New UK crypto law and an idea on how to defeat it
Wed, 01 Dec 1999 18:40:17 -0500
Adam Lock wrote:
> I understand that it will (or might) soon be necessary in the UK to hand
> over crypto keys to the police if they so demand them. The penalty for
> not doing so is a term in prison.
> So here's an idea on how to defeat it.
Bob's scheme omitted:
How about if Bob just claims it's an asymetric encryption with
some key held in his memory, and the "intimidation" made him
forget the key?
Also the government probably has "tempest scanners" and if you
are suspect, they can get your key and passphrase thru tempest
type bugging. Over here in America they show TV shows on how
the Briitsh government ride around checking for unregistered
Televisions in unmarked vans. It is a small step for them to sit out in
street and read your keystrokes. Once they get your secret key
passphrase, or asymmetric key, they got you.
Does Bob work in a Faraday cage?
I'm old enough to remember when audio bugs were a new thing,
and nobody suspected a thing. Well computer data bugs are a new thing,
most users completely ignore it's implications.
When was the last time you tore apart that little modem power block
on your desk, to check for suspicious ic chips? Did the "cleaning
lady" swap yours with a look-alike with a keystroke recorder in it?
Maybe she did it for a $100 bribe.
My point is real security is hard to come by when your opponent is the
government authorities. Bob's best bet is to use something like
Stenography and deny that he even uses encryption, and force them to
prove he is using it.
I can see it now....Brits will be known for having great numbers
of jpegs on their harddrives. :-)