New UK crypto law and an idea on how to defeat it
George Ross
gdmr@dcs.ed.ac.uk
Thu, 02 Dec 1999 08:52:41 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Content-Type: text/plain; charset=us-ascii
This is drifting rather from GPG, but...
> This is the point. Bob may or may not know both sets of keys. The encryption
> tool may have used a random plaintext and a random key or it may not. The
> only person who knows for sure is Bob. The cops can't prove it either way
> assuming that the encryption technique is suitably robust against any
> analysis they might bring against it.
>
> > Bob would not be able to claim that the files were encrypted using
> > random keys without his knowledge as he would have had to start the
> > process.
>
> Yes but Bob can *lie*. The onus is on the police to prove he is lying. How
> do they do that given that they don't know whether the second plaintext is
> random or not?
Actually, no, not as it was proposed (it remains to be see whether moving the
provision from the e-commerce bill to an interception of communications bill
will result in any changes). The onus was on Bob to prove that he *didn't*
know the key(s), not on the Crown to prove that he did. Of course, in the
case of things which might or might not have been randomly generated, or even
indeed in the case of email sent to him by some third party, that might not be
easy...
- --
Dr George D M Ross, Division of Informatics, University of Edinburgh
Kings Buildings, Mayfield Road, Edinburgh, Scotland, EH9 3JZ
Mail: gdmr@dcs.ed.ac.uk Voice: +44 131 650 5147 Fax: +44 131 667 7209
PGP: 1024/B74A4F7D 14 E8 B3 00 20 04 68 F8 95 40 CB 36 A4 D4 FA 90
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQCVAwUBOEYzWWU939K3Sk99AQE+WQQAiC3BNEq+LjP288oY8xs7Cid/ZJwo2H4g
e7Nfru8AxsP716cEAhU76rjKI1PH/rsyqdRrOQX8DGTGM+XWTwefLLLKs9/8qEir
g9W96QwrGGOfNBdMLmoAVvbdttYhmsyS4ctIDW1gzP2ppFS4Do+kgBsBuMOF3IMq
sXQu+NsTlTg=
=8f+o
-----END PGP SIGNATURE-----