[Cryptography] hard to trust all those root CAs
Caspar Bowden (lists)
lists at casparbowden.net
Tue Jul 29 01:59:58 EDT 2014
On 07/28/14 06:02, Peter Gutmann wrote:
> "Caspar Bowden (lists)" <lists at casparbowden.net> writes:
>
>> In UK law, there is a Rumpelstiltskin Defence (and although I am not happy
>> with the result, I caused it to be put there and it is better than nothing)
>>
>> http://www.theyworkforyou.com/lords/?id=2000-06-28a.1006.27#g1007.6
> This is somewhat difficult to follow, it's a discussion of legal minutiae
> around a set of amendments to a law? bill?, could you perhaps provide a brief
> interpretation for us?
this <http://www.fipr.org/rip/burdenproof.html> has more background, but
not the outcome
In brief, in 2000 the UK legislated the power to demand keys (or
decryption) of arbitrary (past or *future*) data.
In the original bill, the UK govt wanted to reverse the ordinary burden
of proof, so that if a defendant is charged with failing to disclose a
key, the defendant would have to prove they DO NOT have the key/password
(sic), on a balance of probabilities, to escape conviction (!!!).
The bill was amended during passage, so that if a defendant does not
know the password (or have the key), they must "adduce sufficient
evidence to raise the issue", and then the judge ought to direct that
the prosecution must prove they are lying beyond reasonable doubt (i.e.
the the case flips back to the usual standard for criminal conviction).
[These legal gymnastics not my idea BTW, but my briefing on the bleedin'
obvious problems arising, caused the UK govt. to invent this bodge]
Strangely, the decryption part of the law wasn't activated until 2007,
and I have never seen a case reported where this defence has been used.
Nobody knows (AFAIK) what will suffice to "raise the issue", although in
debate the govt. said going into witness box and making an assertion
don't have key would be enough
This
<http://www.newstatesman.com/blogs/the-staggers/2010/10/police-drage-password-sex>
is a cautionary tale describing one case of how this law is working
CB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140729/896ad479/attachment.html>
More information about the cryptography
mailing list