burden of proof / keys or plaintext (Re: US Plans for Decryption Orders)

David Swarbrick david at swarb.demon.co.uk
Thu, 5 Aug 1999 07:24:59 +0100 

In message <199908032312.AAA29915@server.cypherspace.org>, Adam Back
<adam@cypherspace.org> writes
>> than I
>> have put my entire privacy, security and safety in the hands of the State.
>> This is not something I wish to do and for me this is not a technical issue
>> even though it has a technical basis.
>
>If you were talking about giving up public keys, clearly all sorts of
>problems arise:
>
>- problem that the sender can't decrypt
Which is why they will go fro private keys.
>- problem that the receiver won't want to give up a long lived private key
Hard cheese - according to the Home office
>- lack of warrant on further decrypts

Warrants aren't necessary.

>
>Of course as yourself I expect there is a fair bit of danger lurking
>in the non-specific way that the draft bill is refering to 'keys'
>without distinguishing between (long lived) public and (use once)
>session keys.
It is technologically neutral, and refers to anything which might
decrypt the text.

>
>> In practice, I suspect the best way of incorporating this principle into law
>> will be by avoiding any mention of keys by:
>> 
>> (1) allowing decryption orders to impose only an obligation to decrypt;
>> (2) alllowing, where necessary, orders to impose an obligation to prove the
>> correspondence between an encrypted text and a decryption of it.
>> 
>> Session keys would then be one of a number of ways of meeting these
>> obligations but without access to keys having to be written into
>> legislation.
>
>Sounds like it would acheive the desired effect without cramping
>technological changes.

See s20 PACE 1984


    Extension of powers of seizure to computerised information

20.--(1) Every power which is conferred by an enactment to which 
this section applies on a constable who has entered premises in
the exercise of a power conferred by an enactment shall be
construed as including a power to require any information
contained in a computer and accessible from the premises to be
produced in a form in which it can be taken away and in which it
is visible and legible.

My own view would be that this should be clarified and extended
minimally.

-- 
David Swarbrick 01484 722531 david@swarb.freeuk.com http://www.swarb.co.uk  
IP / IT Law and Contracts. Home of the law-index of 9800+ uk case summaries.
   The Law Society regulates us in the conduct of investment business.