Slashdot Mirror
UK Government Wants Private Encryption Keys
An anonymous reader writes "Businesses and individuals in Britain may soon have to give their encryption keys to the police or face imprisonment. The UK government has said it will bring in the new powers to address a rise in the use of encryption by criminals and terrorists." From the article: "Some security experts are concerned that the plan could criminalise innocent people and drive businesses out of the UK. But the Home Office, which has just launched a consultation process, says the powers contained in Part 3 are needed to combat an increased use of encryption by criminals, paedophiles, and terrorists. 'The use of encryption is... proliferating,' Liam Byrne, Home Office minister of state told Parliament last week. 'Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of Part 3 of RIPA... which is not presently in force.'"
I believe we are in need of a new Slashdot section: Horrifying
Just stick a computer in the corner churning out encryption keys and mailing them to the UK government all day every day untill you break their database.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
isn't the whole point of a private encryption key.... that is in fact PRIVATE .. wait what's that noise outside? THEY'RE COMING THROUGH THE WALLS OMG NOOoo ;xd.fg.......
Encryption keys don't kill people, people kill people.
If owning (not divulging) encryption keys is criminalized, only criminals will own encryption keys.
These "rules" will only push the envelope of how and what criminals (or terrorists, etc.) use to hide their activities. And at the same time, they will add one more burden to the general population to manage and ensure the government is informed of their encryption infrastructure. Nuts.
The most effective infiltration into terrorist infrastructure is still social engineering. I'd rather the money spent creating and managing something like this spent training and hiring translators, covert agents, etc.
A convincing point about the futility of this proposed rule comes from the article:
How will they know that they have the correct private keys without "testing" them on the owners' encrypted communications every so often? Oh well, it is England after all. Living on an island can do odd things to living things.
It's a good thing that, as an American citizen, I don't have to worry about these violations of my privacy.
My encryption key is:
1.....2.....3.....4.....5
Damn facist Americans! I am so glad that I live in Europe where such things never happen!
So is it that they want the criminals to hand over their passwords before they commit a crime? This should go well with the anti bank-robbery legislation requiring all would-be robbers to call in a schedule before they pull off a heist.
Luck favors the prepared, darling.
I assume that the there is a simmaler rule for safes/lockbox combinations.
Britain's use of anti-privacy situational crime prevention measures are a means of targeting petty crimes and the innocent while displacing more professional and semi-professional crime into other areas. These techniques do not stop the criminal, as he is already committing a crime, what would he care if you added "refused to give up private key" to his list of crimes?
The UK needs to wake up and realize that these forms of crime control only waste money and create more crime, than stop crime from happening.
What if the criminal has someone else handle their encryption/decryption, and thus does not even know their key? Can you be jailed for not giving away information you don't know?
before we all get issued our Newspeak dictionaries...
http://www.newspeakdictionary.com/ns_frames.html
If this goes into effect it would make it a very dangerous thing to have files of random characters .... you'd have a lot of trouble explaining them.
Most major companies have offices all around the world, presumably. So now they'll have to have a separate (pretty much disposable) encryption method just for the UK?
What about communication between offices on the internet? A japanese analyst creates some research, but due to technical problems the only Compliance office up is in Europe. So every program or service that can comminicate with Britain has to check if a request is going to/through the UK before applying the "approved" encryption.
To quote, "this is madness"
"Oh, yeah, you think that telephone call database is slick, check this sh*t out. We're gonna make our subjects give up their crypto keys or go to jail"
"Oooh, good one!" (high five)
Welcome to the Panopticon. Used to be a prison, now it's your home.
Much like a warrant to search a physical premises, having the police have the power to force you to expose your private data is perfectly reasonable, so long as it is similarly regulated by the courts. Unfortunately, as the article points out, there are problems with proving that you do or don't have the key to unencrypt, but the general principal of allowing the police to search something with a warrant does not seem problematic.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
Time for steganographic file systems where your private data can be hidden inside innocent looking files. They can't force you to disclose your key if they don't know and/or can't prove that you have one.
http://en.wikipedia.org/wiki/Steganography
I'll probably be modded down for this...
And I thought our government had it's head up it's ass. I guess I'll scratch the U.K. off my list of places to live when I can't bear the loss of freedoms in this country anymore.
- cameras are used by criminals, paedophiles, and terrorists - we need access to your negatives/memory disks.
- houses are used by criminals, paedophiles, and terrorists - we need access to your house keys.
- cars are used by criminals, paedophiles, and terrorists - we need copies of your car keys.
- ATM machines are used by criminals, paedophiles, and terrorists - we need to know your PINs.
- Online email services are used by criminals, paedophiles, and terrorists - we need to know your username/passwords.
- Computers are used by criminals, paedophiles, and terrorists - we need to install a backdoor on your computer.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Gee, I wonder what all the uk fanboys who were dissing the US about the whole NSA/ATT debacle have to say about this? Face it boys and girls, this is happening everywhere. The terrorists won a major strategic battle on 9/11, they have successfully changed the scope and nature of privacy rights across many of the worlds "democratic" nations.
"England Prevails"
Parliment better watch out... hear there's a train heading there loaded with fireworks and other things that go boom.
-zariok-
If secure encryption is criminalized only criminals will have secure encryption...
I don't know how stupid politicians can get. I'll give them my encryption keys OVER MY DEAD BODY.
Or I'll make sure the keys is something like POLITICIANSAREARSES or something like that.
Or maybe it's better to just give them the keys, but not divulge the secret encryption method used.
how long until
So, do I need to send my wifi keys too? And bluetooth? What about the encryption used by GSM?
And my car remote lock fob, that too?
Is it April the 1st?
Open Source Drum Kit, LPLC deve board - mjhdesigns.com
Great Britain _really_ wants to become air strip one... (CCTV everywhere, registration of number plates of every car, all the time, and now this.)
I just don't get it, has none of their politicans read 1984? If not, they probably should.
Even though I don't live in GB, this is scary since the current swedish justice minister applauds every step in this direction taken by GB, and he is quick to propose new laws.
In fact, so quick that the review process for proposals for new laws has ben swamped.
Scary.
I'm sure the criminals, paedophiles, and terrorists will just be lining up to hand over their keys, too.
psmylie's dictionary: Godzillion (noun) Any number large enough to destroy Tokyo
Is this a change from the current laws? Giving them up (on pain of 5 years) when asked for is one thing. Giving them up in advance takes it to a whole new level. What does this include? SSH id_dsa keys? SSL certs? Passphrases for mounting crypto partitions?
And trust it to the government? They have never once run an IT project properly. Disgusting (if true).
Get your own free personal location tracker
Eastasia set the tone and Oceania is keeping in step. Just wait for the perpetual war, that'll be fun.
Chicken fried butter sticks? Do
Simple solution: You have a new encryption scheme where there are 2 private keys. The first one allows decryption, the second wipes the drive. Guess which one you give to the police?
Coding with assembly is like playing with Legos. Coding an application in assembly is like building a car with Legos.
All your private keys belong to us
(these ones speak proper english)
The streets in Britain are flooded with CCTV.
This new development just adds to the infrastructure for the next totalitarian goverment.
Although I trust the current goverment to use technology for good, sooner or later this technology will be abused against Britain's own citizens, by a less democratic government.
And people here are worried about ID cards.
All my important communications are ROT-13 encrypted. What key should I give ? ;)
I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
I've never understood why American conservatives support him as a leader, rather than simply appreciate his support in the war on terror. He has many anti-conservative positions and is a member of the Fabian Society. He's Britain's problem, but it's high time that American conservatives realize what American libertarians have known about Blair for a while: he's not our ally at all beyond the War on Terror. In fact, Blair was not only a close supporter of Clinton, but is far worse as a leader than Clinton in most respects. I'd take the latter over the former any day (as long as it's Bill, not Hillary).
Ya gotta hand it to Blair, though. He's honest about holding a totally "fuck you" attitude toward civil liberties whereas Bush still genuflects before that "God damn piece of paper" (as Bush supposedly called the US Constitution) that those "dead white men" with their libruhl idears wrote up after kicking out Blair's predecessors 2 centuries ago.
"If strong encryption is outlawed, only outlaws will have strong encryption."
org.slashdot.post.SignatureNotFoundException: ewg
There was no crime, because the secret police would carry you off and shoot you in the head if you were even suspected of a crime. Wiretaps were the norm and the government could do whatever it wanted. Privacy didn't exist. And they were safer from criminals for it. Well, safer if we define criminals as ones that weren't in the KGB.
Yeah, no "In Soviet Russia" Joke here.
This is frightening. It's like we're becoming the very thing we fought in the cold war. A totalitarian government.
But at least we have 37 types of cereal.
You can have my keys when you pry them from my cold, dead, fingers.
Stop-Prism.org: Opt Out of Surveillance
Here's an idea... why not just make it a crime for pedophiles, criminals and terrorists to NOT give over their private keys AFTER they've committed their crime.
That way Joe Sixpack can keep sending encrypted communications and not have to worry about the government reading them - as long as he doesn't start blowing stuff up, too.
If the police requests your encryption keys, you can actually give it to them (i.e. comply) without actually giving them access to your encrypted files.
All you need is TrueCrypt, which is open source on-the-fly disk encryption software for Windows and Linux.
The software provides something called Plausible Deniability and it is further enhanced by the so-called hidden volume method.
Basically, it is impossible to prove that you have TrueCrypt-encrypted data and you can even supply a key to decrypt a decoy volume containing some not-really-sensitive data. The bottom line, you comply with the law (order to decrypt) and your data stay private.
A criminal that rapes someone may have talked during the rape -- it is the rape that was evil.
A criminal that shoots someone in the head used a gun -- it is the shooting that is evil. He could have used a baseball bat.
A criminal that blows up a building might use a cell phone -- it is the building exploding that is evil. He could have used e-mail or writing a big X on a tree.
We have to stop government from criminalizing actions that are part of our right to speech. This right is not something Constitutional or created out of any government document -- it is a natural right that all humans share, no matter what the laws say.
I'll continue to encrypt, and I'll dare the government to try to restrict me. If I have to, I'll encrypt by using an encryption program that hides my real text to make it look like readable language. Let them try to stop that. Or I'll use my own spoken code. Will they find a way to criminalize it?
Don't criminalize tools, criminalize criminal actions.
If I've incriminating documents in a safe, the police are going to ask for the key. If they don't get it, they're going to break in, and I'll be arrested for obstruction of justice. I don't recall everyone being up in arms about the police, having obtained the proper warrants, coming into my house and breaking into my safe.
Besides the fact that this involves computers, why is this different?
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
One key to rule them all; one key to find them. One key to bring them in and in the darkness grind them. In the land of Norsefire, where England Prevails.
Plausible deniability is your friend. At least one good open source encryption package, Truecrypt, implements this feature whereby a ciphertext can have an arbitrary number of (or just one) encryption key(s), each one giving access to a different plaintext, and no mathematically known method of proving which is the "real" key.
So if the cops come around asking for your keys, you could give them the one that decrypts it to harmless family photos. Of course your decoy payload would need to be interesting enough that your adversary is less likely to suspect your hiding something (eg dont use photos of the family dog as the decoy if it's likely you're hiding state secrets, instead your decoy should consists of similar but benign content).
When we outlaw encryption keys, only criminals will have encryption keys.
Get your stinking hands off my encryption keys, you damn dirty apes!!!
Currently, it's a head-to-head race between the U.S. and the U.K. Germany is getting better, but nevertheless on the third place.
Presuming that current crypto is secure, public key cryptography provides a solution.
Specifically, the public key is published, but private keys are pretty much unknown. The only thing you really know about your private key is the passphrase needed to use it (note that the computer using an entropy source generated the key in the first place).
The key itself? Should be stored on a flash memory card. Or another easily destroyed medium. If broken, you have NO way of supplying the key to the government.
The issue is key management. If the key doesn't exist, no amount of threatening or torture can cough it up. Sure, the passphrase (at the drop of a hat), but the key?
Ratboy
Just another "Cubible(sic) Joe" 2 17 3061
Convince you? OK. How about this?
It is MY PRIVATE DATA.
If the government has reason to believe that I am doing something illegal, then convince a judge to SIGN A WARRENT.
Encryption may not be a must for most people, but keeping the government out of one's private business is a must for all people, everywhere.
English is easier said than done.
The basic argument is that the purpose of a search warrant is defeated by encryption. Now I think that's wrong, or at least part wrong, and I think an alternative would be to make material held by the defendant which he does not choose to decrypt something that the jury can take account of, just as refusal to testify is now, under limited circumstances, something the judge can point to during summing up. And the alternative of forcing decryption isn't offered (although quite how someone would demonstrate that plain text they offered really _was_ the decryption is a whole other question).
The is bad, illiberal law, and those of us involved in campaigning against it have been in correspondance with our MPs for some years. But it's not just Britain that is tearing up its freedoms in the face of minor terrorism: the USA collectively shat its pants and ripped up a century of jurisprudence on the 12th of September. It makes far more sense for people with a desire for freedom to work together, rather than to assume that we're a bunch of proto-fascists while Bush Jr defends your constituional rights.
ian
What if you loose one of your keys, would they just throw you into jail?
Will M$ be giving people a copy of their keys that encrypt their Vista hard disk with every copy in the UK so they can be mailed to the government or just send them straight there.
"I believe we are in need of a new Slashdot section: Horrifying"
Here's my entry
People; don't say "This can't be done."
This is referred to as a "catch-all" type of law. Beware the wonders of selective enforcement.
The idea here is that if you find a suspected terrorist, and they use encryption, you don't even need to bust them for terrorism OR for not providing their encryption keys when demanded. You can just go to step A, look up their name in the government encryption key database, find out that no, they did not provide their encryption key to , and take them directly to jail.
Regardless of whether or not the are a terrorist, regardless of whether or not they are willing to turn over their encryption keys when asked, you can find them guilty.
This is not about collecting everyone's encryption keys (at least not at first). Initially, this will be used as a blunt stick to smack anyone the government doesn't like. Think of the way seat belt laws are enforced; cops won't stop you for not wearing your seat belt, but they'll sure as hell issue a ticket for it even if you aren't speed, have all your paperwork in order, and have done nothing else wrong. It's a sort of standby crime they can get you on.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
Add this to the National Identity Register, ID cards, the Civil Contingencies Act and the Parliament Act and the UK is well on the way to becoming a police state.
And the worst of it is, most people seem to think this is a good thing.
you're the worst troll I've ever seen.
...the real terrorists are nations, not lone terrorists or terrorist organizations like Al-Qaeda. The UK Government should imprison themselves for being responsible for the deaths of hundred of thousands of Iraqies (remember the sanctions).
Iraq body count made a comparision between the number of innocent civilians killed by USMC and by the "terrorists".
The conclusion was that including 9/11 the terrorist had killed 3500 innocent civilians. The USMC had killed at least 13000 innocent civilians. In Iraq only most civilian deaths (about 35%) has been by USMC and that is the largest single factor responsible for civilians deaths. The terrorists is behind only 9% of the civilian deaths.
Something to think about the next time you call someone a terrorist...
I'm obsessed with entropy. I collect entropy from tons of sources, process them, and burn them to DVDs. When I have collected enough, I use them to burn a DVD with what I think are true random numbers -- a sequence of numbers that no Turing Machine can generate, unless its description is as large as the sequence. This is really hard to do. random.org only gives you a few megabytes of randomness. I want 4 GiB.
Will the UK government send me to jail because they think it's encrypted self-incriminating data?
... and after a while, it will be very handy to frame jaywalkers and pot smokers.
I can already see the terrorists handing over their keys - *sarcastic face* Once again another government idea that will hurt everyone but the people it's targeted against. If me and you know this, then why don't they... Personally coming from the UK I believe they do - so it's just another case of home land surveillance. (Along with the other shit load of databases, Camera's, Police street searches, and the expected Bio-ID Card.)
Mega Mobiles www.megamobiles.co.uk
Who the hell modded this informative?
Check the destination of that link before you click it... It goes to Bottle Guy - Just another site similar to Goatse or TubGirl.
Is it an election year in Great Britain? In the US it seems this "criminals, p[a]edophiles, and terrorists" chant happens most as campaign rhetoric or as smoke and mirrors to deflect attention away from something else.
Lorem ipsum dolor sit amet.
Well well... It seems it is not just the US Govt/CIA/NSA playing tricksies on its citizens when it comes to privacy and electronic monitoring. UK officials bring up valid reasons (pfft) for wanting such encryptions keys to be reported to the govt. I'm curious to know which agencies will have access to the database of keys, and will there be procedures to protect innocent citizen's data private data from being mishandled (or in the case of corporations - stolen. See Corporate Espionage).
Ok, Fine..
but will they at least write some good encryption software todo it with.
Most encryption software sucks.
Side note, would this also mean we don't have to use the verisign terriost any more?
Just an example of astoundingly ignorant politicians who don't realize they're effectively criminalizing the use of cellular phones, the constantly changing keys of which would amass petabytes of data within a year, in just the UK--and that's just the keys, not the data they encrypted...and that's just the cellphones.
What absolute morons.
Could be swap, could be unformatted forgotten junk etc. The government would have to prove it was real data in an encrypted format. That's easy if it's a file on a filesystem, not easy if it's "forgotten" space on an apparently unformatted part of a disk. That's why this kind of legislation is so bloody stupid. What can I say, we're talking about politicians here, always trying to treat the symptoms rather than the cause.
Deleted
You're behind the times.
The UK is already (planning) installing a system of automatic licence plate recognising camera's throughout the country. The resulting database will allow a very comprehensive following of cars and thus persons.
The next step is of course that you have to report to the police whenever you've driven an other car but your own...
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
They won't be able to keep up with encryption algorithms, unless they limit the usage of algorithms to "approved by the government".
This is nuts.
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
How would they know that the use of encryption is increasing, unless they were already monitoring their portion of the internet?
To say, as they did, that this will stop terrorists is stupid. The thing that terrorists have the liberty of doing is sitting back and saying "no" whilst waiting for the rest of their cell to carry out the act; they were going to die anyway, what does it matter. The sentence has to be for a fixed length of time (well it doesn't have to be - in contept of court you could just be held forever untill you are willing to say your name/stop swearing at them etc.) - you can't have crazily long sentences because someone might just forget the key and not be doing anything wrong - so if you say 6 months then they will be out in 3 - which is not enough to stop someone from being a terrorist (if you could even have a sentence which would) and it is far less than peado's get - so it's still the sensible option. Also when you are in prison you can say "I'm in for telling the government to fuck off"... which will make you infinately more popular than "I like watch little kids getting abused" (which will get you beaten till you bleed out your ears)... so I can see a lot of convictions coming
*''I can't believe it's not a hyperlink.''
2.) Does anyone really think this will *not* harm innocent law-abiding citizens?
Let me make this clear to all governments of the world: Are you people on crack? If so, word is there are great government drug treatment programs--especially in the UK. It's OK. They're mostly discreet. We support you seeking professional help.
As for my point #2: By having private crypto keys stored in one central repository, you *GUARANTEE* it WILL be compromised either by an insider (think: blackmail or bribery) OR it WILL be cracked.
Now really, let's think this through. The baddies don't/won't register their guns. (The IRA never did, did they, gov'nor?)
So... we can also infer that the baddies don't/won't register their crypto keys.
It's called "logic". Look it up. Do some research. Please.
Any statements to the contrary are only fabricated in a completely toked-up dream world.
Just give them a key off by one digit and say, "OOPS" if they ask.
Help end the use of Sigs. Tomorrow
Does anyone know what the requirements are for a phone tap in GB? If the police can do it without a court order this ruling is just more of the same...
Please sign petition to restore sanity to our banking system!!!
http://financialpetition.org/
Why would I need to convince you? Suppose I don't *need* encryption, but just want it?
Why should the government be able to sniff my packets without a warrant? Why should they be able to decrypt my files without proving to a court that the decryption is necessary?
we see things not as as they are, but as we are.
-- anais nin
...i'll let them have some.
You need encryption to ensure that when you send your credit card number to a website, all the networks in between do not get to write that number down and save it for later. You need to keep your private key private so that, when a malicious cracker gets into the website for your major operating system and puts in some innocent looking update files on the server, the clients on the other end can verify that they have not been signed by you. You need encryption so that you can keep your plans for rebellion out of sight of the oppressive government you live under. Maybe not the U.S. or Britain (yet), but one would hope that people in places like Iran are able to secretly make plans with themselves and with outside forces to throw off the yolk of whatever is bothering them.
Anyone?:)
This is a particularly nasty bit of legislation. You have to prove that you are innocent. Forgotten your PGP passphrase, or other passwords? Tough. That will be a jail sentence. Still forgot it at the end of the sentence? Back inside. Rinse, repeat until you do remember it. I think I will have to change my PGP passphrase to: "the government are evil fascist bastards and the police are their willing servants"
Trying to associate Microsoft with "fun" is like trying to associate Satan with aromatherapy. -Tycho
Another purely pragmatic fear is that this would be nothing but a waste of time and money, and a distraction. This law effectively requires that law enforcement must put a respectable amount of effort into collecting and cataloguing what could be billions of encryption keys. (I couldn't even count the number of keys that I use offhand, not even counting SSL, which I assume they don't care about.) All of these keys have to be associated with their owners and users, what they're being used for, and what data they're being used to encrypt. That could easily grow to be one mess of a database.
A database that would be effectively useless. The only people who are going to provide keys are law-abiding citizens who provide them all and non-abiding citizens who provide all but the keys they don't want the gov't knowing about. Meaning none of the keys in the database will be useful for finding anything the law might need to know. Meanwhile, it's going to provide another distraction if they actually try to enforce it, because they'll have to start hunting down all the folks who are no threat, but don't provide keys because they don't know, don't care, or value their privacy. I'm completely lost as to what they think they can gain by maintaining this. It's not like this database would be particularly useful for, say, mounting a dictionary attack on data that was encrypted with an unknown key by a real shady figure.
I'm sure implementation details can vary how much this is going to pull resources away from real counterterrorism and law enforcement, but I can't see how this can possibly do anything but make counterterrorism and law enforcement more difficult. And I'm sure anybody worth their salt probably realizes this; I can't see why the true motive could be anything but irrational paranoia or a Big Brother attitude. (Of course, those are probably really the same thing.)
...I know that's like asking to be lied to, but I would like to know how often criminal investigations are hampered or even prevented because communications or information had been encrypted.
Like so many others, I see this as nothing more than an attack on privacy and not as an aid to criminal investigations. Criminals are not going to turn over their keys. People who turn over their keys aren't likely engaged in criminal acts. "honest" people who believe in the right to privacy will become criminals, however.
I'm not sure "police state" is the right word, but we're certainly talking about criminalizing the general population to the point that only people "in office" can have the right to privacy under the guise of "national security." And a funny thing happens to your rights when you become "a criminal." You lose them along with your ability to run for public office and all manner of other things.
It appears, Phoney Blair's brain has gotten a little too few oxygen while he was deep throating His Bush.
I mean, has anybody in that lousy government got a single glimpse what asymmetric keys are?
I for one think that the UK will kick this kind of law into the long grass. Just take a look at the recent moves over attempts to change the right to detention without trial? It didn't happen. The UK system works and protects the rights and freedoms of its citizens. It takes more than a constitution to protect your freedoms, people have to enforce them.
England Prevails!
Do you believe there will never be a need for "the people" to over-throw a government ever again? Giving the people in power all the power they want is A Bad Thing because you never know what they might do with it in the future.
It is well known that governments spy on behalf of certain domestic corporations to try to give them a competitive edge in the market-place. This will make this process easier to do.
Maybe they do, and this serves as a way to indirectly outlaw a whole host of encryption technologies (at least when used by private individuals, rather than the government).
Of course, its quite likely that if the UK is like every other country, the law would be selectively enforced. They wouldn't go after everyone using technology that made the mandatory reporting impractical, but if law enforcement got in in their mind that you were guilty of something else (whether another crime or just doing something not-illegal that law enforcement authorities don't like), they'd use your use of such technology, and the fact that it made you guilty of a chargeable offense, as a lever or as a fallback charge.
So SSH is now illegal in the UK? Let's see how long the last of their big businesses that have corporate secrets to keep hang around in the UK. Especially government contractors with military secrets. Oh sure, they can have their database. I predict that it will be flooded and broken within a week of going online.
The use of illegal government spying on innocent citizens is proliferating.
Your move now.
...(and no, you may not have my encryption keys).
