Slashdot Mirror
UK Government Wants Private Encryption Keys
An anonymous reader writes "Businesses and individuals in Britain may soon have to give their encryption keys to the police or face imprisonment. The UK government has said it will bring in the new powers to address a rise in the use of encryption by criminals and terrorists." From the article: "Some security experts are concerned that the plan could criminalise innocent people and drive businesses out of the UK. But the Home Office, which has just launched a consultation process, says the powers contained in Part 3 are needed to combat an increased use of encryption by criminals, paedophiles, and terrorists. 'The use of encryption is... proliferating,' Liam Byrne, Home Office minister of state told Parliament last week. 'Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of Part 3 of RIPA... which is not presently in force.'"
Enter TrueCrypt and hidden volumes made for exactly that reason: http://www.truecrypt.org/hiddenvolume.php
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
The basic argument is that the purpose of a search warrant is defeated by encryption. Now I think that's wrong, or at least part wrong, and I think an alternative would be to make material held by the defendant which he does not choose to decrypt something that the jury can take account of, just as refusal to testify is now, under limited circumstances, something the judge can point to during summing up. And the alternative of forcing decryption isn't offered (although quite how someone would demonstrate that plain text they offered really _was_ the decryption is a whole other question).
The is bad, illiberal law, and those of us involved in campaigning against it have been in correspondance with our MPs for some years. But it's not just Britain that is tearing up its freedoms in the face of minor terrorism: the USA collectively shat its pants and ripped up a century of jurisprudence on the 12th of September. It makes far more sense for people with a desire for freedom to work together, rather than to assume that we're a bunch of proto-fascists while Bush Jr defends your constituional rights.
ian
Well you have to put this in context.
/. article about that3 48200
IIRC, the Brits wanted to extend the length 'terrorists' could be arrested & held without charge (from 14 to 90 days) so that the police could have more time to try and break encrypted data.
Here's the previous
http://yro.slashdot.org/article.pl?sid=05/11/04/1
I'm pretty sure that idea died a Horrifying death
[Fuck Beta]
o0t!
You're behind the times.
The UK is already (planning) installing a system of automatic licence plate recognising camera's throughout the country. The resulting database will allow a very comprehensive following of cars and thus persons.
The next step is of course that you have to report to the police whenever you've driven an other car but your own...
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
although obtaining a warrant would force one to give up encryption keys
Even with a warrant they can not force you to give up your encryption keys. There is this thing called the 5th amendment to the constitution.
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
You can take the 5th when questioned about your keys. No matter what they do they can not compell you to give them that information.
If you know something about cryptography it isn't that horrifying.
There are current encryption technologies already deployed in the market that allow for two sets of data to be encrypted with two keys into a single file. This allows a user to encrypt a sensitive file with an innocuous one, so that when required to disclose a private key the user can just give the one that decrypts the innocent data.
Again, these new laws will only deteriorate the right to privacy of innocent people, while the real criminals will be allowed to roam free doing their dirty deeds with little more trouble then a software upgrade.
Or the human cattle ID cards Act, which creates by far the world's most intrusive Big Brother database on citizens by linking up 5+ previously unconnected databases...
The Dictatorship Bill, also called the Abolition of Parliament Bill, Totalitarianism Bill or (by the Govt) the Legislative and Regulatory Reform Bill is nothing less than a naked grab for power. After being amended 3x, the Bill was passed in the form described here.
LRRB enables ministers to rewrite our constitution with only rudimentary scrutiny. Consider the extraordinary mass surveillance / coersion implications of the ID Cards Act. Even the well-organised opposition could not stop this legislation.
What chance then of:
1. Spotting obscure but deeply damaging clauses hidden in the boring legislation?
2. Motivating the Tories, LibDems and enough New Labour drones to subsequently block it?
LRRB is then carte blanche for Blair to do what he will with this country. What can we deduce of his plans?
New Labour already rejected an amendment to stop LRRB re-writing our most important constitutional laws. They then promised to introduce new amendments fulfilling the same thing. Our skepticism was once again justified. This is more than enough evidence that Blair wants dictatorial powers.
LRRB is obviously a precursor to passing laws which Parliament wouldn't otherwise pass.
Considering the deeply scary laws he's got through Parliament, the likelihood is that he wants something so badly, and so unpalatable that he won't even risk presenting it for proper Parliamentary scrutiny.
- He does not need Parliamentary approval to invade Iran
- He already has Hitler's Enabling Act.
- He has already passed RIPA and the ID Cards Act for more Big Brother snooping than anything China or North Korea have.
- He already has locked up people for 3 years without trial or even being questioned - although he has been twice been 'told off' for breaching the Human Rights Act in this way.
I did not believe that he needs LRRB to repeal the HRA - indeed one welcome amendment was to exclude the HRA from being amended. When every other explanation has been ruled out, whatever remains, however unlikely, must be considered. I think something much worse is coming although I dread to think what.
Sheesh. With a microsecond of thought, you'd realize that the police aren't going to just stick your encryption key into YOUR software. They'll lift the drive, make a copy of it, and use THEIR software to decode it.
Sometimes it's best to just let stupid people be stupid.
"Methinks the UK government doesn't know that what it wants is technologically infeasible...."
Methinks you didn't RTFA.
They are not asking that all keys be submitted. They are simply asking to give the police the power to force you to submit keys on request. In other words, after they've already confiscated your computer and discovered that there are encrypted files, they demand that you hand over the key, and if you don't, then they can throw you in jail.
I'm not saying I agree with it, just trying to clarify the misconception that everyone in this thread seems to be having about this.
"You cannot simultaneously prevent and prepare for war." -- Albert Einstein
The export control rules for USA exports of crypto have been all but eliminated (done in the last year of the Clinton Administration). To export open source crypto from a web site, you just email the Feds telling them you are doing that. To sell binaries, you apply for a retail designation of your software, and can export with virtual impunity. Most or all OECD nations have followed suit.