On Wed, 15 Nov 1995, Phillip M. Hallam-Baker wrote:
I think the majority of the text is well thought out and very much in line with what we would want.
How about this: ________________________________________________________________________ 9. Subject to legal privileges or protection, most legal systems permit investigating authorities to order persons to hand over objects under their control that are required to serve as evidence. In a parallel fashion, provisions should be made for the power to order persons to submit any specified data under their control in a computer system in the form required by the investigating authority. ________________________________________________________________________ Is this 'what we would want'? It clearly means that one can be ordered to reveal the password to encrypted data and punished by law if one refuses. Suppose they suspect you of being a child pornographer and get a court order to search your encrypted system. You know you are innocent. Is it acceptable to put you in jail for not giving them access to your encrypted, very personal diary (in which you describe in detail your sexual encounters with the wife of the Chief of Police)? And how about this: _______________________________________________________________________ 14. Measures should be considered to minimise the negative effects of the use of cryptography on the investigation of criminal offenses, without affecting its legitimate use more than is strictly necessary. _______________________________________________________________________ Is this really just a toothless statement to give to the French? Couldn't it as easily be interpreted as not wanting to go into details yet (since no real system is available) but stating that some form of GAK is on the agenda? Surely, law enforcement bureaucrats would not consider GAK to affect the 'legitimate use' of cryptography 'more than is strictly necessary'. Mats