This is an example of the government passing bad laws which have no real effect on terrorism, it's just posturing. It'll be impossible to prove that a person really knows the encryption key or if the key that was coerced from them is the real key.
These days encryption software like truecrypt have multiple levels of "plausible deniability" so even if a key was coerced out of someone you don't know if the data that is decrypted is the real deal or just another decoy.
These so called government security advisers really don't know anything about security. The UK Government can't even remember to deport foreign criminals after they server their sentence. The country will be a lot safer if the Government fixed their own incompetence rather than pass TROLL laws which deprive the real law abiding citizens of their liberties whilst allowing the terrorists to carry on business as usual.
Don't they realize that real criminals and terrorists will NOT EVER register their keys. This law will punish the honest.
Since a one-time pad is totally random, each potential key is equally possible. Would you not be able to generate another pad that will return a totally different, but quite possibly meaningful, result?
For example, if your plaintext was:
Mary had a little lamb.
A onetime pad could transform that into:
Xualgneehktfilawltbendn
For which we could generate a reverse pad that turns it into:
The rain isn't in Spain
You'd need two "keys" to whatever it was you were encrypting, and you'd have to spend some time to create a second plaintext of the exact same length that was plausable but harmless. When you're done, if you have to, give out the second key (pad).
Learning HOW to think is more important than learning WHAT to think.
http://www.gpg4win.org/ .. supports Outlook 2003!
This law is so big brother, it makes me wanna vomit. Thank g-d we don't have this in the USA. Oh wait, we do. Its called the Patriot Act. Any judge can order you to turn over your crypto keys. But at least its not as broad as just requiring a "notice from an authority".
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm# 49
Regulation of Investigatory Powers Act 2000
2000 Chapter 23
PART III
INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC.
Power to require disclosure
Notices requiring disclosure.
49. - (1) This section applies where any protected information-
(a) has come into the possession of any person by means of the exercise of a statutory power to seize, detain, inspect, search or otherwise to interfere with documents or other property, or is likely to do so;
(b) has come into the possession of any person by means of the exercise of any statutory power to intercept communications, or is likely to do so;
(c) has come into the possession of any person by means of the exercise of any power conferred by an authorisation under section 22(3) or under Part II, or as a result of the giving of a notice under section 22(4), or is likely to do so;
(d) has come into the possession of any person as a result of having been provided or disclosed in pursuance of any statutory duty (whether or not one arising as a result of a request for information), or is likely to do so; or
(e) has, by any other lawful means not involving the exercise of statutory powers, come into the possession of any of the intelligence services, the police or the customs and excise, or is likely so to come into the possession of any of those services, the police or the customs and excise.
(2) If any person with the appropriate permission under Schedule 2 believes, on reasonable grounds-
(a) that a key to the protected information is in the possession of any person,
(b) that the imposition of a disclosure requirement in respect of the protected information is-
(i) necessary on grounds falling within subsection (3), or
(ii) necessary for the purpose of securing the effective exercise or proper performance by any public authority of any statutory power or statutory duty,
(c) that the imposition of such a requirement is proportionate to what is sought to be achieved by its imposition, and
(d) that it is not reasonably practicable for the person with the appropriate permission to obtain possession of the protected information in an intelligible form without the giving of a notice under this section,
the person with that permission may, by notice to the person whom he believes to have possession of the key, impose a disclosure requirement in respect of the protected information.
(3) A disclosure requirement in respect of any protected information is necessary on grounds falling within this subsection if it is necessary-
(a) in the interests of national security;
(b) for the purpose of preventing or detecting crime; or
(c) in the interests of the economic well-being of the United Kingdom.
(4) A notice under this section imposing a disclosure requirement in respect of any protected information-
(a) must be given in writing or (if not in writing) must be given in a manner that produces a record of its having been given;
(b) must describe the protected information to which the notice relates;
(c) must specify the matters falling within subsection (2)(b)(i) or (ii) by reference to which the notice is given;
(d) must specify the office,
The UK govt can come over here and kiss my American ass. Harsh yes...but the appropraite response for such a stupid demand.
Is anyone else getting the feeling that its not safe on either side of the water and its about time to find an uninhabited unclaimed island and start your own country?
So I guess everyone will just switch to a solution like TrueCrypt:
You can create hidden encrypted volumes within other encrypted systems. Even if you are forced to give up your password it's impossible to tell if their is another hidden volume present.
From the TrueCrypt site:
The principle is that a TrueCrypt volume is created within another TrueCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it is impossible to prove whether there is a hidden volume within it or not, because free space on any TrueCrypt volume is always filled with random data when the volume is created* and no part of the (dismounted) hidden volume can be distinguished from random data.
It is not so much that I have confidence in scientists being right, but that I have so much in nonscientists being wrong
Ok, the world is upside down. And Alan Turing is rolling in his grave. With laughter, that is.
burrocrisy
and that would be what? Ruling by jackasses? Never has a slashdot misspelling been more apropos
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
This will ensure that only criminals, paedophiles, and terrorists have unknown encryption keys since I'm sure they can be convinced to hand over the key used for innocuous files and use another for the damaging ones.
From what I've learned of terrorists over the past years, they don't care about a 5 year sentence when the alternative is far longer.
And the bobby that has a hard on for your girlfriend? He'll be able to go over your history with a fine tooth comb...
I am moving to China.
Do our British compatriots have to give up the keys to their wireless networks? I mean - who knows what's going back and forth across the air, particularly when the traffic never goes out to the public net but stays within a nice little private network that just happens to belong to a terrorist cell.
This just points out how ridiculous the ruling by the Home Office happens to be. In protest everyone should just encrypt everything and overwhelm them with keys.
My first question - how are they even going to know that something is encrypted? Ever look at the binary stream for an MP3 or an MPEG movie? Looks encrypted to me but there are probably repeating bits in there that tip them off to to the fact it isn't an encrypted file.
A real shame my mod points expired... the first time in a long time I've really wanted to mod something up.
Your CPU is not doing anything else, at least do something.
Your comment is true. However, what's next? Every governement expansion in authority is followed by a subsequent one.
No, I don't trust in god. He'll have to pay up front, like everybody else.
Could you turn over all the keys you've used in the last 3 days? Assuming you use SSH, scp, et al., I don't know if it's even possible.
Ben Hocking
Need a professional organizer?
Why is parent modded Insightful? If I had mod points I'd mark it as a Troll.
Blurb is misleading. TFA states that it is an offense only if you're already a suspect and they ask you for the keys and you don't hand them over. (In the US, this would probably violate the 5th amendment. This is UK, different rules.)
If you're a suspect in a crime, the police have the power to search you, your effects, and your residence. When did this change? Do you really think there's anything on that list (house, pictures, car, computer, bank records) that they can't already look at today with a search warrant?
Just wait until they finish decrypting all the data files on my PC.
"You mean we spent four days decrypting Gigs upon Gigs of vacation photos??"
"Well, they have an 8 Megapixel camera, lots of memory cards and use RAW format..."
"But that's all you found? There aren't even any racy photos in the bunch?"
"Should we start decrypting the second RAID array?"
"The one labeled 'Project Gutenberg text to speech files in WAV format'?'
"Yes, that one."
"Go for it. I don't know what this 'Project Gutenberg' is, but it's got to be seditious. Plebeians don;t label anything a 'Project' unless they have delusions of being all 'Cloak and Dagger.'"
"Live Free or Die." Don't like it? Then keep out of the USA
If anyone has played the adventure game "Moment of Silence," this sounds oh-so-very familiar...
Holy Fsckin Sh*t! No encryption for anyone? thats such a bummer. UK citizens need to make it known that they will not live in an absolute police state. Thats just a way to prevent citizens from having privacy anywhere else other than their heads. There has to be better ways to fight child porn or organized crime than outlawing lawful encryption. I dont buy into this culture of fear, its such BS. The truth is that we live under the illusion of control and we dont know when our lives will end, we may have an aneurism tomorrow while playing soduku. Honestly how many people are contacting their representatives and asking for all out war on privacy? Go after the terrorists, throw them out of the country if their student visa has expired, if they are arrested for something serious and convicted. But for the love of God dont criminalize your citizens
I think this will increase the proliferation of encryption technologies which provide a certain level of plausible deniability. Things like TrueCrypt (http://truecrypt.org/) provide an encrypted container which has a basic access and a secondary access. The container cannot be detected as being an encrypted anything - it is just a bunch of random data. If you use the basic access mechanism, you get your data. If you use the secondary access, you get an alternate contents, which can be seemingly important, but relatively benign data you put there to look like soemone got something important. However, you cannot tell which one is which, or even that the alternate access isn't the primary one.
TrueCrypt lets you mount the container as a filesystem, which is a convenient way to go. This sort of thing allows you to:
a) Deny that there is anything encrypted for which you have not proffered a key. "Oh yeah, show me what I have encrypted and I'll show you the key."
b) If that's not enough, proffer the false key that gives them the alternative access. "Ok, here you go. Let me know if you find anything incriminating. (tee hee)"
Lastly, if you use things like encrypted swap on a unix device, you can plausably say that what is there is just an encrypted swap file, and you don't have a key because the key is never saved to the disk. Why isn't it mounted now? You only set it up temporarily and forgot to delete the file when it was done. (for 1Gb files or larger...) If you have a 20Gb file, you're probably going to have to explain it... and go for option (b) above.
Of course, if your 20Gb file is not a file, but is just an "empty" partition... well there you go.
Please note - I'm not advocating breaking any law here - just outlining what this will drive people who care enough to do.
i - This sig provided by
Gah! Replied to the wrong comment. Sorry.
Go to http://www.truecrypt.org/ and check out their product. It allows you to store and encrypted drive inside another encrypted drive in such a way that it's impossible to tell that the first one even exists. They can't force you to give them the keys to something that they don't know is there.
-- Give me ambiguity or give me something else!
I often though that the correct way to keep a key is to XOR watermark an image with the key data, then run a bit comparison against the origional.
OK here's my keys - [Dumps 10 gig of PRON backup on the desk]
More for the U.S. than for Britain, but hey...
6. Right to Privacy
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to untruthful attacks upon honor and reputation.
Everyone has the right to the protection of the law against such interference or attacks.
A. All citizens have the right to be secure in their homes, on their persons, with their property, and in their thoughts and writings. The state shall not infringe on this right, either secretly or by force, save by a warrant for probable cause describing the person or place where the Right to Privacy is suspended and specific reasons for such investigation, or by an officer of the law observing direct and irrefutable evidence of the commission of a crime.
B. If a search is conducted with a warrant, and no evidence of a crime is discovered, the state must pay the injured party for all damages, plus the average citizen's wage for every innocent person improperly detained in the search, plus interest. If a search is conducted without warrant by an officer of the law, and no evidence of wrongdoing is discovered, the officer is liable for all damages, plus the average citizen's wage, plus interest for every innocent person improperly detained in the search.
C. Citizens have a right to ensure their privacy, consistent with the rights of others guaranteed by the Constitution. This includes access to encryption and scrambling technologies, the lawful use of aliases and disguises, and any other method of keeping their legal activities secret now known or hereafter invented.
D. Employers may require abridgment of certain privacy rights for employees only in the case of national security, worker or public safety, or a reasonable threat of criminal activity. They must clearly and fully detail in the employee contract what rights are being abridged, the circumstances surrounding such abridgment, the location in which such abridgment will occur, and the reason for such abridgment. Failure to do so will result in the same penalties for the employer as wrongful search and seizure.
E. An employer may require abridgment of certain privacy rights for the general public at their place of business only in the case of national security, worker or public safety, or a reasonable threat of criminal activity. They must clearly and fully detail at each public entrance what rights are being abridged, the circumstances surrounding such abridgment, the location such abridgment will occur in, and the reason for such abridgment. Failure to do so will result in the same penalties as wrongful search and seizure.
'nuff said. http://en.wikipedia.org/wiki/Plausible_deniability
Also, what happens if you have already destroyed your private key when the gov't requests it? And I really do mean, destroyed, beyond recoverability.
Or the human cattle ID cards Act, which creates by far the world's most intrusive Big Brother database on citizens by linking up 5+ previously unconnected databases...
The Dictatorship Bill, also called the Abolition of Parliament Bill, Totalitarianism Bill or (by the Govt) the Legislative and Regulatory Reform Bill is nothing less than a naked grab for power. After being amended 3x, the Bill was passed in the form described here.
