Slashdot Mirror
UK Government Wants Private Encryption Keys
An anonymous reader writes "Businesses and individuals in Britain may soon have to give their encryption keys to the police or face imprisonment. The UK government has said it will bring in the new powers to address a rise in the use of encryption by criminals and terrorists." From the article: "Some security experts are concerned that the plan could criminalise innocent people and drive businesses out of the UK. But the Home Office, which has just launched a consultation process, says the powers contained in Part 3 are needed to combat an increased use of encryption by criminals, paedophiles, and terrorists. 'The use of encryption is... proliferating,' Liam Byrne, Home Office minister of state told Parliament last week. 'Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of Part 3 of RIPA... which is not presently in force.'"
I believe we are in need of a new Slashdot section: Horrifying
Encryption keys don't kill people, people kill people.
If owning (not divulging) encryption keys is criminalized, only criminals will own encryption keys.
These "rules" will only push the envelope of how and what criminals (or terrorists, etc.) use to hide their activities. And at the same time, they will add one more burden to the general population to manage and ensure the government is informed of their encryption infrastructure. Nuts.
The most effective infiltration into terrorist infrastructure is still social engineering. I'd rather the money spent creating and managing something like this spent training and hiring translators, covert agents, etc.
A convincing point about the futility of this proposed rule comes from the article:
How will they know that they have the correct private keys without "testing" them on the owners' encrypted communications every so often? Oh well, it is England after all. Living on an island can do odd things to living things.
Britain's use of anti-privacy situational crime prevention measures are a means of targeting petty crimes and the innocent while displacing more professional and semi-professional crime into other areas. These techniques do not stop the criminal, as he is already committing a crime, what would he care if you added "refused to give up private key" to his list of crimes?
The UK needs to wake up and realize that these forms of crime control only waste money and create more crime, than stop crime from happening.
before we all get issued our Newspeak dictionaries...
http://www.newspeakdictionary.com/ns_frames.html
If this goes into effect it would make it a very dangerous thing to have files of random characters .... you'd have a lot of trouble explaining them.
Much like a warrant to search a physical premises, having the police have the power to force you to expose your private data is perfectly reasonable, so long as it is similarly regulated by the courts. Unfortunately, as the article points out, there are problems with proving that you do or don't have the key to unencrypt, but the general principal of allowing the police to search something with a warrant does not seem problematic.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
Time for steganographic file systems where your private data can be hidden inside innocent looking files. They can't force you to disclose your key if they don't know and/or can't prove that you have one.
http://en.wikipedia.org/wiki/Steganography
I'll probably be modded down for this...
- cameras are used by criminals, paedophiles, and terrorists - we need access to your negatives/memory disks.
- houses are used by criminals, paedophiles, and terrorists - we need access to your house keys.
- cars are used by criminals, paedophiles, and terrorists - we need copies of your car keys.
- ATM machines are used by criminals, paedophiles, and terrorists - we need to know your PINs.
- Online email services are used by criminals, paedophiles, and terrorists - we need to know your username/passwords.
- Computers are used by criminals, paedophiles, and terrorists - we need to install a backdoor on your computer.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Gee, I wonder what all the uk fanboys who were dissing the US about the whole NSA/ATT debacle have to say about this? Face it boys and girls, this is happening everywhere. The terrorists won a major strategic battle on 9/11, they have successfully changed the scope and nature of privacy rights across many of the worlds "democratic" nations.
So, do I need to send my wifi keys too? And bluetooth? What about the encryption used by GSM?
And my car remote lock fob, that too?
Is it April the 1st?
Open Source Drum Kit, LPLC deve board - mjhdesigns.com
Eastasia set the tone and Oceania is keeping in step. Just wait for the perpetual war, that'll be fun.
Chicken fried butter sticks? Do
There was no crime, because the secret police would carry you off and shoot you in the head if you were even suspected of a crime. Wiretaps were the norm and the government could do whatever it wanted. Privacy didn't exist. And they were safer from criminals for it. Well, safer if we define criminals as ones that weren't in the KGB.
Yeah, no "In Soviet Russia" Joke here.
This is frightening. It's like we're becoming the very thing we fought in the cold war. A totalitarian government.
But at least we have 37 types of cereal.
Here's an idea... why not just make it a crime for pedophiles, criminals and terrorists to NOT give over their private keys AFTER they've committed their crime.
