New UK crypto law and an idea on how to defeat it

Sean Rima Sean Rima <thecivvie@penguinpowered.com>
Wed, 1 Dec 1999 22:38:31 +0000 

--AhhlLboLdkugWU4S
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Hi Billy!

On Wed, 01 Dec 1999, Billy Donahue wrote:


> > > > You ignore a couple of major points of British law, in that the pol=

ice

> > > > chief would need reasonable grounds to believe that Bob was involve=

d somehow

> > > > in a crime. He would not be able to demand Bob's key if he believed=

 that Bob

> > > > was having an affair with his wife. Don't forget that the police ch=

ief is

> > > > also answerable to British law. But I also understand that you were=

 using

> > > > it as an example.

> > >=20

> > > Fine, the police chief concocts a phoney charge against Bob and uses =

that as

> > > a pretense to get to the files.

> >=20

> > Hey that *never* happens :)

>=20

> M.L.K.Jr. was thrown in jail for a few DAYS for driving 30mph in a 25mph =

zone

> shortly after the onset of the bus boycott.


Notice the :)


> > > > Bob would not be able to claim that the files were encrypted using

> > > > random keys without his knowledge as he would have had to start the

> > > > process.

> > >

> > > Yes but Bob can *lie*. The onus is on the police to prove he is lying=

. How

> > > do they do that given that they don't know whether the second plainte=

xt is

> > > random or not?

> >

> > It would be difficult to know but I hazard a guess that looking at the

> > source they may get an idea. As I said in my original reply, the police

> > would only use it for major criminals and Pedophiles, who it is known u=

se

> > crypto to ensure that the stuff remains hidden from the police's eye.

>=20

> Nyahh... the source to the tool?

> If you can tell that from knowing about the cipher, then the tool isn't

> a cryptographic tool at all, it's just a fancy multiplexer.

> It's certainly possible to make the ciphertext indistinguishable from

> a single encrypted message.


My phrasing was wrong. I hazard a guess that looking at the source to a
program, a decent programmer could get the gist of what happens. Of course
the dificulty with PGP/GPG is the random bits.


> PS: I really hope you're being sarcastic about the Pedophile and Organize=

d Crime thing.

>=20


Given the normal police man's thought, any one using any form for crypto
would be guilty of one or the other or both of the above. Otherwise why
would a decent person want to use it.

Sean

--=20
GPG ID (DSA) 92B9D0CF PGP2 ID 19592A0D Linux User: #124682  ICQ: 679813
To get my PGP Keys send me an empty email with retrieve as the subject
It said "Needs Windows 95 or better". So I installed Linux...

--AhhlLboLdkugWU4S
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: See Headers for details about obtaining my key

iEYEARECAAYFAjhFo2cACgkQGdiK9pK50M8oOgCfUlAUp9nmxW2UzU74SNj/vQv8
ohwAn08POin1kENprkioqFO3S+7Dt2X8
=wFtl
-----END PGP SIGNATURE-----

--AhhlLboLdkugWU4S--