First Use of RIPA to Demand Encryption Keys

kylehase writes "The Regulation of Investigatory Powers Act (RIPA) is being used for the first time to force an animal activist to reveal encryption keys for encrypted files she claims to have no knowledge of. According to the article, she could face up to two years if she doesn't comply."

solution

[User+956]

The Regulation of Investigatory Powers Act (RIPA) is being used for the first time to force an animal activist to reveal encryption keys for encrypted files she claims to have no knowledge of.

That's why you use an encrypted file system with a duress key. In the event of coercion, you give them a key that *oops* results in the destruction of the data.

Re:solution

[PhrostyMcByte]

any forensic team with an ounce of competence will copy the original HDD and work off the copy, so that just won't work.

Re:solution

[mlts]

Having a known self destruct switch may cause a person to end up even worse trouble. This is a discussion that occurs periodically on a number of cryptography forums.

Almost all police departments will image the drive, then present the person with the image to decrypt. If the image gets stung by a self destruct Trojan, then the police will know that its not a forgotten password, and then proceed to use rubber hose decryption to obtain the contents of the drive.

Re:solution

[Bonker]

Yeah. Truecrypt does this.

http://www.truecrypt.org/hiddenvolume.php

Truecrypt is pretty nifty all around.

Re:solution

[tehmorph]

Correct- TrueCrypt has support for hidden and public volumes, both of which can use entirely seperate keys/keyfiles.

Re:solution

[gweihir]

Very easy: Assume your swap is on /dev/sda2:

    cryptsetup --key-file=/dev/random create c1 /dev/sda2
    mkswap /dev/mapper/c1
    swapon /dev/mapper/c1

This reads a cryptogtaphically very good key from /dev/random, that has a lot of true randomness in it in addition.

Re:Better solution

[LurkerXXX]

Filesize arithmetic?

You never used Truecrypt eh? It's not a zip file. It acts as a virtual hard drive partition that can be mounted as a drive.

When you create the volume it generates random bits throughout the virtual partition. You can copy whatever files you want onto the virtual partition, the rest of it is random noise. You may or may not choose to have additional hidden encrypted partitions within that noise. Adding up the size of know files tells you nothing about what may or may not lurk in the rest of the space on the virtual partition.

TrueCrypt is the best for Windows and Linux.

[Futurepower(R)]

TrueCrypt allows hidden volumes, indistinguishable from one volume. The file size is constant.

TrueCrypt works very, very well. I use it with just one volume to protect passwords and other files.

When you don't want to encrypt a volume, but just a file, Gnu Privacy Guard is best.

Re:TrueCrypt is the best for Windows and Linux.

[StarkRG]

The only problem is explaining that if (ok, when) they lose the password, you won't be able to crack it. Ever. Not really. It's quite easy: "That's the whole point!"

And besides, not entirely true:

Q: We use TrueCrypt in a corporate environment. Is there a way for an administrator to reset a password when a user forgets it?

A: There is no "back door" implemented in TrueCrypt. However, there is a way to "reset" a TrueCrypt volume password/keyfile. After you create a volume, backup its header (select Tools -> Backup Volume Header) before you allow a non-admin user to use the volume. Note that the volume header (which is encrypted with a header key derived from a password/keyfile) contains the master key with which the volume is encrypted. Then ask the user to choose a password, and set it for him/her (Volumes -> Change Volume Password); or generate a user keyfile for him/her. Then you can allow the user to use the volume and to change the password/keyfiles without your assistance/permission. In case he/she forgets his/her password or loses his/her keyfile, you can "reset" the volume password/keyfiles to your original admin password/keyfiles by restoring the volume header (Tools -> Restore Volume Header). I actually had someone ask me for something like this at work. Now I have something to tell them. (And something to suggest to our security department, we're currently using various encryptions for the various OSs we support, ugly).

Re:Go To Prison Act

[Cederic]

Several animal rights groups in the UK are officially designated terrorist organisations, because frankly they engage in acts of terror.

Linux? You need a hardware write blocker, period.

[tamnir]

Linux-based imaging is good only if you are interested in recovery. On the legal side of things, it will not do:

- Please explain to the court how you made a copy of this piece of evidence...
- I connected the drive to our forensic machine and...
- You mean, you connected this hard disk... to your machine?
- Yes of course, then I...
- Did you use a hardware write block?
- Er... I used Linux and mounted the...
- Please, just answer the question. Did you or did you not use a hardware write blocker device to connect the disk to your machine?
- I did not, but...
- Thank you, no further question. I now call for the evidence to be declared tainted and inadmissible in court, since the forensic team failed to use the proper hardware to ensure that no changes would be made to the disk.

There is a whole range of forensic-specific hardware available: write blockers, hardware disk imagers... Use them, or loose your case.

Re:As a Brit...

[hairykrishna]

I have to disagree with one of your points. Some of the most prolific terrorist groups are animal rights activists - they participate in letter bombing campaigns, arson and direct indimitation/attack of life science workers.