burden of proof / keys or plaintext (Re: US Plans for Decryption Orders)

[Adam Back]

Brian writes:
> > I think the distinction between keys and plaintext is fairly technical
> > and not the real issue.
> 
> I don't agree that this is simply technical.  If my obligation is to offer
> decryption in response to a decryption order, I remain in control of my keys
> and hence I can judge the extent to which I and my colleagues will be
> compromised by any actions I take.  If, however, I have to give up my long
> term personal decryption keys (session keys are different I admit) 

My presumption was that you would give up a session key.

> than I
> have put my entire privacy, security and safety in the hands of the State.
> This is not something I wish to do and for me this is not a technical issue
> even though it has a technical basis.

If you were talking about giving up public keys, clearly all sorts of
problems arise:

- problem that the sender can't decrypt
- problem that the receiver won't want to give up a long lived private key
- lack of warrant on further decrypts

Of course as yourself I expect there is a fair bit of danger lurking
in the non-specific way that the draft bill is refering to 'keys'
without distinguishing between (long lived) public and (use once)
session keys.

> In practice, I suspect the best way of incorporating this principle into law
> will be by avoiding any mention of keys by:
> 
> (1) allowing decryption orders to impose only an obligation to decrypt;
> (2) alllowing, where necessary, orders to impose an obligation to prove the
> correspondence between an encrypted text and a decryption of it.
> 
> Session keys would then be one of a number of ways of meeting these
> obligations but without access to keys having to be written into
> legislation.

Sounds like it would acheive the desired effect without cramping
technological changes.

Adam