Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Government Wants Private Encryption Keys

Posted by ryuzaki0 on from the my-keys-not-yours dept.

An anonymous reader writes "Businesses and individuals in Britain may soon have to give their encryption keys to the police or face imprisonment. The UK government has said it will bring in the new powers to address a rise in the use of encryption by criminals and terrorists." From the article: "Some security experts are concerned that the plan could criminalise innocent people and drive businesses out of the UK. But the Home Office, which has just launched a consultation process, says the powers contained in Part 3 are needed to combat an increased use of encryption by criminals, paedophiles, and terrorists. 'The use of encryption is... proliferating,' Liam Byrne, Home Office minister of state told Parliament last week. 'Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of Part 3 of RIPA... which is not presently in force.'"

28 of 822 comments (clear)

  1. My God by voice_of_all_reason · · Score: 5, Insightful

    I believe we are in need of a new Slashdot section: Horrifying

    1. Re:My God by xor.pt · · Score: 5, Informative

      If you know something about cryptography it isn't that horrifying.

      There are current encryption technologies already deployed in the market that allow for two sets of data to be encrypted with two keys into a single file. This allows a user to encrypt a sensitive file with an innocuous one, so that when required to disclose a private key the user can just give the one that decrypts the innocent data.

      Again, these new laws will only deteriorate the right to privacy of innocent people, while the real criminals will be allowed to roam free doing their dirty deeds with little more trouble then a software upgrade.

    2. Re:My God by Philip+K+Dickhead · · Score: 5, Funny

      It's not in YRO because in the UK we don't have rights, enshrined in a constitutional document, as do the people in the US.

      Oh... wait a minute. This just in: Neither do the people in the United States, apparently. This appears to have expired somtime between Nov 2000 and Sept 2001.

      --
      "Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
  2. Simple solution. by Kenja · · Score: 5, Funny

    Just stick a computer in the corner churning out encryption keys and mailing them to the UK government all day every day untill you break their database.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    1. Re:Simple solution. by Rary · · Score: 5, Informative

      "Methinks the UK government doesn't know that what it wants is technologically infeasible...."

      Methinks you didn't RTFA.

      They are not asking that all keys be submitted. They are simply asking to give the police the power to force you to submit keys on request. In other words, after they've already confiscated your computer and discovered that there are encrypted files, they demand that you hand over the key, and if you don't, then they can throw you in jail.

      I'm not saying I agree with it, just trying to clarify the misconception that everyone in this thread seems to be having about this.

      --

      "You cannot simultaneously prevent and prepare for war." -- Albert Einstein

  3. key turning point in government relations by yagu · · Score: 5, Insightful

    Encryption keys don't kill people, people kill people.

    If owning (not divulging) encryption keys is criminalized, only criminals will own encryption keys.

    These "rules" will only push the envelope of how and what criminals (or terrorists, etc.) use to hide their activities. And at the same time, they will add one more burden to the general population to manage and ensure the government is informed of their encryption infrastructure. Nuts.

    The most effective infiltration into terrorist infrastructure is still social engineering. I'd rather the money spent creating and managing something like this spent training and hiring translators, covert agents, etc.

    A convincing point about the futility of this proposed rule comes from the article:

    Clayton, on the other hand, argues that terrorist cells do not use master keys in the same way as governments and businesses. "Terrorist cells use master keys on a one-to-one basis, rather than using them to generate pass keys for a series of communications. With a one-to-one key, you may as well just force the terrorist suspect to decrypt that communication, or use other methods of decryption," said Clayton.
    1. Re:key turning point in government relations by gowen · · Score: 5, Insightful
      What happens if some blob of data on the computer is deemed "encrypted" by the Glorious Defenders from Assorted Boogeymen?
      Well, they go to court, and they have to try and convince a jury of your peers that they are correct, beyond a reasonable doubt. The same way every single other law operates. If they can support their assertions with sufficient convincing evidence you go to prison, if not, you don't.

      Besides, there are already horribly injust mechanisms for detaining people in Britain without the need for a trial. Thats what we should be getting worked up about (although the Human Rights Act is doing for them, fortunately).

      But this far more measured Act (which involves warrants, Section 49 orders, actual trials, and the need for evidence and all that) is what slashdotters choose to get worked up about. And why? Because it involves computers.

      Frankly, thats pretty pathetic.
      --
      Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
  4. Stop giving the US gov't ideas by courtarro · · Score: 5, Funny

    It's a good thing that, as an American citizen, I don't have to worry about these violations of my privacy.

    1. Re:Stop giving the US gov't ideas by Anon-Admin · · Score: 5, Informative

      although obtaining a warrant would force one to give up encryption keys

      Even with a warrant they can not force you to give up your encryption keys. There is this thing called the 5th amendment to the constitution.

      No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.

      You can take the 5th when questioned about your keys. No matter what they do they can not compell you to give them that information.

  5. I RTFA, but I don't get it... by Nijika · · Score: 5, Funny

    So is it that they want the criminals to hand over their passwords before they commit a crime? This should go well with the anti bank-robbery legislation requiring all would-be robbers to call in a schedule before they pull off a heist.

    --
    Luck favors the prepared, darling.
  6. Warning by Nerdfest · · Score: 5, Insightful

    If this goes into effect it would make it a very dangerous thing to have files of random characters .... you'd have a lot of trouble explaining them.

  7. This is bizarre by idontgno · · Score: 5, Funny
    It's like some sick competition between the US administration and the UK one.

    "Oh, yeah, you think that telephone call database is slick, check this sh*t out. We're gonna make our subjects give up their crypto keys or go to jail"
    "Oooh, good one!" (high five)

    --
    Welcome to the Panopticon. Used to be a prison, now it's your home.
  8. In other news... by GillBates0 · · Score: 5, Insightful
    increased use of encryption by criminals, paedophiles, and terrorists.

    ...it has been found that:

    - cameras are used by criminals, paedophiles, and terrorists - we need access to your negatives/memory disks.
    - houses are used by criminals, paedophiles, and terrorists - we need access to your house keys.
    - cars are used by criminals, paedophiles, and terrorists - we need copies of your car keys.
    - ATM machines are used by criminals, paedophiles, and terrorists - we need to know your PINs.
    - Online email services are used by criminals, paedophiles, and terrorists - we need to know your username/passwords.
    - Computers are used by criminals, paedophiles, and terrorists - we need to install a backdoor on your computer.

    --
    An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
  9. England Prevails by zariok · · Score: 5, Interesting

    "England Prevails"

    Parliment better watch out... hear there's a train heading there loaded with fireworks and other things that go boom.

    --
    -zariok-
  10. In Soviet Russia... by Fapestniegd · · Score: 5, Insightful

    There was no crime, because the secret police would carry you off and shoot you in the head if you were even suspected of a crime. Wiretaps were the norm and the government could do whatever it wanted. Privacy didn't exist. And they were safer from criminals for it. Well, safer if we define criminals as ones that weren't in the KGB.

    Yeah, no "In Soviet Russia" Joke here.

    This is frightening. It's like we're becoming the very thing we fought in the cold war. A totalitarian government.

    But at least we have 37 types of cereal.

  11. Actions are criminal, not tools by dada21 · · Score: 5, Insightful

    A criminal that rapes someone may have talked during the rape -- it is the rape that was evil.

    A criminal that shoots someone in the head used a gun -- it is the shooting that is evil. He could have used a baseball bat.

    A criminal that blows up a building might use a cell phone -- it is the building exploding that is evil. He could have used e-mail or writing a big X on a tree.

    We have to stop government from criminalizing actions that are part of our right to speech. This right is not something Constitutional or created out of any government document -- it is a natural right that all humans share, no matter what the laws say.

    I'll continue to encrypt, and I'll dare the government to try to restrict me. If I have to, I'll encrypt by using an encryption program that hides my real text to make it look like readable language. Let them try to stop that. Or I'll use my own spoken code. Will they find a way to criminalize it?

    Don't criminalize tools, criminalize criminal actions.

  12. Re:Brilliant idea... by grub · · Score: 5, Interesting


    I'm sure the criminals, paedophiles, and terrorists will just be lining up to hand over their keys, too.

    That's the odd thing about this. You can get up to 2 or 5 years in the can (depending on if they think you're a terrorist). So if you have gigs of terrorist info that could get you sent away for life, just say you lost your keys and go away for 5 years max.

    --
    Trolling is a art,
  13. Re:odd request by TCM · · Score: 5, Informative

    Enter TrueCrypt and hidden volumes made for exactly that reason: http://www.truecrypt.org/hiddenvolume.php

    --
    Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
  14. Summary is not complete by igb · · Score: 5, Informative
    I'm as opposed to section 3 of RIPA as the next man, but I have the benefit of having read it in detail. What is proposed is that, following a lawful search with a warrant issued by a judge, the police or judiciary can demand the keys to any encrypted material that is seized. Refusal to produce keys can be treated as a crime in its own right. Since in America your government, it would appear, doesn't bother with the ``lawful search with a warrant'' part, I think we can safely tone down the ``UK sucks'' tone.

    The basic argument is that the purpose of a search warrant is defeated by encryption. Now I think that's wrong, or at least part wrong, and I think an alternative would be to make material held by the defendant which he does not choose to decrypt something that the jury can take account of, just as refusal to testify is now, under limited circumstances, something the judge can point to during summing up. And the alternative of forcing decryption isn't offered (although quite how someone would demonstrate that plain text they offered really _was_ the decryption is a whole other question).

    The is bad, illiberal law, and those of us involved in campaigning against it have been in correspondance with our MPs for some years. But it's not just Britain that is tearing up its freedoms in the face of minor terrorism: the USA collectively shat its pants and ripped up a century of jurisprudence on the 12th of September. It makes far more sense for people with a desire for freedom to work together, rather than to assume that we're a bunch of proto-fascists while Bush Jr defends your constituional rights.

    ian

  15. I'd like to see some stats... by erroneus · · Score: 5, Insightful

    ...I know that's like asking to be lied to, but I would like to know how often criminal investigations are hampered or even prevented because communications or information had been encrypted.

    Like so many others, I see this as nothing more than an attack on privacy and not as an aid to criminal investigations. Criminals are not going to turn over their keys. People who turn over their keys aren't likely engaged in criminal acts. "honest" people who believe in the right to privacy will become criminals, however.

    I'm not sure "police state" is the right word, but we're certainly talking about criminalizing the general population to the point that only people "in office" can have the right to privacy under the guise of "national security." And a funny thing happens to your rights when you become "a criminal." You lose them along with your ability to run for public office and all manner of other things.

  16. Cat. Mouse. Cat. Mouse. Cat. Mouse. by hacker · · Score: 5, Insightful
    "The use of encryption is... proliferating..."

    The use of illegal government spying on innocent citizens is proliferating.

    Your move now.

    ...(and no, you may not have my encryption keys).

  17. Just wait. by doublem · · Score: 5, Funny

    Just wait until they finish decrypting all the data files on my PC.

    "You mean we spent four days decrypting Gigs upon Gigs of vacation photos??"

    "Well, they have an 8 Megapixel camera, lots of memory cards and use RAW format..."

    "But that's all you found? There aren't even any racy photos in the bunch?"

    "Should we start decrypting the second RAID array?"

    "The one labeled 'Project Gutenberg text to speech files in WAV format'?'

    "Yes, that one."

    "Go for it. I don't know what this 'Project Gutenberg' is, but it's got to be seditious. Plebeians don;t label anything a 'Project' unless they have delusions of being all 'Cloak and Dagger.'"

    --
    "Live Free or Die." Don't like it? Then keep out of the USA
  18. Re:perfectly reasonable by drooling-dog · · Score: 5, Insightful

    Why not get right to the root of the matter, then, and simply criminalize any attempt to engage in a private conversation? After all, speaking to someone face-to-face in a secure setting is functionally the same as using encryption in a remote communication. No more walks in the woods, unless you immediately file a synopsis of everything you talked about with the proper authorities...

  19. Nothing compared to Tuesday's Dictatorship Bill by UpnAtom · · Score: 5, Informative

    Or the human cattle ID cards Act, which creates by far the world's most intrusive Big Brother database on citizens by linking up 5+ previously unconnected databases...

    The Dictatorship Bill, also called the Abolition of Parliament Bill, Totalitarianism Bill or (by the Govt) the Legislative and Regulatory Reform Bill is nothing less than a naked grab for power. After being amended 3x, the Bill was passed in the form described here.

    LRRB enables ministers to rewrite our constitution with only rudimentary scrutiny. Consider the extraordinary mass surveillance / coersion implications of the ID Cards Act. Even the well-organised opposition could not stop this legislation.

    What chance then of:
    1. Spotting obscure but deeply damaging clauses hidden in the boring legislation?
    2. Motivating the Tories, LibDems and enough New Labour drones to subsequently block it?

    LRRB is then carte blanche for Blair to do what he will with this country. What can we deduce of his plans?

    New Labour already rejected an amendment to stop LRRB re-writing our most important constitutional laws. They then promised to introduce new amendments fulfilling the same thing. Our skepticism was once again justified. This is more than enough evidence that Blair wants dictatorial powers.

    LRRB is obviously a precursor to passing laws which Parliament wouldn't otherwise pass.