LRRB enables ministers to rewrite our constitution with only rudimentary scrutiny. Consider the extraordinary mass surveillance / coersion implications of the ID Cards Act. Even the well-organised opposition could not stop this legislation.
What chance then of:
1. Spotting obscure but deeply damaging clauses hidden in the boring legislation?
2. Motivating the Tories, LibDems and enough New Labour drones to subsequently block it?
LRRB is then carte blanche for Blair to do what he will with this country. What can we deduce of his plans?
New Labour already rejected an amendment to stop LRRB re-writing our most important constitutional laws. They then promised to introduce new amendments fulfilling the same thing. Our skepticism was once again justified. This is more than enough evidence that Blair wants dictatorial powers.
LRRB is obviously a precursor to passing laws which Parliament wouldn't otherwise pass.
Considering the deeply scary laws he's got through Parliament, the likelihood is that he wants something so badly, and so unpalatable that he won't even risk presenting it for proper Parliamentary scrutiny.
- He does not need Parliamentary approval to invade Iran
- He already has Hitler's Enabling Act.
- He has already passed RIPA and the ID Cards Act for more Big Brother snooping than anything China or North Korea have.
- He already has locked up people for 3 years without trial or even being questioned - although he has been twice been 'told off' for breaching the Human Rights Act in this way.
I did not believe that he needs LRRB to repeal the HRA - indeed one welcome amendment was to exclude the HRA from being amended. When every other explanation has been ruled out, whatever remains, however unlikely, must be considered. I think something much worse is coming although I dread to think what.
Wooooooooo! UK!UK!UK! We're number 1! We're number 1! GO UK GO!
Give me good ratings or I will close down the internet.
Better yet: One key decrypts your regular files. Letters to grandma, pictures of your baby, etc. And the other decrypts your super secret terrorist plans. Both from the same encrypted volume.
Good idea. Then you can give up the key showing your terrorist plans and just get a few years in jail. They will never find your photo collection and your secret letters.
I'll probably be modded down for this...
If terrorists know they'll be forced to hand keys over, why not simply use technology where doing so is essentially meaningless? http://en.wikipedia.org/wiki/Perfect_forward_secre cy
This smacks of the same arguments they use with guns, and it shall get the same logic. Law-abiding citizens will be the ones impacted, while people breaking the law don't care, or have more incentive to not get caught.
Methinks this is just part of a greater scheme so that the UK government can watch HDCP encypted movies...
I am sorry I do not have any Encription Keys. I only use binary seed values for random number generation.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
This from the government that doesn't allow its citizens to own firearms... big surprise
GPG is better than PGP. There is no customer database. The UK government could request the customer database of all UK customers then they have an instant "hit list" so to speak. GPG requires no install so it is [almost] impossible to trace (use a file shredder to securly delete it, etc. making it as close to impossible as you can get).
It will also force more people to use much more sophisticated technoligies. Things such as TrueCrypt's Hidden Volume feature for Plausible Deniability. Again TrueCrypt requires no install, is open source so people can be happy knowing that others can review the code to ensure there are no back doors and it uses well known (and therefore well tested) algorithms.
Also the government are kidding themselves if they think they will catch terrorists with this. If you are willing to kill hundreds or thousands of people and more than likely kill yourself in the process, are you going to be worried about going to prison for with holding your private key? Of course not. The same holds true for the really evil pedos. Going to prison for with holding your private key isn't as bad as going to prison for having 20,000 pictures of naked 3 year olds.
The only thing this will do is hurt our country. More rights lost with no real gain. If they could be 100% sure it would remove terrorism and pedos I would think about it but it won't, it won't make any difference what so ever. Next they will be requesting a copy of a key to your house so they can secretly search it without you knowing to ensure you are not breaking the law.
In related news, the UK police say they will shortly be making home visits to every house in britain, requiring copies of front and back door keys for businesses, homes, apartments and garages..
I don't post often, but this spurred me to action.. It reminds me of gun laws in the U.S. Honest Citizens are expected to wait 5 days and complete a form acknowledging among other things that they are not a criminal. The funny thing is.. I don't think that criminals admit they are criminals..so they get their guns illegally or check "no" i am not a criminal on the form. If honest citizens are expected to turn over their private keys.. I might expect that the criminals wouldn't turn theirs over - they have already broken at least one law (to become a criminal).. I'm sure they wouldn't have a moral problem with breaking another. or They could simply turn over the a throw away private key to satisfy the requirement and use an illeagal set for their business. Just my opinion
A database of all private encryption keys would provide a hot new target for hackers, I can see the headline now...
The encryption key is pretty useless unless you know what algorithm it was used with. So, of course, they'll need to have the code for the implementation of whatever encryption program you were using, which brings up a couple of interesting issues:
1) What about compression algorithms, specifically codecs? Presumably, the government will need the code for all of these patented secrets.
2) I recall seeing an algorithm, back in the 1980s, that would translate any string of bytes into a plausable description of a baseball game. This could be modified to describe any other (ahem, endless) activity (*cough*cricket*cough*). So when the government asks, what's to stop you from just handing them a random "key" and this "decryption" algorithm?
Take care,
brad
Seriously, how can this be stopped?
In america we have whats called the 5th amendment. Which should mean that I have protection under the law to not be forced to answer questions that incriminate myself. What is your password? and what is your encryption key? should be similiar to Where were you the night the victim was shot? I don't have to answer if i believe that in answering the question it will incriminate me in a crime.
All they will do is hand over one set of keys, and then use those registered keys to encrypt around messages already encrypted with their secret keys. The government monitors will see that the messages are encrypted with the registered keys, and think they are fine, not bothering to look inside them.
All this does is criminalize and/or make useless encryption by law abiding citizens.
Is there anything that can't be "justified" by linking it to pedophiles and terrorists? Say it'll lower the price of gasoline and people will beg for it. Pedophiles, terrorists, and gas!
"These people look deep within my soul and assign me a number based on the order in which I joined" --Homer re:
...the gun registry in Canada. Criminals are as likely to register their weapons with the government as they are to provide them their encryption keys. Just another example of "what's the problem if you've got nothing to hide?".
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
I suspect the British government will be far less likely to ask for encryption keys if the keys and the encrypted stream are hidden in 200 gigs of pr0n...
In any case, all this will do is inconvenience legitimate users, and very possibly expose them to security problems, depending on how the government chooses to store the keys. Anyone who really wants to put forth an effort, such as actual terrorists, will be completely out of reach, because even if the government does find their communications buried in all that pr0n, there's no guarantee that they'll ever get the keys.
Don't thank God, thank a doctor!
1. You submit your DNA to the Govt. at Birth and every FIVE years sign-in at the nearest Police Station.
2. Every change in your living habits whether they be choosing Banana Breakfast kellogs over Strawberry or something as mundane as choosing VNC over Virtual PC needs to be communicated to the Govt. along with a 3 page writeup of why you want to choose an Open source alternative and deprive hard-working people of your ill-earned money.
3. submit your Honeymoon s*x videos to the Govt. for "scrutiny" to search for any Hidden clues about terrorists standing in beaches with their wang out.
4. Inform and get consent from the King's/Queen's Govt. before fornication.. of fuck, that is what FUCK stands for.. i forgot, My bad,
5. Inform them when you plan to visit a third-world country with a writeup in triplicate of your reasons, logic, funds, etc.
6. Renting a Ford Focus would involve clearing a thumb print check, RFID your clothes, ONSTAR cars, DNA verification, Driving License issues 3 months back with a Digital Copy, a credit card that has about $8000 balance on it.
7. All private and public encryption is outlawed. Anyone who has reasons to hide his/her life is surely either a terrorist or a paedophile.
8. Best of all, 63% of the people would approve of such sacrifices of hard-worn freedom.
It is time we replaced Benjamin Franklin from our dollar notes and replace him with a picture of HRH Bush or Rumsfeld or better yet Alito.
Benjamin Franklin surely feels insulted on being made to server a country which has foremost rules in limiting people's privacy and unwarrantd searches, and a population that agrees and sacrifices its freedom for security.
"Doing what i can, with what i have." ~ Burt Gummer
Believe it or not, there is no law against Govt spying on UK citizens. Well, there is the retrospective Human Rights Act's Right to Privacy but even Cameron wants to get rid of that.
No, instead we have laws like the ID Cards Act where everyone with a passport/driving license will be forced to turn up for interrogation, fingerprinted like a criminal and forced on to give up keys to their records on the passport, tax, benefits and new ANPR databases. All to be connected to form the world's most intrusive mass surveillance database - even worse than anything China or North Korea have.
Oh, and the Dictatorship Bill which passed on Tuesday.
So the government, which can invoke the army's help, or the police force, each with powerful mainframes, can't break some 40 year old's crappy email encryption that's used to send pictures of kiddies to his mates.
"Oh boy"
Warning: The following is impassioned, most probably improbable and I can only hope a bunch of people might be able to read it and think, maybe some of those who don't see any of this as a threat, maybe some of the "I have nothing to fear" crowd.
/.er
/now/ and in /their interpretation/. When a government can declare, without oversight, that something is illegal simply by fiat, and without accountability to the public, then you should very well be afraid, you should be downright terrified.
When are people going to start caring about their freedom again? I don't mean "freedom" in the way the Bush/Blair have hijacked it, I don't mean "freedom to do as we say". Real. Freedom. The kind they taught you about in schools, the kind that's become a joke.
Isn't it sad that a country that was founded on the ideas of individual liberation and privacy (fourth amendment) and has a great history (albiet with its own strifes on mistakes) is now straight on the path to being what it detests, what it fought against?
To paraphrase another
"Consider all of those who fought in WWII against this type of totalitarianism, gave their lives for our freedoms, and perhaps for others' freedoms. We are telling them 'Thanks for the sacrifice, now shove it' ".
A country that was founded on the idea that government cannot be trusted, that had protections to keep the government from abusing the individual written into its most basic document has become lazy, complacent...and quite frankly stupid.
Of course the response I get to this from so many is
"Americans have it too easy! They're unwilling to sacrifice some of their so called 'privacy' so that our fellow Americans can stay alive!"
I would like to counter that argument and show it faulty. First of all, I would say that the laziness and unwillingness to sacrifice runs both ways, if Americans are too "lazy" to give up an essential right, they are also too lazy to fight for it. This thought of
"I could do something about my constitutional rights being violated...but...American Idol is on...and...I really want to see if Joey wins..."
Also, I counter that there is absolutely no point to electronic surveillance against a terrorist.
A) The smart ones (IE the head honchos) will use encryption. Good luck breaking that...really...good luck. Hope that goes well for you.
B) Look at Israel. They CANNOT stop terrorist attacks no matter what they do. This is because all it takes is a particularly "motivated" individual, a txt file explaining how to make C4 with RDX (which is easily attainable online and all the required ingredients easily obtainable) and the ability to walk into a building and press a button. This country can never be, and WILL NEVER BE SAFE FROM TERRORIST ATTACK.
THIS NEEDS TO BE BEATEN INTO PEOPLE'S HEADS.
ALL IT TAKES IS A PISSED OFF PERSON AND BOMBS THEY CAN BUILD FROM ONLINE SOURCES,
THE GOVERNMENT CAN NOT KEEP YOU SAFE
GOD CANNOT KEEP YOU SAFE
SAFETY IS AN ILLUSION
And in this case it is an illusion that is being used to dupe several countries of otherwise intelligent people.
For those who simply spout out "but I'm not doing anything wrong! I shouldn't be afraid!", consider that you're not doing anything wrong
"When the Nazis came for the communists,
I remained silent;
I was not a communist.
When they locked up the social democrats,
I remained silent;
I was not a social democrat.
When they came for the trade unionists,
I did not speak out;
I was not a trade unionist.
When they came for the Jews,
I did not speak out;
I was not a Jew.
When they came for me,
there was no one left to speak out."
We all know the Ben Franklin quote, it doesn't even need to be repeated.
But here's another lesser known one
""The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants."
- Thomas Jefferson
The meaning of this is so abundantly clear. There will
Happiness does not come from having much, but from being attached to little.
>Some douchebag swithces a few words around in a famous bit of prose and suddenly it's +5 interesting?
Yes, Grìma. Get over it.
Bush: NSA wiretap everybodys phone
Blair: I can do better than this. Everybody should submit their encryption keys.
Bush: You beat me. There should be no encryption.
Blair: Thats unfair. Citizens ID will contain all details including Bank, no of computers, SSSID, usernames.
