disclosure of crypto keys
Nicholas Bohm
nbohm at ernest.net
Mon, 01 Feb 1999 20:01:09 +0000
At 07:34 PM 2/1/1999 +0000, David Swarbrick wrote:
>In message <A5E4FFA60DB@frw3.kub.nl>, Bert-Jaap Koops <E.J.Koops@kub.nl>
>writes
>>Ian Miller <Ian_Miller@bifroest.demon.co.uk>:
>>> >In summary, my conclusion is that in
>>> >principle, a command to hand over the crypto key or passphrase is
>>> >compatible with the privilege against self-incrimination, provided
>>> >there is sufficient evidence that the suspect is able to decrypt.
>>> Did you consider the case where the individual subject to such a command
>>> refuses to hand-over the long-term key, but agrees to hand-over the
session
>>> keys for the revelant messages?
>>I considered the question whether legislation can be enacted to give
>>a decryption command as such. Whether it's a command to hand over a
>>private key or session keys is not really relevant to the issue of
>>compatibility with the privilege against self-incrimination.
>
>We already have the answer. The Police and Criminal Evidence Act allows
>a constable to require the handing over of files in 'legible' form.
It allows a constable to require, but provides no penalty for failure to
comply. It's really only useful in the case of a warrant executed against
a compliant third party who needs to be sure he is within the proper scope
of the warrant in order to be relieved of third party liability for
complying. It's not much good against the suspect.
>Is it still self incrimination to hand over existing evidence? I think
>there is a clear argument to say that the privilege against self
>incrimination prevents only a requirement to provide a new statement.
>
>
>
>>It is,
>>of course, quite relevant once you decide to enact legislation. The
>>choice for handing over session keys, then, should be obvious.
>>(Alternatively, the suspect could decrypt himself and give plaintext,
>>provided the police can somehow monitor that this is done correctly.
>>You might even use a public notary (or TTP ;-) to do the decrypting.)
>>
>>Adam Back <aba@dcs.ex.ac.uk> wrote:
>>> > In summary, my conclusion is that in
>>> > principle, a command to hand over the crypto key or passphrase is
>>> > compatible with the privilege against self-incrimination, provided
>>> ^^
>>> Did you miss out an *in* there? (in-compatible?)
>>> A right to not self-incriminate surely covers not giving out
>>> information stored purely in ones mind, which could be argued might
>>> incriminate the oneself.
>>Not "surely". A passphrase (or memorized key) resembles
>>"material which exists outside of the will of the suspect". Giving
>>blood for a blood sample is compatible with the privilege against
>>self-incrimination, because you cannot alter the blood (or the
>>alcohol percentage in it). You can't alter the passphrase in your
>>mind, because then it wouldn't work on the private key, and you
>>can't alter the private key, because then it wouldn't work on the
>>ciphertext. In that respect, it differs from statements like "I did
>>it", which is an expression of the (changeable) contents of
>>one's mind. The tricky thing remains the retort: "but I don't have
>>the key" or "I've forgotten my passphrase". That is why there must be
>>evidence that someone is able to decrypt (e.g., because the message
>>was encrypted this morning).
>
>I do not think anyone now argues for more than access to plain text. The
>context might require holding of private keys, but the concern is not to
>get your key, but the text.
I think it's too soon to say: without a key (even if only a session key)
it is difficult for the recipient to know whether the plaintext is derived
from the ciphertext.
>I suspect that the argument about the right against self-incrimination
>is a false trail.
Or will be by the time legislation is in place.
Regards,
Nicholas Bohm
Salkyns, Great Canfield,
Takeley, Bishop's Stortford CM22 6SX, UK
Phone 01279 871272 (+44 1279 871272)
Fax 01279 870215 (+44 1279 870215)
Mobile 0860 636749 (+44 860 636749)
PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint:
9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint:
5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF