burden of proof / keys or plaintext (Re: US Plans for Decryption Orders)

Nicholas Bohm nbohm at ernest.net
Tue, 03 Aug 1999 22:34:13 +0100 

At 08:35 AM 8/3/1999 +0100, Brian Gladman wrote:

[snip]

>In an ideal world where lawyers could translate technical distinctions into
>water tight legislation, access to session keys might produce a sensible
>compromise. But I will wait and see how this could be written into law
>without putting longer term keys at risk before supporting such an approach.

Clause 10 requires delivery of a key.  In general a session key satisfies
all the statutory requirements, if it can be given.  But this is only the
case where the addressee of the decryption notice has the material to be
decrypted or is provided with it; and that will not necessarily always be
the case, since subclauses 10(1)(a) and (b) contemplate a notice being
given in relation to material not yet in the possession of the giver of the
notice.

The conclusion is that if session keys are to satisfy the statutory
requirements, those requirements must be limited to a requirement to
decrypt material in the possession of the addressee of the notice, or
supplied with the notice.

>In practice, I suspect the best way of incorporating this principle into law
>will be by avoiding any mention of keys by:
>
>(1) allowing decryption orders to impose only an obligation to decrypt;
>(2) alllowing, where necessary, orders to impose an obligation to prove the
>correspondence between an encrypted text and a decryption of it.
>
>Session keys would then be one of a number of ways of meeting these
>obligations but without access to keys having to be written into
>legislation.

This puts it admirably.

It may be worth the further comment that this is not just about the police
v. master criminals.  Any litigation (for example, sacked whistleblower
suing employer) may involve discovery procedures that turn up encrypted
files that are important for the whistleblower.  We would all be the poorer
if the court had no power to order decryption (and I think most judges
already believe they have the necessary power as it is, probably correctly).

Regards,

Nicholas Bohm

Salkyns, Great Canfield,
Takeley, Bishop's Stortford CM22 6SX, UK

Phone		01279 871272	(+44 1279 871272)
Fax		01279 870215	(+44 1279 870215)
Mobile   	0860 636749  	(+44 860 636749)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF