Strong encryption

[Tony Pursell]

On Tue, 2011-01-25 at 05:22 -0600, Jordon Bedwell wrote:
> On 1/24/2011 10:26 PM, Basil Chupin wrote: 
> > On 25/01/2011 10:08, Robert Holtzman wrote: 
> > > On Sun, Jan 23, 2011 at 04:11:51PM -0700, Doug Robinson wrote: 
> > > > Does anybody have a feel for the problems associated with 
> > > > distributing software that employs Strong Encryption. 
> > > > 
> > > > I have looked around and there is a number of good things 
> > > > out there but I wonder if the US Feds are still throwing 
> > > > hissie fits every time this stuff appears in public? 
> > > They probably are but since Phil Zimmermann, the creator of PGP, 
> > > beat them in court I don't think you have too much to worry
> > > about. 
> > > Someone correct me if I'm wrong. 
> > > 
> > > Note: I am *not* a lawyer and the above is *not* legal advice. 
> > 
> > There was an article recently about a person who was placed in jail
> > for contempt of court because he refused to provide the
> > "authorities" his encryption key to the data on his computer. I
> > cannot remember in which country this occurred whether it was USA,
> > or Australia, or Britain :-( . (I *think* that the article was on
> > BBC Online but I am not sure.) 
> > 
> > But in the same article it came out that, say, in the USA you MUST
> > provide your encryption key on demand by "the spooks" if they feel
> > that you are being 'naughty' and trying to act like a
> > 'terrorist' (and of course all Americans it seems are 'terrorists'
> > as they are under surveillance by at least 3 'spook'
> > organisations :-) ). 
> > 
> > BC 
> > 
> 
> The "spooks" would not ask you for your encryption key because the
> spooks job is to find a way to get it. The spooks are the CIA and
> partially the NSA.  They are not in the business of asking questions
> and taking names like the FBI, they are in the business of kicking ass
> first and asking questions later (not really) and mostly counting
> wins.  They are called "spooks" for a reason, and given most people
> know what the CIA and NSA is and how good they are you can only guess
> why they are called that.  The CIA and NSA will either have it, try to
> find a way to get it or create a way to undeniably get it; they won't
> come and ask you for it.  They wouldn't even charge you with anything,
> they are not police they are intelligence agencies.  The FBI or DHS
> and other such agencies like ICE are not spooks.
> 
> *There is no law in the United States that requires the disclosure of
> any encryption key and probably never will be as it would violate a
> god given right.*
> 
> /*In the Unites States you cannot be punished for refusing to hand
> over encryption keys because you have the right to blindly deny any
> such reasonable warrant under the 5th Amendment.*/  This is supported
> by the supreme court in the case: United States vs. Boucher
> (http://en.wikipedia.org/wiki/United_States_v._Boucher).  A judge
> cannot punish you or rule against your right to plea the 5th as there
> is no reasonable proof that you have given the key to anybody else or
> that the encrypted information would not further and/or aid in
> incriminating you.  You have the right against self-incrimination and
> you also have the right to request a grand jury be convened in the
> case and if they fail to support you then you still use your 5th
> Amendment right.  In the United States you truly, lawfully,
> undoubtedly, undeniably, unrefutably, unalterably have the right to
> remain silent.  This is a guaranteed right under the Constitution of
> the United States unlike other countries where they are simply laws.
> 
> There are exceptions to 5th amendment rights though (and only the
> supreme court, the supreme justice of the land, the only people with
> more power than the president can truly decide this), like stated
> before: giving the key to somebody else and a court being able to
> reasonable prove they (the 3rd party) know it, the court could force
> said person to give the key and even punish them for not handing it
> over if they can reasonably prove it would not incriminate them which
> again they couldn't because it's a blind 5th amendment claim. In large
> cases the prosecutors will most likely just hand out a blind immunity
> to the 3rd party.  There was a case recently involving the 5th
> amendment that the supreme court ruled did not apply.  The guy tried
> to plea the 5th on IRS documents stating that it would be
> self-incrimination, it was ruled that he could not use that right
> since he submitted the documents to the IRS in the first place.  This
> is obviously not the case of encryption since it well...defeats the
> entire purpose of encryption in the first place.
> 
> The case you are speaking about was in the UK though where, if I
> recall right, the right to remain silent is simply a law.  It involved
> a 19 year old boy if I remember right.

What I imagine, the UK law is that access to data on a computer is much
the same as searching a house.  If the police have a search warrant,
which has to be approved by a magistrate to whom the police have to show
good cause, then they cannot be denied access to the house or any locked
rooms in it.  I don't know if anything different has to be obtained by
the police to gain access to encrypted data.

> 
> You guys also need to clearly define your context, some of the
> contexts (like the PGP case) are irrelevant IMO to what the OP is
> actually asking because it's an entirely different context of export
> there are no real set of given variables or anything of the sort that
> help us help the OP, this is nothing more than a case full of
> competing contexts that conflict and confuse people who are trying to
> clearly learn from a situation and gather some real R&D.
> 
> A little bit of twisting for you Basil since you think America is
> worse than Australia: The Cybercrime Act 2001 No. 161, Items 12 and 28
> grant police with a magistrate's order the wide-ranging power to
> require "a specified person to provide any information or assistance
> that is reasonable and necessary to allow the officer to" access
> computer data that is "evidential material"; this is understood to
> include mandatory decryption. Failing to comply carries a penalty of 6
> months imprisonment.  Lets not even bring up the great Australian
> firewall.  Intriguing.
> 
> *I'm not lawyer, I just research a lot*

Tony
UK citizen - also not a lawyer