Steven M. Bellovin wrote:
Legal access is a special case -- what is the law (and practice) in any
given country on forced access to keys?  If memory serves, Mike Godwin
-- a lawyer who strongly supports crypto, etc. -- has opined that under
US law, a subpoena for keys would probably be upheld by the courts.  I
believe that British law explicitly mandates key disclosure.  And of
course, there's always rubber hose cryptanalysis in jurisdictions where
that's acceptable.

In the UK Part III of the Regulation of Investigatory Powers Act 2000 - see - includes powers for certain classes of officials to require encrypted materials to be decrypted or to require a key to be provided. There are some safeguards, regarded by some as insufficient.

The powers have not yet been brought into force, but the Government intends to bring them into force in the near future.

The powers are of course wholly ineffectual where perfect forward secrecy obtains, are of limited value in relation to ephemeral encrypted communications where keys are (or may plausibly be claimed to be) changed frequently or lost, but may be of some real value in relation to encrypted storage media where key preservation, with or without key recovery mechanisms, will obviously be important to most users.

Nicholas Bohm
Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK

Phone  01279 870285    (+44 1279 870285)
Mobile  07715 419728    (+44 7715 419728)

PGP public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to