Slashdot Mirror
UK Government Wants Private Encryption Keys
An anonymous reader writes "Businesses and individuals in Britain may soon have to give their encryption keys to the police or face imprisonment. The UK government has said it will bring in the new powers to address a rise in the use of encryption by criminals and terrorists." From the article: "Some security experts are concerned that the plan could criminalise innocent people and drive businesses out of the UK. But the Home Office, which has just launched a consultation process, says the powers contained in Part 3 are needed to combat an increased use of encryption by criminals, paedophiles, and terrorists. 'The use of encryption is... proliferating,' Liam Byrne, Home Office minister of state told Parliament last week. 'Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of Part 3 of RIPA... which is not presently in force.'"
I believe we are in need of a new Slashdot section: Horrifying
Just stick a computer in the corner churning out encryption keys and mailing them to the UK government all day every day untill you break their database.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Encryption keys don't kill people, people kill people.
If owning (not divulging) encryption keys is criminalized, only criminals will own encryption keys.
These "rules" will only push the envelope of how and what criminals (or terrorists, etc.) use to hide their activities. And at the same time, they will add one more burden to the general population to manage and ensure the government is informed of their encryption infrastructure. Nuts.
The most effective infiltration into terrorist infrastructure is still social engineering. I'd rather the money spent creating and managing something like this spent training and hiring translators, covert agents, etc.
A convincing point about the futility of this proposed rule comes from the article:
How will they know that they have the correct private keys without "testing" them on the owners' encrypted communications every so often? Oh well, it is England after all. Living on an island can do odd things to living things.
It's a good thing that, as an American citizen, I don't have to worry about these violations of my privacy.
My encryption key is:
1.....2.....3.....4.....5
Damn facist Americans! I am so glad that I live in Europe where such things never happen!
So is it that they want the criminals to hand over their passwords before they commit a crime? This should go well with the anti bank-robbery legislation requiring all would-be robbers to call in a schedule before they pull off a heist.
Luck favors the prepared, darling.
I assume that the there is a simmaler rule for safes/lockbox combinations.
Britain's use of anti-privacy situational crime prevention measures are a means of targeting petty crimes and the innocent while displacing more professional and semi-professional crime into other areas. These techniques do not stop the criminal, as he is already committing a crime, what would he care if you added "refused to give up private key" to his list of crimes?
The UK needs to wake up and realize that these forms of crime control only waste money and create more crime, than stop crime from happening.
If this goes into effect it would make it a very dangerous thing to have files of random characters .... you'd have a lot of trouble explaining them.
Most major companies have offices all around the world, presumably. So now they'll have to have a separate (pretty much disposable) encryption method just for the UK?
What about communication between offices on the internet? A japanese analyst creates some research, but due to technical problems the only Compliance office up is in Europe. So every program or service that can comminicate with Britain has to check if a request is going to/through the UK before applying the "approved" encryption.
To quote, "this is madness"
"Oh, yeah, you think that telephone call database is slick, check this sh*t out. We're gonna make our subjects give up their crypto keys or go to jail"
"Oooh, good one!" (high five)
Welcome to the Panopticon. Used to be a prison, now it's your home.
Much like a warrant to search a physical premises, having the police have the power to force you to expose your private data is perfectly reasonable, so long as it is similarly regulated by the courts. Unfortunately, as the article points out, there are problems with proving that you do or don't have the key to unencrypt, but the general principal of allowing the police to search something with a warrant does not seem problematic.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
Time for steganographic file systems where your private data can be hidden inside innocent looking files. They can't force you to disclose your key if they don't know and/or can't prove that you have one.
http://en.wikipedia.org/wiki/Steganography
I'll probably be modded down for this...
- cameras are used by criminals, paedophiles, and terrorists - we need access to your negatives/memory disks.
- houses are used by criminals, paedophiles, and terrorists - we need access to your house keys.
- cars are used by criminals, paedophiles, and terrorists - we need copies of your car keys.
