Recent Features
| |||||||||||||
UK holds Microsoft security talks (BBC)UK holds Microsoft security talks (BBC)Posted Feb 15, 2006 15:47 UTC (Wed) by ewan (subscriber, #5533)Parent article: UK holds Microsoft security talks (BBC)
Free software crypto is just as affected by the Regulation of
(Log in to post comments)
UK holds Microsoft security talks (BBC) Posted Feb 15, 2006 19:07 UTC (Wed) by copsewood (subscriber, #199) [Link] "Regulation of Investigatory Powers Act, which includes the handy provision that if you can't or won't come up with the encryption key when suitablyasked for it you can be jailed for that alone"
And I wrote to my MP before they passed this stating that there could be circumstances in which I would elect to go to jail over this. If a criminal used a public key I only use for signing important stuff (e.g. within a future community currency network entity certification chain) to send me something encrypted with this key and the government jailed me for not disclosing it, then I could only maintain the credibility of the CC network and the reputation of my key within this network by asking those with an interest in its legal continuation to carry out acts of civil disobedience aimed at disrupting the process of UK government until my release. My signature is worthless in this connection if the government can forge it by this means.
There has been no test case yet where anyone has been jailed over this provision, and it seems unlikely that this provision would survive a sustained campaign by 1000 determined activists.
UK holds Microsoft security talks (BBC) Posted Feb 16, 2006 4:24 UTC (Thu) by cortana (subscriber, #24596) [Link] Hm... don't you have separate signing and encryption keys? So you can, at least, give up the key that allows the government to read the evil message without compromising your signing key.
You could also decrypt the evil message for the government and give them the plaintext. They are unlikely to be so cooperative, however.
UK holds Microsoft security talks (BBC) Posted Feb 16, 2006 8:21 UTC (Thu) by Wol (guest, #4433) [Link] You miss the point. It doesn't matter what YOU do, if you publish your public key you have no control over what anyone else does!
I may only use my private key for signing. If J Random Hacker decides to use the matching public key for encryption there's nothing I can do about it.
And with the law in question, if "I don't have the key" is no defense, then "I never use the key for encryption" will be even less effective.
Cheers,
UK holds Microsoft security talks (BBC) Posted Feb 15, 2006 19:20 UTC (Wed) by efexis (guest, #26355) [Link] This doesn't mean much. If we look at the terrorist angle (which is only one), someone who is willing to sacrifice their life (or spend it in the fight) for their cause, being threatened prison time if you don't release information that will damage your cause, isn't going to do a fat lot.
Plus you still have to have someone to ask for the key. There'll be many times where this /isn't/ the case (for example, detecting keywords in network traffic, extracting info when the owner is unknown or has fled, incapacitated or deceased).
But all of this is a bit stupid, nobody who has anything that's worth protecting from the government (AND that the government would want - this rules out 95% of all that encryption is used for) is going to use an encryption method that the government has been in talks about establishing a backdoor for.
|
|||||||||||||