BBCR4 on Crypto-wars today at 13:30

Caspar Bowden (lists) lists at
Fri Mar 21 07:10:15 GMT 2014

On 03/20/14 22:46, Peter Fairbrother wrote:
> On 18/03/14 10:25, Caspar Bowden (lists) wrote:
>> On 03/17/14 15:52, Peter Fairbrother wrote:
>>> ...
>>> "The Levinson case goes to the heart of a fundamental clash between
>>> two opposing sides - there are those who want our electronic
>>> communications to be entirely private, so that absolutely no-one apart
>>> from the recipient can know what's benig said. Set against them are
>>> those who think the State should be able to get access, for instance
>>> when it says it's investigating crime or protecting national security.
>>> I think that's it in a nutshell - and on that basis, with the demands
>>> for keys in RIPA we lost the crypto wars in the UK.
>> The trouble is that states the problem without the context of the UK
>> being in forefront to neutralize civilian crypto last 20 years, and the
>> drawbacks and hinterland of every policy option
> I disagree - and I think it really is quite simple. The state should 
> not have any right to know what's being said.
> None.
> No "it's okay with a warrant". No "we need to do it for xyz reason".
> Now that is not saying that the state can't try - just that it has no 
> right to succeed.

Agreed. But states will try, and 1 state in particular has utterly 
different legal standards for its own citizens...
>>> BTW, why do you think the Darkmail effort is doomed? I kinda agree,
>>> but I'd like to know what you think.
>> I don't know what they are doing, but shouldn't trust crypto against
>> decryption powers unless trust platform+binary+source+keymat resilient
>> to those powers
> I'd go with trust platform to start, the rest can come in time. 
>> Confidentiality is orthogonal to what an email service provider can
>> provide (but a special network service might provide anonymity)
> I think it can do both - in fact I know it can, and how to do it, but 
> whether it gets adopted is another matter.

But FISA 702 in particular can force arbitrary service provider 
"co-operation" (as per Hushmail case, but that was actually Canada - 
anyone get to the bottom of that?)

So anything you depend on the email service provider to do for your 
confidentiality can be subverted by law

> eg, what happens if someone sends you an unencrypted email on your 
> encrypted service?

Would be nice to have an autoresponder which bounced mail without right 
GPG header?


More information about the ukcrypto mailing list