Re: COE Recommendation No. R (95) 13

[Mats Bergstrom <asgaard@sos.sll.se>]

On Wed, 15 Nov 1995, Phillip M. Hallam-Baker wrote:

> I think the majority of the text is well thought out and very much in
> line with what we would want.

How about this:
________________________________________________________________________
9. Subject to legal privileges or protection, most legal systems permit
investigating authorities to order persons to hand over objects under
their control that are required to serve as evidence. In a parallel
fashion, provisions should be made for the power to order persons to
submit any specified data under their control in a computer system in the
form required by the investigating authority.
________________________________________________________________________

Is this 'what we would want'? It clearly means that one can be ordered
to reveal the password to encrypted data and punished by law if one
refuses. Suppose they suspect you of being a child pornographer and
get a court order to search your encrypted system. You know you are
innocent. Is it acceptable to put you in jail for not giving them access
to your encrypted, very personal diary (in which you describe in detail
your sexual encounters with the wife of the Chief of Police)?

And how about this: 
_______________________________________________________________________
14. Measures should be considered to minimise the negative effects of the
use of cryptography on the investigation of criminal offenses, without
affecting its legitimate use more than is strictly necessary.
_______________________________________________________________________

Is this really just a toothless statement to give to the French?
Couldn't it as easily be interpreted as not wanting to go into
details yet (since no real system is available) but stating that
some form of GAK is on the agenda? Surely, law enforcement
bureaucrats would not consider GAK to affect the 'legitimate
use' of cryptography 'more than is strictly necessary'.

Mats