New UK crypto law and an idea on how to defeat it
Wed, 01 Dec 1999 17:30:56 +0000
Sean Rima wrote:
> Hi Adam!
> You ignore a couple of major points of British law, in that the police
> chief would need reasonable grounds to believe that Bob was involved
> in a crime. He would not be able to demand Bob's key if he believed that
> was having an affair with his wife. Don't forget that the police chief is
> also answerable to British law. But I also understand that you were using
> as an example.
Fine, the police chief concocts a phoney charge against Bob and uses that as
a pretense to get to the files.
> The second mistake you make is that if Bob used such a program, he would
> have to hand over both sets of keys. He would not be able to say that
> there was only one. Should the police chief find that the file was locked
> with a second key then Bob would be automatically guilty of failing to
> hand over the keys.
This is the point. Bob may or may not know both sets of keys. The encryption
tool may have used a random plaintext and a random key or it may not. The
only person who knows for sure is Bob. The cops can't prove it either way
assuming that the encryption technique is suitably robust against any
analysis they might bring against it.
> Bob would not be able to claim that the files were encrypted using
> random keys without his knowledge as he would have had to start the
Yes but Bob can *lie*. The onus is on the police to prove he is lying. How
do they do that given that they don't know whether the second plaintext is
random or not?