Slashdot Mirror
UK Police To Step Up Hacking of Home PCs
toomanyairmiles writes "The Times of London reports that the United Kingdom's Home Office has quietly adopted a new plan to allow police across Britain to routinely hack into people's personal computers without a warrant. The move, which follows a decision by the European Union's council of ministers in Brussels, has angered civil liberties groups and opposition MPs. They described it as a sinister extension of the surveillance state that drives 'a coach and horses' through privacy laws."
Meh. Just another excuse to snoop on people without justification. If a warrant is issued then at least there is a paper trail leading back to who applied for the warrant any why. If this law goes through then it will be a free-for-all and history has demonstrated very well what happens then.
Also, as far as I'm aware, UK security services have been doing this for some time, this simply makes it legal. Given the majority of the population are not very tech savvy their solution wouldn't need to be that complex, although I imagine its more complex than just a key logger. The only evidence I have for this is talking to people who work in these organizations. The advice to me was get using TOR (although I can never configure it right) so maybe its not too complex, or maybe they were double bluffing me. Who knows? I'm guessing the arrest levels aren't so high because they would have to arrest almost everyone under 30 who's been on a computer. Once they've got the logistics sorted I'm sure they'll happily cart us to the gulag though.
=Smidge=
Is it just my observation, or is eldavojohn an idiot?
Not entirely sure how, they probably wouldn't say anyway. The most likely explanation is that they want to monitor usage to control piracy, and monitor emails and documents for signs of terrorism. You can learn a lot about someone if you have access to what they google.
Methods mentioned in the article include:
quietly breaking in physically and installing a keylogger, parking up nearby and breaking in via the wireless, or sending a trojan via email.
This gives them email, browsing history, local documents, and presumably other information going forward.
They also have the capability under the RIP act to intercept emails, web-traffic and other 'net use via a tap at the ISP itself.
All of this without any court oversight or warrants. But they'll only do it if a senior police officer believes it's necessary to gather evidence of a crime carrying a sentence greater than 3 years.
Well, that's alright then! as long as a policeman is suspicious of me, that's a perfectly good enough reason to remove all court oversight of police intrusion into my private life!
Jesus.
Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
OpenBSD won't help a hardware keylogger. Of course its easily spotted but how often do you check the back of your pc?
Only the State obtains its revenue by coercion. - Murray Rothbard
Under the RIP act, no. 2 years in jail for refusing to hand your encryption keys over upon demand, as long as the police have a reasonable suspicion that you have them. If you're accused of child-porn or terrorism offences, it goes up to 5 years for refusing to hand over your keys.
Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
kin a manner of speaking... http://en.wikipedia.org/wiki/Uk_constitution
Sigs are too short to say anything truly profound so read the above post instead.
1984 didn't even get the year wrong; it was a deliberate reversal of the last two digits of 1948, the year of the book's publication, and within the limits of the technology available it was all going on then.
Quidnam Latine loqui modo coepi?
You're about a year and a half too late.
Do you even lift?
These aren't the 'roids you're looking for.
Indeed it is. Though we don't have 'probable cause' in the UK, here's the wording of the act (section 49). I'm slightly incorrect though; I should have said 'reasonable belief'
If any person with the appropriate permission under Schedule 2 believes, on reasonable grounds
(a) that a key to the protected information is in the possession of any person,
(b) that the imposition of a disclosure requirement in respect of the protected information is -
(i) necessary on grounds falling within subsection (3), or
(ii) necessary for the purpose of securing the effective exercise or proper performance by any public authority of any statutory power or statutory duty,
(c) that the imposition of such a requirement is proportionate to what is sought to be achieved by its imposition, and
(d) that it is not reasonably practicable for the person with the appropriate permission to obtain possession of the protected information in an intelligible form without the giving of a notice under this section,
the person with that permission may, by notice to the person whom he believes to have possession of the key, impose a disclosure requirement in respect of the protected information.
(3) A disclosure requirement in respect of any protected information is necessary on grounds falling within this subsection if it is necessary -
(a) in the interests of national security;
(b) for the purpose of preventing or detecting crime; or
(c) in the interests of the economic well-being of the United Kingdom.
---
Failing to comply with the notice mentioned above is what carries up a two year jail sentence, or 5 years when related to terrorism or pedophile related offences. Basically, if a suspected pedo has files in an encrypted store, they want to be able to lock him up for failing to cough it up for inspection, even if there's no other concrete evidence to convict him directly.
Onbiously an *honest* citizen will always hand over their keys on demand to the police, and what honest citizen would forget his password? And of course, no innocent man would ever receive an encrypted file by email he couldn't also decrypt on demand.
Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
I know you were joking, but I have a story that is likely similar (not Linux though...).
Quite some years ago, I was running an Amiga as my main system (relatively high end Amiga 4000, not some toy games thing). I was talking to a guy on IRC and he was bragging about putting a bomb on a plane. This was well before 2001, so the world wasn't in the grips of "OMG terrorists!", but it still seemed like a fairly big deal to me. Now, from my perspective, I was pretty sure the guy was just talking out his arse, but I wasn't really 100% sure, so for safety's sake, I didn't really want to just leave it.
At this point, let me elaborate that I was in fact a teenager, and also not particularly "worldly wise". It was at this point, I made somewhat of a mistake. I had access to a few servers I really shouldn't have, and decided that since I didn't want to get involved in the process of a police investigation (there's nothing more I could tell them other than what the guy said on IRC), I sent an email "anonymously" through a badly configured mail server (forging my own headers using telnet as my SMTP client) and informed the police and the airport in question about what the guy had said.
Two days later, the police arrived at my door (um, yeh, I'd sent the email "anonymously", but hadn't taken any steps to obscure my IP address, so all they needed to do was call the owner of the mail server, followed by my ISP). They had a search warrant stating they could seize any computer related equipment in my house, and stated it was issued "under suspicion of Attempted Murder and Breach of the Telecommunications Act" (no I'm not kidding... it really did say "Attempted Murder").
They took all my computers and related equipment (right down to a stack of old SCSI drives I had in my sock drawer). I spent a couple of MONTHS without them. I got a nice write-up in the local paper, but that wasn't much consolation. After two months, I made a complaint to the Police Complaints Authority stating that it really was ridiculous for the police to have my stuff for so long (their ongoing excuse was that they sent it to another city for analysis). I finally got it back about two weeks after that, only to find that they'd ripped the HDD out of my A4000 and erased it. I can only assume they stuck it in a PC, saw that it was "not formatted" and tried to "recover" the data from it.
They made no statements about whether my HDD had been "helpful" in their investigation or not, and I heard no further from them after that (including no further comments about the "suspicion of attempted murder"!). The best I could get from them was a weak apology about my data loss, as being a private individual (and unemployed at that), there was no protection for my data under the law (if I'd been a company, I probably could've sued, but a private individual's data was (may still be?) essentially considered worthless in the eyes of the law).
For reference: the country this happened in was New Zealand - normally a pretty nice place, but don't expect small town cops, or even the "computer analysis team" to have ANY idea what they're doing or admit that this is the case (actually, I would HOPE this has changed over the years, but I wouldn't bet on it).
My book about LSD and Self-Discovery
Also on facebook as: DroppingAcidDaleBewan
http://www.youtube.com/watch?v=i8z7NC5sgik
http://www.youtube.com/watch?v=08fZQWjDVKE
Mit der Dummheit kämpfen Götter selbst vergebens
The RIPA act http://security.homeoffice.gov.uk/ripa/ makes it an offence to NOT disclose passwords when required, by the law enforcement agencies of this country. Non disclosure is punishable by up two years imprisonment!
I'm Portuguese, I lived in Holland for 8 years and I've been living in England for the past 2 years.
In addition to English and Portuguese I also speak Dutch, French and Spanish and can understand some Italian and German.
The points I made above come from my observations from the countries I lived in and from watching TV from several other countries (since I can understand their language).
As somebody pointed up, the same kind of cultural crisis is happening in other countries, not just the UK. The difference is that in the UK (or at least England where I live) and from what I can see, the process is a lot more advanced and there are a lot more social ills than either in Portugal or Holland.
From my living experience there, and in my opinion:
- The reason why things are not as bad in Portugal is because family bonds there are very strong still, people are in general much less prone to violence and parent still teach "respect for others" to their kids. Also the country is still very culturally uniform and has a large number of traditions which are still celebrated in the media.
- The reason why things are not as bad in Holland is because people as individuals are also concerned with being a good part of society and thus balance their individual needs with being accepted by society (while in England the individual is supreme and absolute selfishness is acceptable). In Holland if you behave like an asshole you will be told that you are an asshole (Dutch people can be very direct and "in your face", some people confuse this with lack of politeness), while in England if you do that, your palls will cheer you, everybody else will shut up and you might even get your own TV Show.
if they think there is encrypted data and you are withholding it they can have a very good go at trying to get you sent to prison.
http://www.theregister.co.uk/2007/10/03/ripa-decryption_keys_power/
You might have noticed the growing amount of descretionary powers that fundamentally assault
our privacy , thats the war on terror/drugs/communism and you are paying for it !
[site]
El Reg debunks it here
The Times is notoriously inflammatory and unreliable, and the lack of fact-checking makes /. (plus lots of readers who fell for it, judging by the comments) look like braying sheep.
http://news.bbc.co.uk/2/hi/technology/7812353.stm