2

Suppose my friend and I make public private key pairs, send some test emails back and forth and a few days later he loses his private key.

Is either of us now in potential danger? Could we be detained or be subject to information extraction?

Can [I] get in trouble if I have been sending/recieving encrypted data I can no longer decrypt?

  • 2
    What jurisdiction? – CodesInChaos Jul 07 '12 at 08:20
  • 4
    And what do you mean by "lose"? That he doesn't have access anymore, or that somebody else has access too? – CodesInChaos Jul 07 '12 at 08:21
  • Just generate a new public private key pairs. You cannot assume anything is secure if one of the private keys is lost. – Ramhound Jul 09 '12 at 13:07
  • I am asking if I can get in trouble if I have been sending/recieving encrypted data I can no longer decrypt. –  Jul 09 '12 at 13:34
  • @xce - If you are breaking the law, yes its entirely possible, you can get into trouble. One of those reasons you should not break the law. If one of the private keys has been lost, considering the data lost,which might be a good thing if your breaking the law. – Ramhound Jul 09 '12 at 14:47
  • @Ramhound It is only messages like "test" that were sent. I'm just asking about if I deleted my private key by accident or forgot the passcode for it. –  Jul 09 '12 at 18:27
  • 2
    @xce as it stands your question is confusing. Please think about editing it and swapping out the last line with (as you said) "Can [I] get in trouble if I have been sending/recieving encrypted data I can no longer decrypt?" – chao-mu Jul 12 '12 at 18:29

3 Answers3

4

The relevant information is found here http://en.wikipedia.org/wiki/Key_disclosure_law

In UK:

The Regulation of Investigatory Powers Act 2000 (RIPA), Part III, activated by ministerial order in October 2007,[14] requires persons to supply decrypted information and/or keys to government representatives. Failure to disclose carries a maximum penalty of two years in jail.

edit it is 5 years maximum despite the wiki page.

and US:

The Fifth Amendment to the United States Constitution protects witnesses from being forced to incriminate themselves, and there is currently no law regarding key disclosure in the United States

3

If your friend loses his private key, you basically cannot ensure that whatever messages he send to you is from him, as the person who has the key can use his key to sign spoofed emails sent to you. This is of course assuming that you are using the keys for authentication.

If you are using the key pair for encryption, the person who posses his private key will be able to decrypt any data you sent to him encrypted with his public key.

  • 2
    And to follow on from Terry's last point - if that data breaches laws where you are and law enforcement have the private key - then yes, I would imagine you could be detained, if that is what you mean. – Rory Alsop Jul 07 '12 at 10:15
  • the data is things like "test", encrypted (but no one can prove it). –  Jul 07 '12 at 10:18
  • 1
    From your comment i assume you and your friend is only using the keys for testing purposes? In that case, there will be no potential danger as long as both of you stop using the key. –  Jul 07 '12 at 11:54
  • The question is regarding legal ramifications. – chao-mu Jul 13 '12 at 17:54
0

If a court requires that you provide the key (and assuming such a requirement is lawful in your area), then yes you can get in trouble. Areas differ greatly in regards to law. For example, in some places the mere use of cryptography is illegal.

chao-mu
  • 2,821
  • 19
  • 22