s/forget passphrase for/cause permanent destruction of/ , Re: Letwin wants increased penalties for refusal to decrypt

Matthew Astley lists-ukcrypto at fruitcake.demon.co.uk
Tue, 20 Aug 2002 12:22:12 +0100 

On Mon, Aug 19, 2002 at 12:05:44PM +0100, Owen Lewis wrote:
> Matthew Astley Sent: 18 August 2002 22:12
> > On Sun, Aug 18, 2002 at 08:22:20PM +0100, Peter Fairbrother wrote:
> > > Owen Lewis wrote:

> > > > Letwin should use a better speechwriter.
> > > >
> > > > Fashion it thus.
> > > >
> > > > Plod has (just about) sufficient evidence against X of drug
> > > > trafficking (or whatever gets you 30 years) to get a case before a
> > > > jury. The enciphered contents of X's PC, if disclosed, will turn
> > > > his 50:50 chance in front of a jury into zilch.

This suggested speech was quite one-sided, but this was obviously
deliberate and done for the effect.

I'm taking your several statements to the effect that "thwarting of
searches cannot be countenanced" in the same vein. Hope that's OK.


> > How does encryption of data compare, legally, with irreversible[1]
> > destruction?
> 
> It does not. An encryption scheme is by definition reversible.

As has been pointed out in this thread, there are good reasons for
having encrypted data and later throwing away the key.

Presumably the existence of a policy requiring the key to be forgotten
would be adequate "proof" to a court that the key has gone, so Big
Business is safe.

My backups are much more haphazard, and my "policy" is stored in my
head with my passphrases. Where else would I keep them? The encryption
scheme becomes irreversible when the passphrases expires from my
memory (sadly this has been known to happen much sooner than I
expected).

Anyway I think we've chased that tail already, many times.


> > Would it be fair to say that pre-RIP they were mostly equivalent?
> > The data was encrypted, so a court could not read it. Game over.
> >
> > The law is now being changed because TPTB wish to gain access to
> > that class of data, but the goalposts can be moved.
> 
> A better analogy is a vault to which the owner refuses to surrender
> the key. In the days where most vaults were physical, a refusal to
> open it when directed to by a judge could send you to jail for a
> very long time (AIR no maximum sentence in some circumstances).

When did this last happen? Were there cries of "guilty of possessing
the key until proven innocent" at that time?

> Now strong vaults are virtual and everyone has them. The real
> question is whether a search should ever be demanded in the name of
> the people and, if so, then why a person should be permitted to
> thwart to thwart a search of some areas but not of others.
> 
> No. If it is right to search at all than it is right to search all
> parts and not only those parts the subject of investigation
> determines to permit.

"Owen wearing the wig" will say this, of course.

"Owen woken up at 4am for no good reason" will tolerate[1] having a
bunch of noisy policeman ransacking the place looking for something
that isn't there, because he knows that sometimes the police have to
look for stuff when it _is_ there.

Is the innocent Owen expected to follow them round saying, "excuse me
officer, that antique desk drawer has a false bottom. I know there's
nothing incriminating in there, but you might want to check it anyway
just to be thorough"?

Does the innocent Owen expect to be put in prison until he's told the
police where all the priest holes are in his house? How does he prove
there aren't any? (OK, there's not too much space for these in a
modern house. That may prove to be a mistake one day.)

Does the innocent Owen expect to go to prison forever because the
search found ash of paper in the fireplace?

AFAICS the law is granted a right to search, but not to find.


People have been trying to hide things from the law for years.

The only reason data is different is that you can seize the CD but
still not get the plaintext data, so it's sitting there quietly
defying the court; whereas the very existence of the priest hole is
generally kept secret, and you can only encrypt protestants by making
them dress as catholics. 8-)

If the CD itself is successfully hidden during a search, the question
of whether it can be decrypted doesn't arise. This applies less to
drives in computers because computers are considered part of the
furniture, and the drive lives inside.


Given all this, the criminal apparently has considerable scope for
cheating the law of evidence against him. Again AFAICS, this has
always been the case. Society has coped. Why do the politicians expect
this to change because of the RIPA?

The sad part IMHO is that the laws concocted to catch the criminals
incense so many of the innocent that a part of society sits there
scheming ways to thwart the law, simply because it seems to be the
right thing to do.

That's why I've started my little project (vapourware alert! sorry)
for muddying the water where traffic data is concerned.


Matthew  #8-)
-- 
[1] By this I mean that, AIUI society permits searches to find
    evidence against criminals. It doesn't expect innocent people to
be raided for no good reason, but mistakes are inevitable. So, "the
innocent" are expected to tolerate a few searches.