Slashdot Mirror
UK Decryption Law Pushed Through
Joel Rowbottom writes, "After all the lobbying and protests from the 'Net community over the past year, the UK government has still published The Regulation of Investigatory Powers Bill. If this becomes law then you could be sent to prison if your data is encrypted and you refuse to either supply the key, or the plaintext versions. If you're in the UK and you haven't done so yet, write to your MP and let them know your feelings on the subject! "
FIRST BABY!
Stenographic cryptography.
-- Nothing is as subjective as reality --
Could I encrypt the encryption key before supplying it to them?
kwsNI
Just keep a standard boilerplate business text around and whenever they want a "key or the plain text", just give them the standard boilerplate text and say that you have lost the key.
STAND has been campaigning against this for a while now.
I think that once this gets to the types of folks who have everything to hide (IE, the people who would sign this into law) it would be killed.
Not that you shouldnt go right now and complain to someone about this. You should!
They are a threat to free speech and must be silenced! - Andrea Chen
Fish! LipHo
If this becomes law then you could be sent to prison if your data is encrypted and you refuse to either supply the key, or the plaintext versions.
I guess if I knew a lot about encryption, I'd know the answer to this, but is there any way to verify that the plaintext version you supplied matches what's been encrypted? Certainly if this law were algorithm agnostic, then there would be no way to verify this.. (just say "I used a one-time pad, which I will not supply. Instead I will provide you with a plaintext version of it.") That seems to me to remove all of the teeth from this otherwise god-awful law.. am I mistaken?
Trees can't go dancing
So do them a big favor
Pretend dancing stinks!
Now is the time for everyone in U.K. to brush up on Steganography.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I'm a US citizen, (and unaware of UK laws) but if a warrant is issued, isn't it normally standard procedure that if the person refuses to be searched, they'll be jailed? I'm not supporting people unlawfully rummaging through my data, but isn't this just an extention of an already existing law?
Why aren't you encrypting your e-mail?
Let's add this to our list of sad things:
- RIAA/MP3 circus
- DVDCSS/DeCSS/MPAA circus
- D.O.S. attacks
- Internet filtering software
I'm very sad.----------
Stupid sexy Flanders.
Haha that's great...How much time did you spend writing that?
---- nohup: appending output to `/nev/dull'
First off, don't use a computer. Politicians get piles and piles of mass-produced letters and a hand-written letter, which cannot be mass-produced in this way, is litterally worth hundreds of print-outs. So blow the dust off your pen, and get scrawling as neatly as you can (unless you've forgotten how).
Secondly, be forceful. State specifically that you are 'very seriously concerned' or words to that effect. The people who vet what the MP actually reads generally throw the more wishy-washy fare straight in the bin.
Thirdly, write a reasonable amount - not too long, or it will be judged as a waste of time, but not too short or they won't take you seriously.
Fourthly, focus on one specific area. Don't above all express a general grievance with the MP's or his party's policy, just make it absolutely clear what you're trying to say.
Fifth, if you know of any good references on the subject (preferably not net-based) stick them in - the MP is unlikely to look them up, but they will make you sound like you know what you're talking about.
I know this seems really obvious, but you wouldn't believe how many people just print off half-thought out letters which could never, ever, get through the system.
"What is freedom of expression? Without the freedom to offend, it ceases to exist." Salman Rushdie
I object strongly to the obvious cryptographical turn this article has already taken. Why do we never hear about the good things in Britain, like Mary Bignall's wonderful jump in 1964?
Yours etc.,
Ken Voyeur
For the UK government to request you hand them over decrypted data it means you are suspected to have done something wrong, correct? It is not exactly as if the police would come knocking at your door and asking for codes if you have done nothing wrong now is it?
The police are entitled to have access to other things to, such as locked safes. I imagine if you forgot the combination you would go to jail for that too. Why aren't you guys bitching about privacy as regards your so-called confidental locked up documents?
There are two sides to every story
I wouln't wan't to suggest that this Labour government is of double standards but does anybody remember their fully disclosure policy; the one that said we could find out *anything* we wanted to about the government. That didn't last long, "You can see everything and anything....er....except for that"
But now, lo and behold! We can now go to jail for keeping our own confidentiallity.
WELL, HERES A WAY AROUND THIS NEW LAW
Simply claim when you are quizzed about an 'encrypted' file, that the file is in its native data format and has no other format: as far as I can see that should stand up all the way in court and would make quite a nice test case.
BTW what is the official European view on encryption (does anyone know?)
Ripping an new rectum in the fabric of spacetime.
If steganography gains too much public knowledge, what will happen is as follows:
A nice, friendly policeman comes over to your house, points at any image you have on your hard drive, and say that you should give the encryption keys to decode the steganographic information in that file.
If you don't have any steganographic data in your random data file, then you'll basically be screwed, and thrown to jail for not providing the decrypting keys. Hooray.
In the end, moving over to steganography will not - in the long run - help the situation. However, the above scenario might well be used as a weapon against the law itself. I don't think anybody wants to give the power to throw anybody who owns a computer to jail at a whim over to your government...
I object strongly to the obvious athletic turn this comment has now taken. Why can't we hear more about the human body? There is nothing embarrassing or nasty about the human body except for the intestines and bits of the bottom.
If you've not seen it, check out stand.org.uk, they have a whole site on this issue, with the arguments very clearly explained.
I object strongly to the letters on your thread. They are clearly not written by the general public and are merely included for a cheap laugh.
Yours sincerely etc.,
William Knickers
/* Disclaimer anything said in the below post is something that I personally believe and as such may offend persons who have vested interests in the concept of cryptography. If this offends you realize that it is indeed a valid opinion */
I would think that in fact the average person has no use for cryptography in their daily lives. I don't mostly because I really don't know anyone and have never had the need to use communications media to interact with individuals in a private way. Generally I think that if I have a choice between using cryptography or going to prison I will choice to not use it.
The ultimate question is why would anyone really care about you so much that you need encrypted data anyway? If you are being monitered that closely you should run far, far away and never return.
Cryptography is only useful if you happen to be a spy or have an actual internet connection (ie the use of pgp to sign, encrypt, or both messages with it). Most data that you have is not really that interesting.
Slashdot social engineering at it's finest
Is not it against human rights?
Article 12. No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation Everyone has the right to the protection of the law against such interference or attacks.
Doesn't this conflict with the Human Rights? I would treat my encrypted data the same as the right not to answer questions (although looking at thier anti-terrorist laws that didn't stop them removing the right to silence and juryed trials.)
This issue could get tricky. If the authorities have a warrant to search your premises I dont believe you have an obligation to "assit" as in give them a tour of your computer files and such. If the police are searching your home and ask where such and such is. You dont have to tell them. They can just ignore it and the police have to go about looking for it (of course now you have pissed off the police and they'll make the search/seizure all the more unpleasant for you).
