Slashdot Mirror

← Back to Stories (view on slashdot.org)

In UK, Two Convicted of Refusing To Decrypt Data

Posted by kdawson on from the no-pleading-the-fifth dept.

ACKyushu clues us to recent news out of the UK, where two people have been successfully prosecuted for refusing to provide authorities with their encryption keys, resulting in landmark convictions that may have carried jail sentences of up to five years. There is uncertainty in that the names of the people convicted were not released; and without those names, the Crown Prosecution Service said it was unable to track down details of the cases. "Failure to comply with a section 49 notice carries a sentence of up to two years jail plus fines. Failure to comply during a national security investigation carries up to five years jail. ... Of the 15 individuals served, 11 did not comply with the notices. Of the 11, seven were charged and two convicted. Sir Christopher [Rose, the government's Chief Surveillance Commissioner] did not report whether prosecutions failed or are pending against the five charged but not convicted in the period covered by his report."

4 of 554 comments (clear)

  1. Re:Can I ask.. by FinchWorld · · Score: 5, Interesting

    Carefully crack a CD in various places, so that not data can be recovered from it, scrawl on it "Encrytion Keys - Keep Safe" and hide in a stack of CDs.

    When arrested, tell them about this CD that has your keys. When they come back and inform you its damaged go psycho screaming at them for having lost your keys, and hence, years of data (cos your back ups are encrypted too right?).

    Sue.

    Profit!

    Ok maybe not, worth a thought though.

    --
    "I may be full of crap about this game, and I may be wrong, and that's fine." -Jack Thompson
  2. Re:Self-incrimination becoming mandatory by im+just+cannonfodder · · Score: 5, Interesting
    part of the law is that if you get a demand from the police you are not allowed to tell anyone about it other than your solicitor.

    so no public accountability yet again by our government.

    http://www.ckwop.me.uk/Articles/article01.html

    An analysis of Section 3 of the Regulation of Investigatory Powers Act 2000 The Regulation of Investigatory Powers Act 2000 is a piece of UK law that, among a range of other things, contains a section that is meant to require the surrender of cryptographic keys to certain authorised parties (which are in effect instruments of the government). If such a request is made as part of an investigation, then the party who disclosed the key is not allowed to tell anyone that the authorities have that key or they face up to two years in prison. Equally, if the party fails to disclose the key, they also face up to two years in prison.

    --
    The Truth Is Out There:
  3. Re:Self-incrimination becoming mandatory by tygerstripes · · Score: 5, Interesting

    I'd be curious to learn how many of the four who did comply were subsequently convicted of the crimes for which they were being investigated, and what sentences these convictions entailed. I'm also very curious about what prevented the conviction of the other non-compliant nine. Essentially: was it worth it?

    While I can see the arguments for and against permitting Section 49 sanctions, I want to know what the practical upshot is. Hypothetically, it may be worthwhile to a potential criminal to serve up to a couple of years in prison with a note on their record akin to "refused to assist in investigation" rather than face the potentially much more damaging convictions that their cooperation might incur.

    My concern is that the law will be amended to reflect this, leading to much harsher sentencing in order to prevent this kind of cost-benefit decision being made by suspected criminals.

    --
    Meta will eat itself
  4. Re:What I want by tsotha · · Score: 5, Interesting

    I've been thinking about that for awhile. You don't want a system that will destroy the encrypted data - as others have pointed out, the cops will image your drive before they do anything, so it's sort of pointless. But I think you could do even better with a set of one time pads. I'm envisioning a system that works like this:

    1. You have data you want to encrypt of a certain size. Doesn't matter how large, but you can't really add to it after it's encrypted.
    2. You generate a key the size of your original data and xor the key with the data you want to encrypt. If your key is random enough it should be impossible to decrypt. They say you can get something truly random with atomic decay or cosmic background radiation. These days storage is cheap, so having a key as big as a couple gigs should be no big deal - keep it on a fob.
    3. Now here's the twist. After you've encrypted your data you generate a second "key" by xor-ing the encrypted data with something innocuous. War and Peace, maybe, or cat pictures from the internet. Now you have a key you can give to the cops if they ever come calling, and the data they come up with will be recognizable as data of some sort. So it will be difficult for them to argue you haven't provided "the key".