Slashdot Mirror
UK Drafts Crypto Bill
np-complete writes "The UK Guardian has an article here giving details of the governments proposed new crypto laws. The draft bill includes provision for decryption notices to be served on companies, and also allows for a prison sentence of up to two years for tipping people off that their comunications are being monitored. (Site may need free registration if their guest login doesn't work). " Gosh, perhaps the Brits and the FBI have been talking. *sigh*
Certainly. Just type out a second message, that is exactly the same length as the encrypted message, then XOR the two together. The result will be a key which, when applied to the encrypted message, will generate your second message.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Good:
They've realised that key escrow _will not work_ and is very, very bad for e-commerce. People need to be able to transact knowing their financial details are not available without their explicit consent.
Requiring people to hand decryption keys over when required (by secretary of state etc.) as part of a legitimate criminal investigation is also ok, the government needs to be able to get evidence against criminals to prosecute them. We can also (just about) trust the government not to mis-use any small pieces of information they gain in this way, with the knowledge of the recipient (as opposed to being able to decrypt everything without the correspondent's knowledge, as key escrow allows).
The Bad:
Asking people to voluntarily hand keys in for escrow is just a bad idea, no criminals will hand in their keys, and is just a potential security hole for anyone using encryption.
The heavy handed measures for informants and complaints etc, seems totally unjustified and way, way over the top. If I feel the government had no reason to get my decryption key from me, I expect to be able to recieve fair treatment when lodging a complaint, and expect a thorough investigation. There must be checks to stop law enforcement agencies abusing their powers, as they all seem so keen to do.
The UK has always had a poor record with regard to individual freedom. We do not have a constitution and the Freedom of Information act about to implemented is pretty much a joke.
Unfortunatley, probably because UK governments have historically been fairly careful about wielding their totalitarian powers, there is little concern in the UK about these issues.
As to the quote about lecturing the US on freedom - I didn't know we had been.
...Or, would the self-incrimination exception prevent it, assuming the three branches of government are not all corrupt? Does anyone know of any precedents similar to this sort of intrusion of privacy in America?
Geeky modern art T-shirts
is where it's at. "My my," says one spook to the other. "Those companies we're monitoritng for leaking sensitive information to the Fijis sure do send each other a lot of landscape pictures". The other spook agrees "But there's nothing wrong with that..."
Problem with steganography is that you need a channel with at least an order of magnitude higher sustained bandwith than the secure channel you want to hide.
Both sides want the US to do better than the UK. From my own country, I question the sanity of this...
(Incidentally, I find it interesting that the only post scored above 1 when I read this item was one asking whether the same thing could happen in the US. I wonder if the moderators have any interest in the UK at all? Should a thread about UK news possibly be moderated by UK people?)