You also might have 5th amendment issues here. You can not be forced to incriminate yourself.
I wouldnt be suprised if congress tried and passed a law like this in the US. But I would think that the ACLU would have not to hard of a time taking this to the supreme court and challening it. Anyway it sounds like a minefield for the lawyers and legislators to traverse. No doubt some will get their legs blown off in the process.
If you're a journalist who refuses to give up the name of your source in a critical case, you can also be thrown in jail for contempt of court. Whether the secret is a name in your head or an encrypted piece of information, it's still information the court is requesting in order to determine a verdict.
I like the idea of using encryption to protect my privacy as much as anyone else, but at some point we have to expect that our own legal system should force the provision of information.
From what I understand, the real problem with this law is the safeguard, that the burden of proof of not having the decryption key remains on the defendant. That's a problem clearly because an individual is presumed guilty until proven innocent. How many times have our leaders said that they couldn't remember key information? It is up to the courts, again, to prove whether or not an individual is withholding information necessary to the legal process.
-- Bird in the Bush: The Renewable Energy Blog http://www.birdinthebush.org
I realise that we're all supposed to hate this and rally against it, but I'm not going to. I *do* have reservations, but it's not a bad balance.
Against is that the powers could be abused, but then you can abuse just about any law that involves raiding peoples property or possessions. It does happen, but not very often. (Or at least you don't hear about it very often. That's another story.)
In its favour, it doesn't try to outlaw the technology, the legitimate use or development of it. And it's not escrow. If it's implemented like a warrant, the police already need some evidence against you before they're allowed to go ahead.
It sounds like a reasonable compromise to me.
Heard on the news yesterday the the Scottish courts have rendered the law on speed cameras obsolete (in Scotland anyhow).
AFAIR the argument went as follows: If your car gets caught on a speed camera the UK law requires the owner to identify the driver at the time so that the fine/license points can be levied at the appropriate person. If you refuse then the owner gets the punishment.
However, the Scottish courts (which are independent of the rest of the UK legal system) have noticed that the European laws say that no-one is obliged to incriminate themselves - it's the responsibility of the accusers to gather enough evidence to find them guilty.
Thus, in Scotland at least, if you get snapped by a speed camera, then the right defence is to not to deny you were the driver but simply to refuse to incriminate yourself. Then under Euro law they have no right to fine you.
Now this has to also apply to this data encryption business doesn't it? Just tell you refuse to incriminate yourself (by giving them the key) then they'll have to try and crack it themselves, not just punish you anyhow.
(I guess this is equivalent of "pleading the 5th" in US?)
Regards, Ralph.
floorten.com
Store your data on DVD's. Encrypted with the MPA keys. And lose them regularly.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
... the UCITA bill being pushed through in s state near you!
Okay, Mr. UK policeperson, I'd like to give you the keys to this information which I have conveniently burned onto this here handy dandy DVD and which I conveniently encoded using the same codes which allow it to play only on my licensed DVD player. But I can't because the MPAA has this thing that says that if I turn over the key, I'll be sued. And since I'm a US citizen, I'd be in violation of the DCMA if we used the DeCSS source code to let you look at it.
Sigh...
--Smart A$$ mode off--
...Open Source isn't the only answer -- but it's almost always a better value than the alternatives...
Writing your MP is not like writing your US Congressman. In the US, Congressmen are indepdenent entities who can vote their conscience. In the UK, MP's are facless minions of their party, who would probably get themselves expelled from it and ostracized if they voted against their party leader. In a parliamentary country like the UK, control of the government is totally dependent on maintaining a majority in parliament, thus party discipline tends to be very strong.
this is an illegal item of information and has been used to plan and commit a range of crimes:
7 cNjIgG2OpDtOBDZn j Flq8LxwzCCblHTs1 y f1lKshnva7und+Az B jLBsGZ7sqz7rY6Ib N FzcsSbzEocdTI6hp U CADg05wgyiY2jOxZ 9 h0oviJuDcsFT3q3W 7 DbhKPu6hiNHhbCu4 o +sS0AaspPWYTF2qw Z VKj3SJd//tCHqVIU 9 zlSgsVSVdH4xZSEN N WyBa6Vh6Y6GhQBT9 i 5qCkpoqKd4iABNbl 7 grnm4nIHBOJ4gtIx U IwdZr/mGFH/bQHMf
-----BEGIN PGP MESSAGE-----
Version: PGPfreeware 6.0.2i
qANQR1DBwU4DPy7LL9KP0KEQCACdkb1OXbizR+pJ9frwI9Z
eMG/uNIJQe+C0By+WNSqBHnMnTCD0aFgZQR6UMo/qzF+EtH
Vu9bFlg5usmPFh2v409hiFwxJNDTVEw5AjMj/gnNSi+Rt5u
WfePdqcqVlGANn7EjnpEzGKAr2cW58IBFTEJQOusu88MYIu
BxoRHIpD255CTNK0jWGZ9Lx0O6dWv0qDs04SnUkUoFjMED2
nCGviqTQ3n3RHMqZbtaYdP0hAs04h+rfaokDGGoESGYLMM2
WKN+4smT0Yp2W5z01BeXPfWPKGQi56FaskcWXcJQeFeST5y
3h3kT648MLUE9qbhOYTTsHMcYIpQivItQkz/YQ5Hy2gcxNG
YSWaeYkn8J6aY16k75jICZ6vbaFT9a5Y8zzdZZE5sDyDGud
EmZmhAqmLMIMhuD1BAK+ZD1IvGhpB1LLC7ABmX6U+3PATvO
cro2MUnhipXmLuP0Lf40uyQR2gKl1Zz/cOos/k26dxTJb4y
Q1kaKsgLycAHHwD2cM/dmadx2hmbxlQV6dcZJsmvM2jK0ik
wZi+U5I/DSIwNLCcKjnXAfHKRfyXsF7KswtkZ3UH/0/murB
/rOWSiiGYilGnyzqIiA0VjNLI7Atbj+1xSw/Cug9S9yTo2I
m2oaOgVrwajLR2X0K14lSAmcMyE9GWNisUFI4aJ5Cs4HrTH
kLpUHsBpGoJFPcqvH10J6g==
=bJG/
-----END PGP MESSAGE-----
On a more serious note, this is highly annoying and opens the way for law enforcement authorities to make up evidence. If you don't want to give them a key then you give them free reign to make up a XOR key of their choice.
Coupled with the recent changes in the right to jury trial, I almost begin to wish I lived in a country where I had an inalienable right to be shot by all and sundry.
On a random historical note though, Mary Queen of Scots was caught and sucessfully tried for treason by Queen Elizabeth I after one of her advisors was able to break the simple substitution cypher she was using to communicate with her coconspirators on the continent. This sort of thing is clearly not new, but now moves into a different sphere of influence, you and me (or just me, if you live in an enlightened country).
There is no conspiracy
Create a program that appends 10k of completely random data to a file. Run that program on as many files in your system as you can. (Can this be done on an executable? I don't know enough about the ELF and a.out formats to know. I'd imagine this wouldn't make a difference.)
Any encrypted data can then be appended in 10k chunks to a file or two of your choice.
Retain the program that appends the random data. If anyone demands you decrypt some of the encrypted information appended to these files, just say "there is no encrypted data. I appended random info to these files to annoy people like you". (Which, AFAIK, is not illegal.)
Wouldn't they then have to prove that you actually had encrypted data? ("Innocent until proven guilty", at least in the states.)
The cake is a pie
As far as plain text / keys are concerned they can demand either. It can be a normal policeman, and does not require any written approval from higher authorities, and said policeman needs only a suspicion that you may have a key to decrypt.
With the exception of your lawyer, you are not allowed to tell ANYBODY that they have asked you for the key. If you do then you face 5 years in jail. If you do not have the key (or refuse to hand it over for reasons of security - ie it's a key your company uses) then you are tried infront of a judge to whom you cannot give any evidence nor have anybody stand in your defence.
The police on the other hand may submit evidence about you, yet you will not be allowed access to the evidence against you and are effectively guilty until you can prove your innocence.
Write to your MP and lobby newspapers to cover the story ASAP. The issue here is that the government intend to restrict your rights (and use the same police powers they would have if you were a suspected terrorist) before most of the general public are aware of the issues involved.
Wonderful. Now, instead of being tortured by British police until you give them the key, they simply send you to prison. I'm glad to see the progress in the Fascist, Draconian government that now makes up the British Empire. It's like taking Clinton, and mixing in Hitler's tactics. Quite ammusing, if you don't have to live there...
One password that will decrypt the real data and one that will decrypt harmless cooking recipies AND destroy the original.
Obviously this would only be intresting for the real criminal, that stand more to lose from his files being decrypted than from losing them altogether.
Yes, I'm sure that the really ugly guys(tm) won't get caught by this law, only innocent geeks refusing to decrypt as a matter of principle and the clueless criminals.
Perhaps starting rumours about how a few MP's have suspicious material on their computers wouldn't be too bad. ;-)
All opinions are my own - until criticized
CARE THAT I CARE? I'm getting tired of you paranoid oversensitive couch potatoes moaning and groaning that someone ruined the peacefulness of what might have been an otherwise serene slashdot front page.
Cryptography is only useful if you happen to be a spy or have an actual internet connection (ie the use of pgp to sign, encrypt, or both messages with it).
Good God, you're full of X-Files hype. Agents good. People civilized. Criminals encrypt. Two words. Blow me.
The message on the other side of this sig is false.
Since when is it acceptable for a law to be passed allowing government bodies to force handing over *any* document they desire? I can understand a situation such as bank fraud - where they may be wish access to financial documents, or even an email-threat sent by a stalker, but in general anything that they need for proof in court can be obtained by non-intrusive acceptable legal means through the *other* party involved; ie the bank or victim etc.. The very idea that a govenment can force legislation allowing them access to one's personal's on a pc is ridiculous. Encryption of data is no different from writing in one's own personal code, which by the way shorthand is an example of. Well hey- there's the solution. Invent your own form of shorthand and then encrypt that! The bastards will see nothing but gibberish and by the time they work out the meaning of the message you will have re-encypted it with a new stronger algorith..
Perhaps, if your MP doesn't have an email address, you can consider asking how they can assume they know enough to vote on an issue involving technical issues like this when they're apparently not informed enough to register a hotmail account. Actually don't, it'll just rile them.
I can see a big flaw in this law (;-)
;-)
If you can get away with supplying a plain-text version of your
encrypted message, you could give them any plain text.
Provided you used a sophisticated encryption algorithm with long
keys, even a known-plaintext attack would be too hard for
the officials to do on everyone who happily supplies a plain-text.
To me, this looks as if whoever proposed and accepted this
law does not know anything about cryptology.
If they insist on the keys however, you are severly screwed...
This would be a good reason to leave the island for good.
(its only Rain and BSE anyway...
--
Jor
It seems to me that with all this legislation going on as of late about what can and can't be done with digital data is gonna come back and bite these very same instigators/supporters in the posterior.
:/
I know... there's probably some loopholes for these guys to take in just such a circumstance, but it'd be nice to see some poetic justice...
Nate
The Other Nate
I'll do it for cheesy poofs.
This law effectively makes DeCSS legal in the UK. Since the law requires that (on demand) we hand over encryption keys to any encrypted data in our possession, they can hardly justify putting us in jail for having the key in the first place.
I quote the relevant part:
I suppose I'll have to print off any sensitive email and delete any e-version.
Trouble is, I have to be able to PROVE that I have no encrypted messages.
"Evening sir, we 'ave 'eard about this 'ere setganography lark, so chummy, wot 'ave you got 'idden in your wallpaper then?"
How would you PROVE you have no hidden data in a Mpeg/DVD/BMP on your hard drive?
OH, and I can't tell you I've been forced to do this on pain of 5 years in the pokey.
I hereby inform you that the police have NOT served me with a warrant demanding decodes of any possible encrypted/hidden data on my computers.
----
I hereby inform you that I have NOT been required to provide any decryption keys.
We Got Some Work To Do Now.
Scooby-Dooby Doo, Where Are You?
We Need Some Help From You Now.
Come On Scooby-Doo, I See You . . .
Pretending You Got A Sliver.
But You're Not Fooling Me,
Cause I Can See
The Way You Shake And Shiver.
You Know We Got A Mystery To Solve,
So Scooby-Doo Be Ready For Your Act.
Don't Hold Back!
And Scooby-Doo If You Come Through
You're Gonna To Have Yourself A Scooby Snack!
That's A Fact!
Scooby-Dooby Doo, Here Are You.
You're Ready And You're Willing.
If We Can Count On You, Scooby-Doo,
I Know We'll Catch That Villain.
Trolling for Scooby-doo!
Scooby dooby doo!
More Scooby links:
ScoobyCentral
Scottish Scooby site
Shaggy's Groovy Pad
Scoobyland links
It's when you combine it with other things, that problems arise. The European Privacy Laws, for example, dictate that you cannot export data to a country with weaker privacy protection. On that basis, the Government is entitled to export information seized from individuals to other nations, WITHOUT legal reason or basis but for commercial gain.
(This follows, as the ability to seize personal information on a computer by the Government, without due process, is tantamount to saying that the data is not protected by privacy laws. Thus, it may be exported freely.)
Then, combine it with the CCTV cameras, now filling England. These images can (and are) sold to commercial enterprises. Information from the cameras is index-linked to the national criminal databases. Imagine being able to demand of your ISP all encrypted data in and for your account (such as your password), and being able to tie all that information with everything on your harddrive and THEN everything about your movements in the country.
THAT is when it gets scary. Someone with protest e-mails who happens to be heading in the direction of a town in which the Government knows nuclear material is illegally being transported could end up being arrested under the Criminal Justice Act, or even the Terrorism Prevention Act, with the e-mails used as evidence against them, even if their sole purpose for driving there was to pick up a bar of soap.
The combination of the loop-hole in the privacy laws, the CJA, the TPA and the 24/7 surveilance lead me to believe that Britain is plunging towards being a totalitarian state. And, to be honest, I don't think it's the Government's fault.
This attitude was shared by the previous Conservative Government, just as feverently. Indeed, it was they who put all the pieces in place to allow this new law to be abused.
This leads me to believe that it's actually the Civil Service that's actually running the show. They are now in a supremely powerful position, with absolute, dictatorial powers of monitoring, searching, and arresting, with NO due process taking place. In short, the Civil Service in England would be capable of seizing total power over England, at this point, and there would be no realistic way to stop them.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Bli-me, that sounds like IRA talk to me.
Off to prison you go, there'll be no afternoon tea for you.
err this violates the EU laws that I thought protect
Freedom of speech
And the right to silence
Here's the argument if you had an address book (paper one) and wrote in code then you can not be made to tell anyone the code so how is this different?
You can't say access is fast because most things that get encrypted that the police want are very small
unlawfull and house of lords or any judge will tell you so there are to many precedents
regards
john
a poor student @ bournemouth uni in the UK (a deltic so please dont moan about spelling but the content)
For those of us who wish to have a quick word with their MP perhaps prior to writing to them:
Parliament:
http://www.parliament.uk/
Those MPs with email addresses and web pages:
http://www.parliament.uk/commons/lib/almsad.htm
You could also try:
[surname][initials]@parliament.uk
Or Richar Kimber at Keele University has a good page:
http://www.psr.keele.ac.uk/area/uk/mps.htm
Deleted
-jwb
Look at http://www.stand.org.uk/ - this is an important site.
They show how to get Jack Straw (important government chap in the UK) guilty of committing a crime. That is, they encrypted a confession to an actual (undisclosed) crime, destroyed the key, and sent him the encrypted data. Jack Straw is now in possession of some information that would pressumably be of interest to the police, but he is unable to provide the decryption key (because he never had it in the first place), but, ofcourse, as many people are pointing out, how do you prove you don't have the key...
While the example of the above site is, considering the circumstances, a fairly light-heated example, consider this: lots of politicans/business people (or anyone, really) are accussed, and investigated, of serious crimes regularly. How easy will it become to provide encrypted data to the person under investigation, without their knowledge, and then inform the police that that person is in possession of encrypted data that may (or may not? who can tell?) be of interest to their investigations. Police find data, ask for key, person is flung in jail.
Ooops.
I really hope Mark Thomas can squeeze a show in about this before the current season ends - I believe the shows are still being taped. (Mark Thomas is similar to Michael Moore, for you US people - only much, much better at what he does.)
...j
This is fun. Either you are only required to give them the plain text of any encrypted materials, or you are also required to give them the key. If you are only required to give them the plaintext, then any data you give them is unverifiable. If you have to give them the key, then you are required to break the encryption on any DVDs you possess :) I wonder if anyone has pointed this out to the MPAA...
So, the cop slips a disk of random numbers into your desk. You can't decode it.
You a) get to stay in jail forever. b) Get inventive and decrypt it into an innocuous love letter.
So, this law will be modified to force the key from individuals, not just the contents.
The US version was worse: LEAs could decrypt it and not need to provide the key. That is, they could make up any contents they wanted.
The fatal flaw with all of these stupid laws is that the penalty for using or not revealing the encryption must be worse than that for any crime which may be hidden by the encruption. Therefore, the death penalty must be the consequence for using encyrption if the laws are to work.
I believe our generation will have to learn all over again that gov is inherently tyrannical.
Lew
Lew
"The Constitution, the WHOLE Constitution, and nothing but the CONSTITUTION."
Britain is the New World Order's model police state where they try out all their new ideas (e.g. ubiquitous surveillance cameras and tracking of cars) before pushing them globally.
By the sounds of things, if I emailed lots of people (for exmaple MPs) with encrypted data and then tipped off the police. All the MPs would be arrested for having encrypted data that they were not willing to decrypt (because they don't have the key).
Just a thought.
Michael
Can't you make ANY random string of data say anything you want by making up a fake 'random' pad?
/tmp/randomjunkfile and makes up a pad to make it say "here is our plan to overthrow the government...bla bla bla".
Mr. police man takes
Since the UK government seems to consider the words 'innocent until proven guilty' to be meaningless how can someone prove that the cops fake pad isn't real?
This would be the same as planting evidence but it seems that it might work well on a jury (if you can still get one over there).
This could work both ways. Make up a pad that 'decrypts' your encrypted data to yield a cookie recepie or porn or somthing.
I Am Not A Cryptologist, but would it be so hard to devise a crypto scheme which combined your real data with one or more sets of dummy data plus some random gunk? Then you could hand over a key which retrieves the dummy data, and I don't see how anybody could prove that it wasn't the real stuff.
Everyone on this board seems to feel the government and cops are dictators just waiting to spring out and look up the nice, friendly, honest people that we are.
BOLLOCKS! The cops will only ask if they have reason to suspect you, if they get it wrong they know you will be able to sue them, etc. The reason the majority of people don't care about things like this is because they know the cops will never have reason to ask after what they have on the computers (encrypted or not).
I'm sure people will reply to this saying that I'm ignorant and its people like me that start allowing dictators into power. I say its people like you who allow dictators in. You complain at every single step a government takes, and all you do is teach people to ignore you. Stop crying WOLF and save your anger and voices until there is actually something to complain about.
#\Rant#
The point I'm trying to make is the article above contains the words 'arbitrary interference', this law doesn't change that at all.
In Schneier's Applied Cryptography (2nd. Ed.), there's a section, 10.8, that describes how to have two possible decrypts for the same encryption. You could have, say, your plans to overthrow the government AND your last bank statement encoded in the same file. If they bring out the thumb screws, just give them the key that results in your bank statement.
So it's easy to get around the law. Cryptography is too good. On principal, though, it needs to be repealed.
I heard of a NATO cypher clerk who accidentally ripped two pages off one evening. Much fun was had for several days as the decrypt still made sense.
threadeds blog
Get off the high horse. No one needs crypto that takes 6.02e23 years to break.
I'd like to announce the SOSPL: Scooby Open Source and Petrified License. Imagine...open sourced Scooby Snacks! Scooby dooby doo, and I love you!
Trolling for Scooby-doo!
Scooby dooby doo!
If you encrypt something, and they ask you to show them the plain text version, how could they know you are giving them a genuine version, and not some decoy text you made up so you look innocent?
first off every UK /.er must adopt thier MP!!!
write to him/her at least once!!
get your freinds etc to do the same.
one of them will break they will see the error of their ways, everythink they have said about eBritain is bullshite unless they repele this law.
the law is unjust and bad for business as well as the consumer, see stand.org.uk for further proof on this.
DO NOT take this lightly, goverments are made and broken by direct action, everybody distrubute DeCSS on the day the law comes into effect, they will be breaking their own law if they try to protect the key! FIGHT IT we have the power.
sparkes
*** www.linuxuk.co.uk relaunches 1 Mar 2000 ***
blog and junk
I guess you guys don't have an equivalent of the 5th amendment over there so you can't incriminate yourself.
You are allowed by law to use encryption in the US and most western European Countries without giving your keys/algorithms to your government. The UK joins now the rouge states fo the world!
The UK joins now the rouge states fo the world!
Will work. Good stego makes it difficult to tell whether there is hidden data in the file. If I have a hard disk full of MP3s, not random data, it is unlikely that every single MP3 is storing hidden data. I just like listening to music. If I have stego software, they can reasonably suspect that some of the MP3s might have hidden data, which is why I put a few giveaway files in there, preferably something mildly scandalous. They can say they think I have other files hidden, but they'll have no evidence at all that even suggests that to be the case. The only way I'll go to prison is if I live in a country where I can arbitrarily be thrown in prison anyway.
The more laws are enacted, the more ways there are for citizens to become criminals. In America, 'ignorance of the Law' is not a valid defense! There are more and more instances of law enforcement authorities breaking the law to enforce it, and unfortunately, these outragious violations (such as lying to a judge to obtain a search warrant) are tolerated or simply ignored. What truly effective check do we in the USA or the UK have to punish law enforcement abuses? None.
If I ever ran for office, I think my platform would be the promotion of a single bill, which would mandate that lawmakers must reduce the total number of laws on the books every year by 1%, for the next 50 years. Failure to do so would cause all lawmakers in that jurisdiction to forfeit their office, automatically, and new elections to be held. I could never get any of these characters to agree to the bill, because that would tend to ruin the nice little pork job politicians enjoy, but it would make a great campaign issue!
Seriously, check your laws concerning how much power the police have to legally rape you. This bill is just the next swirl around the toilet bowl.
If I were to get caught sending a string like, let's say:
cn2!34r9"$0safvlq324C&V9024:8Which decrypts to "here is the super-secret code number" But they demand a plaintext version, so I give them something like "I think your sister is cute, give her phone number" along with an encryption key that creates the exact same cypher text that they captured?
Who would be the wiser?
- passion
You can't prove it, therefore they can arrest you at will. Definition of a police state.
First the brits, than the yanks, next its the completeion of the "NEW WORLD ORDER". This just does not affects people in britian, but it also sets a precedent for other countries to follow suit.... I demand that we stand up now and let our congress representives and senators know where we stand on these issues. And even the upcomming elections, we should ask the canidates where they stand on issues such as encryprion and regulation of the net. .... that just my thougts.
He that hath a trade, has an estate. (Ben Franklin)
Britain is fast becomming a fascist totalitarian police state anyway. Witness: removal of all guns from the public, the plan to control car speed via satellite, further clamp downs on personal and political speech. I bet Hitler and Stalin are laughing at them from Hell. They survived the Great War, only to become exactly what their enemies wanted them to be in the first place. Here's hoping they implode soon.
OK, for those of us who know we're going to loose, are there any free counties left? Not talking about the US here, talking about places where you can cook code in peace. (yes, I have no faith in humanity.) (They think there's a IT job shortage now, wait until they pass the UTCIA and we all leave).
In Rwanda, people had their ethnicity displayed on their National ID cards. Those unfortunate to have the wrong ethnicity were caught at roadblocks and shot on the spot.
Illegal or criminal activities? It was 'illegal' to *be* Tutsi, and they could not hide that information.
Don't think that one's country X cannot stoop to this because of Y and Z. Even a patriot cannot truthfully guarantee the sanity of their state over the next 20 years.
Why should any organization (government or otherwise) who has the power of law and military force be able to act unchecked when snooping into individual's personal affairs? That is like saying that 'My alligator would never attack anyone who does not provoke it--therefore it should be allowed to play on the street.'
If the English government requires one to provide a key to the authorities, (even if W9X crashed and took the partition with it) they are *already* displaying contempt for individual rights. Governments are the last organization one should send their keys too. Crooks will only take your money.
-B
Can you read this ... --- ... ?
How about this //-o||-- ..o/|ooo// ?
Has there been a case yet where a law enforcement agency was unable to optain evedence or other material relating to an investigation but were thwarted by encrytion or other cyber (or cypher!) means? If you read alot (espeically /.) you hear a lot about this topic, but I'm unaware of any specific cases that make this a high priority for law enforcement.
If I were a cyber-criminal, I'd probably just use the old-fashioned method: don't keep anything around that would incriminate you; don't use anything that could be tapped: email, phones, etc.
Ya know, the old Soviet methods!
Chris
}#q NO CARRIER
--
I don't suffer from insanity- I enjoy it immensly!
Well let's see. Right now we're seeing distributed attacks on websites, where lots of machines get taken over to do the hacker's bidding. Why couldn't the same thing be done to break encryption?
It as to work; Imagine using a steganographic file system (there is one for linux, SFS).
;-)
You hide your sensitive data with one key.
You hide your porn with another key.
You just give them the second key; There is no
proof that there is more than one encrypted content" on your file system.
With SFS, there will mostly always be some random data that cannot be decrypted, but they cannot be sure of it being encrypted or random junk.
They would have to accept the fact that they can't
"decrypt" all your "random" data.
Say I'm in the next room running a packet sniffer.
Say you're _not_ using encryption, like a dumbass.
Say I steal your credit card info.
Cest la vie.
- A.P.
--
"One World, one Web, one Program" - Microsoft promotional ad
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
The question is what is data and electronic correspondence? If it is to be treated like speech, then you should have the right to refuse to answer or provide information. No problem there.
The problem is that it most likely not treated like speech it is treated like an electronic version of a paper document. Electronic files are property. Now if they are property then shouldn't you be required to disclose their contents? As I see it the argument is analagous to the cops knocking on your door with a search warrant. You let them in, but when they get to your locked bedroom you refuse to let them in there. Well then the cops can kick down the door, because they have a legal right to do so. If they find that you do have the key and withheld it, they can charge you with obstruction of justice. Seems straight forward, but the cops must prove that you had the key to be able to charge you with a crime. At least in America they have to give you the benefit of the doubt. Of course if the room contains daily business records updated this morning, then proving you didn't have the key to it is damn hard. Rightfully so.
Keep in mind that most encryption programs are much more like a steel gate or bank vault than a thin bedroom door. A lot of effort is required to open them. If you have encrypted data that the authorities have a right to see and the key, then you should be required to provide it. The law will basically mean nothing in the end, though. Its kind of like lying to the cops, illegal but in many cases unprovable.
So far I've gotten all my Karma from telling people they are wrong... :)
time to get stegfs (and similar) ready for prime-time. plausible deniability will be essential in this legal climate.
Doesn't unix encrypt its passwords with a one way function and store the encrypted version, then when you log in take the password you entered, encrypt it and compare the two encrypted versions?
If so then surely this bill means that all sys-admins are criminals, after all the he/she doesn't know the password (plain text version), and the algorithm is one way so theres no key to give (or way to decode it even if there was).
I may be wrong of course, I'm not a security (or even a unix) expert.
bil
Where you stand depends on where you sit...
Whenever there is the potential for abuse, there will be abuse.
Therefore, anything good will eventually be bad - like email and usenet (killed and/or dying via spam), and the web is filled with garbage. People use anonymous forums (ahem) to say things to people they would never say to their face - just a total loss of respect to the anonymous people sitting at the other side of some electronic connection.
But this goes beyond the net...people buying software, copying and returning it causes many stores to have a very restrictive return policy on software. People buying computers, taking out the good hardware and putting in old junk and returning it are causing stores to implement restocking fees and much more restrictive return policies.
And this goes beyond computers, of course. I get more junk mail than useful mail, I get as many telephone solicitations as real phone calls. People piss on the seats in public bathrooms, and vandalize whatever they can. People steal the pens at the counters at banks, where you fill out your forms. People litter. People speed. Automobile mechanics that don't rip you off are a little, teeny-tiny, itty-bitty minority.
Let's face it: people suck.
----------
Stupid sexy Flanders.
Before I start my main point, here are some telephone numbers:
Cabinet Office: +44 171 2701234
Martin Slater (MP for Reading, near London - my MP): +44 118 9546782
Please read on.
I have taken so much offence to this, words just cannot describe how I feel over this. As someone who uses extreme levels of security on a daily basis (mainly due to personal paranoia) I cannot believe that the government is trying to take the view "oh he uses security - he must be breaking the law". I have taken it upon myself to personally see to it that this law is stopped. I would appreciate anyone who feels about this in the same way that I do to mail
roip-bill@easypenguin.co.uk
and tell me that you agree with me. Please tell me if you don't mind your details being forwarded to government officials. I will take this to the European Court if the bill is passed and I _WILL_ stop it. Think about this:
I use the international crypto patches. I _COULD_ use the Stegonographic Filesystem being developed by Cambridge University - so that it is impossible to tell that the encryption even exists.
I believe in my right to use security, I will NOW OR EVER give up this right and will NEVER EVER give up the encryption keys to my data - I am not a criminal, why should I be treated like one?
We must stop this NOW! As I said to the Prime Minister's secretary a few minutes ago, I now think that the US and the UK are falling behind the Thrid World countries - they may be poor, they may have many problems, but they don't treat their citisens as covert spies hard bent on destroying the nation with their "top secret" encrypted data...
http://www.jonmasters.org/
"None of the law enforcement activities specified in the Bill is new. Covert surveillance by police and other law enforcement officers is as old as policing itself; so too is the use of informants, agents, and undercover officers"
To hand their analogy right back to them:
"If reading digital data is equivalent to the old use of covert operatives, then encryption is equivalent to closing the shutters so as not to be seen. Not handing over an encryption key is equivalent to not telling police what was said behind closed doors.
"As covert operations are as old a policing itself, you will find that the peoples' right to privacy is as old as humanity itself. Who can deny that it is a basic human right to have moments of privacy? And how can a civilized nation demand that its citizens incriminate themselves when they are questioned about those private moments?"
This law is an abomination, and should be struck down by the courts. Unlike the Parliament, the courts can strike down this law without proving themselves wrong.
--Sandy
Just rename your encrypted files FILE0001.CHK etc on an MS based system, so they appear as if they were blocks recovered by SCANDISK, noone can say they are not, so as they are not encrypted there is no key to supply and so you cannot fall foul of the law.
Any sufficiently advanced man is indistinguishable from God
The person in possession of a safe or safe-deposit box can reasonably be expected to have some means of accessing it. Encrypted messages, on the other hand, are comparable to having someone else drop a safe on your doorstep. This law assumes that you know whoever left the safe and that they gave you the key. If you don't know that person and you were given no key, how do you prove it?
I seem to recall hearing of two techniques: "swarms" and "onions" to defeat this tpe of measure. with swarms I think the idea was you were able to download encrypted files to which you did not have the key and could not therefore provide a plaintext. This download was certified by the swarm host and you could therefore plausibly explain the presence of encrypted files or PGP pseudo disks on your system. I cant find any other detyails though. Did a quick Altavista search etc. Can anyone help with more details?
-he who laughs last, is a bit slow.
journal
Suppose I send you an encrypted email with a suspicious looking subject. I don't give you the key. The police come knocking at your door. You've done nothing wrong, but if you can't prove that, you go to jail. How do you prove you _don't_ have the key? Presumably, the law is meant for situations where there is a bi-directional conversation between two people using encrypted messages. Such a conversation can't occure if neither party has the decryption keys. In the real world, however, laws that can be abused generally are abused, and if this law does not require such strong evidence that the suspect has the decryption key, then there _will_ be cases like the one above.
I am currently in the UK but am not a UK citizen, although I am an citizen of an European Union member (I'm French), so I don't think that the MP of the region I live give a sh*t about what I think.
So what can I do to help? Talk about it to other (English) people to raise their awareness, yeah! What more?
"The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers." Bill Gates,
Ok, I fire up an encrypting chat program, and discuss football and plans for world domination
across the net with someone in south america.
The program uses public key cryptography to exchange session keys which are sued to encrypt the messages.
The plain text scrolls off the top of the screen into the bit bucket and is lost forever. I close the program and switch off the computer. My copys of the public, private and session keys are gone forever. Next week a man from the CID turns up with the encrypted data and asks me to decrypt it.
"But I never even saw the keys, the program did it all automatically."
"How do we know there isn't copy somewhere?"
"But the program dosn't have an option to do that! Look I even have the source code for the program!"
"Ah, but you could have changed the source to the program to store the key somewhere so you could have a copy!"
etc....
Is it just me or does anyone else see a huge loophole here? Provide a plaintext copy? It seems to me that they would have no way to verify whether or not the plaintext version of your data is the same as in the encrypted file. This would be especially easy to do if you use an encrypted file system.
