Encrypting to self

[Ian Goodyer]

On Fri, 3 Jul 1998, Ian G Batten wrote:

> > Does this section imply that a person who might transfer controlled
> > information abroad can be punished  for not keeping records?  If I have
> > no records of the email I have sent and HMC&E asked for my records how
> > can I prove that I didn't transfer controlled documents?
> 
> Does this imply that when we next see my wife's cousin, who
> although English lives in Brazil with his Italian wife, we
> should tape-record all the conversations so we can avoid any
> accusation that we gave him crypto-information to export?

This all seems similar to the question posed by David Hamilton earlier
today in which he quoted from a newsgroup:

>> In the U.K., you _don't_ encrypt messages to yourself at your own risk. 
>> In the U.K. law says you must include yourself as a message recipient when 
>> using public key (asymmetric) cryptography. Now, what I'm wondering is how 
>> long you must keep such messages.

> I find this hard to believe. Does anyone know please?

If I encrypt a message to Saddam with his key and then send it to him the
UK law enforcement agencies may come knocking on my door asking me to
decrypt the message.  If it isn't 'encrypted to self', I can't decrypt the
message and if I didn't keep a copy of the unencrypted text, all I can
suggest is that they go and ask Saddam what I wrote.  I can see how they
wouldn't like this response especially now I don't have the right to
remain silent. 

Does anyone know the current law on this?  Is it already law that I have
to be able to produce the plaintext of any message that I send if asked by
the authorities? Is 'encrypting to self' or 'keeping a copy of the
plaintext available' already law.  Is it peoples understanding that this
is proposed in the white paper? 

Thanks,
	ian