<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#ffffff" text="#000000"> On 1/24/2011 10:26 PM, Basil Chupin wrote: <blockquote cite="mid:4D3E510A.9070405@iinet.net.au" type="cite">On 25/01/2011 10:08, Robert Holtzman wrote: <blockquote type="cite">On Sun, Jan 23, 2011 at 04:11:51PM -0700, Doug Robinson wrote: <blockquote type="cite">Does anybody have a feel for the problems associated with distributing software that employs Strong Encryption. I have looked around and there is a number of good things out there but I wonder if the US Feds are still throwing hissie fits every time this stuff appears in public? </blockquote> They probably are but since Phil Zimmermann, the creator of PGP, beat them in court I don't think you have too much to worry about. Someone correct me if I'm wrong. Note: I am *not* a lawyer and the above is *not* legal advice. </blockquote> There was an article recently about a person who was placed in jail for contempt of court because he refused to provide the "authorities" his encryption key to the data on his computer. I cannot remember in which country this occurred whether it was USA, or Australia, or Britain :-( . (I *think* that the article was on BBC Online but I am not sure.) But in the same article it came out that, say, in the USA you MUST provide your encryption key on demand by "the spooks" if they feel that you are being 'naughty' and trying to act like a 'terrorist' (and of course all Americans it seems are 'terrorists' as they are under surveillance by at least 3 'spook' organisations :-) ). BC </blockquote> The "spooks" would not ask you for your encryption key because the spooks job is to find a way to get it. The spooks are the CIA and partially the NSA. They are not in the business of asking questions and taking names like the FBI, they are in the business of kicking ass first and asking questions later (not really) and mostly counting wins. They are called "spooks" for a reason, and given most people know what the CIA and NSA is and how good they are you can only guess why they are called that. The CIA and NSA will either have it, try to find a way to get it or create a way to undeniably get it; they won't come and ask you for it. They wouldn't even charge you with anything, they are not police they are intelligence agencies. The FBI or DHS and other such agencies like ICE are not spooks. *There is no law in the United States that requires the disclosure of any encryption key and probably never will be as it would violate a god given right.* /*In the Unites States you cannot be punished for refusing to hand over encryption keys because you have the right to blindly deny any such reasonable warrant under the 5th Amendment.*/ This is supported by the supreme court in the case: United States vs. Boucher (<a class="moz-txt-link-freetext" href="http://en.wikipedia.org/wiki/United_States_v._Boucher">http://en.wikipedia.org/wiki/United_States_v._Boucher</a>). A judge cannot punish you or rule against your right to plea the 5th as there is no reasonable proof that you have given the key to anybody else or that the encrypted information would not further and/or aid in incriminating you. You have the right against self-incrimination and you also have the right to request a grand jury be convened in the case and if they fail to support you then you still use your 5th Amendment right. In the United States you truly, lawfully, undoubtedly, undeniably, unrefutably, unalterably have the right to remain silent. This is a guaranteed right under the Constitution of the United States unlike other countries where they are simply laws. There are exceptions to 5th amendment rights though (and only the supreme court, the supreme justice of the land, the only people with more power than the president can truly decide this), like stated before: giving the key to somebody else and a court being able to reasonable prove they (the 3rd party) know it, the court could force said person to give the key and even punish them for not handing it over if they can reasonably prove it would not incriminate them which again they couldn't because it's a blind 5th amendment claim. In large cases the prosecutors will most likely just hand out a blind immunity to the 3rd party. There was a case recently involving the 5th amendment that the supreme court ruled did not apply. The guy tried to plea the 5th on IRS documents stating that it would be self-incrimination, it was ruled that he could not use that right since he submitted the documents to the IRS in the first place. This is obviously not the case of encryption since it well...defeats the entire purpose of encryption in the first place. The case you are speaking about was in the UK though where, if I recall right, the right to remain silent is simply a law. It involved a 19 year old boy if I remember right. You guys also need to clearly define your context, some of the contexts (like the PGP case) are irrelevant IMO to what the OP is actually asking because it's an entirely different context of export there are no real set of given variables or anything of the sort that help us help the OP, this is nothing more than a case full of competing contexts that conflict and confuse people who are trying to clearly learn from a situation and gather some real R&D. A little bit of twisting for you Basil since you think America is worse than Australia: The Cybercrime Act 2001 No. 161, Items 12 and 28 grant police with a magistrate's order the wide-ranging power to require "a specified person to provide any information or assistance that is reasonable and necessary to allow the officer to" access computer data that is "evidential material"; this is understood to include mandatory decryption. Failing to comply carries a penalty of 6 months imprisonment. Lets not even bring up the great Australian firewall. Intriguing. *I'm not lawyer, I just research a lot* </body> </html>