trivia

[Adrian Midgley]

Owen feels safer than I would in theory.
Fortunately, the risk is in any case small in practice
unless the provisions of RIPA might apply to the effects on the State
of a large departure of GPs from NHS contracts;
and discussions, partly encrypted, were going on between significant
numbers of GPs;
of which I were one.

or some other condition which was outwith your control applied;

I think the question of mens rea etc is not helpful, not least since
IANAL.
The original remark was that it was _not possible_ to be put at risk
by other peoples antics with PGP.
An experiment at demonstrating, or exploring this does not have the
appearance of an attempt to pervert anything, from here, but any
encrypted traffic might be taken elsewhere as evidence of a
link -until proved not to be, by the recipient.




-----Original Message-----
From: Owen Lewis <oml@eloka.demon.co.uk>
To: ukcrypto@chiark.greenend.org.uk <ukcrypto@chiark.greenend.org.uk>
Date: 12 July 2001 19:54
Subject: RE: trivia


>
>
>> -----Original Message-----
>> From: ukcrypto-admin@chiark.greenend.org.uk
>> [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Adrian
>> Midgley
>> Sent: 12 July 2001 15:16
>> To: ukcrypto@chiark.greenend.org.uk
>> Subject: Re: trivia
>>
>>
>> From: Owen Lewis <oml@eloka.demon.co.uk>
>>
>> >Really? You might be surprised ar what still lurks in the depths
of
>> the PC
>> >on which you created it?
>>
>> I might be, however I downloaded and compiled Apache shortly after
>> deleting it, and routinely defragmenting the drive.  So SQUIDs
apart,
>> I think it is unlikely to be hanging around by accident.
>> Rather more to the point though, it is well known that PGP can
encrypt
>> messages to the recipient only, and although we are saying in
public
>> that you have never had the key which was labelled with your
identiy,
>> and that if it could be found on one of the machines on one of my
>> networks this is not because you sent it to me by an unapparent
>> channel...
>
>Why *on earth* should I send you my secret key? The fact that there
is a
>*public* key sculling about with my name on it proves nothing
whatsoever and
>their masters, if not junior plods and plodesses, understand that. Of
did
>you destroy the public key as well?
>
>I have had for years a public key that claims its association with
Bill
>Clinton. Do you suppose that Bill Clinton knows any thing about it?
Do you
>suppose that a judge is going to take my possession of it as evidence
that I
>an in secret correspondence with Bill Clinton?
>
>> I don't have to prove that, and under RIPA by the meaning I believe
is
>> generally agreed on this list _you_ might have to try.
>>
>> >Besides, you now need to conspire to pervert the course of justice
if
>> you
>> >are going to get a notice served on the recipient.
>>
>> How so?  Seems to me that it would only be necessary for me to
commit
>> a crime for you to appear in the list of people with whom I have
>> corresponded, encryptedly, and that is not normally described as
>> perverting the course of justice.  Alternatively, if somebody else
>> perverts or otherwise influences justice, they might trigger that
>> notice.  Irritated anyone recently?
>
>Not infrequently and some of them are genuinely to be supped with
using a
>spoon tied to the end of a long bargepole. However I remain
unimpressed by
>the threat you hypothecate.
>
>> A local doctor was recently arrested in relation to material in
>> storage on his computer, now I know of no reason why anyone should
>> connect me to him, since we have few interests in common, however
if
>> they did for reasons only known to themselves, they might then
choose
>> to follow that trail onward, might they not.
>> And not from my intention.
>
>I think your fears as unnecessary. As I understand it, there must be
good
>reason to demand a key and no balance of probability that such a
demand is
>being unreasonably defied.
>
>How is A to put B into such a position inadvertently? I think that if
A is
>suspected of a serious crime and has been in enciphered
correspondence with
>B, then B might be asked to deliver up correspondence or key. Fair
enough.
>There *has* been correspondence and there *is* (or has been) a secret
key
>that was once in my possession. Were I 'B', I'd have the key and
would
>deliver as demanded (albeit without the best of grace).
>
>But you suggest something else. That A will create a secret key and
destroy
>it, using its public twin to send a string of unsolicited
correspondence to
>B with the intention of having him suffer falsely at the hands of the
law.
>Whether A is ever able to do this will depend much on the actions of
B.
>
>Should you propose that such consequences for B might be brought
about by a
>single mail (rendering quite limited any reaction by B), I suggest
that A
>(mens rea already existing from the creation of the false key pair?)
before
>this point is reached A must elaborate a conspiracy to bring the
matter to
>the attention of the authorities and have them act upon it.
>
>Wow! A must want B's scalp badly enough to risk a couple of years in
jail
>for the satisfaction of making waves (for B that still are unlikely
to pass
>close scrutiny). Or else A's as thick as two short planks and doesn't
bother
>to consider the chances that his conspiracy will fail.
>
>Since A is clearly of a criminal bent, he should find it direct,
certain and
>with less possibility of comeback to have B found, intoxicated and in
bed
>with his strangled wife. If B were a GP, the whole world knows about
doctors
>and drug abuse and therefore a rich palette of intoxicants makes
itself
>available and the events all the more credible?
>
>Yes, people will commit crime. Yes some of those who do get away with
it but
>I think your proposition is definitely high risk. If you think
otherwise,
>let us depersonalise it, lay out a plot and dissect it here. Start
with the
>creation of a key pair with the intent to pervert the course of
justice.
>Next the delivery of an unsolicited mail in furtherance of the
conspiracy
>(containing does it matter what?). What does A do next to develop his
plan?
>Say too A has destroyed one or both parts of the key pair created.
Was the
>public key signed, by whom and do they know A? Is it necessary to buy
their
>perjured evidence in due course?
>
>For the moment, the one point that comes across out of your
proposition is
>that it gives yet another reason for why one should ever facilitate
>enciphered traffic from strangers. Of course B might find that A was
his
>partner and that would be rather more tricky to manage. However,
there are
>enough ideas here for the time being, should you wish to take a
scenario
>further.
>
>Owen