- ATM machines are used by criminals, paedophiles, and terrorists - we need to know your PINs.
- Online email services are used by criminals, paedophiles, and terrorists - we need to know your username/passwords.
- Computers are used by criminals, paedophiles, and terrorists - we need to install a backdoor on your computer.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
"England Prevails"
Parliment better watch out... hear there's a train heading there loaded with fireworks and other things that go boom.
-zariok-
So, do I need to send my wifi keys too? And bluetooth? What about the encryption used by GSM?
And my car remote lock fob, that too?
Is it April the 1st?
Open Source Drum Kit, LPLC deve board - mjhdesigns.com
Eastasia set the tone and Oceania is keeping in step. Just wait for the perpetual war, that'll be fun.
Chicken fried butter sticks? Do
Simple solution: You have a new encryption scheme where there are 2 private keys. The first one allows decryption, the second wipes the drive. Guess which one you give to the police?
Coding with assembly is like playing with Legos. Coding an application in assembly is like building a car with Legos.
There was no crime, because the secret police would carry you off and shoot you in the head if you were even suspected of a crime. Wiretaps were the norm and the government could do whatever it wanted. Privacy didn't exist. And they were safer from criminals for it. Well, safer if we define criminals as ones that weren't in the KGB.
Yeah, no "In Soviet Russia" Joke here.
This is frightening. It's like we're becoming the very thing we fought in the cold war. A totalitarian government.
But at least we have 37 types of cereal.
Here's an idea... why not just make it a crime for pedophiles, criminals and terrorists to NOT give over their private keys AFTER they've committed their crime.
That way Joe Sixpack can keep sending encrypted communications and not have to worry about the government reading them - as long as he doesn't start blowing stuff up, too.
If the police requests your encryption keys, you can actually give it to them (i.e. comply) without actually giving them access to your encrypted files.
All you need is TrueCrypt, which is open source on-the-fly disk encryption software for Windows and Linux.
The software provides something called Plausible Deniability and it is further enhanced by the so-called hidden volume method.
Basically, it is impossible to prove that you have TrueCrypt-encrypted data and you can even supply a key to decrypt a decoy volume containing some not-really-sensitive data. The bottom line, you comply with the law (order to decrypt) and your data stay private.
A criminal that rapes someone may have talked during the rape -- it is the rape that was evil.
A criminal that shoots someone in the head used a gun -- it is the shooting that is evil. He could have used a baseball bat.
A criminal that blows up a building might use a cell phone -- it is the building exploding that is evil. He could have used e-mail or writing a big X on a tree.
We have to stop government from criminalizing actions that are part of our right to speech. This right is not something Constitutional or created out of any government document -- it is a natural right that all humans share, no matter what the laws say.
I'll continue to encrypt, and I'll dare the government to try to restrict me. If I have to, I'll encrypt by using an encryption program that hides my real text to make it look like readable language. Let them try to stop that. Or I'll use my own spoken code. Will they find a way to criminalize it?
Don't criminalize tools, criminalize criminal actions.
One key to rule them all; one key to find them. One key to bring them in and in the darkness grind them. In the land of Norsefire, where England Prevails.
I'm sure the criminals, paedophiles, and terrorists will just be lining up to hand over their keys, too.
That's the odd thing about this. You can get up to 2 or 5 years in the can (depending on if they think you're a terrorist). So if you have gigs of terrorist info that could get you sent away for life, just say you lost your keys and go away for 5 years max.
Trolling is a art,
When we outlaw encryption keys, only criminals will have encryption keys.
Get your stinking hands off my encryption keys, you damn dirty apes!!!
Presuming that current crypto is secure, public key cryptography provides a solution.
Specifically, the public key is published, but private keys are pretty much unknown. The only thing you really know about your private key is the passphrase needed to use it (note that the computer using an entropy source generated the key in the first place).
The key itself? Should be stored on a flash memory card. Or another easily destroyed medium. If broken, you have NO way of supplying the key to the government.
