New UK crypto law and an idea on how to defeat it

George Ross
Thu, 02 Dec 1999 08:52:41 +0000


Content-Type: text/plain; charset=us-ascii

This is drifting rather from GPG, but...

> This is the point. Bob may or may not know both sets of keys. The encryption
> tool may have used a random plaintext and a random key or it may not. The
> only person who knows for sure is Bob. The cops can't prove it either way
> assuming that the encryption technique is suitably robust against any
> analysis they might bring against it.
> > Bob would not be able to claim that the files were encrypted using
> > random keys without his knowledge as he would have had to start the
> > process.
> Yes but Bob can *lie*. The onus is on the police to prove he is lying. How
> do they do that given that they don't know whether the second plaintext is
> random or not?
Actually, no, not as it was proposed (it remains to be see whether moving the provision from the e-commerce bill to an interception of communications bill will result in any changes). The onus was on Bob to prove that he *didn't* know the key(s), not on the Crown to prove that he did. Of course, in the case of things which might or might not have been randomly generated, or even indeed in the case of email sent to him by some third party, that might not be easy... - -- Dr George D M Ross, Division of Informatics, University of Edinburgh Kings Buildings, Mayfield Road, Edinburgh, Scotland, EH9 3JZ Mail: Voice: +44 131 650 5147 Fax: +44 131 667 7209 PGP: 1024/B74A4F7D 14 E8 B3 00 20 04 68 F8 95 40 CB 36 A4 D4 FA 90 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQCVAwUBOEYzWWU939K3Sk99AQE+WQQAiC3BNEq+LjP288oY8xs7Cid/ZJwo2H4g e7Nfru8AxsP716cEAhU76rjKI1PH/rsyqdRrOQX8DGTGM+XWTwefLLLKs9/8qEir g9W96QwrGGOfNBdMLmoAVvbdttYhmsyS4ctIDW1gzP2ppFS4Do+kgBsBuMOF3IMq sXQu+NsTlTg= =8f+o -----END PGP SIGNATURE-----