GAK-killing amendments?
Brian Gladman
Brian Gladman <brg at gladman.uk.net>
Sat, 1 Jul 2000 12:50:58 +0100
From: "Nicholas Bohm" <nbohm@ernest.net>
To: <ukcrypto@maillist.ox.ac.uk>
Sent: Saturday, July 01, 2000 12:28 PM
Subject: Re: GAK-killing amendments?
> At 10:35 AM 6/30/2000 +0100, Pete Chown wrote:
> >Nicholas Bohm wrote:
> >
> >> Roland Perry wrote:
> >
> >> > In any event, surely a Judge can order a key to be produced in any
> >> > event, if it's needed for evidential purposes?
> >
> >> By subpoena, sure. But in practice there would be plenty of prior
warning,
> >> and by the time production was ordered the key might well no longer
exist.
> >
> >Perhaps you could get an Anton Pillar order (or civil search order now
> >they've changed the name) to search for a key, if there was reason to
> >believe that it might be destroyed.
>
> I would think you could.
>
> >> > (While we are on the subject, what's the position in a civil case
when
> >> > requesting discovery, and what you get is "protected information".
Can
> >> > you insist it is put into intelligible form?)
> >
> >> The court undoubtedly has inherent powers to require it if it can be
done.
> >
> >Also the court might well not feel that disclosure was completed
> >properly if only ciphertext was supplied. Perhaps on the list of
> >documents made prior to discovery, plaintext and ciphertext versions
> >should be shown separately. Then plaintext documents where the key no
> >longer exists could be shown as having left the party's "possession,
> >custody or power".
> >
> >I wonder if a key is a document for the purposes of discovery? That
> >could be an awkward one.
>
> I would think a key would fall within the scope of whatever discovery is
> now called, but of course only if relevant to the issues in the case. It
> would have to be the data forming the key that was relevant to the issues,
> and I can't envisage how it would be relevant to put it in evidence.
> Ideas, anyone?
IANAL but I assume that if one side of the case depended on the relationship
between a plaintext and a cipherext, the other side might demand these items
and the key to confirm the validity of this relationship for themselves.
This seems to be the Government argument for (mis)using confidentilaity keys
for authentication purposes.
Brian