The issue is key management. If the key doesn't exist, no amount of threatening or torture can cough it up. Sure, the passphrase (at the drop of a hat), but the key?
Ratboy
Just another "Cubible(sic) Joe" 2 17 3061
Convince you? OK. How about this?
It is MY PRIVATE DATA.
If the government has reason to believe that I am doing something illegal, then convince a judge to SIGN A WARRENT.
Encryption may not be a must for most people, but keeping the government out of one's private business is a must for all people, everywhere.
English is easier said than done.
The basic argument is that the purpose of a search warrant is defeated by encryption. Now I think that's wrong, or at least part wrong, and I think an alternative would be to make material held by the defendant which he does not choose to decrypt something that the jury can take account of, just as refusal to testify is now, under limited circumstances, something the judge can point to during summing up. And the alternative of forcing decryption isn't offered (although quite how someone would demonstrate that plain text they offered really _was_ the decryption is a whole other question).
The is bad, illiberal law, and those of us involved in campaigning against it have been in correspondance with our MPs for some years. But it's not just Britain that is tearing up its freedoms in the face of minor terrorism: the USA collectively shat its pants and ripped up a century of jurisprudence on the 12th of September. It makes far more sense for people with a desire for freedom to work together, rather than to assume that we're a bunch of proto-fascists while Bush Jr defends your constituional rights.
ian
People; don't say "This can't be done."
This is referred to as a "catch-all" type of law. Beware the wonders of selective enforcement.
The idea here is that if you find a suspected terrorist, and they use encryption, you don't even need to bust them for terrorism OR for not providing their encryption keys when demanded. You can just go to step A, look up their name in the government encryption key database, find out that no, they did not provide their encryption key to , and take them directly to jail.
Regardless of whether or not the are a terrorist, regardless of whether or not they are willing to turn over their encryption keys when asked, you can find them guilty.
This is not about collecting everyone's encryption keys (at least not at first). Initially, this will be used as a blunt stick to smack anyone the government doesn't like. Think of the way seat belt laws are enforced; cops won't stop you for not wearing your seat belt, but they'll sure as hell issue a ticket for it even if you aren't speed, have all your paperwork in order, and have done nothing else wrong. It's a sort of standby crime they can get you on.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
Add this to the National Identity Register, ID cards, the Civil Contingencies Act and the Parliament Act and the UK is well on the way to becoming a police state.
And the worst of it is, most people seem to think this is a good thing.
Who the hell modded this informative?
Check the destination of that link before you click it... It goes to Bottle Guy - Just another site similar to Goatse or TubGirl.
Just an example of astoundingly ignorant politicians who don't realize they're effectively criminalizing the use of cellular phones, the constantly changing keys of which would amass petabytes of data within a year, in just the UK--and that's just the keys, not the data they encrypted...and that's just the cellphones.
What absolute morons.
Could be swap, could be unformatted forgotten junk etc. The government would have to prove it was real data in an encrypted format. That's easy if it's a file on a filesystem, not easy if it's "forgotten" space on an apparently unformatted part of a disk. That's why this kind of legislation is so bloody stupid. What can I say, we're talking about politicians here, always trying to treat the symptoms rather than the cause.
Deleted
You're behind the times.
The UK is already (planning) installing a system of automatic licence plate recognising camera's throughout the country. The resulting database will allow a very comprehensive following of cars and thus persons.
The next step is of course that you have to report to the police whenever you've driven an other car but your own...
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
How would they know that the use of encryption is increasing, unless they were already monitoring their portion of the internet?
To say, as they did, that this will stop terrorists is stupid. The thing that terrorists have the liberty of doing is sitting back and saying "no" whilst waiting for the rest of their cell to carry out the act; they were going to die anyway, what does it matter. The sentence has to be for a fixed length of time (well it doesn't have to be - in contept of court you could just be held forever untill you are willing to say your name/stop swearing at them etc.) - you can't have crazily long sentences because someone might just forget the key and not be doing anything wrong - so if you say 6 months then they will be out in 3 - which is not enough to stop someone from being a terrorist (if you could even have a sentence which would) and it is far less than peado's get - so it's still the sensible option. Also when you are in prison you can say "I'm in for telling the government to fuck off"... which will make you infinately more popular than "I like watch little kids getting abused" (which will get you beaten till you bleed out your ears)... so I can see a lot of convictions coming
*''I can't believe it's not a hyperlink.''
