burden of proof / keys or plaintext (Re: US Plans for Decryption Orders)

adam@cypherspace.org adam at cypherspace.org
Tue, 3 Aug 1999 00:02:35 +0100 

Ben writes:
> > Brian: I have been puzzled by the correspondence on UK-crypto about the
> > decryption order provisions of the draft UK bill. Some people seem to be
> > objecting to *any* police access to encrypted documents.
> 
> I don't think that's true: the objections have been to access to keys.

I think the distinction between keys and plaintext is fairly technical
and not the real issue.  The real issue is the burden of proof.  

Because of the burden of proof issue:

- if you can't decrypt the document because you don't have the key and
  they send you to jail for 'failure to produce plaintext'

you aren't going to be any happier than:

- if you can't provide the key because you don't have the key and they
  send you to jail for 'failure to produce key'

So in the end it makes no difference.

Of course demanding long life time public keys used for encryption has
other problems because it conveys power to decrypt lots of documents.

This argues that they should be allowed to request decryption of
specific documents for specific reasons as approved by a court (or
divulgance of specific keys for specific documents).

Also there are general problems because of the fact that the sender
typically can't decrypt the document because it is encrypted to the
recipient which subtleties may or may not have eluded the draft bill
authors.

However I think realistically the police are going to need session
keys rather than plaintext because with there is no way to check that
plaintext corresponds to ciphertext without the session key, so
session keys is the only sensible option.

> > Could you, just very briefly and when you have time, explain how you
> > think they represent GAK? Do you just mean that the bill would give the
> > police the right to demand that a suspect decrypts any relevant
> > documents in his possession? That power (limited by due process etc etc)
> > seems essential to me, pace the burden-of-proof issue which is clearly
> > unacceptable as it stands.
> 
> The bill gives the police the right to demand the decryption keys.

They could demand all they like, the problem is the proposal also
appears to propose that they can demand delivery of information you do
not have and send you to jail for non-delivery, without there being
any burden on them to prove you have the information.

Proving you have information is difficult, because you may have lost
the password, or lost the disk, etc. but there is some scope, and no
ones said the police's job had to be made easy at the expense of the
innocent.

Proving you don't have information is impossible, and hence the
current proposed burden of proof on the individual to prove to the
police that they don't have a key is nonsensical.  

Which would be as it should be: innocent until proven guilty.

Adam