Bush: What next? Invade Iran.
#include std_disclaimer.h
As many of you may have noticed, the UK has never been a true democracy. After governing the country in increasingly totalitarian fashion one may want to question to legitimacy of the current UK government. Lets hope that the people will wake up to what's going on and be able to finally establish a true democracy in the UK. Its about time.
I seem to recall legislation being put into effect in the Republic of Ireland a few years back (when Clinton was in office), guaranteeing that private encryption keys could NEVER be demanded by the government. I might be mistaken, and don't have time to research this.
As the format uses more storage than necessary by default, nobody can prove that there is more information to be extracted beyond the perfectly innocent data. (Note that compression is obviously not the point here.)
First of all, isn't this quite old? I'm sure this has come up before
I'll be dammed if i'm ever giving my private keys to any police, i'd rather be thrown in jail. It's not like i've got anything to hide but with my keys they will have access to every piece of personal information i have.
Yet again Blair is trying to "help" in the "war on terror" by removing more freedoms. Way to go Blair
"What do you mean you have no ice? Do you expect me to drink this coffee hot?" - Random Customer, Clerks
Your papers please!
Seriously, sounds like its time for the OTP to re-emerge. Makes you wonder how hard it would be to make a pad generator which wipes the pad if you bungle the password and to effectively create an auto-destructing keyring.
I'm a political scientist by education.
Where does that put me in your example?
The law - which is here:
http://www.opsi.gov.uk/acts/acts2000/20000023.htm
It requires you to provide a key - if it is reasonable to assume you have it - to decrypt encrypted data. It is only illegal to refuse to give a key IF ASKED, and NOT "look up their name in the government encryption key database, find out that no, they did not provide their encryption key to , and take them directly to jail."
It IS an offense (from the legal text liked above) "if he knowingly fails, in accordance with the notice, to make the disclosure required by virtue of the giving of the notice."
with apologies to the poet Robert Burns. But I digress and wax lyrical no more:
So many questions, so much confusion, and so little time to save the children.
P.S. to President George: we must declare a "War On Paedophilia". I humbly suggest a slogan:
"No Child's Behind!"
Not quite. Cell phones are only encrypted between the handset and cell site, not end-to-end between phones. That is why it is still possible to put taps on cell phones.
If you don't get the subtext, you now are automatically guilty if you have encrypted files, and must prove yourself innocent.
Britain has been edging very close to police-state status. If this law passes, it will cross that line once and for all.
This just in:
An anonymous reader writes "Businesses and individuals in Britain may soon have to use clear, non opaque envelopes when using the postal service or face imprisonment. The UK government has said it will bring in the new powers to address a rise in the use of opaque mail transport methods by criminals and terrorists." From the article: "I mean really!" exclaims one patriot, "A postcard or plastic envelope should be fine for any law abiding citizen. What do these perverts have to hide, anyway?"
Mandatory anal probes?
guess all the governments are having a competition, who gets to fuck its citizens privacy first..... news like these reminds me of movies like V for Vendetta or Equlibrium......a government which does not need rules and people who just accept everything thinking its for their own security
...a paedophile. Filthy dipthongs!
Split your crypto key into two pieces which need to be recombined to decrypt anything. That's an off the shelf feature of programs like PGP.
Ship the second half to a friend in a free country and then destroy your copy.
Obediently give the police the first half when they come calling.
That won't work if the law requires you to be able to decrypt your data, but in that case they're making criminals out of all people who forget passphrases.
Demanding encryption keys is a pointless exercise; there are several techniques and systems supporting deniable encryption. You can achieve deniable encryption via steganography or random erasure of your hard disk. Some systems even support an arbitrary number of layers, so you can keep revealing things and still hold more back.
Even just using steganography alone, any noisy signal can be used for deniable encryption. So, if the UK government wants to be able to decrypt everything, they better also pass and enforce a law outlawing noise. I think everybody, from audiophiles to engineers, would surely be really happy if they succeeded at that.
Finally!! I've been waiting forever for them to criminalize /dev/random!
It should complement the existing cell phone tracking system.
The US wants a kill signal and a black box for your car. The kill switch is to avoid all of those messy chases. It would turn off the non free computer in your car and stop you dead. The black box would include all sorts of things, including position from GPS, but only those allowed could read it. It's great to have non free software in things like cars isn't it?
Friends don't help friends install M$ junk.
what criminal would give the government their private encryption key?
Programming is simply the application of logic to creativity
They never give up.
I think the dog ate my keys
-- www.globaltics.net
Political discussion for a new world
I see many comments saying: I will hide my data so well nobody will know it exists. There is still one person that knows about that data: you. And you can be forced to reveal it in many ways. Especially today when being accused of anti-communism^W^W terrorism wipes out all your human rights.
... when they pry it out of my cold, dead hands!
I have often wondered why there wasn't more "CIA" style encryption being used.
Have 2 passwords for any encryption, 1 password decrypts the contents, the other FULLY erases/destroys the data.
"The price good men pay for indifference to public affairs is to be ruled by evil men." ~Plato (427-347 BC)
. . . maybe that explains why the vast majority of operators have the encryption turned off?
Typically, there's an exchange to securely establish the *identity* of the device, but the actual datastream is unencrypted.
In the states, if it's even on, the exchange is performed with 64bit keys (instead of 128) AND the first 10 bits are mysteriously set to 0 on all carriers (or at least were as of three years ago) . . . this makes it trivial to crack with a rainbow table type analysis.
...I tell the police I simply forgot my encryption key?
I am really curious about this.
In the past, the cops didn't care where you kept keys, 'cuz they could smash open any physical place. Or subpoena non-incriminating testimony. Now with crypto, they can no longer smash and grab.
Okay, you got us on that secret prisons in soviet bloc countries thing, but with moves like this one you'll catch up in no time. Good show!
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
No, I there isn't any known way to distinguish /dev/random output from /dev/urandom output. It's not like /dev/urandom uses a silly pseudo-random algorithm like rand(). It uses the same strong cryptographic-hashing-based techniques as /dev/random, but it doesn't require as much input to the entropy pool. You still can't crack it or distinguish it from /dev/random output unless you have every bit of state that has gone into the pool (interrupt timing, etc.) since the box was booted. And if you are in a position know that, /dev/random isn't any more secure.
...for one thing. It was Polish cryptoanalysts who broke Enigma the first go-round. The Poles had been reading Enigma encrypted messages since 1932. It wasn't until 1939, when they provided two reverse engineered Enigma machines, plus the availability of Polish cyptoanalysts in exile, that either the French or the British were able to begin to get a clue.
Some encryption systems use smartcards to store the private key.
Goal of the system: You need both the smart card and the pin protecting the public key in order to access the private key.
Extracting the private key and hand it over would be a security violation.
"... or face imprisonment."
Well, in this case the UK "government" may want to start building many many prisons very very fast...
Some security experts are concerned that the plan could criminalise innocent people and drive businesses out of the UK. But the Home Office, which has just launched a consultation process, says the powers contained in Part 3 are needed to combat an increased use of encryption by criminals, paedophiles, and terrorists.
"The use of encryption is... proliferating," Liam Byrne, Home Office minister of state told Parliament last week. "Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of Part 3 of RIPA... which is not presently in force."
Part 3 of RIPA gives the police powers to order the disclosure of encryption keys, or force suspects to decrypt encrypted data.
Anyone who refuses to hand over a key to the police would face up to two years' imprisonment. Under current anti-terrorism legislation, terrorist suspects now face up to five years for withholding keys. - why not just shoot them in the head, they are obviously terrorists, criminals, paedophiles and generally just very baaaad people, m'kay?
(ok, that was sarcasm.)
You can't handle the truth.
I find this difficult to believe... all the added risk of having to have a continual communication layer on top of the already difficult channels for communication? Last I heard people were still trying to verify that any terrorists were using encryption at all, much less one-time keys...
"The state must declare the child to be the most precious treasure of the people. As long as the government is perceived as working for the benefit of the children, the people will happily endure almost any curtailment of liberty and almost any deprivation."
- Adolf Hitler
You know, this is clearly against the UK constitution. Oh, um, yeah...
We need rubber-hose.org back more than ever
What other people think of me is none of my business
to .dll and put them in the windows folder. Finding them will be harder than breaking encryption.
Just stick a block or two of cryptographically strong random numbers on your hard disc. If enough people do this it would be impossible to locate encrypted files in amongst the decoys. This also has the advantage that the decoys will take the maximum possible time to 'decrypt', i.e. until they give up!
Andy
-1 Arrogant Prick
If fate makes you a motorcycle, you become a motorcycle.
Well I guess I have to revoke my signatures on PGP keys from the UK then, don't I? I mean: if someone else, even if it is a government organisation ALSO has access to a certain private key, how can one be sure who's using that private key?
www.vanheusden.com - home of Multitail, HTTPing, CoffeeSaint, EntropyBroker, rsstail, bsod, listener, nagcon, nagi
the clock's ticking; i think its gonna happen reeeal soon!
oh yeah!, you might not want to whisper in your neighbors ear in public. you might become a suspect reeeal soon!
There's one thing that sticks out.
I bet that sentence for terrorism or dissemination of child pornography is much higher that two to five years behind the bars. If what is on terrorist's disk can land him in prison for life (or make him disapear from UK via CIA and land him in some Middle East prison with tortures and all) is he going to be scared of 2-5 for not handing encryption keys?
So is this really an Act to fight terrorism and paedophilia, or is it a tool to intimidate and criminalise law abiding citizens suspected of e.g. tax evasion[1]?
Robert
[1] you can always write in a search warrant that you want to check someone's financial information in order to check if he isn't financing terrorist cell, or buying child pornography, right?
Bastard Operator From 193.219.28.162
You might as well just start sending private keys to your government now, just to be a good citizen. I'm sure the people responsible for bringing this law into effect won't mind forwarding them to the proper authorities, so just email the keys to them for now.
As helpful as all these technical criticisms of the "cellphone" example are in understanding the Security-101 minutiae of SIGINT, they totally miss the point -- oddly enough by POINTING OUT THE POINT!
The primary overriding point to be made is that regardless of utility in any particular example, the issue is in loosely defining terms that could have absolutely ridiculous results. So, they mandate that they must keep all of these keys with a perpetually appended list of obviously absurd exceptions (read:cellphones, https, ssh/sftp, s/key and all manner of one-time-pads), thus rendering the whole idea rubbish because the necessary exceptions are likely the most needed sources of information. They then criminalize anyone who doesn't comply with that moving target.
As I said, it is just a horrible, horrible joke.
The Illuminati are very very close to actually bringing about One World Gov't. Prince Charles and his children already bear the mark of the beast on their right hand; Prince Charles coronation will include spoken phrases indicating that he derives his power from the dragon, and his throne bears the symbol of a red dragon, much like the one that is described in Revelation.
We are coming close to the end times, and all of this has been planned for centuries by the power elite.
But we can stop it. They may have the power of money and influence, but our power lies in resolution and sheer numbers. We must be willing to defend our freedom with our lives.
I received that "indocrination" on three wildly different continents in four languages? (which, incidentally, is true)
Which "indocrination" trumps?
If criminals are using crypto to help them break the law... I have this overwhelming feeling that criminals will continue to break the law and fail to turn over their private keys. The only thing that this affects is the privacy of honest citizens. The law is never a deterrent for criminals... otherwise criminals wouldn't regularly break it.
So anyone not using SMTPS (if you need to log in when sending emails) and POP3S/IMAPS should actually think again. This will at least make things a little harder for the bad guys that wants access to your accounts.
And another thing to consider - Encryption technology is useful for hiding information in an obvious way, but obfuscation is better when you want to be really secret. Steganography or use of different names in various conversations so that it is context-dependent. If you can't convince them - confuse them.
You can go back to the cold war era with spies and secrets. The various ways that were used to propagate information and diversions are actually still valid today. 99% of all information propagated isn't critical, it's the 1% that is. And sometimes it's even better to spread the most critical information in clear text since the other side can't really believe that it's true.
There is a story of a british agent that were captured somewhere by the german forces in the second world war just before D day, and as soon as they asked him where the landings were to be he provided them with the correct information, but they didn't belive him and when pressed he gave them false information. - I don't know if it's a true story, but it's a good one.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Yet another shining example of a law that will criminalize ordinary citizens who only wish to secure their privacy while doing absolutely nothing to curb the activities of terrorists who would murder those same citizens. Absolutly brilliant!