You need encryption to ensure that when you send your credit card number to a website, all the networks in between do not get to write that number down and save it for later. You need to keep your private key private so that, when a malicious cracker gets into the website for your major operating system and puts in some innocent looking update files on the server, the clients on the other end can verify that they have not been signed by you. You need encryption so that you can keep your plans for rebellion out of sight of the oppressive government you live under. Maybe not the U.S. or Britain (yet), but one would hope that people in places like Iran are able to secretly make plans with themselves and with outside forces to throw off the yolk of whatever is bothering them.
Another purely pragmatic fear is that this would be nothing but a waste of time and money, and a distraction. This law effectively requires that law enforcement must put a respectable amount of effort into collecting and cataloguing what could be billions of encryption keys. (I couldn't even count the number of keys that I use offhand, not even counting SSL, which I assume they don't care about.) All of these keys have to be associated with their owners and users, what they're being used for, and what data they're being used to encrypt. That could easily grow to be one mess of a database.
A database that would be effectively useless. The only people who are going to provide keys are law-abiding citizens who provide them all and non-abiding citizens who provide all but the keys they don't want the gov't knowing about. Meaning none of the keys in the database will be useful for finding anything the law might need to know. Meanwhile, it's going to provide another distraction if they actually try to enforce it, because they'll have to start hunting down all the folks who are no threat, but don't provide keys because they don't know, don't care, or value their privacy. I'm completely lost as to what they think they can gain by maintaining this. It's not like this database would be particularly useful for, say, mounting a dictionary attack on data that was encrypted with an unknown key by a real shady figure.
I'm sure implementation details can vary how much this is going to pull resources away from real counterterrorism and law enforcement, but I can't see how this can possibly do anything but make counterterrorism and law enforcement more difficult. And I'm sure anybody worth their salt probably realizes this; I can't see why the true motive could be anything but irrational paranoia or a Big Brother attitude. (Of course, those are probably really the same thing.)
...I know that's like asking to be lied to, but I would like to know how often criminal investigations are hampered or even prevented because communications or information had been encrypted.
Like so many others, I see this as nothing more than an attack on privacy and not as an aid to criminal investigations. Criminals are not going to turn over their keys. People who turn over their keys aren't likely engaged in criminal acts. "honest" people who believe in the right to privacy will become criminals, however.
I'm not sure "police state" is the right word, but we're certainly talking about criminalizing the general population to the point that only people "in office" can have the right to privacy under the guise of "national security." And a funny thing happens to your rights when you become "a criminal." You lose them along with your ability to run for public office and all manner of other things.
Maybe they do, and this serves as a way to indirectly outlaw a whole host of encryption technologies (at least when used by private individuals, rather than the government).
Of course, its quite likely that if the UK is like every other country, the law would be selectively enforced. They wouldn't go after everyone using technology that made the mandatory reporting impractical, but if law enforcement got in in their mind that you were guilty of something else (whether another crime or just doing something not-illegal that law enforcement authorities don't like), they'd use your use of such technology, and the fact that it made you guilty of a chargeable offense, as a lever or as a fallback charge.
The use of illegal government spying on innocent citizens is proliferating.
Your move now.
...(and no, you may not have my encryption keys).
This is an example of the government passing bad laws which have no real effect on terrorism, it's just posturing. It'll be impossible to prove that a person really knows the encryption key or if the key that was coerced from them is the real key.
These days encryption software like truecrypt have multiple levels of "plausible deniability" so even if a key was coerced out of someone you don't know if the data that is decrypted is the real deal or just another decoy.
