched) to be produced in a form in
        which it can be taken away and in which it is visible and legible
        if he has reasonable grounds for believing--
         (a) that--
              (i)  it is evidence in relation to an offence which he is
                   investigation or any other offence ; or
              (ii) it has been obtained in consequence of the commision
                   of an offence ; and
         (b) that it is necessary to do so in order to prevent it being
             concealed, lost, tampered with or destroyed."

2) The provisions in PACE are getting decidedly impractical given the
   rise in capacities of hard discs since 1984.

3) I think the *intent* of the proposed law is to keep similar levels
   of search available to the Police in environments where data volumes
   and encryption make the existing provisions impractical. Of course,
   we need to keep an eye on things to try and ensure that the proposed
   Act doesn't go too far. But I'm no more paranoid about this proposal
   than I am about the rest of UK law (consider that a classic British
   understatement). I do consider British law a bit intrusive, but don't
   consider the proposals out-of-step with the general tone of UK law.

4) When I first heard of these proposals (10 Nov 1998) I wrote requesting
   thet GPG had the ability to use different passphrases for keys and
   subkeys, so that it would be possible to reveal one without the other.
   This was turned down with the following comment "But please don't ask
   me to do this because I do not want to support such laws even by
   considering how to limit the damage of the secret keys."

5) In the scenario discussed, the imfamous Police Chief would be laying
   himself open to serious complaints if he obtained a warrent by lying
   about his grounds (on oath!) and Bob (once the "evidence" of the love
   letters had been revealed) used the facts to support a complaint that
   the warrent had been obtained illegally.

6) The police do have experts available to them. These exports will
   almost certainly be aware of the characteristics of any released
   software products. This means they will be able to examine an
   encrypted file and the derived cleartext and (knowing the software
   used to produce the file) will be able to measure the proportion
   of the encrypted file used to encode the clear text. This should
   give them a very good clue about the existance of other text(s).

7) The proposal is really an example of steanography; and it would
   probably be better to hide the "love letters", encrypted or
   otherwise, using standard steanographic techniques; the *existance*
   of the hidden text is far less obvious that the technique proposed
   by Adam Lock. All the forensic searches of which I'm aware will
   fail to find them even *without* encryption.

-- 
	David Pick