Two convicted in U.K. for refusal to decrypt data

Morten Gulbrandsen classpath at
Thu Aug 13 23:02:55 CEST 2009

Hash: SHA1

Adam Funk wrote:
> On 2009-08-13, David SMITH wrote:
>> Not forgetting the possibility of malicious intentions - trying to frame
>> someone by putting encrypted data onto someone's computer and tipping
>> off the authorities.
>    In a stunt organised by the civil liberties group Stand, The Home
>    Secretary Jack Straw was sent details to a crime Sunday that could
>    earn him up to two years in prison if the controversial e-commerce
>    bill were made law.
>    ...
>    According to Stand an encrypted email was sent to Mr Straw Sunday
>    afternoon containing a confession to a real crime. The key to
>    decrypt the message will be in Mr Straw's name. Stand will tip off
>    the Metropolitan Commissioner of Police Monday, informing him that
>    Mr Straw has important information about a crime.
>    If the e-commerce bill were in place, Straw would be required to
>    hand over the decryption key or face up to two years in prison. "In
>    principle, under the bill, Jack Straw would have to prove he never
>    had the key in the first place. We are hoping this will help him
>    understand that this is unworkable, an intolerable reversal of the
>    burden of proof and against the Human Rights Act," Says Malcolm
>    Hutty, spokesman for Stand.
> (September 1999)

Highly interesting, this was the case before 9/11-2001.  is still online but has no stories about this

See also: "An open letter to Jack Straw".,1000000183,2073973,00.htm


Surveillance: An open letter to Jack Straw


Published: 27 Sep 1999 11:25 BST

The following is a copy of the letter sent to Jack Staw today by some
particularly cheeky British privacy activists. It highlights an
embarrassing flaw in the government's proposals for monitoring email
communication and even promises Mr Straw a prison sentence for his troubles.

Dear Mr Straw,

How the E-commerce Bill could send YOU to jail...

Please find at the end of the letter a confession to a crime, which has
been affirmed by Statutory Declaration. The Commissioner of the
Metropolitan Police has been informed that you are in possession of this

You will not be able to understand the confession, because the words
have been scrambled using a strong cryptographic key. This key was
created in your name and has been registered on international public key

The police may come and demand that you supply the key required to make
this message intelligible. If you fail to do so you would be committing
an offence under the E-Commerce Bill rendering you liable to
imprisonment for up to 2 years.

The fact that you don't possess this key won't help you unless you can
prove that you don't have it. I wish you well in proving that it isn't
hidden away on a disk in your secretary's home, or squirreled away on
the Internet somewhere. We might have sent it to you last week; but
according to the Bill, the police won't have to prove you ever had it at

Even if you can prove that you don't have it you would STILL be liable
for imprisonment unless you give information to the police that enables
them to decrypt the key. Unfortunately for you this is impossible,
because we've destroyed all copies of the key in our possession.

If the police ask you keep the demand to hand over the key secret,
telling anyone would render you liable to five years in jail.

So you couldn't complain, or explain your predicament, to the PM or Home
Secretary, to the Chief Whip or a journalist, or even to another policeman.

Happily for all of us, the E-Commerce Bill has not yet been enacted by
Parliament, so we have not in fact set you up for jail time. The Bill
will be introduced in the coming session. I hope this exercise has
demonstrated some of the drafting flaws in the Bill as it stands, copies
of which are available from the DTI.

I hope we have also demonstrated that it is not the perpetrators of
crime who would suffer under these draconian new powers, but innocent
parties who are in receipt of communications from miscreants. This is
why such sober organisations as BT, Hewlett-Packard and Microsoft have
publicly criticised the Bill at each stage of its development.

I trust that when the Bill reaches the House we can rely on your most
careful scrutiny. Further analysis is available on our web site at:

I am, Sir, Your most obedient servant,

Malcolm Hutty


A well explained example

get email of target to convict, create a key, confess a crime and submit.


evan facebook has a discussion of the topic:,1000000097,2073915,00.htm


"If someone who didn't like me sent me encrypted child pornography and
tipped off the police, they could come round and demand I hand over
decryption keys. As I wouldn't be able to do so, I would be going to
prison for two years,"


This pretty much says it all:

E-bill reverses burden of proof, says expert

Jane Wakefield

Published: 23 Sep 1999 15:44 BST

Newly appointed e-Minister Patricia Hewitt was forced to defend the
controversial e-commerce bill Thursday from civil liberties campaigners,
who maintain the bill is a threat to basic civil rights.

Speaking at the Scrambling for Safety conference in London, Hewitt tried
to reassure critics of the bill that they have nothing to fear from
government. She later admitted this was not always true. "In some cases,
government action itself is a threat to freedom," Hewitt said. "But it
is only action by government and law enforcement that can protect

Prompted by questions from the floor, Hewitt had to justify the
inclusion of law-enforcement clauses in the e-commerce bill, which, she
claimed, was a necessary response to the fact "crime has gone electronic
and global".

Under government proposals, the police will have the power to demand
individuals hand over decryption keys if they are under suspicion.
Failure to comply could result in a two year prison sentence, which
breaks the rules of the European Convention on Human Rights, according
to lawyer and civil liberties campaigner Nicholas Bohm. "The Convention
states that individuals have certain rights, such as innocent until
proven guilty and the right not to incriminate oneself," he said. "The
e-commerce bill reverses the burden of proof."

Alan Duncan, shadow spokesman of Trade and Industry, gave an example of
how government proposals could affect the innocent. "If someone who
didn't like me sent me encrypted child pornography and tipped off the
police, they could come round and demand I hand over decryption keys. As
I wouldn't be able to do so, I would be going to prison for two years,"
he said.

Hewitt, who is an ex-secretary general of Liberty, denied that the
proposals reversed the burden of proof but was unable to explain why she
had reached that conclusion.

Got an opinion? Tell the Mailroom.



also please confer this


Key recovery systems are inherently less secure, more costly, and more
difficult to use than similar systems without a recovery feature.

The massive deployment of key-recovery-based infrastructures to meet law
enforcement's specifications will require significant sacrifices in
security and convenience and substantially increased costs to all users
of encryption.

Furthermore, building the secure infrastructure of the breathtaking
scale and complexity that would be required for such a scheme is beyond
the experience and current competency of the field, and may well
introduce ultimately unacceptable risks and costs.


No police officer would be able to operate this.

No lawyer would be able to do so.

They would need to consult third parties, like NSA or even direct
contact skype, if that is the vendor. skype has encryption keys, and it
is possible to decrypt parts of the text message, according to chinese
government. The next step will be to outlaw privacy and deploy chinese
internet censorship.


some of the urls can be difficult to access but google and other search
engines may dig them up. It is an attempt to enforce key escrow. Or an
attempt to destroy open source encryption. It has been rumored that
since GnuPG was funded with money from the german Government, it has a
backdoor, like some rumors said about PGP.

I feel if they cannot decrypt our keys, then it cannot have any
backdoor. It may however once in a lifetime be illegal to use GnuPG.

Sincerely yours,

Morten Gulbrandsen

Java programmer, C++ programmer
CAcert Assurer, GSWoT introducer, thawte Notary
Gossamer Spider Web of Trust
Please consider the environment before printing this e-mail!

Version: GnuPG v1.4.9 (SunOS)
Comment: For keyID and its URL see the OpenPGP message header


More information about the Gnupg-users mailing list