RIP FOR INDIVIDUAL RIGHTS?

[Padgett 0sirius]

The problem is that with "good" crypto, there is no way to tell if the key
you have been given is actually the key used to encrypt the message even if
the decrypt is an intelligible message. With that in mind how could any
court accept it ?

True, in most modern products you can tell from the header but a header is
not always needed.

Most of the discussion here has been from the privacy aspect. What I an
referring to is the reliability aspect which has not been overtly mentioned.

Consider this (and the thought would be chilling in any environment of
"guilty until proven innocent"). Given any crypto (stream of pseudo random
characters) it is possible to create an algorithm that would produce any
desired message of matching length. A OTP (one time pad) would be the
easiest and OTPs are considered the most secure form of cryptography.

Consider a courtroom. The prosecution depends on a specific decrypt of a
message. Defense provides a dozen different decrypts of the same encrypted
message, all innocuous, all tracable to a specific key/algorithm. How does
one *prove* which is correct ?

I suspect what will be the end state is that any decrypt will require a
human to swear that X is the original message and I do not see any way that
the proposed legislation will provide that. The keys will either have to be
voluntarily surrendered or they cannot be trusted (and even then not
without corroberation).

This is not a new situation, merchants, insurers, accountants and
bookkeepers have been using personal and company codes for centuries. The
law has leared to accomodate that issue. Why is this different ?

Just some thoughts,

      	A. Padgett Peterson, P.E., CISSP: Cybernetic Psychophysicist
 Anti-Virus, Cryptographics, & Antique Radio Researcher
http://www.freivald.org/~padgett/index.html
 mailto:padgett@gdi.net     PGP 6.5 Key on request