The Brits (not the Nazis) invented the Concentration Camp. They still use them to suppress the Irish freedom fighters. They still use torture against Irish freedom fighters. Personal freedom and liberty is only lip service for hardcore Brits.
Part II: Is it possible to destinguish a well-encripted message from random bits using statistical analysis? Suppose I store all my records of my criminal activity in a file named "PureRandomBits"; can I then claim that no key exists, that I'm using the data for Monte Carlo simulations?
Simply put, the major flaw of this legislation would seem to be law enforcement's inability to distinguish encrypted data from steganographic data from random noise.
Won't somebody *please* think of Natalie Portman?
Welcome to the real world. You dump your girlfriend, and to get even, she tells the police you're a pedophile and keep pictures of nekkid children encrypted on your computer. The police now have "probable cause" to seize your computer. Now you have to account for every file, every random bit of data on your computer, even the temp files generated by god only knows what app. And if they can't understand just one file, you are required to provide the key to it??? What if it isn't actually encrypted data? You spend the rest of your life in jail, having committed no crime, because you don't know how to decrypt random data???
That's the difference between the physical realm and the digital realm. In the physical realm, you can almost always tell what an object is, a weapon is a weapon, people seldom fill notepads with completely random digits. On a computer, everything is ones and zeroes, and you can't tell a strongly encrypted message from a session log of modem noise. That's why we're bitching about this, but not the already existing search and seizure laws.
Let me get this straight: the police in the UK can now anonymously email you an encrypted message for which you don't have the key, and then immediately arrest you and keep you in jail until you PROVE that you don't know the key? Why not just give 'em the right to shoot you on sight if they don't like the way you look...
It's happening here in the US. Once they finish licensing and registering and banning guns and gun owners, they'll start in on the rest of the Bill of Rights in earnest, making the Rampart division of the LAPD look like choir boys.
.22 popgun and a submachine gun are essentially the same, nat urally they opt for the submachine gun.
And then we'll wind up like Britain - where law-abiding citizens are not permitted to have privacy on their computers, nor to own the tools with which they can defend themselves, and criminal thugs may attack with impunity thanks to a government guarantee of disarmed victims, and since the penalty for a
All freedoms are intertwined, and the right to armed self-defense lies at the foundation.
If you live in California and haven't signed the self-defense Constitutional amendment initiative, get thee to http://www.vetothegovernor.org/ post haste.
-Michael Pelletier
And Brits love ranting against the EU and all its heavy-handed big-brother tactics. Yet in the recent past it's been mainly Brittain initiating big-brother efforts, with many of the other EU countries being less than thrilled. What about the public video surveillance system deployed in some London burb, I believe?
Uwe Wolfgang Radu
Obvious response to police if asked to decrypt a file for them: "Uh, the only encryption I consider secure is one time pad, and that file is, uh, one of my pads!" In other words, "You idiots, that IS the key! Now you just need to find the encrypted data!"
I see a misunderstanding in several of the comments here. The bill has not yet passed, and is not yet made law. It is, as yet, still legal to store encrypted data on our computers. But the bill has been drawn up, and it will be debated in parliament, and in the current social climate, is likely to be passed without a murmur. So it is of the utmost urgency that we write, calmly and sensibly, to our MPs to stress the unfairness, unfeasibility, and sheer stupidity of the bill as it presently stands.
The cops will only ask if they have reason to suspect you, if they get it wrong they know you will be able to sue them, etc.
Tell that to David Milgaard... he spent 20 years in jail for crimes (rape, murder) he didn't commit. The cops had _NO_ evidence against him (he'd never even met his supposed victim), so they happily fabricated some... Hmm, no witnesses? No problem - lean on some prostitues, get them to tell the jury he confessed. Gee, looks like there's some evidence here that clears him... well, we can't have that, can we? let's just hide it away.
Yes, he cleared his name, yes, he sued them, and yes, he got a million dollars compensation..
I wonder, would the thought of a lawsuit help you get through 20 years of hell?
Cops are people, and people have prejudices - if one doesn't like you, and he's not 100% "pure", don't expect that he won't do whatever he can to nail you, whether you're guilty or not.
I was wondering if law concering this kind of stuff is a reserved power (by westminister) or if the parliament in edinburgh has any say?
Not that I'm expecting the lib-dems to do anything about it when blair pulls the string and dewar 'decideds' to put though.
Boy your dense! They'll just charge you with non-cooperation. Obviously what your claiming to be random data is really encrypted data your refusing to give the key(s) to. And don't think that they'll be satisfied with the key to only a few files, they'll want ALL the files on your hard drive "decrypted". What's that you say? It's not encrypted data? Sorry Bozo, your ass is in the slammer 'cause obviously your lying.
This is way to late to be moderated, but for those still reading at 1.....
Go into Tower Records and DEMAND the keys for the encrypted DVDs they are selling.
Doh!
Linux - Because Mommy taught me to Share.
>evil. We may not like being watched, but I
>prefer it to being attacked in the street.
I have been attacked in the street by three thugs and guess what? I'd rather live with the danger of being attacked than the greater danger of having cameras everywhere. It's people like you that created the oppressive laws like this one!
Okay, then everyone need to look in to way to encrypt their data within other forms of data, especially video and applications. If this is done well and you are selective but thorough with the data you encrypt then you will be safe.
-
That's the kicker. You have to *prove* you have no/there is no key to the data. Or else you are legally determined to be hiding the key.
Open Source. Closed Minds. We are Slashdot.
Will somone please fix the damn Extrans posting mode!
Will ucblockhead please figure out how the damn Extrans posting mode works!
(Oh, and try using "Preview", too.)
The posting modes are tricky, but here's how they work, near as I can tell:
Extrans (Extended Translation) converts everything, including automatically replacing angle brackets with "<" or ">" escapes, so that it all shows up exactly as you type it and nothing gets interpreted as HTML tags.
HTML Formatted is the opposite: it doesn't interfere with what you type, so any tags are interpreted as HTML, and there is no formatting except for your tags. Note that newlines are ignored, which is why people so often complain that their paragraph breaks got lost.
Plain Old Text (which I use and which is probably the one you want) is in between: despite the (perhaps misleading) name, it does interpret HTML tags, but it also adds some formatting information. Specifically, it adds a <BR> tag wherever it sees a newline, so you get a paragraph break wherever you hit return. As far as I can tell, this is the only thing it adds.
I just now noticed that they seem to have fixed a bug that's been irritating me forever: When I would use "&", "<", or ">" escapes to prevent ampersands or angle brackets from being interpreted, it would work, but each I previewed, the text box would get the interpreted results, so the next time through, they would get eaten. This doesn't seem to happen anymore, though. Maybe now I can go play with my user preferences without having to redo the escapes in my sig (painful).