These so called government security advisers really don't know anything about security. The UK Government can't even remember to deport foreign criminals after they server their sentence. The country will be a lot safer if the Government fixed their own incompetence rather than pass TROLL laws which deprive the real law abiding citizens of their liberties whilst allowing the terrorists to carry on business as usual.
Is anyone else getting the feeling that its not safe on either side of the water and its about time to find an uninhabited unclaimed island and start your own country?
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
Just wait until they finish decrypting all the data files on my PC.
"You mean we spent four days decrypting Gigs upon Gigs of vacation photos??"
"Well, they have an 8 Megapixel camera, lots of memory cards and use RAW format..."
"But that's all you found? There aren't even any racy photos in the bunch?"
"Should we start decrypting the second RAID array?"
"The one labeled 'Project Gutenberg text to speech files in WAV format'?'
"Yes, that one."
"Go for it. I don't know what this 'Project Gutenberg' is, but it's got to be seditious. Plebeians don;t label anything a 'Project' unless they have delusions of being all 'Cloak and Dagger.'"
"Live Free or Die." Don't like it? Then keep out of the USA
I think this will increase the proliferation of encryption technologies which provide a certain level of plausible deniability. Things like TrueCrypt (http://truecrypt.org/) provide an encrypted container which has a basic access and a secondary access. The container cannot be detected as being an encrypted anything - it is just a bunch of random data. If you use the basic access mechanism, you get your data. If you use the secondary access, you get an alternate contents, which can be seemingly important, but relatively benign data you put there to look like soemone got something important. However, you cannot tell which one is which, or even that the alternate access isn't the primary one.
TrueCrypt lets you mount the container as a filesystem, which is a convenient way to go. This sort of thing allows you to:
a) Deny that there is anything encrypted for which you have not proffered a key. "Oh yeah, show me what I have encrypted and I'll show you the key."
b) If that's not enough, proffer the false key that gives them the alternative access. "Ok, here you go. Let me know if you find anything incriminating. (tee hee)"
Lastly, if you use things like encrypted swap on a unix device, you can plausably say that what is there is just an encrypted swap file, and you don't have a key because the key is never saved to the disk. Why isn't it mounted now? You only set it up temporarily and forgot to delete the file when it was done. (for 1Gb files or larger...) If you have a 20Gb file, you're probably going to have to explain it... and go for option (b) above.
Of course, if your 20Gb file is not a file, but is just an "empty" partition... well there you go.
Please note - I'm not advocating breaking any law here - just outlining what this will drive people who care enough to do.
i - This sig provided by
Go to http://www.truecrypt.org/ and check out their product. It allows you to store and encrypted drive inside another encrypted drive in such a way that it's impossible to tell that the first one even exists. They can't force you to give them the keys to something that they don't know is there.
-- Give me ambiguity or give me something else!
Or the human cattle ID cards Act, which creates by far the world's most intrusive Big Brother database on citizens by linking up 5+ previously unconnected databases...
The Dictatorship Bill, also called the Abolition of Parliament Bill, Totalitarianism Bill or (by the Govt) the Legislative and Regulatory Reform Bill is nothing less than a naked grab for power. After being amended 3x, the Bill was passed in the form described here.
LRRB enables ministers to rewrite our constitution with only rudimentary scrutiny. Consider the extraordinary mass surveillance / coersion implications of the ID Cards Act. Even the well-organised opposition could not stop this legislation.
What chance then of:
1. Spotting obscure but deeply damaging clauses hidden in the boring legislation?
2. Motivating the Tories, LibDems and enough New Labour drones to subsequently block it?
LRRB is then carte blanche for Blair to do what he will with this country. What can we deduce of his plans?
New Labour already rejected an amendment to stop LRRB re-writing our most important constitutional laws. They then promised to introduce new amendments fulfilling the same thing. Our skepticism was once again justified. This is more than enough evidence that Blair wants dictatorial powers.
LRRB is obviously a precursor to passing laws which Parliament wouldn't otherwise pass.
