<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 07/28/14 06:02, Peter Gutmann wrote:<br>
</div>
<blockquote cite="mid:E1XBc9F-0002l2-Ri@login01.fos.auckland.ac.nz"
type="cite">
<pre wrap="">"Caspar Bowden (lists)" <a class="moz-txt-link-rfc2396E" href="mailto:lists@casparbowden.net"><lists@casparbowden.net></a> writes:
</pre>
<blockquote type="cite">
<pre wrap="">In UK law, there is a Rumpelstiltskin Defence (and although I am not happy
with the result, I caused it to be put there and it is better than nothing)
<a class="moz-txt-link-freetext" href="http://www.theyworkforyou.com/lords/?id=2000-06-28a.1006.27#g1007.6">http://www.theyworkforyou.com/lords/?id=2000-06-28a.1006.27#g1007.6</a>
</pre>
</blockquote>
<pre wrap="">
This is somewhat difficult to follow, it's a discussion of legal minutiae
around a set of amendments to a law? bill?, could you perhaps provide a brief
interpretation for us? </pre>
</blockquote>
<br>
<a href="http://www.fipr.org/rip/burdenproof.html">this</a> has more
background, but not the outcome<br>
<br>
In brief, in 2000 the UK legislated the power to demand keys (or
decryption) of arbitrary (past or *future*) data.<br>
<br>
In the original bill, the UK govt wanted to reverse the ordinary
burden of proof, so that if a defendant is charged with failing to
disclose a key, the defendant would have to prove they DO NOT have
the key/password (sic), on a balance of probabilities, to escape
conviction (!!!).<br>
<br>
The bill was amended during passage, so that if a defendant does not
know the password (or have the key), they must "adduce sufficient
evidence to raise the issue", and then the judge ought to direct
that the prosecution must prove they are lying beyond reasonable
doubt (i.e. the the case flips back to the usual standard for
criminal conviction). [These legal gymnastics not my idea BTW, but
my briefing on the bleedin' obvious problems arising, caused the UK
govt. to invent this bodge] <br>
<br>
Strangely, the decryption part of the law wasn't activated until
2007, and I have never seen a case reported where this defence has
been used. Nobody knows (AFAIK) what will suffice to "raise the
issue", although in debate the govt. said going into witness box and
making an assertion don't have key would be enough<br>
<br>
<a
href="http://www.newstatesman.com/blogs/the-staggers/2010/10/police-drage-password-sex">This</a>
is a cautionary tale describing one case of how this law is working<br>
<br>
CB<br>
</body>
</html>