On Thu, 7 Sep 2000, Matt Crawford wrote:
>> Guidelines for this "tipping-off" offense, as it is known,
>> could leave an international company completely unaware that what it
>> assumes is secure company data may be under investigation by MI5. Those
>> violating the tipping-off offense can face up to five years in prison
>
>If it takes the conscious participation of 10 employees to divulge
>a key when demanded, it will be that much harder to prosecute for
>"tipping-off".
It's not clear to me how you could set up a situation where one
employee was able to *use* the key, and access encrypted data,
but it would still take ten employees to *divulge* it.
And I'm not really as concerned about them *accessing* encrypted
data (though that's bad enough, Gods know) as I'm concerned about
the possibility of them modifying data, forging signatures, and
using the keys in blatantly illegal transactions which the key
owner could then be prosecuted for.
"See officer, here are my encrypted records, as you requested.
and as you can see, I'm totally clean!"
"According to these records, you've been laundering drug money
for the last six months through an account in the Caymans."
"I have?!"
"See for yourself. That's your digital signature isn't it?"
"Yes, but I never signed an order like that!"
"Tell it to the judge, cobber. You're under arrest..."
Bear
