New UK crypto law and an idea on how to defeat it

Wed, 01 Dec 1999 18:40:17 -0500

Adam Lock wrote:

> I understand that it will (or might) soon be necessary in the UK to hand
> over crypto keys to the police if they so demand them. The penalty for
> not doing so is a term in prison.
> So here's an idea on how to defeat it.
Bob's scheme omitted: How about if Bob just claims it's an asymetric encryption with some key held in his memory, and the "intimidation" made him forget the key? Also the government probably has "tempest scanners" and if you are suspect, they can get your key and passphrase thru tempest type bugging. Over here in America they show TV shows on how the Briitsh government ride around checking for unregistered Televisions in unmarked vans. It is a small step for them to sit out in the street and read your keystrokes. Once they get your secret key passphrase, or asymmetric key, they got you. Does Bob work in a Faraday cage? I'm old enough to remember when audio bugs were a new thing, and nobody suspected a thing. Well computer data bugs are a new thing, and most users completely ignore it's implications. When was the last time you tore apart that little modem power block on your desk, to check for suspicious ic chips? Did the "cleaning lady" swap yours with a look-alike with a keystroke recorder in it? Maybe she did it for a $100 bribe. My point is real security is hard to come by when your opponent is the government authorities. Bob's best bet is to use something like Stenography and deny that he even uses encryption, and force them to prove he is using it. I can see it now....Brits will be known for having great numbers of jpegs on their harddrives. :-)