disclosure of crypto keys
Bert-Jaap Koops
E.J.Koops at kub.nl
Mon, 1 Feb 1999 12:41:37 MET
Ian Miller <Ian_Miller@bifroest.demon.co.uk>:
> >In summary, my conclusion is that in
> >principle, a command to hand over the crypto key or passphrase is
> >compatible with the privilege against self-incrimination, provided
> >there is sufficient evidence that the suspect is able to decrypt.
> Did you consider the case where the individual subject to such a command
> refuses to hand-over the long-term key, but agrees to hand-over the session
> keys for the revelant messages?
I considered the question whether legislation can be enacted to give
a decryption command as such. Whether it's a command to hand over a
private key or session keys is not really relevant to the issue of
compatibility with the privilege against self-incrimination. It is,
of course, quite relevant once you decide to enact legislation. The
choice for handing over session keys, then, should be obvious.
(Alternatively, the suspect could decrypt himself and give plaintext,
provided the police can somehow monitor that this is done correctly.
You might even use a public notary (or TTP ;-) to do the decrypting.)
Adam Back <aba@dcs.ex.ac.uk> wrote:
> > In summary, my conclusion is that in
> > principle, a command to hand over the crypto key or passphrase is
> > compatible with the privilege against self-incrimination, provided
> ^^
> Did you miss out an *in* there? (in-compatible?)
> A right to not self-incriminate surely covers not giving out
> information stored purely in ones mind, which could be argued might
> incriminate the oneself.
Not "surely". A passphrase (or memorized key) resembles
"material which exists outside of the will of the suspect". Giving
blood for a blood sample is compatible with the privilege against
self-incrimination, because you cannot alter the blood (or the
alcohol percentage in it). You can't alter the passphrase in your
mind, because then it wouldn't work on the private key, and you
can't alter the private key, because then it wouldn't work on the
ciphertext. In that respect, it differs from statements like "I did
it", which is an expression of the (changeable) contents of
one's mind. The tricky thing remains the retort: "but I don't have
the key" or "I've forgotten my passphrase". That is why there must be
evidence that someone is able to decrypt (e.g., because the message
was encrypted this morning).
> Also there is the right to remain silent. (Modulo the change of
> late to allow the judge to inform the jury to take into account that
> the person has chosen to remain silent).
Exactly. See also the Murray case of the European Court. His silence
on the question what he did in the house where an IRA hostage was
held, could be used as evidence because in this case, there were
sufficient and stringent safeguards.
> Technical solutions time (write code not laws):
Indeed, there are many ways to anticipate a decryption command and
make sure you will get away with not decrypting. Another reason why
this approach is not fruitful, as I stated.
Kind regards,
Bert-Jaap
---------------------------------------------------------------------
Bert-Jaap Koops tel +31 13 466 8101
Tilburg University facs +31 13 466 8149
P.O. Box 90153 e-mail E.J.Koops@kub.nl
5000 LE Tilburg http://cwis.kub.nl/~frw/people/koops/bertjaap.htm
the Netherlands
---------------------------------------------------------------------
This world's just mad enough to have been made
by the Being his beings into being prayed. (Howard Nemerov)
---------------------------------------------------------------------