Slashdot Mirror
In UK, Two Convicted of Refusing To Decrypt Data
ACKyushu clues us to recent news out of the UK, where two people have been successfully prosecuted for refusing to provide authorities with their encryption keys, resulting in landmark convictions that may have carried jail sentences of up to five years. There is uncertainty in that the names of the people convicted were not released; and without those names, the Crown Prosecution Service said it was unable to track down details of the cases. "Failure to comply with a section 49 notice carries a sentence of up to two years jail plus fines. Failure to comply during a national security investigation carries up to five years jail. ... Of the 15 individuals served, 11 did not comply with the notices. Of the 11, seven were charged and two convicted. Sir Christopher [Rose, the government's Chief Surveillance Commissioner] did not report whether prosecutions failed or are pending against the five charged but not convicted in the period covered by his report."
This means, you can be forced to do self-incrimination. What's next? Do we remove the right to remain silent? In dubio contra reo?
That's rich. The government convicts people for keeping secrets, and then keeps secrets about who was convicted.
Or just use Plausible deniability, like Rubberhose: http://iq.org/~proff/rubberhose.org/
A hundred years ago today, if someone had a giant safe in their house, and they were suspected of any crime whatsoever, the legal authorities (of pretty much every country in the world, it would baffle me to hear about somewhere this would not be the case) would simply ask for the keys. If the person refused to hand them over, the person gets punished. The "punishment" can be of different forms - whether prison in itself, or just a lot more unfavourable treatment from a judge and the assumption of guilt going against you, but nothing at all? Never. The difference with encryption keys is not all that great.
Suppose I have TrueCrypt installed on my machine, but I don't have anything encrypted. What stops to police from accusing me of having encrypted files and demanding a key? How do I prove random bits of data on my HD are random bits of data and not super secret encrypted files?
I doubt I even need Truecrypt installed for the police to use this to get a guaranteed 2 or 5 year conviction.
It's an appalling piece of legislation for a number of reasons:
1. It makes forgetting your decryption key/passphrase/whatever illegal. Yes, seriously. The burden of proof is on the accused to show that they can no longer decrypt the data - how the hell do you prove you don't have something?
2. The people who it was originally intended to inconvenience - the real terrorists, if you like - aren't going to be even remotely concerned by it. They know full well that there is a risk they'll be caught and spend time in jail. If it's a choice between "reveal the decryption key, thus providing the police with the only evidence they're likely to find which implicates you and a number of others for so many criminal activities you'll be in prison for 20 years and when you get out you'll get a bullet in the head for the people who you dropped in it" or "keep your mouth shut, go to prison for two years", I wonder which one they'll chose?
If it got to the point where you're in court, they will happily pay the £1000 or so that it would cost to read even a cracked CD. And when they found it was blank, they would impose a harsher sentence for lying in the first place.
It's much harder to "destroy" the entire CD that just cracking it. You would almost literally have to set it on fire in order that they couldn't say "well, we recovered 90% of the data from the various shards and found nothing but zeroes".
What if, what if, what if...
No cute little work-around is going to help, because the RIP act was designed as a tool of authoritarianism.
Recently in historical terms, encryption has became essentially unbreakable, and this is the backdoor to it all.
I'm unaware of any case where you can be given 5 years for not opening the trunk of your car. You could probably be charged with something, but it wouldn't be five years in jail.
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
So? Don't use an empty CD but one with the actual keys. Flip a bit somewhere in the keys.
If they try to decrypt your drive with the key and fail, blame the recovery process.
I think they'd have a pretty hard time proving that the recovery of the keys from the damaged CD was 100% correct. They might get so far as to make it probable, but I know if no way to prove it 100% accurate without the original data to verify it with.
Hmmm, maybe I shouldn't have posted this ... if they find this message and link it to an IP I frequently use ... /me engages in paranoid episode.
---
"The chances of a demonic possession spreading are remote -- relax."