Considering the deeply scary laws he's got through Parliament, the likelihood is that he wants something so badly, and so unpalatable that he won't even risk presenting it for proper Parliamentary scrutiny.
- He does not need Parliamentary approval to invade Iran
- He already has Hitler's Enabling Act.
- He has already passed RIPA and the ID Cards Act for more Big Brother snooping than anything China or North Korea have.
- He already has locked up people for 3 years without trial or even being questioned - although he has been twice been 'told off' for breaching the Human Rights Act in this way.
I did not believe that he needs LRRB to repeal the HRA - indeed one welcome amendment was to exclude the HRA from being amended. When every other explanation has been ruled out, whatever remains, however unlikely, must be considered. I think something much worse is coming although I dread to think what.
Better yet: One key decrypts your regular files. Letters to grandma, pictures of your baby, etc. And the other decrypts your super secret terrorist plans. Both from the same encrypted volume.
Good idea. Then you can give up the key showing your terrorist plans and just get a few years in jail. They will never find your photo collection and your secret letters.
I'll probably be modded down for this...
GPG is better than PGP. There is no customer database. The UK government could request the customer database of all UK customers then they have an instant "hit list" so to speak. GPG requires no install so it is [almost] impossible to trace (use a file shredder to securly delete it, etc. making it as close to impossible as you can get).
It will also force more people to use much more sophisticated technoligies. Things such as TrueCrypt's Hidden Volume feature for Plausible Deniability. Again TrueCrypt requires no install, is open source so people can be happy knowing that others can review the code to ensure there are no back doors and it uses well known (and therefore well tested) algorithms.
Also the government are kidding themselves if they think they will catch terrorists with this. If you are willing to kill hundreds or thousands of people and more than likely kill yourself in the process, are you going to be worried about going to prison for with holding your private key? Of course not. The same holds true for the really evil pedos. Going to prison for with holding your private key isn't as bad as going to prison for having 20,000 pictures of naked 3 year olds.
The only thing this will do is hurt our country. More rights lost with no real gain. If they could be 100% sure it would remove terrorism and pedos I would think about it but it won't, it won't make any difference what so ever. Next they will be requesting a copy of a key to your house so they can secretly search it without you knowing to ensure you are not breaking the law.
In related news, the UK police say they will shortly be making home visits to every house in britain, requiring copies of front and back door keys for businesses, homes, apartments and garages..
I don't post often, but this spurred me to action.. It reminds me of gun laws in the U.S. Honest Citizens are expected to wait 5 days and complete a form acknowledging among other things that they are not a criminal. The funny thing is.. I don't think that criminals admit they are criminals..so they get their guns illegally or check "no" i am not a criminal on the form. If honest citizens are expected to turn over their private keys.. I might expect that the criminals wouldn't turn theirs over - they have already broken at least one law (to become a criminal).. I'm sure they wouldn't have a moral problem with breaking another. or They could simply turn over the a throw away private key to satisfy the requirement and use an illeagal set for their business. Just my opinion
In america we have whats called the 5th amendment. Which should mean that I have protection under the law to not be forced to answer questions that incriminate myself. What is your password? and what is your encryption key? should be similiar to Where were you the night the victim was shot? I don't have to answer if i believe that in answering the question it will incriminate me in a crime.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
I'm a political scientist by education.
Where does that put me in your example?
The law - which is here:
http://www.opsi.gov.uk/acts/acts2000/20000023.htm
It requires you to provide a key - if it is reasonable to assume you have it - to decrypt encrypted data. It is only illegal to refuse to give a key IF ASKED, and NOT "look up their name in the government encryption key database, find out that no, they did not provide their encryption key to , and take them directly to jail."
It IS an offense (from the legal text liked above) "if he knowingly fails, in accordance with the notice, to make the disclosure required by virtue of the giving of the notice."
I received that "indocrination" on three wildly different continents in four languages? (which, incidentally, is true)
Which "indocrination" trumps?
Maybe they should have a mod "+1 no useful information, isight, or humor, but I have mod points and agree strongly because I'm a moron"
They do - "underrated".
