New UK crypto law and an idea on how to defeat it
Wed, 01 Dec 1999 18:31:41 +0000
> This is the point. Bob may or may not know both sets of keys. The encryption
> tool may have used a random plaintext and a random key or it may not. The
> only person who knows for sure is Bob. The cops can't prove it either way
> assuming that the encryption technique is suitably robust against any
> analysis they might bring against it.
> > Bob would not be able to claim that the files were encrypted using
> > random keys without his knowledge as he would have had to start the
> > process.
> Yes but Bob can *lie*. The onus is on the police to prove he is lying. How
> do they do that given that they don't know whether the second plaintext is
> random or not?
Several comments more-or-less at random:
1) The last time I saw these proposals there were several elements to them:
1.1) The police would have to obtain a warrent from a magistrate to
demand these keys; this would be similar to a search warrent.
1.2) Something not many people know is that any search warrent must
state the type of crime the police suspect has taken place and
what section of the appropriate Act of Parliament authorizes the
granting of the warrent.
1.3) Someone would only be required under such a warrent to reveal
keys necessary to enable data to be decrypted; keys used only
for signatures could not be obtained.
1.4) The Police and Criminal Evidence Act, 1984 (PACE) already states
in section 19 subsection 4 that "The constable may require any
information which is contained in a computer and is accessible
from the premises (to be searched) to be produced in a form in
which it can be taken away and in which it is visible and legible
if he has reasonable grounds for believing--
(i) it is evidence in relation to an offence which he is
investigation or any other offence ; or
(ii) it has been obtained in consequence of the commision
of an offence ; and
(b) that it is necessary to do so in order to prevent it being
concealed, lost, tampered with or destroyed."
2) The provisions in PACE are getting decidedly impractical given the
rise in capacities of hard discs since 1984.
3) I think the *intent* of the proposed law is to keep similar levels
of search available to the Police in environments where data volumes
and encryption make the existing provisions impractical. Of course,
we need to keep an eye on things to try and ensure that the proposed
Act doesn't go too far. But I'm no more paranoid about this proposal
than I am about the rest of UK law (consider that a classic British
understatement). I do consider British law a bit intrusive, but don't
consider the proposals out-of-step with the general tone of UK law.
4) When I first heard of these proposals (10 Nov 1998) I wrote requesting
thet GPG had the ability to use different passphrases for keys and
subkeys, so that it would be possible to reveal one without the other.
This was turned down with the following comment "But please don't ask
me to do this because I do not want to support such laws even by
considering how to limit the damage of the secret keys."
5) In the scenario discussed, the imfamous Police Chief would be laying
himself open to serious complaints if he obtained a warrent by lying
about his grounds (on oath!) and Bob (once the "evidence" of the love
letters had been revealed) used the facts to support a complaint that
the warrent had been obtained illegally.
6) The police do have experts available to them. These exports will
almost certainly be aware of the characteristics of any released
software products. This means they will be able to examine an
encrypted file and the derived cleartext and (knowing the software
used to produce the file) will be able to measure the proportion
of the encrypted file used to encode the clear text. This should
give them a very good clue about the existance of other text(s).
7) The proposal is really an example of steanography; and it would
probably be better to hide the "love letters", encrypted or
otherwise, using standard steanographic techniques; the *existance*
of the hidden text is far less obvious that the technique proposed
by Adam Lock. All the forensic searches of which I'm aware will
fail to find them even *without* encryption.