User: Password:
|
|
Subscribe / Log in / New account

Security quotes of the week

Security quotes of the week

Posted Jul 20, 2012 16:16 UTC (Fri) by nybble41 (subscriber, #55106)
In reply to: Security quotes of the week by james
Parent article: Security quotes of the week

> I would presume that the defendant would merely have to give evidence that he or she did not possess the key to "raise an issue".

You make that sound so easy. What would count as evidence that you did _not_ possess a key capable of decrypting an arbitrary random-looking binary file? The key could be anything; the only real evidence that you _didn't_ have it is all in your head.

The requirement should be the other way around: they should have to prove that you did have the key, i.e. that you've decrypted the same file before, _and_ that the key is still in your possession. Even then, I would support your right to refuse to provide the key (without penalty), but then I've never been a fan of forced testimony, self-incriminating or otherwise.


(Log in to post comments)

Security quotes of the week

Posted Jul 20, 2012 16:28 UTC (Fri) by james (subscriber, #1325) [Link]

Sorry, I can see how that wasn't clear.

Try this: I would presume that the defendant would merely have to testify under oath that he or she did not possess the key to "raise an issue".

Security quotes of the week

Posted Jul 26, 2012 11:50 UTC (Thu) by farnz (subscriber, #17727) [Link]

Certainly in the UK, and I believe in the US (whose system derives from ours), a simple statement under oath is evidence, and has to be countered by stronger evidence.

So, if you were in court under Section 49, and said under oath "I do not possess the key", it would be up to the prosecution to demonstrate that your statement was not believable (for example, by showing evidence that you had decrypted the file recently).

It's one of the things that, until a recent discussion with a lawyer, confused me about the legal system here; "sufficient evidence" apparently just means "will swear under oath, and has convincing explanations that counter any evidence presented by the other side". So, the police claim "nybble41 has hidden encrypted terror instructions in his photographs of a cat"; you can literally say to that "no, I didn't", and you've presented sufficient evidence.

It gets more complex if the police have more than just a bald statement; for example, if the police said "we saw nybble41 run 'convert catphoto.jpg -cdl 42.txt catphoto.png' and we believe that he was inserting encrypted instructions from 42.txt into catphoto.png". You could then explain about ImageMagick color description lists, and still convince a judge you didn't have the key.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds