Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Court Rejects Encryption Key Disclosure Defense

Posted by samzenpus on from the do-not-pass-go dept.

truthsearch writes "Defendants can't deny police an encryption key because of fears the data it unlocks will incriminate them, a British appeals court has ruled. The case marked an interesting challenge to the UK's Regulation of Investigatory Powers Act (RIPA), which in part compels someone served under the act to divulge an encryption key used to scramble data on a PC's hard drive. The appeals court heard a case in which two suspects refused to give up encryption keys, arguing that disclosure was incompatible with the privilege against self incrimination. In its ruling, the appeals court said an encryption key is no different than a physical key and exists separately from a person's will."

4 of 708 comments (clear)

  1. Re:I wish the US Supreme Court was that smart. by HungryHobo · · Score: 5, Interesting

    It gets worse.
    Theory: with a good encryption program any encrypted data should look random.
    That truecrypt volume should be impossible to tell from a file I've created with
    cat /dev/urandom > file

    So you could type that very command and 5 years later they ask for your encryption key...
    Key?
    To jail with you!

    same goes for any random/semirandom data you have which has so mime type.

    Now I'm willing to bet there are programs which can take a photo album and hide an encrypted volume in the least significant bit of the pixels, how would law enforcement deal with that?

    "GIVE US THE KEY!"
    "but but but... what do you want the key to..."

    Long story short, if you live in the UK and own an electronic data storage device you can now be thrown in jail for no reason at all.

  2. Re:I wish the US Supreme Court was that smart. by NoobixCube · · Score: 5, Interesting

    My thoughts exactly. People seem to get all pissy when I say something like "if you don't have the balls to protect your freedoms, you don't deserve them". I'm not a regular protester at any events or anything like that, but I'd rather be shot for defending my freedom than live to see it gone. Not that I believe privacy exists anymore. The whole world was too slow to act in learning about and defending their privacy in a new technological age. Sure, there were a few technologically aware people with a small voice that was easy to push aside. Too late, privacy's gone. Only way to get it back is to lay your own global network in secret and hope the governments of the world never hear about it.

    --
    Admit it. You post strawman arguments as AC so you get modded Insightful for refuting them, rather than Troll
  3. Re:So anyone want to do this.... by Eivind · · Score: 5, Interesting

    A duress-key that wipes data is no good. Any serious investigation will take a complete copy of the data as the first step, so wiping does you no good at all.

    What you can do, and which is done, is to have "plausible deniability". Truecrypt does it like this:

    You have a 1GB (for example) file that contains an encrypted filesystem that contains 500MB of files.

    The free space (500MB) *may*, or may not, contain a second encrypted filesystem. There is no way to tell without knowing the second "inner"-key.

    So, if pressed to give up the key, you give up the outer key, giving access to 500MB of perhaps mildly embarassing, but ultimately harmless stuff. If asked about the "inner"-key you say there isn't one. The default operation of Truecrypt is for there NOT to be one.

    So, it's plausible you're telling the truth; could be the volume is larger than the filesystem simply because you wanted space for more files. It's not as if a half-full filesystem as such is suspicious.

    It's unlikely they could force you to give up certain information without even showing a likeliness that the information EXISTS.

    That's "plausible deniability".

    You can say: "There is no second key", and there is no way of figuring out if that answer is truthful or not.

  4. Re:I wish the US Supreme Court was that smart. by HungryHobo · · Score: 5, Interesting

    only if you care about civilian casualties.
    as for finding terrorists, they're too useful. I don't mean in a conspiracy theory doing the governments bidding way. I mean they can be used to raise political capital.

    Lets take a the example of ETA in the basque country of Spain. Every time there's a scandal or some big fuckup by senior government officials there just happens to be a crackdown on ETA members shortly after. Oil tanker disaster = crackdown. Senior official sex scandal = smaller crackdown. with lots of headlines about all the ETA members arrested pushing the sandals off the front page.

    It's well known that the authorities in Spain keep tabs on most of the organisation and could probably round up most of them overnight if they really wanted.

    The heavy handed way they treat it only serves to increase the number of recruits, the organisation would have faded away to almost nothing if the Spanish government didn't intern people and fuck up their lives as part of this.

    Now I wonder if there are any parallels with how the US runs it's own war on terror...

    Want to hold on to political power? don't even dream of getting rid of the terrorists, they're a minor threat but you can use them to demand a great deal of power.