It can't be metamoderated, either.
Switching a few words around in a famous bit of prose: (-1, Douchebag)
Knowing which words to switch: (+5, Interesting)
Some things (+1, Funny) can't buy. For everything else, there's metamod.
Thinking this sounded a bit like sensationalism, I just went to read the actual bill. It looks like this does not automatically apply to everyone, but is retrospective once ordered. The more interesting part of the text seems to be in the 'interpretation' section of this part of the bill:
>"key", in relation to any electronic data, means any key, code,
> password, algorithm or other data the use of which (with or
> without other keys)-
>
> (a) allows access to the electronic data, or
> (b) facilitates the putting of the data into an intelligible
> form;
Also, to give the people stating the obvious a break, this was also a proviso in the bill:
> (d) that it is not reasonably practicable for the person with the
> appropriate permission to obtain possession of the protected
> information in an intelligible form without the giving of a notice
> under this section
So, if its easier to get the information another way, that's taken care of. It's also not a case of needing to send all your keys to the government either. Not that I don't think this bill is a problem, but its the smallest of problems we have right now - people can already be arrested and detained if an officer suspects they might probably, possibly, do something illegal.
However, I also can't see a police officer understanding that you don't actually have the key needed to decrypt that SSH session you made 3 months ago to that web server that was also used to host a site suspected of being used by terrorists or paedophiles, which you had no idea existed.
Here is one for them to stop and ponder:
What if someone is totally innocent, has a bunch of different encryption programs and passphrases, and is raided by law enforcement.
What if they cannot recall every single passphrase? If they forget just one, are they going to jail until they can remember?
Think about that, I've got PCs sitting around from years back. I've used different password systems over time, and often I cannot remember very old passwords. If I were living in the UK and were to get raided (I have no reason to, I don't even download TV shows or have MP3, just OGGs of stuff I own, so move along), I'd be sitting in jail, I suppose.
What if, because you cannot recall a password, you reformat a hard drive? Then they find the drive and want the password because they can recover the data?
What if someone send you an email with an encrypted content (whatever the method), and you don't legitimately have the means to decrypt it? Sounds like a great way to set up a suspected criminal. "Yes, we see you have several emails in your trash with encrypted contents. Tell us how to decrypt it or you're going to rot in jail."
How about amnesia? It goes on and on...
It's not hard to blow massive holes in this playing devil's advocate. Then all a real criminal has to do is play ignorant.
The silver lining to this is that this is proof that the government doesn't really have the capability to decrypt encrypted email in a timely manner, even with all their supercomputing power.
Which means that those in Britain willing to break their retarded laws, and us here in the US where encryption isn't illegal, are, by using encryption, successfully sending TRULY private emails.
There ways one can protect the privacy.
4 6216
One can deny the knowledge or the existence of encrypted data using the following.
http://www.truecrypt.org/
Another interesting concept of plausiable deniability.
http://it.slashdot.org/article.pl?sid=04/12/16/19
The criminals using encryption are already breaking the law and obviously wont turn in their keys to the police. The only people who will be caught up in this legislation are the good people who follow laws. Whomever thought this up should be sacked for pure stupidity.
I was crazy back when being crazy really meant something. (Charles Manson)
Just create a couple gigs of nothing but encryption keys on your hard disk, then choose an arbitrary number of them randomly whenever you want to encrypt something. When they want the keys... give them the entire contents of that partition.
Non sequitur: Your facts are uncoordinated.
The problem is, the non-governmental "solutions" are just as broken as the govermental ones, but also there are fewer checks and balances against them. The closer you get to anarchy, the easier it is for independent "gangs" to form and move to exert control over something. In government, you have gangs too, but those gangs that have a little more transparency and they can at least theoretically be removed or altered via democratic processes.
