CryptoSuite and NATO Backdoor

Discussion in 'Other Ghost Security Software' started by Snook, Oct 11, 2005.

Thread Status:
Not open for further replies.
  1. Snook

    Snook Registered Member

    Joined:
    Jun 19, 2003
    Posts:
    182
    Since Australia is part of NATO doesn't that mean CryptoSuite must comply with a backdoor allowing NATO snoop-officials access to CryptoSuite's encrypted files?
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Snook. I remember when that was the case, as it is now the only limitation is that you are not permitted to sell to certain countries. When CS was being developed the Australian Gov' did do an assessment and the program was cleared with the limitations as stated above.

    No encryption programs or encryption program developers, of any use. would allow a backdoor in their programs. In fact most would simply stop development rather than compromise the security of their programs for who would buy it?

    HTH Pilli
     
  3. Snook

    Snook Registered Member

    Joined:
    Jun 19, 2003
    Posts:
    182
    Thanks for the clarification.
     
  4. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    Don't governements, like mine in the UK, demand keys for all encryption software sold in their country as an anti-crime measure?

    Might have to do some looking on the net about this one.
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    No - But they have the power to request keys if they think that you are invilved in a specific crime i.e. If you have had your PC confiscated for investigation, file forensics etc. then they can request keys refusal is seen as a criminal act.

    Pilli
     
  6. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    The legislation covering this is the Regulation of Investigatory Powers Act 2000 - specifically part III (Investigation of Electronic Data Protected by Encryption etc). Failure to comply can result in up to two years' imprisonment. You can also face up to five years imprisonment if you publicise this where the order required you to keep the disclosure secret.

    See the Wikipedia article on the Act for more details.
     
  7. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    Thanks people.

    There's been talk in the UK of long jail terms for suspected terrorists who refuse to hand over encryption keys (presumably from home made encryption algorithims rather than off the shelf ones)
     
  8. Snook

    Snook Registered Member

    Joined:
    Jun 19, 2003
    Posts:
    182
    It's great to see nobody is above the law...!:)
     
  9. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    According to the exact wording of the RIPA Act, Section 49(3), encryptions keys can be demanded:

    (a) in the interests of national security;
    (b) for the purpose of preventing or detecting crime; or
    (c) in the interests of the economic well-being of the United Kingdom.

    This is far broader and does not even require a criminal investigation.
     
  10. Snook

    Snook Registered Member

    Joined:
    Jun 19, 2003
    Posts:
    182
    On my side of the pond, (c) does not apply (yet)!:D
     
  11. meargh

    meargh Guest

    Not in the United States. The Fifth Amendment to the U.S. Constitution protects citizens from self-incrimination. This is as it should be. But as always, some members of the government have tried getting around this.
     
Thread Status:
Not open for further replies.