disclosure of crypto keys

[Adam Back]

Nicholas Bohm writes:
> At 07:34 PM 2/1/1999 +0000, David Swarbrick wrote:
> >We already have the answer. The Police and Criminal Evidence Act allows
> >a constable to require the handing over of files in 'legible' form.
> 
> It allows a constable to require, but provides no penalty for failure to
> comply.  

Ah that's good news indeed.  So we can hand over a PGP dump.  It's not
legible to them but that's their problem.  If one handed over a note
book written in or hand written notes in code, similarly it would be
their problem.

I think this sounds very reasonable.  Absent certain obligations
(eg. financial accounting requirments to keep records for x years,
etc) I see no special reason why one should be required to keep ones
correspondence in a form which is useful to the police -- I keep
information for my own use, not for the use of hostile third parties.

If I am presumed innocent, why would I be required to keep information
in a form useful to law enforcement agents.  The `law', and especially
some over-zealous law enforcement type's view of it, includes all
manner of things which I personally might not think morally right or
even sane!  I think it unreasonable that one should be deputised to
keep a wire tap log on oneself.

> >I do not think anyone now argues for more than access to plain text. The
> >context might require holding of private keys, but the concern is not to
> >get your key, but the text.

I think if it's in ciphertext you shouldn't have any obligation to
hand over the key.  A better metaphor for discussing ciphertext would
be to consider it a note to oneself which happens to lack context
making it readily understandable to a third party.  You are not
obliged to explain what it means.  Therefore I would argue you are not
obliged to provide the key.

Adam