Two convicted in U.K. for refusal to decrypt data
Brian Mearns
mearns.b at gmail.com
Fri Aug 14 16:38:11 CEST 2009
On Wed, Aug 12, 2009 at 10:46 PM, Joseph Oreste Bruni<jbruni at me.com> wrote:
[clip]
> http://www.securityfocus.com/news/11556
>
> Not entirely on topic, but for those using GnuPG (or other encryption
> software), you should always keep abreast of the encryption laws of your
> country.
[clip]
Has everyone seen the "Vanish" project from University of Washington?
http://vanish.cs.washington.edu/
If you haven't you should really give their paper a read, it's pretty
interesting. The basic idea is that the key is random, and no-one
actually needs to "know" it: it's broken up using secret sharing and
dsitributed through a peer-to-peer network. The recipient can retrieve
the shares and reconstruct the key for a one-time decryption, but over
time, the shares should naturally leave the network and eventually the
key is lost completely.
I have my doubts, but I'm open to the possibility that it could work,
and I'm very interested to see how law-enforcement will respond if it
does. Will they force all p2p nodes to log everything, try to monitor
networks themselves, or just plain make the system illegal?
--
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://keys.gnupg.net
More information about the Gnupg-users
mailing list