From owner-ukcrypto@maillist.ox.ac.uk Mon Feb 01 12:17:35 1999 Return-Path: Delivered-To: proff@iq.org Received: (qmail 5101 invoked from network); 1 Feb 1999 12:17:26 -0000 Received: from bagpuss.oucs.ox.ac.uk (exim@163.1.2.37) by suburbia.net with SMTP; 1 Feb 1999 12:17:26 -0000 Received: from majordom by bagpuss.oucs.ox.ac.uk with local (Exim 2.02 #2) id 107HlI-0006a5-00 for ukcrypto-outgoing@bagpuss.oucs.ox.ac.uk; Mon, 1 Feb 1999 11:43:28 +0000 Received: from mailnews.kub.nl ([137.56.0.220]) by bagpuss.oucs.ox.ac.uk with esmtp (Exim 2.02 #2) id 107HlH-0006Zs-00 for ukcrypto@maillist.ox.ac.uk; Mon, 1 Feb 1999 11:43:27 +0000 Received: from frw3.kub.nl (frw3.kub.nl [137.56.128.10]) by mailnews.kub.nl (8.8.8/8.8.8) with ESMTP id MAA25888 for ; Mon, 1 Feb 1999 12:42:00 +0100 (MET) Received: from FRW3/SpoolDir by frw3.kub.nl (Mercury 1.40); 1 Feb 99 12:42:02 MET Received: from SpoolDir by FRW3 (Mercury 1.40); 1 Feb 99 12:41:39 MET From: "Bert-Jaap Koops" Organization: Tilburg University To: ukcrypto@maillist.ox.ac.uk Date: Mon, 1 Feb 1999 12:41:37 MET Subject: Re: disclosure of crypto keys In-reply-to: X-mailer: Pegasus Mail for Windows (v2.54) Message-ID: Sender: owner-ukcrypto@maillist.ox.ac.uk Precedence: bulk Reply-To: ukcrypto@maillist.ox.ac.uk Status: RO Ian Miller : > >In summary, my conclusion is that in > >principle, a command to hand over the crypto key or passphrase is > >compatible with the privilege against self-incrimination, provided > >there is sufficient evidence that the suspect is able to decrypt. > Did you consider the case where the individual subject to such a command > refuses to hand-over the long-term key, but agrees to hand-over the session > keys for the revelant messages? I considered the question whether legislation can be enacted to give a decryption command as such. Whether it's a command to hand over a private key or session keys is not really relevant to the issue of compatibility with the privilege against self-incrimination. It is, of course, quite relevant once you decide to enact legislation. The choice for handing over session keys, then, should be obvious. (Alternatively, the suspect could decrypt himself and give plaintext, provided the police can somehow monitor that this is done correctly. You might even use a public notary (or TTP ;-) to do the decrypting.) Adam Back wrote: > > In summary, my conclusion is that in > > principle, a command to hand over the crypto key or passphrase is > > compatible with the privilege against self-incrimination, provided > ^^ > Did you miss out an *in* there? (in-compatible?) > A right to not self-incriminate surely covers not giving out > information stored purely in ones mind, which could be argued might > incriminate the oneself. Not "surely". A passphrase (or memorized key) resembles "material which exists outside of the will of the suspect". Giving blood for a blood sample is compatible with the privilege against self-incrimination, because you cannot alter the blood (or the alcohol percentage in it). You can't alter the passphrase in your mind, because then it wouldn't work on the private key, and you can't alter the private key, because then it wouldn't work on the ciphertext. In that respect, it differs from statements like "I did it", which is an expression of the (changeable) contents of one's mind. The tricky thing remains the retort: "but I don't have the key" or "I've forgotten my passphrase". That is why there must be evidence that someone is able to decrypt (e.g., because the message was encrypted this morning). > Also there is the right to remain silent. (Modulo the change of > late to allow the judge to inform the jury to take into account that > the person has chosen to remain silent). Exactly. See also the Murray case of the European Court. His silence on the question what he did in the house where an IRA hostage was held, could be used as evidence because in this case, there were sufficient and stringent safeguards. > Technical solutions time (write code not laws): Indeed, there are many ways to anticipate a decryption command and make sure you will get away with not decrypting. Another reason why this approach is not fruitful, as I stated. Kind regards, Bert-Jaap --------------------------------------------------------------------- Bert-Jaap Koops tel +31 13 466 8101 Tilburg University facs +31 13 466 8149 P.O. Box 90153 e-mail E.J.Koops@kub.nl 5000 LE Tilburg http://cwis.kub.nl/~frw/people/koops/bertjaap.htm the Netherlands --------------------------------------------------------------------- This world's just mad enough to have been made by the Being his beings into being prayed. (Howard Nemerov) ---------------------------------------------------------------------