R v.Lambert House of Lords and RIP reverse-burden-of-proof

Sun, 15 Jul 2001 21:14:28 +0100

> -----Original Message-----
> From: ukcrypto-admin@chiark.greenend.org.uk
> [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Adrian
> Midgley
> Sent: 14 July 2001 15:09
> To: ukcrypto@chiark.greenend.org.uk
> Subject: Re: R v.Lambert House of Lords and RIP reverse-burden-of-proof
>
>
> From: Owen Lewis <oml@eloka.demon.co.uk>
>
> >> >flawed system. You would not be able to do this to me or to many
> >> others,
> >> >only to those who lay themselves open to this form of abuse.
>
> >I get unsolicited enciphered mail I return it to sender. I get a
> second I
> >return it with a cease and desist message. A third and mail delivery
> to me
> >will be blocked.
>
> But being a clever conspirator, surely you would in any case return
> the mail which you had separately decrypted and read, so as to back up
> your statement here and later that you had been unable to read it
> since you did not have the key {Plod: prove it} and had never had the
> key {Plod: just to assist us with the enquiries we are making into the
> apparent sender of that message, sir, I'm sure you won't mind proving
> you didn't have it.}

Sigh.... I'm not a conspirator and I can't possibly decrypt and read it. I
have no key with which to do so.

Bigger sigh...  Plod is not going to knock on my door and serve a notice
without prima facie evidence of criminal activity. The sender has to supply
that evidence, real or fake. If real it won't involve me beyond the fact
that someone I don't know once sent me a cipher text which I bounced.
>
> Cease and desist, yes of course.  At least it demonstrates to your
> putative co-conspirator that you received the message...

Plod Major is knows well how to sniff out a conspiracy and has some smashing
tools for doing so. No, to stir the sh*t for me with one unsolicited mail,
the sender is going to have to fake evidence of criminal activity involving
me. We have already covered this ground.

>
> Enough of this experiment I think, I've found out two things about PGP
> that I didn't fully appreciate before, and had the question of how
> useful the proposed whole NHS and contacts PKI setup is going to be
> raised.
>
> it seems to me that firstly the purpose of the NHS PKI requires that
> it is actually at least a national PKI, to include gov and patients,

As already intimated, I would walk smartly away from a national PKI and
would recommend other to do likewise. If such comes into being, it will
rapidly become much broader in use than simply for the NHS. If such a system
comes into being, I will either refuse to use it or, depending on the form
it takes, use it only as an outer wrapper for such a cryptosystem as I
choose to use fo my security needs.

> and that in fact the number of organisations or even patients I
> correspond with is quite manageable by the sort of bipolar crypto
> streams you use.

Yes, it would be. But there are no free lunches. Each practice would have to
set up its own 'wheel' with itself at the managing hub - another
administrative task. Moreover, a major hospital could find that it was an
'outstation' on hundreds of GPs wheels and at the same time having to manage
at least one and possibly three or more much larger wheels of its own.

No, I think for the NHS, PKI should be a more manageable solution but it
probably requires also centralised key management (for which read escrowed
keys). Now if it were for the benefit of the medical service and its
patients only, I wouldn't mind too much. As far as I'm concerned, any doctor
may read my note if he find that useful to him. I also want any clinician to
be able to access anything about me in the records and without requiring my
express permission (which I may be in no condition to give). But we know
that it is not intended to restrict content - and therefore access to keys -
to the NHS and patients. There lies the rub.
>

Owen