burden of proof / keys or plaintext (Re: US Plans for Decryption Orders)
Brian Gladman
gladman at seven77.demon.co.uk
Wed, 4 Aug 1999 10:16:16 +0100
From: Adam Back <adam@cypherspace.org>
To: <ukcrypto@maillist.ox.ac.uk>
Sent: 04 August 1999 0:12 AM
Subject: Re: burden of proof / keys or plaintext (Re: US Plans for
Decryption Orders)
>
> Brian writes:
> > > I think the distinction between keys and plaintext is fairly technical
> > > and not the real issue.
> >
> > I don't agree that this is simply technical. If my obligation is to
offer
> > decryption in response to a decryption order, I remain in control of my
keys
> > and hence I can judge the extent to which I and my colleagues will be
> > compromised by any actions I take. If, however, I have to give up my
long
> > term personal decryption keys (session keys are different I admit)
>
> My presumption was that you would give up a session key.
I would want to but I don't think that the proposed law is in any way
limited to demanding only session keys. Given the uncertainties about what
a key might be used for, I would rather the law did not give any right of
access to keys.
IMHO the reason why the Government wants keys is to listen to ***future***
exchanges and this won't be satisfied by session keys. Hence I believe that
it is our personal long term keys that the Government has its eyes on.
Brian