That way Joe Sixpack can keep sending encrypted communications and not have to worry about the government reading them - as long as he doesn't start blowing stuff up, too.
A criminal that rapes someone may have talked during the rape -- it is the rape that was evil.
A criminal that shoots someone in the head used a gun -- it is the shooting that is evil. He could have used a baseball bat.
A criminal that blows up a building might use a cell phone -- it is the building exploding that is evil. He could have used e-mail or writing a big X on a tree.
We have to stop government from criminalizing actions that are part of our right to speech. This right is not something Constitutional or created out of any government document -- it is a natural right that all humans share, no matter what the laws say.
I'll continue to encrypt, and I'll dare the government to try to restrict me. If I have to, I'll encrypt by using an encryption program that hides my real text to make it look like readable language. Let them try to stop that. Or I'll use my own spoken code. Will they find a way to criminalize it?
Don't criminalize tools, criminalize criminal actions.
I had the same thought. Most encryption is transparent to the user, and session based.
All I ever see is a little icon that tells me the connection is encrypted when I go to my banks web page...so, am I responsible for reporting the keys or is the bank? Or both? And does it matter that they are useless as soon as I log out?
Convince you? OK. How about this?
It is MY PRIVATE DATA.
If the government has reason to believe that I am doing something illegal, then convince a judge to SIGN A WARRENT.
People; don't say "This can't be done."
This is referred to as a "catch-all" type of law. Beware the wonders of selective enforcement.
The idea here is that if you find a suspected terrorist, and they use encryption, you don't even need to bust them for terrorism OR for not providing their encryption keys when demanded. You can just go to step A, look up their name in the government encryption key database, find out that no, they did not provide their encryption key to , and take them directly to jail.
Regardless of whether or not the are a terrorist, regardless of whether or not they are willing to turn over their encryption keys when asked, you can find them guilty.
This is not about collecting everyone's encryption keys (at least not at first). Initially, this will be used as a blunt stick to smack anyone the government doesn't like. Think of the way seat belt laws are enforced; cops won't stop you for not wearing your seat belt, but they'll sure as hell issue a ticket for it even if you aren't speed, have all your paperwork in order, and have done nothing else wrong. It's a sort of standby crime they can get you on.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
Add this to the National Identity Register, ID cards, the Civil Contingencies Act and the Parliament Act and the UK is well on the way to becoming a police state.
And the worst of it is, most people seem to think this is a good thing.
Who the hell modded this informative?
Check the destination of that link before you click it... It goes to Bottle Guy - Just another site similar to Goatse or TubGirl.
Just an example of astoundingly ignorant politicians who don't realize they're effectively criminalizing the use of cellular phones, the constantly changing keys of which would amass petabytes of data within a year, in just the UK--and that's just the keys, not the data they encrypted...and that's just the cellphones.
What absolute morons.
You need encryption to ensure that when you send your credit card number to a website, all the networks in between do not get to write that number down and save it for later. You need to keep your private key private so that, when a malicious cracker gets into the website for your major operating system and puts in some innocent looking update files on the server, the clients on the other end can verify that they have not been signed by you. You need encryption so that you can keep your plans for rebellion out of sight of the oppressive government you live under. Maybe not the U.S. or Britain (yet), but one would hope that people in places like Iran are able to secretly make plans with themselves and with outside forces to throw off the yolk of whatever is bothering them.
Another purely pragmatic fear is that this would be nothing but a waste of time and money, and a distraction. This law effectively requires that law enforcement must put a respectable amount of effort into collecting and cataloguing what could be billions of encryption keys. (I couldn't even count the number of keys that I use offhand, not even counting SSL, which I assume they don't care about.) All of these keys have to be associated with their owners and users, what they're being used for, and what data they're being used to encrypt. That could easily grow to be one mess of a database.
A database that would be effectively useless. The only people who are going to provide keys are law-abiding citizens who provide them all and non-abiding citizens who provide all but the keys they don't want the gov't knowing about. Meaning none of the keys in the database will be useful for finding anything the law might need to know. Meanwhile, it's going to provide another distraction if they actually try to enforce it, because they'll have to start hunting down all the folks who are no threat, but don't provide keys because they don't know, don't care, or value their privacy. I'm completely lost as to what they think they can gain by maintaining this. It's not like this database would be particularly useful for, say, mounting a dictionary attack on data that was encrypted with an unknown key by a real shady figure.
I'm sure implementation details can vary how much this is going to pull resources away from real counterterrorism and law enforcement, but I can't see how this can possibly do anything but make counterterrorism and law enforcement more difficult. And I'm sure anybody worth their salt probably realizes this; I can't see why the true motive could be anything but irrational paranoia or a Big Brother attitude. (Of course, those are probably really the same thing.)
...I know that's like asking to be lied to, but I would like to know how often criminal investigations are hampered or even prevented because communications or information had been encrypted.
Like so many others, I see this as nothing more than an attack on privacy and not as an aid to criminal investigations. Criminals are not going to turn over their keys. People who turn over their keys aren't likely engaged in criminal acts. "honest" people who believe in the right to privacy will become criminals, however.
I'm not sure "police state" is the right word, but we're certainly talking about criminalizing the general population to the point that only people "in office" can have the right to privacy under the guise of "national security." And a funny thing happens to your rights when you become "a criminal." You lose them along with your ability to run for public office and all manner of other things.
Maybe they do, and this serves as a way to indirectly outlaw a whole host of encryption technologies (at least when used by private individuals, rather than the government).
Of course, its quite likely that if the UK is like every other country, the law would be selectively enforced. They wouldn't go after everyone using technology that made the mandatory reporting impractical, but if law enforcement got in in their mind that you were guilty of something else (whether another crime or just doing something not-illegal that law enforcement authorities don't like), they'd use your use of such technology, and the fact that it made you guilty of a chargeable offense, as a lever or as a fallback charge.
The use of illegal government spying on innocent citizens is proliferating.
Your move now.
...(and no, you may not have my encryption keys).
What ideas, US is way ahead at this whole package of buying civil liberties for the same excuse 'criminals, paedophiles, and terrorists.'
NSA Phone Home anyone?
CIA wants internet-usage-information
FBI wants ability to barge in for a cup-a-coffee without a warrant
Is anyone else getting the feeling that its not safe on either side of the water and its about time to find an uninhabited unclaimed island and start your own country?
I don't post often, but this spurred me to action.. It reminds me of gun laws in the U.S. Honest Citizens are expected to wait 5 days and complete a form acknowledging among other things that they are not a criminal. The funny thing is.. I don't think that criminals admit they are criminals..so they get their guns illegally or check "no" i am not a criminal on the form. If honest citizens are expected to turn over their private keys.. I might expect that the criminals wouldn't turn theirs over - they have already broken at least one law (to become a criminal).. I'm sure they wouldn't have a moral problem with breaking another. or They could simply turn over the a throw away private key to satisfy the requirement and use an illeagal set for their business. Just my opinion
In america we have whats called the 5th amendment. Which should mean that I have protection under the law to not be forced to answer questions that incriminate myself. What is your password? and what is your encryption key? should be similiar to Where were you the night the victim was shot? I don't have to answer if i believe that in answering the question it will incriminate me in a crime.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
The law - which is here:
http://www.opsi.gov.uk/acts/acts2000/20000023.htm
It requires you to provide a key - if it is reasonable to assume you have it - to decrypt encrypted data. It is only illegal to refuse to give a key IF ASKED, and NOT "look up their name in the government encryption key database, find out that no, they did not provide their encryption key to , and take them directly to jail."
It IS an offense (from the legal text liked above) "if he knowingly fails, in accordance with the notice, to make the disclosure required by virtue of the giving of the notice."
TrueCrypt lets you mount the container as a filesystem, which is a convenient way to go. This sort of thing allows you to:
a) Deny that there is anything encrypted for which you have not proffered a key. "Oh yeah, show me what I have encrypted and I'll show you the key."
b) If that's not enough, proffer the false key that gives them the alternative access. "Ok, here you go. Let me know if you find anything incriminating. (tee hee)"
The problem I can see with "rubberhose" systems like this is that governments won't buy your line that you went through all the trouble of setting an encrypted volume or whatnot to protect lame things. I'm sure they would have no problem jailing or coercing the user until they gave up the key to something juicy.
Since you can't prove a negative, you'd better hope you last longer than they do.
Where does the school board find them and why do they keep sending them to ME?
But they can "force" (if you don't want to go to prison or pay some fine, probably torture in the future?) you to hand over the key to the first container. Opening it (Usually they'll have the legal "right" to do so by the time they come asking for the first key, because otherwise they probably would'nt even know about that one in the first place) and finding the second container, thus getting to know it's existance... ad infinitum. Plausible deniablity only works as long as "they" can't get their hands on your raw drive and "known" container keys legally. I prefer not to even deny I'm encrypting, but keeping the key on an encrypted USB stick, which can easily be destroyed, effectively destroying all my data at the same time (Until the original encryption is broken, which is, in all likelyhood, long after my death). I may end up "destroying probable evidence" and even being "unwilling to disclose my keys" (thouh that would be a stretch), but they can't, under any circumstances, gain those keys anymore (Neither can I, but that's worth it). But then, I live in Germany, where at this time, encryption is still legal and even recommended by the courts to protect private data.
Tony Blair is a truly scary individual. He has surrounded himself with sycophants, and claims 'history will judge him' in order to stay in denial about his 25% approval rating. He lives in the delusion that he is a great leader, a president of britain (and at one point, in his mind at least, of europe)
He believes he knows better than us. He believes that we should just sit down and shut up because he has some great destiny to fulfil for himself and the nation.
In short, he is a bit of a Stalinist.
In mainstream politics, if you support equal and universal health care, YOU MUST SUPPORT STATE RUN HEALTHCARE.
Well, my serious question is: how else are you going to do it? What entity other than the state can provide universal health care?
Or, are you positing that either:
Legitimate questions, not a flame. I'm just not sure what you'd call any entity that provided universal health care other than "the state".
-- http://frobnosticate.com
Here is one for them to stop and ponder:
What if someone is totally innocent, has a bunch of different encryption programs and passphrases, and is raided by law enforcement.
What if they cannot recall every single passphrase? If they forget just one, are they going to jail until they can remember?
Think about that, I've got PCs sitting around from years back. I've used different password systems over time, and often I cannot remember very old passwords. If I were living in the UK and were to get raided (I have no reason to, I don't even download TV shows or have MP3, just OGGs of stuff I own, so move along), I'd be sitting in jail, I suppose.
What if, because you cannot recall a password, you reformat a hard drive? Then they find the drive and want the password because they can recover the data?
What if someone send you an email with an encrypted content (whatever the method), and you don't legitimately have the means to decrypt it? Sounds like a great way to set up a suspected criminal. "Yes, we see you have several emails in your trash with encrypted contents. Tell us how to decrypt it or you're going to rot in jail."
How about amnesia? It goes on and on...
It's not hard to blow massive holes in this playing devil's advocate. Then all a real criminal has to do is play ignorant.
Under pure anarchy, people would naturally take care of each other and no-one would go without care, or
Under pure anarchy, people COULD take care of each other and no-one would go without care. How successful they are is up in the air - Most anarchists or minarchists are not utopians, so just because we have anarchy doesn't mean our problems are all solved. In the same way that we support science, but we don't expect science to solve all our problems.
Here are some examples of ways everyone could have universal and equal health care without being provided by the state:
1. We could have such a wealthy society that healthcare would be so cheap and plentiful as to be essentially free and universal. Take, for example, television. Go to the poorest neighborhoods in the U.S., and all homes will have a television set. The vast majority will even have cable or satalite. In fact, people living in poverty are more likely to see a television as an "essential" item than rich people (who can afford other types of entertainment). There is no government run television program that provides it to everyone... it is just that our society is so wealthy that TV has become so cheap that it is universal. It is possible that we could have such a thriving economy that paying for health care is just not an issue.
2. We could have private, self-organized, voluntary organizations that provide health care to everyone. Churches aren't funded by the government, they rely totally on voluntary participation and funding, and yet churches exist everywhere. There is no reason why any service couldn't be provided equally to all people, based on voluntary contribution.
3. There could be some sort of technological advancement that renders conventional medicine irrelevant.
4. Labor could form unions, and demand health care as a standard part of all employment. Employeers would be forced to pay for medical care, or face a highly organized nationwide strike.
4. There could be any combination of the above. Or any number of other possible situations that I cannot even begin to list. Use your imagination.
Universal health care is impossible and there's no point in striving for it?
Universal Health care seems to be a failure as it has currently been implemented by governments. One could argue that by relying on the state to give universal health care, that we have given up on health care.
I'm just not sure what you'd call any entity that provided universal health care other than "the state".
The state is enforced on all who exist in a geographic location based on the threat of violence through the police and military. Any entity that does not use violence, and does not force participation in the system, would not be a state system. You may thing "the present system is not violent", but it is. The violence may be hidden under layers of beurocracy, but try refusing to pay your tax, or try opening a health clinic without government permission, and the government is going to send some armed individuals to deal with you pretty quickly.
But on a deeper level, the fact that you have to ask me how we could provide universal health care without a state, is a symptom of the bias and indoctrination. You should be able to think up a few methods for solving the problem without the use of the state yourself. Even if you think the state is still the best way to solve the problem, the fact that the average person cannot even comprehend there could be other solutions besides the government... the fact that virtually no-one gives the other solutions any thought should be warning signs that there is a serious problem. The fact that to be anti-government in our society means to be anti-equality, or anti-prosperity, means that any non-government solutions are going to be supressed. After all, who wants to be anti-equality or anti-prosperity.
Statist indoctrination trumps. There may be disagreement about how a state is run, but my guess is that everyplace you were educated, the absolute nessicity of a strong central state was a given. One country might justify the need for a state in order to protect itself from foriegn enemies, another might justify the state in order to provide social services, another might justify the state for other reasons. But they all agree on the supremecy of the modern centralized state. They disagree on the way a state should be run, the principles the state should abide by... but they all see the state as an institution that is intrinsicly "good". I very highly doubt that anywhere in the world, you were taught to question the government itself as an institution (and I don't mean to question the current political regime, or the current party in power... but I mean to question the state in itself).
The silver lining to this is that this is proof that the government doesn't really have the capability to decrypt encrypted email in a timely manner, even with all their supercomputing power.
Which means that those in Britain willing to break their retarded laws, and us here in the US where encryption isn't illegal, are, by using encryption, successfully sending TRULY private emails.
The criminals using encryption are already breaking the law and obviously wont turn in their keys to the police. The only people who will be caught up in this legislation are the good people who follow laws. Whomever thought this up should be sacked for pure stupidity.
I was crazy back when being crazy really meant something. (Charles Manson)
This achieves nothing, other than piss innocent people off.
Oh, I'm *sure* a terrorist who is plotting a terrorism event will stop and think, "Oh, fuck - I'd better submit my private encryption key to the US/UK government, or they'll send me an angry letter!".
This law smacks of being formulated by someone who has no fucking clue as to how easily configured and commonplace encryption is...
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
so, you basically have to go somewhere else after drinking there....and in most places, you sure don't want to leave your car there unattended overnight.
So let me get this straight. You drive to a bar, with the intent to drink alcohol, and intend to drive home after? And this is the bars fault?
You don't get it. Government is the big bad ooky thing that tells us all what to do and takes our money. In Anarchy, we don't have that. We have a bunch of individuals who, um, organize themselves into groups and decide, errr, how to distribute resources, and how to enforce that distribution, and what to do about the Bad People and stuff like that. That's not government, see, because it's different. It's only because of your Statist indoctrination that you can't see the difference.
I consider myself an Anarcho-Syndicalist, but man! the twists of logic that some Anarchists go through... Talk about indoctrination. Anarchism is a form of Government, and if you can't see that, you really need to read a little more.
"Oh, but spun, Anarchists don't Initiate Force (you can hear the capitals when they talk, can't you?)" you say, "We don't force people to do anything!"
Oh really? You don't force them to respect your property rights and conflict resolution system?
"Oh, but that's not Initiation of Force! That's Retaliatory Force! They started it!"
Yeah, sure. "They started it" is the favorite excuse of tyrants everywhere. What about my right to go anywhere I want and use any natural resource I want? Why should I respect your supposed "right" to take that away from me? If you weren't here, I could use the land you claim as your own.
Basically, the parent post is correct, anytime you have more than one person, that is political science. Discussion of things such as property rights, conflict resolution, decision making systems, etc. THAT IS GOVERNMENT!
I'm sure some Libertarian is going to come along now and demonstrate the meaning of the word Sophistry for us.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
I am a fellow anarchist at heart myself (albeit of a socialist persuasion), but in present situation, I see state as a necessary evil to protect its citizens from some of the worse states out there. I'd rather live in a social representative democracy than under a plutocratic totalitarian regime, that's for sure.