A subpoena in this context is one of the multiple instantiations of "lawful authorization." The exact form varies in different jurisdictions pursuant to the statutory or administrative law being employed.
The force and effect derives from the fact that the entity receiving the lawful authorization and refuses will befall one of the following adverse effects: loss of business authorization, loss of equipment/software approval, fine, or imprisonment. The global requirements that are implemented with minor modifications in essentially every nation can be found here. Those implementations have multiple sub-categories depending on whether the handovers are real-time or not, and whether content or metainformation/signalling is being provided. http://www.etsi.org/deliver/etsi_ts/101300_101399/101331/01.03.01_60/ts_101331v010301p.pdf Vendors and service providers build and operate devices and services to be compliant. The encryption controls can be found at Sec. 4.3. The underlying international law supporting these requirements has a long and extensive history dating back to 1850. Hope this helps. -t On 10/23/2013 4:10 AM, Yoav Nir wrote:
So do I, and AFAIK it can compel you to come and testify, or to hand over some documents. I don't think it can be used to force a CA to sign a certificate request or for whoever to register bad keys in the DNS. Not saying a national government can't do either of these things, but not with a subpoena.
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
