trivia

Owen Lewis oml at eloka.demon.co.uk
Fri, 13 Jul 2001 15:38:19 +0100 

> -----Original Message-----
> From: ukcrypto-admin@chiark.greenend.org.uk
> [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Adrian
> Midgley
> Sent: 13 July 2001 00:34
> To: ukcrypto@chiark.greenend.org.uk
> Subject: Re: trivia
>
>
> The original remark was that it was _not possible_ to be put at risk
> by other peoples antics with PGP.

Then, in a nutshell, I would agree that it is possible to cause another some
embarrassment or irritation - the more particularly if they are a known to
be a PGP user. However, if one conducts oneself reasonably, I believe that
the risk of actually suffering harm is well below the risk of harm in other
matters that we run every day without giving it a thought. This is not least
because to cause such harm maliciously is in itself a serious criminal
offence.

> An experiment at demonstrating, or exploring this does not have the
> appearance of an attempt to pervert anything, from here, but any
> encrypted traffic might be taken elsewhere as evidence of a
> link -until proved not to be, by the recipient.

For the first part, I agree. There can be no harm and some amusement in our
little play. The harm starts and the fun stops at the point where, to close
the trap, the attention of the authorities needs to be drawn to the victim
in connection with the both the concocted key and some criminal activity.
The comment re. mens rea was an aside coming from the thought that it might
be argued that guilty intent (to pervert etc) would be present from the
point of forging a link of the victim's identity with a key pair first
created and then destroyed beyond recall by someone other than the victim.
Now, many of us have forged keys at some time or other but with care to
cause no harm but as part of a learning process. The wickedness really
starts with what must follow on from there if a malicious plan to cause harm
is to succeed. Hypothecation of criminal activity is of course harmless as
well as sometimes informative.

ISTR that as long ago as 1991 the State of Georgia (no less) made it a
criminal offence to be in possession of a password or crypto key without
either due authority or being the owner. Max sentence was 14 years, I
recall. I don't recall whether key forging was included; probably not back
then but is seems to me sensible that it should be unlawful to forge a ID to
a key.

Thoughts?

Owen


Owen