The idea that market forces can keep independent gangs in line is a myth that is dispelled as soon as you look very close at corporate-gang behaviors, especially once they start getting large enough to either exert significant control over a market, or collude with their peers to shut down the smaller competition. Often products do not succeed due to their inherent quality, but rather the quality of the marketing applied to them or the quality of the control a company has over the marketplace. Perhaps you'd be comfortable selecting a medical procedure based on the most persistent marketing rather than its success rate? You won't even *know* the success rate unless they're regulated into telling you, just like food companies had to be regulated into telling you the ingredients of their products.
Sure the government system sucks, but the reason we *know* it sucks is largely due to the transparency it has. Other systems suck too, but you may not know how much they suck if there's no means to impose some transparency of the processes. "Voting with your dollars," just won't do it.
What if someone is totally innocent, has a bunch of different encryption programs and passphrases, and is raided by law enforcement.
What if they cannot recall every single passphrase? If they forget just one, are they going to jail until they can remember?
Potentially yes they are.
Think about that, I've got PCs sitting around from years back. I've used different password systems over time, and often I cannot remember very old passwords. If I were living in the UK and were to get raided (I have no reason to, I don't even download TV shows or have MP3, just OGGs of stuff I own, so move along), I'd be sitting in jail, I suppose.
You suppose right.
What if, because you cannot recall a password, you reformat a hard drive? Then they find the drive and want the password because they can recover the data?
You are SOL, unless you can prove your innocence.
That is one of the problems with this law. You have to prove that you are innocent and have forgotten your passphrase or key.
Kinda tricky.
What if someone send you an email with an encrypted content (whatever the method), and you don't legitimately have the means to decrypt it? Sounds like a great way to set up a suspected criminal. "Yes, we see you have several emails in your trash with encrypted contents. Tell us how to decrypt it or you're going to rot in jail."
See previous comments.
How about amnesia?
Prove it, or you are going to become a guest of Her Majesty's Government.
Then all a real criminal has to do is play ignorant.
And end up inside for a couple of years. Remember, you have to prove you are innocent. If you refuse to hand over the keys - automatic jail time. After that and they ask you again - Refuse again, back inside for another term.
If the keys did not exist, as per your example with dodgy e-mails, and obviously you couldn't hand the keys over - Jail time unless you can prove they didn't exist.
Trying to associate Microsoft with "fun" is like trying to associate Satan with aromatherapy. -Tycho
This achieves nothing, other than piss innocent people off.
Oh, I'm *sure* a terrorist who is plotting a terrorism event will stop and think, "Oh, fuck - I'd better submit my private encryption key to the US/UK government, or they'll send me an angry letter!".
This law smacks of being formulated by someone who has no fucking clue as to how easily configured and commonplace encryption is...
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
You don't get it. Government is the big bad ooky thing that tells us all what to do and takes our money. In Anarchy, we don't have that. We have a bunch of individuals who, um, organize themselves into groups and decide, errr, how to distribute resources, and how to enforce that distribution, and what to do about the Bad People and stuff like that. That's not government, see, because it's different. It's only because of your Statist indoctrination that you can't see the difference.
I consider myself an Anarcho-Syndicalist, but man! the twists of logic that some Anarchists go through... Talk about indoctrination. Anarchism is a form of Government, and if you can't see that, you really need to read a little more.
"Oh, but spun, Anarchists don't Initiate Force (you can hear the capitals when they talk, can't you?)" you say, "We don't force people to do anything!"
Oh really? You don't force them to respect your property rights and conflict resolution system?
"Oh, but that's not Initiation of Force! That's Retaliatory Force! They started it!"
Yeah, sure. "They started it" is the favorite excuse of tyrants everywhere. What about my right to go anywhere I want and use any natural resource I want? Why should I respect your supposed "right" to take that away from me? If you weren't here, I could use the land you claim as your own.
Basically, the parent post is correct, anytime you have more than one person, that is political science. Discussion of things such as property rights, conflict resolution, decision making systems, etc. THAT IS GOVERNMENT!
I'm sure some Libertarian is going to come along now and demonstrate the meaning of the word Sophistry for us.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton