Philip Hands <[email protected]> wrote: > The UK's RIPA (Regulatory and Investigatory Powers Act 2000) makes it an > offence to refuse to supply one's crypto keys when requested by a > properly authorised person ...
Yes, and there are plenty of similar problems elsewhere. The US government demanding Twitter records. Big media subpoenaing IP addresses, account info, etc. Probably the only defense against that sort of thing is to be able to prove you do not have it. For the media and Twitter attacks "Sorry, but we only keep logs for two days since that is long enough to diagnose network problems and block spammers, See, that's right here in our published policies." For communications. "Sorry our system is set up for Perfect Forward Secrecy. Once the short-term keys are changed, even we cannot recover the old ones." Some systems do provide PFS. It is an option in IPsec and built into OTR. I do not know if it is provided in SSH or SSL. Anyone? I think PFS can only be done easily in systems where the two players negotiate a key; it does not apply to things like PGP where there's no negotiation. This means if the blue meanies get your PGP private key, they can read any old messages that you or they have stored. So discarding logs early and using PFS protect some things. I have essentially no idea how to protect the rest and of course They might make it illegal to discard logs. Europe just passed a data retention law, for example. _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss
