It's a Presidential Mandate, Feds use it. How come you are not using FDE?

Nicholas Bohm nbohm at ernest.net
Tue Jan 16 12:17:07 EST 2007


Steven M. Bellovin wrote:
...
> Legal access is a special case -- what is the law (and practice) in any
> given country on forced access to keys?  If memory serves, Mike Godwin
> -- a lawyer who strongly supports crypto, etc. -- has opined that under
> US law, a subpoena for keys would probably be upheld by the courts.  I
> believe that British law explicitly mandates key disclosure.  And of
> course, there's always rubber hose cryptanalysis in jurisdictions where
> that's acceptable.

In the UK Part III of the Regulation of Investigatory Powers Act 2000 - 
see http://www.opsi.gov.uk/Acts/acts2000/20000023.htm - includes powers 
for certain classes of officials to require encrypted materials to be 
decrypted or to require a key to be provided.  There are some 
safeguards, regarded by some as insufficient.

The powers have not yet been brought into force, but the Government 
intends to bring them into force in the near future.

The powers are of course wholly ineffectual where perfect forward 
secrecy obtains, are of limited value in relation to ephemeral encrypted 
communications where keys are (or may plausibly be claimed to be) 
changed frequently or lost, but may be of some real value in relation to 
encrypted storage media where key preservation, with or without key 
recovery mechanisms, will obviously be important to most users.

Nicholas Bohm
-- 
Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK

Phone  01279 870285    (+44 1279 870285)
Mobile  07715 419728    (+44 7715 419728)

PGP public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list