The contest for ages has been to rescue liberty from the grasp of executive power. -- Daniel Webster
Maybe they should have a mod "+1 no useful information, isight, or humor, but I have mod points and agree strongly because I'm a moron"
They do - "underrated".
It can't be metamoderated, either.
WHILE you are at it, why not include diplomats and their luggage and crypto, too???!!! Oh, but NOOOO, they are privileged and part of they spy and brinkmanship script and to some extent are more, umm, trustworthy...
Yeh, right...
Frickin masters of the universe... US and UK governments and a few others just seem unable to let go of slipping empire...
UK, detach yourselves before the purportedly-coming whirlpool sucks you in, too. You do NOT have to fight or pick a fight you can walk away from.
Do NOT be so obsessed with empire, kingdom, and imperialism... Those days should be OVER with.
Why should a person hand over the keys to their encryption if they are NOT officially a suspect nor TOLD they are one? You CANNOT and NEED NOT KNOW EVERYthing, goddammit. IT is NOT your domain or purview. GET OFF IT, OK? DAMN, out-of-control-tax-funded functionaries...
Fix FOREIGN POLICY and MUCH of the VIOLENCE will go AWAY! Stop propping up defense cartels and rogue "democratic" "leaders".
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Switching a few words around in a famous bit of prose: (-1, Douchebag)
Knowing which words to switch: (+5, Interesting)
Some things (+1, Funny) can't buy. For everything else, there's metamod.
... no-one in the UK actually obeys the asinine laws that the government brings in.
How about this? An encryption software which ALWAYS creates 5 large random files. You can use any number of them to store encrypted data, provided you enter the correct password. Put some plausible data in the first, and say you didn't need the others...
10 ?"Hello World" life was simple then
This law effectively requires that law enforcement must put a respectable amount of effort into collecting and cataloguing what could be billions of encryption keys.
No, it doesn't! Wow, are you people misunderstanding.
Only if they want the key(s), do they demand the key(s).
== Jez ==
Do you miss Firefox? Try Pale Moon.
This is similar to France's approach.
For a survey of crypto law you may want to look at Bert-Jaap Koos's web site http://rechten.uvt.nl/koops/cryptolaw/ .
Different countries have taken all kinds of approaches to this from banning crypto, to forcing people to use key registration authorities, to simply ignoring it.
One interesting approach is to sentence people who won't give up their keys to the same sentence they would get if convicted of the crime they are being investigated for.
I know, don't feed the trolls. But I was once a foolish young lad like this. I think he need to be modded up as "interesting", if only to highlight the trivial tasks which whould be encrypted.
Simple to say, every financial transaction I make over the web is encrypted. It's not necessarily private data. I don't care if you know that I'm ordering a textbook on widgets with my Visa from amazon.com at 2 in the afternoon. You can even have my cc# as plaintext, if you want it. You can have my PIN. You can have my SSN (seems like everybody already does - what makes you any different). I can always just cancel the card and get a new one, or reset my pin, or petition to have a new SSN (yes, that's a hard one, but it can be done). But it's an inconvenience to me, and in some cases a major inconvenience and results in a loss of income. Sometimes you just don't want the world to know. Sometimes you don't want personal information out there. Sure, it's not necessary - but most of the time privacy is a reasonable expectation. I suppose I could take a shit with the bathroom door open, but I'm more comforatble with it closed - as are most other people (on both sides of the door, I might add).
There are times when you _need_ encryption. Certain corporate communications, personal record transfers (HIPAA comes to mind), etc. And criminal activities, too. Just because it can be used for evil doesn't make it evil. We in the US saw just how foolish this attitude was when the TSA considered banning nailclippers from air transportation. No, nobody actually needs nail clippers on an airplane and, yes, they could be used to fashion a makeshift weapon, but... (they are allowed, btw). (someone will point out that they never considered banning them - mod that nitpicker down, I'm trying to make a point here)
So while you go on blabbing that your life is an open book, and that you don't need encryption so nobody does, there will still be cases and conditions where encryption is both resonable and necessary in the lawful engagement of everyday life. Just remember that your attitude is what allows the government to get away with the slow erosion of personal rights all over the world.
First they came for the Communists...
Is it just my observation, or are there way too many stupid people in the world?
The only people that would hand over their keys are normal everyday innocent citizens. The criminals would never do it. Lets think about this...On the off chance they do get prosecuted for not giving up their encryption, the punishment could and would most likely be far lessthan that of whatever crime they are concealing.
This works as well as anti-gun laws which take the guns out of responsible law abiding citizens hands and pretty much leaves people to being victims of the only people with guns (the criminals), who by the way don't care about gun laws either.
Thinking this sounded a bit like sensationalism, I just went to read the actual bill. It looks like this does not automatically apply to everyone, but is retrospective once ordered. The more interesting part of the text seems to be in the 'interpretation' section of this part of the bill:
>"key", in relation to any electronic data, means any key, code,
> password, algorithm or other data the use of which (with or
> without other keys)-
>
> (a) allows access to the electronic data, or
> (b) facilitates the putting of the data into an intelligible
> form;
Also, to give the people stating the obvious a break, this was also a proviso in the bill:
> (d) that it is not reasonably practicable for the person with the
> appropriate permission to obtain possession of the protected
> information in an intelligible form without the giving of a notice
> under this section
So, if its easier to get the information another way, that's taken care of. It's also not a case of needing to send all your keys to the government either. Not that I don't think this bill is a problem, but its the smallest of problems we have right now - people can already be arrested and detained if an officer suspects they might probably, possibly, do something illegal.
However, I also can't see a police officer understanding that you don't actually have the key needed to decrypt that SSH session you made 3 months ago to that web server that was also used to host a site suspected of being used by terrorists or paedophiles, which you had no idea existed.
Here is one for them to stop and ponder:
What if someone is totally innocent, has a bunch of different encryption programs and passphrases, and is raided by law enforcement.
What if they cannot recall every single passphrase? If they forget just one, are they going to jail until they can remember?
Think about that, I've got PCs sitting around from years back. I've used different password systems over time, and often I cannot remember very old passwords. If I were living in the UK and were to get raided (I have no reason to, I don't even download TV shows or have MP3, just OGGs of stuff I own, so move along), I'd be sitting in jail, I suppose.
What if, because you cannot recall a password, you reformat a hard drive? Then they find the drive and want the password because they can recover the data?
What if someone send you an email with an encrypted content (whatever the method), and you don't legitimately have the means to decrypt it? Sounds like a great way to set up a suspected criminal. "Yes, we see you have several emails in your trash with encrypted contents. Tell us how to decrypt it or you're going to rot in jail."
How about amnesia? It goes on and on...
It's not hard to blow massive holes in this playing devil's advocate. Then all a real criminal has to do is play ignorant.
Try to avoid generalising like that.
(Stupid Yanks.)
http://daviddfriedman.blogspot.com/2005/12/differe nt-argument-for-right-to-bear.html
"Tempers are wearing thin. Let's just hope some robot doesn't kill everybody." --Bender
The silver lining to this is that this is proof that the government doesn't really have the capability to decrypt encrypted email in a timely manner, even with all their supercomputing power.
Which means that those in Britain willing to break their retarded laws, and us here in the US where encryption isn't illegal, are, by using encryption, successfully sending TRULY private emails.
There ways one can protect the privacy.
4 6216
One can deny the knowledge or the existence of encrypted data using the following.
http://www.truecrypt.org/
Another interesting concept of plausiable deniability.
http://it.slashdot.org/article.pl?sid=04/12/16/19
The criminals using encryption are already breaking the law and obviously wont turn in their keys to the police. The only people who will be caught up in this legislation are the good people who follow laws. Whomever thought this up should be sacked for pure stupidity.
I was crazy back when being crazy really meant something. (Charles Manson)
Just create a couple gigs of nothing but encryption keys on your hard disk, then choose an arbitrary number of them randomly whenever you want to encrypt something. When they want the keys... give them the entire contents of that partition.
Non sequitur: Your facts are uncoordinated.
I can see why the fact that someone is tapping your data should be hidden from them during investigation, but AFAIK there's no provision post investigation for them to be made aware. In other words, abuse will always go unpunished because you can never prove it. IMHO that's an ideal situation for corruption to bloom..
Insert
The problem is, the non-governmental "solutions" are just as broken as the govermental ones, but also there are fewer checks and balances against them. The closer you get to anarchy, the easier it is for independent "gangs" to form and move to exert control over something. In government, you have gangs too, but those gangs that have a little more transparency and they can at least theoretically be removed or altered via democratic processes.
The idea that market forces can keep independent gangs in line is a myth that is dispelled as soon as you look very close at corporate-gang behaviors, especially once they start getting large enough to either exert significant control over a market, or collude with their peers to shut down the smaller competition. Often products do not succeed due to their inherent quality, but rather the quality of the marketing applied to them or the quality of the control a company has over the marketplace. Perhaps you'd be comfortable selecting a medical procedure based on the most persistent marketing rather than its success rate? You won't even *know* the success rate unless they're regulated into telling you, just like food companies had to be regulated into telling you the ingredients of their products.
Sure the government system sucks, but the reason we *know* it sucks is largely due to the transparency it has. Other systems suck too, but you may not know how much they suck if there's no means to impose some transparency of the processes. "Voting with your dollars," just won't do it.
So if I generate a public/private key pair with the name of, oh say Tony Blair, and send him a message encrypted with the public key. He becomes a felon for failing to provide the private key? How delicious!
What if someone is totally innocent, has a bunch of different encryption programs and passphrases, and is raided by law enforcement.
What if they cannot recall every single passphrase? If they forget just one, are they going to jail until they can remember?
Potentially yes they are.
Think about that, I've got PCs sitting around from years back. I've used different password systems over time, and often I cannot remember very old passwords. If I were living in the UK and were to get raided (I have no reason to, I don't even download TV shows or have MP3, just OGGs of stuff I own, so move along), I'd be sitting in jail, I suppose.
You suppose right.
What if, because you cannot recall a password, you reformat a hard drive? Then they find the drive and want the password because they can recover the data?
You are SOL, unless you can prove your innocence.
That is one of the problems with this law. You have to prove that you are innocent and have forgotten your passphrase or key.
Kinda tricky.
What if someone send you an email with an encrypted content (whatever the method), and you don't legitimately have the means to decrypt it? Sounds like a great way to set up a suspected criminal. "Yes, we see you have several emails in your trash with encrypted contents. Tell us how to decrypt it or you're going to rot in jail."
See previous comments.
How about amnesia?
Prove it, or you are going to become a guest of Her Majesty's Government.
Then all a real criminal has to do is play ignorant.
And end up inside for a couple of years. Remember, you have to prove you are innocent. If you refuse to hand over the keys - automatic jail time. After that and they ask you again - Refuse again, back inside for another term.
If the keys did not exist, as per your example with dodgy e-mails, and obviously you couldn't hand the keys over - Jail time unless you can prove they didn't exist.
Trying to associate Microsoft with "fun" is like trying to associate Satan with aromatherapy. -Tycho
Hmmm?
Western Sahara? "SeaLand?"
Your InmarSat bill must be something terrific...
As a libertarian myself I'd say it goes deeper. So much of the jargon is not merely reinforcing the state, but reinforcing a whole solid coercive-collectivist-altruist worldview.
Consider "providing for the needs of society". Providing what, from whom, to whom, collected how, distributed how, for which needs, who determines the need, why are needs an excuse to provide, and how can a society have needs when a society is an aggregate of individuals? It's so utterly steeped in assumptions that it's well nigh impossible to even argue in those terms without falsely conceding nine-tenths the argument.
Regarding the last one with an email: What if the password exists, but you don't have and were never in possession of them? How do you prove you never knew a password?
I guess it is right along side if someone sends you some pedophile pictures and you delete them - how do you prove you never requested them and have nothing to do with them?
In Ray Kurzweil's 1999 book: The age of spiritual machines, he predicted that this would happen. He also correctly predicted that it would be caused by Terrorist acts. Although he was referring to things like the bombing in Oklahoma City by Timothy McVeigh it's interesting that he was pretty much totally right about this. When I first read it, I thought, this will never happen, but it is happening.
No Sigs!
Why is it they think a law will make EVERYONE hand over their encryption keys. The people they want to track are criminals, so why would a criminal abide by this law especially if its going to get him caught. If you outlaw encryption only outlaws will encrypt.
