burden of proof / keys or plaintext (Re: US Plans for

[David Wadsworth]

In article <1.5.4.32.19990805170307.006c99e8@192.168.0.65>, Donald
Ramsbottom <donald@ramsbottom.co.uk> writes
>The warrant holder does not have to identify the key he is after. All the
>LEA need know is that there is "protected information" (PI)(S:19) and that
>has come into the person with the "Appropriate permissions" (PWTAP)
>possession (whether by statuttory or "other lawful means (Police Act,
>statutes relating to Intelligence services PACE etc.). Then if it
>**appears** to the PWTAP that you are in possession of a key (any) (S:19),
>Then you have to give up the key to the
>PI, which is all PI, which then can be sifted by the PWTAP at leisure.

A problem which nobody has raised yet, is how do you authenticate the
warrant and warrant holder? There are a considerable number of cases
nowadays of 'social engineering' where people impersonate those in
authority in order to commit crimes. In these days of colour copying
machines and graphics programs, the production of a forged warrant, and
convincing police or security 'credentials' would present a minor
problem. Any irregularities might be glossed over by referring to the
security services, or suspicion of 'money laundering'. A simple call to
your local police station or any one else you might trust, might make
you liable for the 'tipping off' offence. Suppose the message decoded
held the combination to a diamond merchants safe? Under the proposed
legislation, you could not warn him that his property was now at risk.
If the contents of the safe were subsequently stolen then presumably the
new law would insist you lie to the investigators of the robbery,
provided the warrant was genuine.  
-- 
David Wadsworth         | Tonto.... I've got a feeling we're not in Kansas
dwadsw@etna.demon.co.uk | anymore        .....The Lone Ranger of Oz