John McCormac writes: [about Irish crypto legislation]
<quote> ยท In order to enable lawful access to encrypted data, legislation will be enacted to oblige users of encryption products to release, in response to a lawful authorisation, either plaintext which verifiably relates to the encrypted data in question or the keys or algorithms necessary to retrieve the plaintext. Appropriate sanctions will be put in place in respect of failure to comply. </quote>
This seems to be carefully considered in that the user could be asked to prove the encrypted document contains the encrypted form of the plaintext. But the most important thing is that a search warrant would be required to force the user to give up the plaintext or the key.
It says "lawful authorisation" not "search warrant". That means that sometime later they can go back and pass another law that says that "lawful authorisation" for forcing one to reveal one's plaintext or keys is something much less stringent than a search warrant. Most proposed US crypto regulations have similar weasel-words. -- Eric Murray Chief Security Scientist N*Able Technologies www.nabletech.com (email: ericm at lne.com or nabletech.com) PGP keyid:E03F65E5