burden of proof / keys or plaintext (Re: US Plans for

[David Swarbrick]

In message <199908042053.VAA05266@clw.cs.man.ac.uk>, Charles Lindsey
<chl@clw.cs.man.ac.uk> writes
>       On Tue, 03 Aug 1999 22:34:13 +0100
>       Nicholas Bohm <nbohm@ernest.net> said...
>
>> Clause 10 requires delivery of a key.  In general a session key satisfies
>> all the statutory requirements, if it can be given.  But this is only the
>> case where the addressee of the decryption notice has the material to be
>> decrypted or is provided with it; and that will not necessarily always be
>> the case, since subclauses 10(1)(a) and (b) contemplate a notice being
>> given in relation to material not yet in the possession of the giver of the
>> notice.
>
>If the spooks want to demand the session keys of messages in which
>they are "interested", then it is only necessary to provide the header
>of the suspect message to the man who has the private key (the bit
>which containes the session key encoded with the public key). It is not
>necessary for him to be provided with the whole message.
>
But the bill imposes no obligation to ask only for a session key, or
indeed only for plaintext. They can ask for the keys - whatever keys are
necessary for their purpose.

>Thus, the person who is asked to "cooperate" will not know the contents
>of the messages being decrypted with his assistance, unless he has also
>received the same messages by direct email (he can then, of course,
>identify them by checking their session keys himself).

He would not need ever to see the message either. He can just be told
'gimme the key'

-- 
David Swarbrick 01484 722531 david@swarb.freeuk.com http://www.swarb.co.uk  
IP / IT Law and Contracts. Home of the law-index of 9800+ uk case summaries.
   The Law Society regulates us in the conduct of investment business.