RIP and children (It's all Ross Anderson's Fault)
Ken Brown
k.brown at ccs.bbk.ac.uk
Mon, 18 Mar 2002 17:07:18 +0000
Ian G Batten wrote:
> But I'm set to thinking on the implications of children under ten
> holding crypto keys. Given my children are, as one would probably
> expect of the children of geeks, reasonably adept with computers, this
> new interest in crypto might make for an interesting RIP case: what
> happens if the encryption keys are held by someone who is below the age
> of criminal responsibility? Should I have a household signing key which
> my daughter holds, and then if required have _her_ issue a revocation
> certificate explaining we've had all our keys seized by the fuzz?
In what way would she "hold" the key? Presumably on some object in her
possession. They'd just take it if they wanted wouldn't they? Or take
her. I bet there is some common law about making your children
accomplices in crime. It probably isn't that rare. (Remembers all sorts
of anecdotal stuff about burglar's kids being put through letterboxes or
whatever),
Mildly off-topic:
My own daughter (now 12) has been suffering from heavy SMS spam ("TXT
FLIRT: someone fancies you - phone this number to find out who"). The
number, I guess (we didn't call it), being a premium-rate line
presumably of "adult" content.
It constitutes a denial of service attack on SMS (because there can only
be 5 messages stored at once & these things queued up so fast - maybe 40
of them on Sunday - that when she reads one that the next one turned up
a few minutes later.
Apparently there is no header info in SMS (I don't know the protocol) so
I can't see what is going to stop the spammers. You can't just filter it
like email.
Even if you don't get worked up about One2One being used to send
pornography to schoolgirls, the denial of service aspect is very
annoying. And so far we haven't been able to get in touch with the
suppliers. Their service phone number has a huge menu of voicemail
options, at least 4 deep, that she gave up in boredom after about 10
minutes, including typing her own phone number in twice in different
parts of the menu (sounds like mega-bad design to me). I tried to get
some hints from their website, but this morning one2one.co.uk and
one2one.com were showing server errors 500 in the menu frame and
one2one.net only had stuff about email to SMS gateways & "News last
updated 27 October 2000".
With people this competent running our phone companies you almost with
Railtrack had taken them over.
And I wonder how much money they get for selling numbers to spammers?
Ken