Home Office response on Burden of Proof

[Ben Laurie]

Donald Ramsbottom wrote:
> 
> SNIP
> >But that would be an erroneous assumption. When I send encrypted mail I
> >am _not_ in possession of the decryption key. But it is sitting on my
> >disk in my "sent" folder.
> 
> But the whole point is that  the notice does not just apply to an email but
> ALL "protected information" as defined by S:19. So it applies to an
> encrypted HDD(s) as well as any other storage media. One of the really big
> problems with the notices etc, is the fact that subject to some as yet
> unspecified guidelines which may or may not be followed depending on the LEA
> concerned and the sort of information being sought (eg whether or not it is
> a criminal or "National interest" agency), the notice does not have to
> specify what it is that has to be decrypted, thus all information which is
> "protected" is the subject matter of the notice regardless (at leasr
> initially) of releveance.

I don't really understand why you are saying this ... the point is that
I have stuff on my disk that I cannot decrypt and that is a simple
consequence of normal operations.

> >Also, there's a public key floating around that has my name on it that
> >is not mine. If someone sent me an email using that key I would be
> >unable to decrypt it.
> 
> But presumably it would be possible to prove it was a forgery?

Errr. How? By demonstrating that I don't have the private key? Isn't
this where we came in?

I can (and do) claim it is a forgery, but I don't see how I prove it.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
     - Indira Gandhi