Re: encryption laws
On Thu, 15 Jul 1993, Allan Thompson wrote:
Would it be possible for a court to subpeona a encrypted file or key, and order you to tell them the key ? If you didn't would you be held in 'contempt of court' ?
How about claiming that you used a OTP and then revealing the key? Or should I say a key? Regards Steffen -- home email: domain: berlin.snafu.de, user: zahn To send email to me combine user@domain above to construct my address. Use of my address for unsolicited commercial advertising is forbidden.
At 7:58 AM -0800 5/21/97, Steffen Zahn wrote:
On Thu, 15 Jul 1993, Allan Thompson wrote:
Would it be possible for a court to subpeona a encrypted file or key, and order you to tell them the key ? If you didn't would you be held in 'contempt of court' ?
How about claiming that you used a OTP and then revealing the key? Or should I say a key?
Making a claim and having it be plausible are entirely different things. In the case of PGP, or S/MIME, or whatever, the form is entirely different from what a one time pad would generate. A so-called "stealth" form of PGP (etc.), which would not contain headers or other indications of it being PGP, version, etc., would be a better candidate for this. (Efforts to build such stealth versions have languished...I spoke to some PGP, Incorporated folks at a recent Cypherpunks meeting about this, and they confirmed that this is a very low, or even negative priority. As their mission is now to meet corporate needs, and to get generate sales to government agencies, and to work with Key Recovery and Children's Security Alliance, introducing a "plausible deniability" version of PGP is not desirable for them.) A stealth version that automatically generated a "pad" that was innocuous would be easy enough to write. Just XOR the stealthed PGP block with something like "I'm thinking of travelling to Germany this summer...any ideas about what I should see? blah blah blah" Then any search warrant turns up the XORed version (the pad), which when XORed with the message the authorities want to decrypt yields the innocuous message above. Probably any stealthy versions of PGP or S/MIME would best be handled outside of PGP or other vendors...just modify their source code and distribute the stealthy versions. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
Tim May <tcmay@got.net> writes:
[...] Probably any stealthy versions of PGP or S/MIME would best be handled outside of PGP or other vendors...just modify their source code and distribute the stealthy versions.
You use Macs, there is a version of PGP for the Mac which does have a stealth function integrated. Zbigniew Fiedorowicz <zigf@mps.ohio-state.edu> has it on his web page. Zbig produced that as a port of the pgp-stealth 2.x which I did as a modification of Henry Hastur's pgp-stealth. pgp-stealth 2.x, a standalone command line utility, for unix, PCs, etc. to post and pre-process PGP messages is at: http://www.dcs.ex.ac.uk/~aba/stealth/ I also have a partly finished stealth as a patch to pgp263i which I'll finish sometime. Adam
-----BEGIN PGP SIGNED MESSAGE----- In <v03007802afa8e11a2121@[207.167.93.63]>, on 05/21/97 at 11:38 AM, Tim May <tcmay@got.net> said:
At 7:58 AM -0800 5/21/97, Steffen Zahn wrote:
On Thu, 15 Jul 1993, Allan Thompson wrote:
Would it be possible for a court to subpeona a encrypted file or key, and order you to tell them the key ? If you didn't would you be held in 'contempt of court' ?
How about claiming that you used a OTP and then revealing the key? Or should I say a key?
Making a claim and having it be plausible are entirely different things. In the case of PGP, or S/MIME, or whatever, the form is entirely different from what a one time pad would generate.
A so-called "stealth" form of PGP (etc.), which would not contain headers or other indications of it being PGP, version, etc., would be a better candidate for this.
(Efforts to build such stealth versions have languished...I spoke to some PGP, Incorporated folks at a recent Cypherpunks meeting about this, and they confirmed that this is a very low, or even negative priority. As their mission is now to meet corporate needs, and to get generate sales to government agencies, and to work with Key Recovery and Children's Security Alliance, introducing a "plausible deniability" version of PGP is not desirable for them.)
A stealth version that automatically generated a "pad" that was innocuous would be easy enough to write. Just XOR the stealthed PGP block with something like "I'm thinking of travelling to Germany this summer...any ideas about what I should see? blah blah blah"
Then any search warrant turns up the XORed version (the pad), which when XORed with the message the authorities want to decrypt yields the innocuous message above.
Probably any stealthy versions of PGP or S/MIME would best be handled outside of PGP or other vendors...just modify their source code and distribute the stealthy versions.
This was part of the basis for my proposal for a crypto-dongel. Instant destruction of ones private key any time any place. When the judge requests your key and all legal challenges to the request have been exausted you merly have your lawer give the judge the distroyed key. "what your honor when was the key distroyed? well right after I saw a large group of men in ski masks & M16's trying to kick in my door ...." :)) "The tree of liberty must periodically be feed with the blood of tyrants and patriots." - -- - ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. Finger whgiii@amaranth.com for PGP Key and other info - ----------------------------------------------------------- Tag-O-Matic: PATH=C:\DOS;C:\DOS\RUN;C:\WIN\CRASH\DOS;C:\ME\DEL\WIN -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBM4NARo9Co1n+aLhhAQE1IAP+I+Ppudj6zcJIJAWNn3dcK9DWfJHEb79a 64z3Tce79HW9Z58NKvCbuXT0typKt7sODKHI1M49hSn+Hc+eOzo5lV8FnYvmD0AW IHQpb6uz0hjJgugajnz2ZSC5LsXtLhUvPuH6ZRlHg6Rwu36F6ZBNz/72T06+DJ64 WZunk8YFc58= =PCIp -----END PGP SIGNATURE-----
participants (4)
-
Adam Back -
Steffen Zahn -
Tim May -
Willaim H. Geiger III