    Considering the deeply scary laws he's got through Parliament, the likelihood is that he wants something so badly, and so unpalatable that he won't even risk presenting it for proper Parliamentary scrutiny.

    - He does not need Parliamentary approval to invade Iran
    - He already has Hitler's Enabling Act.
    - He has already passed RIPA and the ID Cards Act for more Big Brother snooping than anything China or North Korea have.
    - He already has locked up people for 3 years without trial or even being questioned - although he has been twice been 'told off' for breaching the Human Rights Act in this way.

    I did not believe that he needs LRRB to repeal the HRA - indeed one welcome amendment was to exclude the HRA from being amended. When every other explanation has been ruled out, whatever remains, however unlikely, must be considered. I think something much worse is coming although I dread to think what.

  20. Obligatory Ayn Rand by mrchaotica · · Score: 5, Insightful
    "There's no way to rule innocent men. The only power government has is the power to crack down on criminals. When there aren't enough criminals, one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws." -- Ayn Rand
    --

    "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  21. Re:More like "Horribly Bad Joke." by minuszero · · Score: 5, Insightful

    erm.
    RTFA

    Despite the poorly worded title, the UK govt. isn't about to ask you to submit every single key you ever generate.
    It just wants the ability to 'force' you to hand over the keys if and when it asks for them.

    Granted, this causes problems of it's own. I mean, I don't keep a list of every key i've used...

  22. Re:What the hell? by Anonymous Coward · · Score: 5, Funny
    > Some douchebag swithces a few words around in a famous bit of prose and suddenly it's +5 interesting?

    Switching a few words around in a famous bit of prose: (-1, Douchebag)
    Knowing which words to switch: (+5, Interesting)
    Some things (+1, Funny) can't buy. For everything else, there's metamod.

  23. Re:Actually... by RexRhino · · Score: 5, Insightful

    Under pure anarchy, people would naturally take care of each other and no-one would go without care, or

    Under pure anarchy, people COULD take care of each other and no-one would go without care. How successful they are is up in the air - Most anarchists or minarchists are not utopians, so just because we have anarchy doesn't mean our problems are all solved. In the same way that we support science, but we don't expect science to solve all our problems.

    Here are some examples of ways everyone could have universal and equal health care without being provided by the state:

    1. We could have such a wealthy society that healthcare would be so cheap and plentiful as to be essentially free and universal. Take, for example, television. Go to the poorest neighborhoods in the U.S., and all homes will have a television set. The vast majority will even have cable or satalite. In fact, people living in poverty are more likely to see a television as an "essential" item than rich people (who can afford other types of entertainment). There is no government run television program that provides it to everyone... it is just that our society is so wealthy that TV has become so cheap that it is universal. It is possible that we could have such a thriving economy that paying for health care is just not an issue.

    2. We could have private, self-organized, voluntary organizations that provide health care to everyone. Churches aren't funded by the government, they rely totally on voluntary participation and funding, and yet churches exist everywhere. There is no reason why any service couldn't be provided equally to all people, based on voluntary contribution.

    3. There could be some sort of technological advancement that renders conventional medicine irrelevant.

    4. Labor could form unions, and demand health care as a standard part of all employment. Employeers would be forced to pay for medical care, or face a highly organized nationwide strike.

    4. There could be any combination of the above. Or any number of other possible situations that I cannot even begin to list. Use your imagination.

    Universal health care is impossible and there's no point in striving for it?
    Universal Health care seems to be a failure as it has currently been implemented by governments. One could argue that by relying on the state to give universal health care, that we have given up on health care.

    I'm just not sure what you'd call any entity that provided universal health care other than "the state".

    The state is enforced on all who exist in a geographic location based on the threat of violence through the police and military. Any entity that does not use violence, and does not force participation in the system, would not be a state system. You may thing "the present system is not violent", but it is. The violence may be hidden under layers of beurocracy, but try refusing to pay your tax, or try opening a health clinic without government permission, and the government is going to send some armed individuals to deal with you pretty quickly.

    But on a deeper level, the fact that you have to ask me how we could provide universal health care without a state, is a symptom of the bias and indoctrination. You should be able to think up a few methods for solving the problem without the use of the state yourself. Even if you think the state is still the best way to solve the problem, the fact that the average person cannot even comprehend there could be other solutions besides the government... the fact that virtually no-one gives the other solutions any thought should be warning signs that there is a serious problem. The fact that to be anti-government in our society means to be anti-equality, or anti-prosperity, means that any non-government solutions are going to be supressed. After all, who wants to be anti-equality or anti-prosperity.