However, sadly this doesn't suprise me with the current state of affairs in all public offices through out the world.
I personally will now make sure to encrypt everything I send to the UK. Who's with me!?
-PB_TPU_40 The trick to flying is to throw yourself at the ground and miss.
What I really miss is seeing some really basic questions? Like:
Do we really need healthcare?
Do we actually? I'm now talking in the way and amount that is taking place in the Western world, and not of abolishing anything. Instead of taking care of the body, people are wasting their flesh in front of a computer or TV-set and eating food that is making them sick. Then they become depressed and eat more unhealthy stuff, and pills that make them sleep. Now THAT'S insane!
The ONLY way to turn it is to become aware of it.
The knowledge for disease-free living is available. People only have to open up their eyes to spirituality. Do breathing-excercises, meditation, or sing and dance, whatever - what you need will come to you, just EXPERIENCE it with an open mind. It's mind-blowing stuff going on out there by VOLUNTEER groups that put up posters in YOUR local area..
The same with democracy: People argue back and forth, but ultimately don't really care except for themselves, and maybe their closest family. If you CARE then you DO something. A mother will run into the street for her child..
The human values are something we need to reestablish in society, only then can we have true democracy and safety again. That people actually care and develop a sense of community..
Sadly, it seems people in the West are having it too good. It's very sad that there seems that everything need to go down to the bottom, before people wake up..
It doesn't have to be that way though. Already, more and more people are discovering themselves and their lives over again. But it always start with ME, myself, ego in a good and innocent way. Open-minded adventure.. What can I do for the world? Why am I here?
How else to solve everything but to lift the spirit?
Certainly not by raising the tax-breaks by 0.7% while raising the interest 9 points. Lots of discussions amounts to nothing.
http://www.debunkingskeptics.com/
Politics!=Law!=Government ("Big G" that is) ...nor does it necessarily imply any particular form of either of the latter.
All that word truly means is the space, behavior and mechanisms people create (or actively DO NOT create) to resolve their differences. On a desert island, two people hurling coconuts at each other would be every bit as "political" as the Prime Minister's Questions. THAT is what "Political Science" is about, not reinforcing one form of government ("little g"), ideology or even the IDEA of -a- government ("Big G") as an entity. See the coconuts again: that's "governing" -- that is, one can govern or engage in government (v.) without becoming The Government (n.). Remember, Political Science is the intersection of Sociology and Economics, which in their purest forms are little more than observation.
Now, in observing this, I note that I have said basically nothing about the politics of this other than it happens to be politicians coming up with the idea, which is a point of fact over which nothing in my mind has any bearing or control. The British government exists and it is doing something absurd. Nothing in that statement illuminates whether I think that government should exist in some form, should exist at all or anything in between. It is just an observation of current FACT. That someone would take that and dribble on with some screed about how I've been "indoctrinated" reall illuminates far more about that person's indoctrination than anything I may or may not have been subject to.
I hope this advances your understanding of what "Political Science" is, if just a smidge.
The existence of all those kinds of encryption renders utterly useless the very, very few cases where this would be remotely feasible. That was my point. Apologies if it was a tad round-about. It wasn't a literal "OMFG!!! Teh cellfone!!" -- it was just "this is, in every possible form, a patently ridiculous idea and here's one example of why."
Have a nice day.
...and that is *A* political idea. It is not an idea shared by all people.
That political scientists are AWARE of such ideas, understand them, analyze them and can argue them from whatever point of view in no way implies they _agree_ with such ideas.
To take the beloved doctors analogy, you might as well say that because a cardiologist has studied the heart in great detail that they are thus rendered wholly incapable of conceiving of an organism surviving without one. No, they just know what the hell they're talking about when it comes to the heart.
Ya right.
Time for any existing corporation or business to flee with all due speed out of this country, and take all it's profits with it.
Countries that intend to abuse the privacy of citizens and business should brace themselves for record breaking drops in tax revenues, and much lower GNP numbers. The Big Capital of the world is already fleeing Europe and moving to India and Asia where the laws are light and the taxes are more manageable.
Why would a business stay in a country that puts corporate profits, Intellectual Property, and proprietary information at risk?
"The waiter still needs 10 ashtrays for his location." (Our man upfront requests 10 kilograms of C4 for use in the local area) ... etc., etc.
"Jonson will deliver the PCs to [adress],[adress] and [adress] tomorow between 10 am and 12 am" (Bombing squad will strike tomorrow between 10 and 12 at [adress],[adress] and [adress])
As if Terrorist would use Email encryption so they're spotted faster. What a load of rubbish.
This law is the biggest piece of bullshit the UK gov has pushed out in a long time.
We suffer more in our imagination than in reality. - Seneca
The UK government has said it will bring in the new powers to address a rise in the use of encryption by criminals and terrorists.
So is it then OK to demand the UK government to stop encrypting "sensitive" information? I mean, they could be sneaking child porn in there. Surely, the UK government has something to hide, because that's basically the only reason to want privacy.
What's next? Forbidding using curtains to stop public insight into rooms. For God's sake, one could be raping a kid in there!
Beware: In C++, your friends can see your privates!
Regardless for what reason you want to maintain your data secure, anyone with technical knowledge can bypass the security measures through the use of VPN and Remote control software... No sensitive information would this way need to be carried with the laptop itself, thus no enctyption on the laptop itself would not even be needed... Your sensitive information is safe, the authorities gets access to nothing but the unsensitive data on the laptop itself, and we are ending up with another system that does not do anything than harm innocent and less tech savy people...
"There are current encryption technologies already deployed in the market that allow for two sets of data to be encrypted with two keys into a single file."
Here's a FOSS alpha version of such software:
http://www.freenet.org.nz/python/phonebook/
Is there any others?
..as I thought we were against the terrorists because they want to take away our freedom. Please remind me again of *which* freedom-takers were the bad guys, as I seem to be missing something here.
U.S./U.K.: Removing personal freedom for security and to secure "intellectual property" and the viability of outdated buisiness models.
Terrorists: Removing personal freedom to secure their view of religion.
From a regular citizens' viewpoint: Why should we buckle under to *either* group?
It seems to be an equally unacceptable outcome either way.
Cheers!
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
the powers [...] are needed to combat [...] criminals, paedophiles, and terrorists
/. about a guy who claimed DRM was needed to fight terror)
just like they needed the iraq war?
lets face it - politicians have found out they can sell ANYTHING to the people by telling them it was needed for fighting terrorism (just a few weeks ago I read on
scared people are illogical, they just beleive anything you tell them, so politicians scare people with the word "terror" and then tell them "vote for me - I'll save you"
now since "terror" means "fear" translated from latin, and politicians make you afraid on purpose, I think it's adequate to say
politicians are terrorists - abolish software patents to fight them!
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
The sooner people realize that we're sliding down into an age of oppression worse than anything Nazi Germany or Soviet Russia have ever done, the better we are off. Sure, we don't set up gas chambers anymore. That was so bad for PR. But don't think you'll have ANY freedoms left in a few years.
Tony Blair can pry my private key from my cold, dead fingers.
Not according to the bars, they always seem to close with: "You don't have to go home, but, you can't stay here..." [...] Also, if you pick up a chick...you gotta get her home to your bed somehow!!
You know, a responsible person has random, empty sex with strangers in the backseat of the car rather than drive home drunk.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
Of course, since lobbying parliament only really delayed the inevitable passing of the Act, you may now wish to consider taking your protest directly to the companies involved in the ID scheme in your area.
Fight fire with fire!
Regarding the last one with an email: What if the password exists, but you don't have and were never in possession of them? How do you prove you never knew a password?
That is the question. Very difficult to prove.
I guess it is right along side if someone sends you some pedophile pictures and you delete them - how do you prove you never requested them and have nothing to do with them?
Again, very difficult to prove.
In this country if any paedophile images are found on your machine, that is it. The law does not consider the possibility that paedophile images could end up on your machine in innocent way at all.
Received in error and deleted? You Are Going Down.
Sent mailiciously and deleted? You Are Going Down.
Appeared there via some trojan? You Are Going Down.
Never mind that you might have wandered onto a dodgy website and the images are in your browser cache? You Are Going Down.
No matter how they got there, You Are Going Down.
Trying to associate Microsoft with "fun" is like trying to associate Satan with aromatherapy. -Tycho
You could just print it out in bold at one character per page, even print it out in binary. Then hand over your key in a human readable and computer readable format as it would be. Might be worth a box of A4 and generating a key :D.
If the UK goverment wants keys then offer free SSL certs to UK companies, would get more that way than thru legislation that seems draconian in approach. Criminals remarkably enough would hide there keys and so will many innocents eiher thru ignorance or laziness. If the police want the root password to my systems I'm more than happy for them to have, once they can prove they know what there doing. Otherwise it would be like handing the keys to a porche over to somebody who has never driven a real car in there life and end up crashing it. It would be neglegent for me to endanger somebody who cant drive a car into such a situation and even illegal. As such for me to proactivly not hand over any encryption keys I have and lets face it many programs generate internal keys which yoru not even aware of; is that wrong or is that ignorance.
I believe the line here is for example the police for whatever reason suspect data/information useful to an ongoing investigation is stored upon your computer in an encrypted file and you dilberatly withold that information. Then this law should fully apply. But to proactivly enforce such a law is utterly futile, though i'm sure the people who enforce the law see it that way also.
Not even going to look into the implications of any european laws of which the UK is apart of.
How would a One Time Pad user comply with this law? Do you give the authorities every possible key in the keyspace? That could be a very large document.
-ted
Suppose A wants to talk to B, and has B's public key.
A generates a keypair. He signs the public key, encrypts it with B's public key and sends it
B recieves the key, decrypts it, verifies A's signature and decides to accept the conversation
B generates a keypair, He signs the public key, encrypts it with A's public key and sends it back.
A recieves the key, decrypts it, verifies B's signature and starts the communication.
A and B now each have a freshly generated, trusted, public key they can use to send stuff to the other person.
After the conversation ends, A and B simply delete the private key they generated. I think it's even safe against man in the middle attacks since you also sign the public key.
BTW: if anyone knows of instant messaging software that does this, or wants to (help me) make something like this, let me know: my gmail is peterdeems.
This achieves nothing, other than piss innocent people off.
Oh, I'm *sure* a terrorist who is plotting a terrorism event will stop and think, "Oh, fuck - I'd better submit my private encryption key to the US/UK government, or they'll send me an angry letter!".
This law smacks of being formulated by someone who has no fucking clue as to how easily configured and commonplace encryption is...
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
I've just figured out my new passphrase :)
bluebluegreenyellowgreywithgreenend
If you unplug the cables to take my computer i will never be able to duplicate my passphrase....sorry
Now as long as the cat doesn't move my cables around i am good to go, hehe.
This is for terrorists and paedophiles, right? So how about limiting it to cases involving those offences?
:v)
FYI I left the UK *because* they drafted this law. It wasn't hard to see where the government was heading, and I wanted no part of a country that conducts itself in that manner.
Vik
Why would terrorists or criminals be compelled to obey this particular law, while they're breaking others? This is just plain stupid. Even if all the businesses caved in and submitted their keys, does the UK government really they're going to get emails along the lines of:
"Hi, I represent the West London cell of Al Qaeda. In accordance with the new encryption laws, please find attached all our private keys. Thank you, and have a nice day!"
Laws only work on honest people.
So the government gets all of the nice law abiding people to hand over their private keys. Do they assume the criminals will do so as well?
Silly Americans, trading your freedom for security! What kind of "free" society spies on its own citize--
Oh...
(At least even in Bush's America, we can still keep our private keys private. Of course, it takes little more than subpoena or warrant from a fascist rubber-stamp of a judge for the FBI to retrieve (read: steal) them, by violent physical force if necessary, or if the government feels like using it that day...)
Is Capitalism Good for the Poor?
Dear UK Gov't
Because of your new laws we were able to force the parent poster to hand over the details of his dastardly encrytion scheme. After merely mentioning the new laws the poster details a sneaky device called rot13... maybe named as such to give the impression of decay and bad luck... who knows.
# echo "v'z fher v'yy trg zbqqrq qbja sbe guvf fvapr v'z rkcerffvat n ceb-crefbany-svernezf ivrjcbvag, ohg naljnl" | rot13
Lets hope these free thinking hippies get what they deserve!
They want to image your drive. This means:
a. they need to connect/disconnect cables
b. they need to cut power
So you need a system that can not be rebooted. This will obviously involve a UPS or laptop battery for power. The key is only in RAM. When power is lost, the key is lost forever.
Too easy to lose your data? Well, you could replicate the system. Have computers that network boot from each other. The police will grab all of them at once, causing them to all lose power. You know better, and can ensure that they don't all get shut down at once.
nazis, horrifying, bigbrother, fascism, stupid
I mean, you can expand on that but it's basically all right there.
Everyone should read the history of Germany from 1933-39. "History doesn't repeat but it rhymes"
Eek.
spoonerize "magic trackpad"
Everyone knows that George Orwell was really named Eric Blair, right?
Sometimes I find this fact just too ironic.
spoonerize "magic trackpad"
Have you seen the recent movie V for Vendetta? Maybe it's not _that_ far from the truth... Maybe it's Time to blow the Big Ben?
--The knowledge that you are an idiot, is what distinguishes you from one.
Yes, we must fight for our whites. rights. whatever.
You don't get it. Government is the big bad ooky thing that tells us all what to do and takes our money. In Anarchy, we don't have that. We have a bunch of individuals who, um, organize themselves into groups and decide, errr, how to distribute resources, and how to enforce that distribution, and what to do about the Bad People and stuff like that. That's not government, see, because it's different. It's only because of your Statist indoctrination that you can't see the difference.
I consider myself an Anarcho-Syndicalist, but man! the twists of logic that some Anarchists go through... Talk about indoctrination. Anarchism is a form of Government, and if you can't see that, you really need to read a little more.
"Oh, but spun, Anarchists don't Initiate Force (you can hear the capitals when they talk, can't you?)" you say, "We don't force people to do anything!"
Oh really? You don't force them to respect your property rights and conflict resolution system?
"Oh, but that's not Initiation of Force! That's Retaliatory Force! They started it!"
Yeah, sure. "They started it" is the favorite excuse of tyrants everywhere. What about my right to go anywhere I want and use any natural resource I want? Why should I respect your supposed "right" to take that away from me? If you weren't here, I could use the land you claim as your own.
Basically, the parent post is correct, anytime you have more than one person, that is political science. Discussion of things such as property rights, conflict resolution, decision making systems, etc. THAT IS GOVERNMENT!
I'm sure some Libertarian is going to come along now and demonstrate the meaning of the word Sophistry for us.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Yes you do, it's called the Convention for the Protection of Human Rights and Fundamental Freedoms (and often European Convention of Human Rights, although that means the acronym ECHR is overloaded with the European Court of Human Rights, which is charged by the Council of Europe with enforcing the Convention).
All Council of Europe countries must subscribe to the Convention. All European Union member states must also be members of the Council of Europe. The Council of Europe is not a body of the European Union -- it is a proper superset of the EU member-states.
The aquis communitaire (the common-law and regulations of the European Union) and the Convention treaty have obliged the UK to protect human and civil rights in the UK even where that conflicted with UK law or jurisprudence. The same has been true of the Council of Europe states since 1950.
The sets of treaties and rulings obliging the UK to adhere to the Convention are beyond the easy reach of Parliament, and are thus effectively part of the unconsolidated UK constitution.
Individual access to the Court has been available to all Council of Europe nationals since Protocol 11 came into force on 1 November 1988. The Court has regularly required Convention states to adjust national laws since then.
In the UK, the process was made simpler with the proclamation of the Human Rights Act (1988) which came into effect on 2 October 2000. The Human Rights Act makes it possible to seek remedy for breaches of Convention rights within the UK court system. In effect, it requires the various courts in England and Wales, Scotland, Northern Ireland and the Isle of Man to interpret local laws consistently with the Convention, and allows the appeals courts to issue declarations of incompatibility against Acts of Parliament. This is a back-handed way of instituting primacy of the Convention in UK law -- the Human Rights Act does not allow the appeals courts to strike down laws passed by Parliament, but the declaration of incompatibility effectively estops lower courts from enforcing them, and pretty much guarantees that a subsequent appeal to the European Court of Human Rights would oblige the UK to alter or repeal the law in question per its treaty obligations.
The English courts in particular have been looking more and more like those in Canada since the 1982 adoption of the Charter of Rights and Freedoms, although the latter is more explicit about the teeth being given to the judiciary in protecting human rights. Among various statutes and practices declared incompatible were Part 4 of the Anti-terrorism, Crime and Security Act, and the ability of the Home Secretary (a politician) to participate in judicial sentencing.
Moreover, the current UK government has strangely been markedly positive in its support of the Charter of Fundamental Rights of the European Union. It has no legal weight at this time, but the proposed Treaty Establishing a Constitution for Europe incorporated the Chater and would have the EU and all its member-states formally subject itself and align its justice system (and those of its member-states) with the European Court of Human Rights. This would further strengthen the legal changes unleashed by the proclamation of the Human Rights Act (1998).
Unfortunately there is substantial split-personality disorder rampant in the UK government. In particular, the Home Office seems to do little other than produce proposed legislation and regulation which are obviously against the spirit (and sometimes the letter) of the Convention. The politicians put in charge of the Home Office apparently cave in to the militant authoritarians entrenched in the ministry itself.
Coincidentally, Liberty today published
"Dude, like, that's a 'town.'" //loved that episode.
It will be interesting to see how many people drop out of society as this rollercoaster of privacy invasion builds up speed. I for one will never carry a card that has my fingerprints, dna or iris scan on. Even if it means I can't get basic services... They can kiss my hairy ass. I don't have anything worth encrypting but if I did I wouldn't give them the keys even if they threaten me with jail... They can kiss my sweaty gonads. The pathetic excuses they are using to force unwanted ideas on us (e.g. biometric id cards) & invade the general populations privacy is unbelievable. The scary part is that most people are dimwitted sheep who believe what the evening news tells them without thinking it through for themselves and without the numbers to fight it they will get their way. And on top of that they will vote the governments back in even if they diagree with their policies, as long as they keep the economy healthy for them. Baaaa baaaaa baaaa
...as in many similar cases...it is the best for the most, as opposed to the best for the least. The latter is certainly far, far better, but for far, far fewer...and I say that having worked in various aspects of U.S. national public health programs since the 70's, both on the private service and public administration sides of that equation--and I can assure you, that the "universal healthcare" side is a much, much better deal by a LONG shot.
Someone needs to teach these pollies some basic mathematics.
It is reasonably easy to prove that, for any given random set of data, there exist an infinite number of encryption algorithms & keys that produce different streams of meaningful text in one or more natural languages.
So all the bad guys will have to do to get around the new law is remember two (algorithm,key) pairs for each encrypted data set and provide the authorities with the one that produces a seemingly harmless message.
I'll bet that most of the really bad guys care enough about not getting caught to go to that effort.
Wake up.
If it can happen there, in can happen here in the U.S.A
For fucks sake, you need to tell your representatives that this is unacceptable.
Today's show is brought to you by the number 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0: 25
I remember reading before a proposed solution to this. Pleople located outside the UK should send encrypted files to UK politicians, and tip off the police. The politicians would then have the burden of proof to show that they did not have the decryption keys, or face two years in prison. They would soon see the problem sith this
They already have this ability. It's called the Regulation of Investigatory Powers Act and it was passed in 2000. RIP, don't ya just love it...?
Now what happens if I refuse to disclose my key - or even better, destroy it when the get my HD? Will I be punished, because authoritioes can't know if I'm guilty? IANAL, but basic reason tells me, that this is completly against any "in dubio pro reo" principle. This gets dangerously close to middle age (and present medieval societies), when people were just tortured until they confessed anything and everything.
Fortunately, there's a simple solution - use XOR one-time-pad encryption with two different keys (anyone who's remotely serious about being paranoid will not use anything else than XOR anyways):
Good call. There must be a whole heap of incompatibility between the human rights act and the RIP act. If the human rights act can allow a bunch of afghan hijackers to get off the hook, I would like to think that it gives me the right to keep my private key ... well, er, private.
Burns: We're building a casino!
McAllister: Arrr. Give me 5 minutes.
I recon we should all find an encryption program, and make a file C:/Haha_this_is_encrypted_with_random_data_and_i_a m_not_giving_you_the_key
or even better lets all send some government email adress an encrypted file terrorist_plot.
"v for vendetta" anyone?
www.vanheusden.com - home of Multitail, HTTPing, CoffeeSaint, EntropyBroker, rsstail, bsod, listener, nagcon, nagi
First, for anyone carrying secret information more valuable than whatever punishment is attached to not handing over your private keys, it's best to just not hand the keys over and take your chanses.
Secondly, there's this concept called plausible denyability. It's not new, it is atleast a decade or two old. An example of how this is done in TrueCrypt (an GPLed encryption-utility for Windows and Unix that encrypts whole partitions or just filesystem-image-files that can then be mounted only by knowing the secret key)
It works like this: Say you've got a 100GB partition with an encrypted filesystem on it. The filesystem stored on this partition currently has 60GB in it, mostly lewd videos of your girlfriend.
What the government doesn't know, and *cannot* prove is that the 40GB of *unused* space contain a second encrypted filesystem, encrypted with a different key that you *didn't* tell the government about.
TrueCrypt works so that empty space is always filled with random noise. And the encryption used is such that unless you know the key, the encrypted filesystem is indistinguishable from random noise.
What are they gonna do ? Imprison you for not handing over the keys to a filesystem that may not even be there ? And for which they have no indication whatsoever that it exists ? (if you want to create a second "inner volume" in the free space or not is optional, and the default is not to do it.) Even the precense of TrueCryprt is perfectly well explained in this case: You need it to access the "outer" encrypted volume, the one you *DID* hand over the keys to. The one holding moderately embarassing but not really important stuff.
Then we can explain the "sure it's bad, but it's not China" meme used to make us think "oh well, it's not so bad I guess. Can I have my ID card back please officer?".
Yes, absolutely! This is a flaw in the system! There is no way to determine if someone even HAS the private key to encrypted data on their PC!
Hmmm...
http://undecidedgames.blogspot.com
I'm not an expert on anything, nor do I profess to be. However, anyone with a modicum of intelligence can see that the "laws on health care are messed up" --in fact, you don't even have to be a doctor or intelligent to know that. You just have to be sick and poor.
By the way, what "laws" are you referring to?
No sig for you! Come back one year!
Perhaps the best way of dealing with laws like this that are both unenforcable, far-reaching, and generally ignorant of the way things are is by removing the ability of legislators to propose laws outside their area of expertise, leaving this to a panel of experts. Leave the discussion and passing of laws to parliament, but remove the ability to propose stupid laws.
that's right, at a fundamental level Libertarianism
is flawed, even more flawed than communism
Use One Time Pad encryption. Have large hard disks (500GB should be good), at each location of your business which you need to securely communicate with. Force all communications to be OTP encrypted against blocks of that 500GB of random data and replace them at each location whenever the 500GB runs out. You'll need a system which expires each block of random data at each site to prevent capture of both the ciphertext and OTP and it will also need to work in such a way as to prevent the same block being used twice in two different communications, regardless of which site was communicating with which (for example A-B should not use any blocks which C-D already has, or any other combination of site-site comms). A central block expiry server would have to be kept to expire and allocate allowed-for-use blocks as requested (pointers to block serial numbers of course and not the actual random block data itself). For the really paranoid business, they could keep different OTP's at each site and the appropriate copies at the central site and then proxy all communications through the central site. This way even if a remote site is captured, the OTP for that site is unique to that site, OTP blocks of previous communications have already been erased at that site and the central site and hopefully the alarm was raised to no longer communicate with that captured site.
Now place the responsibility of storing each and every version of the OTP's on the government. The OTP's are of course the "password" with this scheme. I would love to UUencode it so that it could be printed and then send that to them, but that would cost us a fortune each time. It would be great to send your encryption keys to your government office on a few thousand pallets or so, delivered by many 24 wheelers and dumped in their reception area, front door and spilling out onto the footpath and blocking the whole street. They should of course, expect to receive this pulp every time the OTP's fully expire. ; )
There is of course steganography. Encrypt all your boring communications and embed your secret comms with further encryption and stego add it to videos, images and sounds which are part of your boring comms. Nobody can prove the noise in the noise floor of those files is not natural noise if it looks exactly like natural noise.