As an analogy, imagine a shed in your yard that you keep locked. Law enforcement would, under almost all circumstances, require probable cause or a warrant based on probable cause in order to go onto your property and search that shed. However, if they already knew, with little doubt, that there was illegal material in that very shed, then they have the legal justification for a warrant, or a subpoena of whatever information is necessary to open the shed.
It's a funny law in this case, as you can be arrested and convicted for not letting the police into that shed in your back yard even if you have no shed in your back yard. Everyone with a back yard (hard drive) could be convicted to jail without any proof. Convenient.
I'm afraid to travel to the U.K. even with my laptop's harddrive overwritten with /dev/urandom because if they say it's an encrypted drive, how will I prove it's not?
has a warrant and asks you to open the trunk of you car? Do you feel police is forcing you do to self-incrimination? I don't think they're forcing you to say you are guilty of anything, they want to check your property to see if you actually are guilty of anything.
If a policeman has a warrant to open the boot of my car then I will assume that if I don't comply then the policeman will break it open and damage my car in the process. There's no point to resistance in this situation but in the case of an encrypted file they won't be able to break in without your assistance. It's a matter of practicality, not legality.
The alternative is to lock up everybody who has supplied keys until any legal case is over, so they cannot communicate the news. This would be worse.
Law is simply unable to keep up with the development of mass communications and freely distributable digital data. It's a simple as that. The options are to do a 16th century Japan and ban progress, or accept there will be problems en route.
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
Random data wouldn't really work as it would get rather 'obvious' as the same file has xyz as contents the first time, abc the second time and pqr the third time you read it.
Overwriting data is stupid too imho, "clearly" they would work on a backup of the data, so when they notice that all data gets overwritten after entering said password, they'll be able to charge you for 'willing obstruction' (or whatever it is called).
Anyway, I'm still confused about this 'right to encryption' so dearly defended by lots of people here.
=> if the authorities have a search-warrant, they are allowed to take pretty much any paper that has something incriminating on it with them. When they ask, you're supposed to open the doors, lockers, safes, etc... so they can get to whatever is behind it. IMHO, same goes for digital encryption. (Sure you could choose not to comply and let them use force to get at it... but if you're 'innocent' I fail to see how that would be beneficial for you !?)
Call me naive, but refusing to give up the keys does make you look guilty any which way you look at it.
Yes I do have locks on my doors too and they indeed come in useful to keep peeping toms out; however when the police knocks saying they suspect my basement to be a meth-lab, well I'll gladly let them in and go look for themselves. Likewise, although I know my neighbour quite well, the moment he refuses police to have a look in his basement for said accusations, my interest will most certainly be piqued and I'm sure the cops' too...
If there is one thing to be learned on slashdot, it has to be sarcasm.
The common population is too stupid and lazy to understand or care about the problem until the ruling class and the media which feed at their trough devote time and airplay telling them that it's important.
No, the real solution is to drop the people that created the problem right in their own mess. These happen to be the same people who could correct the problem. I am of course talking about politicians.
Say, hypothetically, you're a computer tech and you happen to be servicing some MPs computer one day. It'd be an awful shame if you, the unwitting computer tech, were to accidentally stumble upon some very naughty images. Of course, it would be your duty as a citizen to report such criminal activity... only, you've found that after shutting down the computer, you no longer have access to the naughty content. Instead, you identify this large file, several gigabytes in size - which appears to be random junk - but you, as a computer tech, know that it's an EVIL ENCRYPTED PARTITION. The naughty pictures must be in there!
Now that law enforcement have their witch hunt radars powered up, the publicity over this incident will be high. The politician will very quickly learn that he, in fact, can not disprove the claims of the computer tech. Furthermore, he cannot prove that the several gigabyte junk file on his computer isn't an encrypted partition whose keys he is refusing to hand over. Finally, he will come to realise that he will be going to prison because of these reasons.
