LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

UK holds Microsoft security talks (BBC)

UK holds Microsoft security talks (BBC)

Posted Feb 15, 2006 19:07 UTC (Wed) by copsewood (subscriber, #199)
In reply to: UK holds Microsoft security talks (BBC) by ewan
Parent article: UK holds Microsoft security talks (BBC)

"Regulation of Investigatory Powers Act, which includes the handy provision that if you can't or won't come up with the encryption key when suitably
asked for it you can be jailed for that alone"

And I wrote to my MP before they passed this stating that there could be circumstances in which I would elect to go to jail over this. If a criminal used a public key I only use for signing important stuff (e.g. within a future community currency network entity certification chain) to send me something encrypted with this key and the government jailed me for not disclosing it, then I could only maintain the credibility of the CC network and the reputation of my key within this network by asking those with an interest in its legal continuation to carry out acts of civil disobedience aimed at disrupting the process of UK government until my release. My signature is worthless in this connection if the government can forge it by this means.

There has been no test case yet where anyone has been jailed over this provision, and it seems unlikely that this provision would survive a sustained campaign by 1000 determined activists.

(Log in to post comments)

UK holds Microsoft security talks (BBC)

Posted Feb 16, 2006 4:24 UTC (Thu) by cortana (subscriber, #24596) [Link]

Hm... don't you have separate signing and encryption keys? So you can, at least, give up the key that allows the government to read the evil message without compromising your signing key.

You could also decrypt the evil message for the government and give them the plaintext. They are unlikely to be so cooperative, however.

UK holds Microsoft security talks (BBC)

Posted Feb 16, 2006 8:21 UTC (Thu) by Wol (guest, #4433) [Link]

You miss the point. It doesn't matter what YOU do, if you publish your public key you have no control over what anyone else does!

I may only use my private key for signing. If J Random Hacker decides to use the matching public key for encryption there's nothing I can do about it.

And with the law in question, if "I don't have the key" is no defense, then "I never use the key for encryption" will be even less effective.

Cheers,
Wol

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds