British Police Demand Access To Encryption Keys

flip-flop writes "In the wake of recent terrorist attacks, police here in the UK have asked for sweeping new powers they claim will help them counter the threat. Among these is making it a criminal offense for people to refuse disclosing their encryption keys when the police want to access someone's files." From the article: "The most controversial of the police proposals is the demand to be able to hold without charge a terrorist suspect for three months instead of 14 days. An Acpo spokesman said the complexity and scale of counter-terrorist operations means the 14-day maximum is often insufficient."

Oh yeah, that's why we threw their tea away

[SeanTobin]

Innocent until proven guilty. Although that statement is ignored just as often in the US as it is in England, laws that we pass try to at least give the impression that we respect it. So, here is how things go if this passes...

GoodGuy has a friend who is in some domestic trouble and is hiding some of his assets in off-shore accounts. He keeps his friends account information in an encrypted folder on his computer because his friend doesn't want to lose it and trusts him.

EvilAgentMan thinks GoodGuy is a terrorist planning on taking over the world, due to his recent purchase of a salt water aquarium, baby sharks, laser pointers and duct tape. He charges GoodGuy as being a EvilDoer(TM) and puts him in jail. While looking for evidence, he notices an encrypted folder on GoodGuy's computer. He tells GoodGuy that he must hand over his encryption keys or be charged with the crime of not handing over his encryption keys. He must decide on going to jail for something he is completely innocent of, or releasing potentially incriminating evidence on his friend. ...Time to get pricing on high speed internet access on the moon I guess. This planet's done for.

Re:Oh yeah, that's why we threw their tea away

[Alphabet+Pal]

What if they find a file they can't associate with an application, assume that it's encrypted, and insist that you give them the encryption keys for a file that's actually a corrupted Word document? Crypto documents are designed so that they're not supposed to look like crypto documents.

Re:Oh yeah, that's why we threw their tea away

[afidel]

You just gave me a truely evil idea. Make a worm which copies and randomly encrypts files from the infected computer, then email a copy of the encrypted file along with a copy of the worm to random people in the address book. Would make life hell for sigint people and just might give someone plausible deniability against this type of idiotic law.

Re:Oh yeah, that's why we threw their tea away

[TCM]

There is also the option of using an encrypted container and filling it half-way with some innocent-looking stuff that would still be worth encrypting. In the remaining space, you place another container with the real stuff.

TrueCrypt can do this to provide "plausible deniability". The second container does not appear in the filesystem of the first container. That's why you have to be careful to not modify the outer container once the inner container is created. Since the free space of any container will be filled with random data, an additional container inside the free space will be undistinguishable from random noise. Read the manual for more info.

Simple Solution

[USSJoin]

"I forgot it." Seriously. This is what we do in the U.S., and even if they hold you in contempt-- it's a darn sight better than letting them have access, and seeing what you were up to.

The Right to Prevent Self-Incrimination

[westcoaster004]

What is the difference between the right to prevent self-incrimination (i.e. the right to silence) and the right to not say your password?

In England and Wales, "a defendant cannot be convicted solely due to their silence" yet this is saying precisely the opposite.

Re:This is a major point

[symbolic]

They want encryption keys, but I dare say that not ONE of the investigators (or government officials) can point to a single connection between the recent stuff in London and encrypted information. They keep demanding solutions to problems that don't exist - that's why this stuff keeps happening. If they'd try to solve the problems that DO exist, they might get somehwere- WITHOUT becoming a police state.

Re:Encryption Keys?

[nkh]

I don't know where I've read this (/.?) but the problem with "onion layers" steganography is when they torture you: How do they know you gave them ALL the passwords? Maybe there is "just one more" that will reveal everything? The torture never ends if they know there are multiple layers. (yes, I'm paranoid but I wouldn't like this to happen to me)

LOL! That's cute

[doublem]

I'm going to let you in on a deep, dark, dirty secret. They aren't really trying to solve the problem. Terrorism is a boon to the US and UK governments, because it gives them an excuse to push the respective nations closer to a police state.

A police state is not a consequence of misguided attempts at preventing terrorism, but is instead an end being achieved under the cover of fighting terrorism.

Remember, Terrorism is an end to a means for the terrorists, and the governments "fighting" it.

Think the war in Iraq was about Sept 11 or WMD? Think again. It was because defense contractors have well placed connections. For corporations, your life is only worth what they can get out of it. If they can sell military ordinance by getting your children killed in Iraq, so be it. Their gods are money and power, not the ones your Priest, Rabbi, Cleric, Circle Leader or anything else are telling you about. If you think I'm being paranoid, just look up corporate environmental management. Hell, just look up what Coca-Cola is doing in India.

Human life is just another natural resource for corporations. Nothing more.

Dual Encryption Now Needed

[linuxwrangler]

Obviously what is needed is a method for dual encrypted files. Basically an encryption/steganography combo. When unencrypted with the 'fake' key, you just get whatever text you encrypted with that key - something uninteresting like expired credit card numbers or letters to grandma and it looks like you have complied with the order. Meanwhile the real key unlocks the data you want to keep secret.

Naturally the algorithms would require that it would be undetectable that this is what you have done.

Some alarm systems have something similar. When you open the business you use the real code. When the robber forces you to open up at gunpoint you use the fake code. The alarm does turn off as expected but it also calls the police with an "under duress" alarm.

Re:russian front

[ray-auch]

The Americans didn't do much protecting / defending until after _their_ home _was_ attacked.

After which they went chasing the culprits round the world with as much military force as they could.

WWII or war on terror - take your pick. Not to diminish the importance, but in both cases America only got involved because it was directly provoked, not because of some altruistic / noble motive.