Just watch how fast the wheels of justice spin when one of the ruling class gets caught in the machine.
Of course, if he's unliked, he'll be thrown under the bus, but at least there'd be a lot of publicity for it. Other politicians will see that the same thing could happen to them, and be more likely to reconsider their stance.
And hey, if he does go to jail, I wouldn't feel too bad. He's probably fucked over hundreds of thousands of people during his career. No such thing as an innocent politician, after all.
When I open the boot (trunk for those in the USA) of the car and the policeman finds a handwritten journal which is in code, does the warrant allow him (or can he get a warrant) to force me to decode the contents of the journal? Forcing you to decode the contents of the journal could (depending on the actual plaintext) be self-incrimination. To my mind, the only difference between paper documents written in code and encrypted files on a computer is the medium on which the documents are stored.
Item 2, terrorism is defined in UK law, and judges have to abide by that law. The definition is not "up to the authorities". It is made by Parliament. If you don't like the definition, write to your MP, join a political party or a pressure group (there are lots) and do something, don't just whine. And if you are a 16 year old posting from your bedroom, William Hague was addressing a Party conference at 16, and I was visiting Parliament several times a year at the same age. You have no excuses. We have senior MPs who get it - David Davis, Chris Huhne.
Item 3.Others have made the point that the UK has had animal rights activists every bit as bonkers and dangerous as US anti-abortion or anti-gun-control activists. But the point also needs to be made that law must be general and not have exceptions. Exceptions make bad law. If we start deciding who is or who is not a terrorist based on anything other than their actions and intentions, this is very dangerous for civil liberties.
Although I think this is an unfortunate law, it is difficult to see how it could be any different. What is your proposal to prevent organised crime using encrypted media to conceal their activities? Unless you can point to a workable alternative solution, you are just ranting.
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
Call me naive, but refusing to give up the keys does make you look guilty any which way you look at it.
Yes I do have locks on my doors too and they indeed come in useful to keep peeping toms out; however when the police knocks saying they suspect my basement to be a meth-lab, well I'll gladly let them in and go look for themselves
How about when the police knocks on your door asking to see your meth-lab, which is in fact your super-secret fantasy basement, complete with props for you sexual fetishes and evidence of your deviant fantasy of wanting to be your own mother?
The above is not against the law, but you might rather die than have your friends/relatives know about it. Also consider if the basement was the HQ of a (perfectly legal and moral, etc) secret anti-government organisation. While not illegal, I'm sure you would rather the police did not know of its existence.
Refusing to hand over keys -- max 2 years. Child pron on computer -- average 3 years.
Refusing to hand over keys -- max 5 years. Planning a terrorist act -- average 15 years.
Crypting the hard disk and refusing to hand over the key looks like a good option.
Item 2, terrorism is defined in UK law, and judges have to abide by that law. The definition is not "up to the authorities". It is made by Parliament.
Instead of pontificating, why don't you just actually read the law. There is a disclosure requirement if:
Those provisions are so vague that police can require you to disclose encryption keys for anything at any time.
What is your proposal to prevent organised crime using encrypted media to conceal their activities? Unless you can point to a workable alternative solution, you are just ranting.
The purpose of this law is not to prevent covert communications because that is impossible in principle.
The purpose of this law it's to give the UK government additional means to force people to obey the government even in areas where the government otherwise has no cause or legal means of forcing you. It's a totalitarian law forced through parliament under the pretext of crime and terrorism prevention.
To be more precise, *every* large random block of information, when XORed with a specific key, is child porn, or nuke designs, or the text of the Bible. It's an equation with two unknown variables. Not only is it impossible to prove that the data isn't illegal, it is possible to prove that any string of data *is* illegal. You just have to choose your key.
The Bible is a string of random data that when correctly XORed, provides complete plans to make nerve gas, just the same as every other chunk of data.
Nostalgia's not what it used to be.