No offence, right? I see you got it straightened out further down. You'll also see me agreeing with you regarding the actual topic of this thread.
David Gould
David Gould
main(i){putchar(340056100>>(i-1)*5&31|!!(i<6)<< 6)&&main(++i);}
Any judge can order any person subject to its jurisdiction to provide any key or pad necessary to read anything. If the person is unable or unwilling to do so, that same judge can order the person fined or jailed for contempt of court. Courts in the US are much more powerful than in other jurisdictions. This is at least partly because by giving courts that power, elected officials can avoid appearing directly responsible for the actions taken.
Randy Hudson
Sure someone can frame you by planting an encrypted file for which you do not have the key on your computer. In fact, they could send you a file full of line noise, and claim that it's an encrypted plan to overthrow the government. But why bother? All they have to do is claim that that harmless looking .gif file on your hard disk contains a message hidden with steganography. I dare anybody to prove that there is no content hidden in some randomly chosen image on their hard disk.
It seems this law not only shifts the burden of proof onto the accused, but it burdens them with proving the unprovable.
The only way this will happen is if people tamely agree to it without a fight, which will once again validate my belief that human beings are only so many sheep willing to bend over and take it right up the haunches.
You must be stoned, thats o.k., but keep it to yourself next time.
Stop supporting fascism, stop paying taxes.
How do they know if the plain-text file is the same as the encrypted file? If they are never able to decrypt it, then they have nothing to check it against.
This act seems completely at odds with the basic human rights, i.e. presumption of innocence, and therefore will get thrown out by the EU. In the mean time Jack Straw (famous idiot and defender of Pinochet that he is) is wasting our money dragging it through Parliment.
I wish that we (the taxpayer) could sue him (jack Straw) for the money he is wasting.
I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
ACtually, that is not quite true... The most commonly used way to find an excryption key (in bidirectional en/decryption methods is to KNOW what the contents are, know what the encoded message is, and from this You can derive the en/decryption key. (similarly to the Japs Code broken immidiately after Pearl harbor).
Your argument would/will only be valid if the key used is a "one way" key (in normal terms). However, such codes are not used for messages as these are often to be read (decrypted) by the reciever, and not "guessed and compared to".
What's awful with that you have to supply the key if your under investigation for a crime. To not have to give out the key is like having a safebox and saying that they can search your house but not open the safe. The thing I would recent is to allow them to have a key to open your documents with out you knowing about it.
Quick Home Office summary, with Part 3 relating to the crypto stuff.
Full text of Bill as introduced to parliament (Part 3).
Of course it's all written in that sort of legalese which ought to win the International Obfurscated English Contest...
The day I manage to actually have data like that needing protection I will think then and only then about using some form of encryption.
I'm not going to FORCE You to care, but if You say, WHEN this happens I (You) will start caring, You're on the loosing end.
When they vame for the criminals, I did not speak up, for I was not one of them. When they came for the jews, I did not speak up, for I was not one of them. When they came for me there were noone left to speak up for me.
Even if You have no independandt though of Your own, no moral values, decency or common sense. The least You can do is to learn from past mistakes.
If You let the government get away with this because "It's none of my concern", who will help You when there's an issue that IS your concern ?
If You're not part of the solution, at least don't be a part of the problem.
for some people to order data or keys to be given up.
Now, whilst I'm not a lawyer, here's my thoughts on reading the bill.
Part 1 sets up a register of 'approved providers of cryptographic support services'.
Interestingly, you don't need to be providing any service in the UK, to apply for approval. (Para 2.1 b ).
Part 2 allows the use of a digital signature, as a legal indicator if identity.
Para 7.2 basically says that if it looks like the signature is ment to be attatched, then it is. Given that you can use either a chunck of random data, or a procedure applied to the signature, (Para 7.3), and it must be certified as per para 7.1, it looks to me like you could, if you can packet sniff and spoof, read a message, then send a second message, claiming to be a signature of the sender, to the recipient. The reciptent would then be able to certify that signature, and, ta-da, you can sign that person up to what you want, with legal force. Fair? I have seen no point in the bill that states that the sender must certify his signature.
Part 3 is ther meaty bit - this is the part that allows your data / keys to be taken.
There are a number of mechanisms for getting authorisation to do such - two by my counting, as detailed in Schedule 1.
1 - Secretary of State, or a Judge, JP, Sheriff[0] etc issues a warrent.
2 - With written permission, but no actual warrent from same as above, or something along those lines[1].
These methods have various sub conditions, depending if they have your data, or if they think you are about to get encrypted data (which is enough for them to get a warrent to force you to decrypt it).
There's a particularly worrying batch of legalese in schedlue 1, that suggests that they don't always need a warrent, and can act on the say so of a senior polic officer, customs and excise commisioner, or, worryingly, a senior member of the military. The latter bit worries me a lot.
Hopefully my reading of it is wrong, anyone want to confirm?
[0] A Sheriff is a local magistrate, not a law enforecment offical (in Scotland)
[1] A particulary contorted batach of legalese in Schedule 1.2 - 1.4
--
When I had my PC taken away by the police (suspected of cracking) they took 5 weeks to accept that the "encrypted" area was actually my Linux partitions. They were using standard Windows tools to view the hard disks and found they could not view the data on 3 of the hard disks. If this act had been in place I could have been held while they found there was nothing to find. I could not have given them the encyption key as the data was not encrypted. They are too stupid to be trusted with this sort of power.
I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
There is a thread about this Bill started on http://www.number-10.gov.uk/ Why not let them know what you think?
At what point, as one chips away at personal freedom, is it lost? Is 80% freedom acceptable? How about 60%? Hey, we've got so many people in our city, isn't it reasonable that they can only enjoy 50%?
Do you have a source for this? I have heard the same thing, but never from a verifiable (or legal) source. No one on any of the real-life cop TV shows (that I know of) has ever challenged this, and I have never heard of anybody challenging this.
I still think I would make a big stink about it, just to harass them a bit, then to make them look foolish. I am a citizen, and I have Constitutional rights against unlawful search and seizures. These laws (if that is what they are) which were put on the books to allow cops to do that to your car ARE unconstitutional. But we must fight the "WAR ON DRUGS"!
What if you lived in your car? What if you invoked your right to travel (this, I imagine, opens up a whole different can of worms - not to mention how difficult it is to get, and keep, the manufacturer's statement of origin, at the time of purchase of a vehicle)?
BTW - anyone out there know how you can obtain this piece of paper (the original) back from the leinholder and vehicle registration office? Is it too dificult to bother with (most people buy thier cars on loan, and the right to travel can only be invoked if you are the owner of the property, but with a lein on the vehicle, the leinholder is the owner, plus the state has ownership due to registration, etc)?
Reason is the Path to God - Anon