Hi --
It seems to me this breaks into two parts:
1. The LEA got your encryption key.
2. They got plaintext some other way.
If it's (1), they can offer to prove their case by decrypting
the seized cyphertext which they somehow tie to the defendant.
Of course, he can opt to keep his key secret (from others) by
not contesting the point. Evidence should be admissible without
legislation; the point is that the cyphertext is tied to you,
and if they find any key that decrypts it to an incriminating
message, the chance that's not the real message is vanishingly
small (obviously I'm not talking OTPs.) How they got the key is
another story; perhaps they want more protection against the
"fruit of the poisonous tree" doctrine, but the question is now
much smaller: they can't possibly be framing you; they just
have to convince the judge their methods of retrieving the key
were legal.
It's (2) that's the real problem. They have this message they
claim came from you, but the link to you is secret (maliced
keyboards; Windows 2000 backdoors, etc.) This has nothing to do
with encryption -- since the evidence is plaintext -- it's a
bugging case. However unlike wiretaps, a seized plaintext is
not self-authenticating, unless you signed it with a private key
the jury believes the Government didn't steal (hard to believe;
how do we know they didn't watch you type your password and then
fake the signature?) So if I were on a jury, why should I
believe them?
Anyone with legal expertise care to comment on this situation?
Howie Goodell
Ben Laurie wrote:
>
> Declan McCullagh wrote:
> > Another answer might lie in a
> > little-noticed section of the legislation the
> > White House has sent to Congress. It
> > says that during civil cases or criminal
> > prosecutions, the Feds can use
> > decrypted evidence in court without
> > revealing how they descrambled it.
>
> If you can not reveal how you descramble it, doesn't that mean you can't
> be asked to show that it actually corresponds to the ciphertext?
>
> Scary!
>
> Cheers,
>
> Ben.
>
> --
> http://www.apache-ssl.org/ben.html
>
> "My grandfather once told me that there are two kinds of people: those
> who work and those who take the credit. He told me to try to be in the
> first group; there was less competition there."
> - Indira Gandhi
--
************************************************************************
Howie Goodell Senior Software Engineer HCI Research
Group
28 Lucille Avenue FEI Company - Micrion Computer
Science
Salem, NH 03079-2054 1 Corp Wy Centennial Park Univ.
Massachusetts
(603) 898-8407 Peabody, MA 01960-7990 1 University
Avenue
(810) 222-2042 fax (978) 538-6680 -6699 fax Lowell, MA
01854
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED]
End-User Programming: http://www.cs.uml.edu/~hgoodell/EndUser
"You have zero privacy anyway. Get over it." (Sun CEO) Scott
McNealy
