New UK crypto law and an idea on how to defeat it

David Pick
Wed, 01 Dec 1999 18:31:41 +0000

> This is the point. Bob may or may not know both sets of keys. The encryption
> tool may have used a random plaintext and a random key or it may not. The
> only person who knows for sure is Bob. The cops can't prove it either way
> assuming that the encryption technique is suitably robust against any
> analysis they might bring against it.
> > Bob would not be able to claim that the files were encrypted using
> > random keys without his knowledge as he would have had to start the
> > process.
> Yes but Bob can *lie*. The onus is on the police to prove he is lying. How
> do they do that given that they don't know whether the second plaintext is
> random or not?
Several comments more-or-less at random: 1) The last time I saw these proposals there were several elements to them: 1.1) The police would have to obtain a warrent from a magistrate to demand these keys; this would be similar to a search warrent. 1.2) Something not many people know is that any search warrent must state the type of crime the police suspect has taken place and what section of the appropriate Act of Parliament authorizes the granting of the warrent. 1.3) Someone would only be required under such a warrent to reveal keys necessary to enable data to be decrypted; keys used only for signatures could not be obtained. 1.4) The Police and Criminal Evidence Act, 1984 (PACE) already states in section 19 subsection 4 that "The constable may require any information which is contained in a computer and is accessible from the premises (to be searched) to be produced in a form in which it can be taken away and in which it is visible and legible if he has reasonable grounds for believing-- (a) that-- (i) it is evidence in relation to an offence which he is investigation or any other offence ; or (ii) it has been obtained in consequence of the commision of an offence ; and (b) that it is necessary to do so in order to prevent it being concealed, lost, tampered with or destroyed." 2) The provisions in PACE are getting decidedly impractical given the rise in capacities of hard discs since 1984. 3) I think the *intent* of the proposed law is to keep similar levels of search available to the Police in environments where data volumes and encryption make the existing provisions impractical. Of course, we need to keep an eye on things to try and ensure that the proposed Act doesn't go too far. But I'm no more paranoid about this proposal than I am about the rest of UK law (consider that a classic British understatement). I do consider British law a bit intrusive, but don't consider the proposals out-of-step with the general tone of UK law. 4) When I first heard of these proposals (10 Nov 1998) I wrote requesting thet GPG had the ability to use different passphrases for keys and subkeys, so that it would be possible to reveal one without the other. This was turned down with the following comment "But please don't ask me to do this because I do not want to support such laws even by considering how to limit the damage of the secret keys." 5) In the scenario discussed, the imfamous Police Chief would be laying himself open to serious complaints if he obtained a warrent by lying about his grounds (on oath!) and Bob (once the "evidence" of the love letters had been revealed) used the facts to support a complaint that the warrent had been obtained illegally. 6) The police do have experts available to them. These exports will almost certainly be aware of the characteristics of any released software products. This means they will be able to examine an encrypted file and the derived cleartext and (knowing the software used to produce the file) will be able to measure the proportion of the encrypted file used to encode the clear text. This should give them a very good clue about the existance of other text(s). 7) The proposal is really an example of steanography; and it would probably be better to hide the "love letters", encrypted or otherwise, using standard steanographic techniques; the *existance* of the hidden text is far less obvious that the technique proposed by Adam Lock. All the forensic searches of which I'm aware will fail to find them even *without* encryption. -- David Pick