burden of proof / keys or plaintext (Re: US Plans for
Charles Lindsey
chl at clw.cs.man.ac.uk
Wed, 4 Aug 1999 21:53:05 +0100
On Tue, 03 Aug 1999 22:34:13 +0100
Nicholas Bohm <nbohm@ernest.net> said...
> Clause 10 requires delivery of a key. In general a session key satisfies
> all the statutory requirements, if it can be given. But this is only the
> case where the addressee of the decryption notice has the material to be
> decrypted or is provided with it; and that will not necessarily always be
> the case, since subclauses 10(1)(a) and (b) contemplate a notice being
> given in relation to material not yet in the possession of the giver of the
> notice.
If the spooks want to demand the session keys of messages in which
they are "interested", then it is only necessary to provide the header
of the suspect message to the man who has the private key (the bit
which containes the session key encoded with the public key). It is not
necessary for him to be provided with the whole message.
Thus, the person who is asked to "cooperate" will not know the contents
of the messages being decrypted with his assistance, unless he has also
received the same messages by direct email (he can then, of course,
identify them by checking their session keys himself).
>
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Email: chl@clw.cs.man.ac.uk Web: http://www.cs.man.ac.uk/~chl
Voice/Fax: +44 161 437 4506 Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5