Slashdot Mirror

← Back to Stories (view on slashdot.org)

First Use of RIPA to Demand Encryption Keys

Posted by samzenpus on from the tell-us-everything dept.

kylehase writes "The Regulation of Investigatory Powers Act (RIPA) is being used for the first time to force an animal activist to reveal encryption keys for encrypted files she claims to have no knowledge of. According to the article, she could face up to two years if she doesn't comply."

4 of 645 comments (clear)

  1. So lemme get this straight by definate · · Score: 5, Interesting

    Are you telling me, that I could output /dev/random to a file, place it on my friends hard drive, say it contains valuable information pertaining to a case and he could go to jail or be fined for not revealing the password/key?

    This gives me an idea!

    Either way, if you need to you can get around this with TrueCrypt by taking some precautions such as:

    1) Not naming it with the default extension (.tc)
    2) Put it somewhere inconspicuous and name it appropriately
    3) Making sure that it's a hidden encrypted volume
    4) Open it through TrueCrypt and don't save the history, or passwords, or as automount, or similar

    Shit, that was a typo, I meant to type FIRST POST!!!

    --
    This is my footer. There are many like it, but this one is mine.
  2. I guess torture is will be next... oh wait... by GoatRavisher · · Score: 5, Interesting

    Historically, the legal protection against self-incrimination is directly related to the question of torture for extracting information and confessions.[citation needed] The legal shift from widespread use of torture and forced confession dates to turmoil of the late 16th and early 17th centuries in England. Anyone refusing to take the oath ex-officio (confessions or swearing of innocence, usually before hearing any charges) was taken for guilty. Suspected Puritans were pressed to take the oath and then reveal names of other Puritans. Coercion and torture were commonly employed to compel "cooperation." Puritans, who were at the time fleeing to the New World, began a practice of refusing to cooperate with interrogations. In the most famous case, John Lilburne refused, in 1637, to take the oath. His case and his call for "freeborn rights" were rallying points for reforms against forced oaths, forced self-incrimination, and other kinds of coercion. Oliver Cromwell's revolution overturned the practice and incorporated protections, in response to a popular group of English citizens known as the Levellers. The Levellers presented The Humble Petition of Many Thousands to Parliament in 1647 with thirteen demands, of which, the right against self-incrimination (in criminal cases only), was listed at number three. These protections were brought to the American shores by Puritans, and were later incorporated into the United States Constitution through its Bill of Rights.
    http://en.wikipedia.org/wiki/Fifth_Amendment_to_the_United_States_Constitution
    --
    Man will never be free until the last king is strangled with the entrails of the last priest. --Denis Diderot
  3. Better solution by Whiney+Mac+Fanboy · · Score: 5, Interesting

    A Better solution is plausible deniability.

    One password gives your uber-secret-plans-for-world-conquest, the other password gives a few hundred meg of soft porn (or whatever).

    That way, you appear to not be resisting their demands.

    --
    There are shills on slashdot. Apparently, I'm one of them.
  4. Re:TrueCrypt's method is not detectable by tinkerghost · · Score: 5, Interesting

    And how do you mount the volume? If you mount it using TrueCrypt, then this only gives you deniability if the forensics people don't know about TrueCrypt. If they do, then a decent lawyer could convince a court that there was a second key that the suspect was not divulging and get them convicted under RIPA.

    That's actually pretty much a stretch. Your 'decent' lawyer would have to give some sort of proof that there was a second partition there. Something that TrueCrypt is pretty much designed to prevent. You can easily show the existence of the first truecrypt partition - it's there in the open. You can't prove the existence of the second partition.

    I'm not sure a judge will buy 'because we didn't find what we were looking for' as a reasonable showing of proof that a second partition exists, and unfortunately, that's all the proof that exists. The formatting method and the processing method result in random data covering the entire partition block, as data is written to both the shown & hidden partitions, that data changes from random to encrypted. However the whole goal of the crypto data is to make it look random.

    So you have potentially 3 blocks of random data each constructed with the same randomizing algorythm. How exactly do you show where one begins & one ends? How do you even show that the 3rd block exists? The whole purpose of the hidden block is to make it almost impossible to prove the existence of that third block. You literally are more likely to brute force the key than you are to prove the existence of the hidden partition.