IIRC, that's been the case since the RIPA was first proposed. If the police come knocking and say "Give us the key", the burden of proof is on you to be able to show that you can't.
Nah - they first have to show what reasons they have to believe that you have the key. An old bit of ciphertext lying around which is months old would be childsplay for any competent lawyer to show that you couldn't remember the key.
Failure to give them the key can lead to 3 years in prison.
Two years. Five in the case of an terrorism related investigation.
There was also talk of a proposal whereby if you discuss the order to hand over the key with anyone, you can get 5 years in prison.
S.59 - tipping off offence. But they have to show that the course of the investigation would be compromised if you disclosed that your key was under police control. However, revoking your key is not a violation of S.59. (Just don't revoke it with the reason code of "The rozzers have my key").
1) You forgot the password. This happens. I deal with many password reset requests a year and this is for computer/e-mail accounts that people use on a regular basis. If these people can't remember that, I find it extremely reasonable to assume they'd forget the password to an encryption volume they don't often use. Well, if you can go to jail for refusing to disclose your key, then you can go to jail for being forgetful.
So what's the problem? If you can convince a jury that you've forgotten the passphrase, then you're off scot-free. You don't have to convince a judge - you need to convince a jury. This was an appeal to see if the original judge had made an error in law. Hence no jury.
2) A file that isn't yours. Your computer gets hacked, or someone you know uses it without your permission. Whatever the case, an encrypted file gets stuck on your computer that isn't yours. You can't had over the key, you don't know it. However there's no way to prove that so you go to jail.
No. You don't have to prove a damn thing. The prosecution has to prove that you do know the key. If there's reasonable doubt, then the charge can't stick. But if there's forensic evidence on the computer that the ciphertext and keyring were accessed when the computer was known to be in your possession, then that could establish such ownership.
3) Random data. Good crypto is nice and random. You can't distinguish it from other random or pseudo random noise. So you have a random file on your computer, or maybe just random data that there is a deleted file record for (as in there was a legit file there, it got deleted, it's space has now been overwritten by garbage). You can't prove it isn't encrypted data so you go to jail.
The prosecution needs to prove that it isn't random data.
Look - let's be clear here. If I see an S/MIME or OpenPGP email in someone's inbox, I'm not going to think "Well, it could just be random data". That's perverse. If someone said that a huge file on a disk is a One Time Pad, and showed software on the computer which makes use of the pad, then that's a reasonable excuse for not decrypting the data.
The folks in this case probably used PGP or the like. The "it could be random data" excuse just won't fly. They didn't want to produce documents because they were hidden, and the documents might convict them. That's not self-incrimination, it's refusal to obey a court order.
I have no doubt that if a safe deemed to contain likely evidence could not be opened without destroying the contents, then a court would order the keyholder to open the safe, or risk contempt proceedings upon refusal.
With things like this in place there is nothing preventing anybody (police/government or over-wise) from creating files of random data (which encrypted data is indecipherable from) that contain nothing, labeling them in alluring way, and as the defendant (whom the files were laid on) cannot come up with encryption keys, putting them in jail.
Forgive me, but how is this different from the police manufacturing any other sort of evidence? The courts still demand an untainted evidence trail, leading from seizure to production. Unless you're suggesting that the executive, judiciary and police forces are all in collusion to ignore standard jurisprudence?
In which case, why bother with courts and democracy at all, if we're already in such a corrupt state? You have to have some faith that the court processes are geared towards justice at some level.
It's not enough to produce a random blob of data - you have to produce ancillary evidence that this blob is an actual enciphered blob. How does the CPS/Procurator Fiscal do that? That's their problem - not the defendant's.
Now, this isn't enshrined wholly in RIPA - but that's why you can't read statute like code. It's not self contained or referentially complete. All sorts of other information go to make up the balance of judgment.
No. The enforcement of the Constitution lies within the power of the institutions it creates and over the territory that the United States control. And yes, that includes Guantanamo.
All people, citizens or not, are afforded constitutional protection within United States territory. Otherwise, do you think that the police should be able to torture a suspect, merely on the grounds that he is not a citizen?
If constitutional rights were merely artifacts of citizenship, then they would hardly be inalienable, would they?
Your point regarding China is irrelevant in this instance, since the discussion was around a US controlled territory (yes, not a US state, but still under US control).
Result:If you live in the UK and own any form of electronic storage you can be jailed at at time.
No - it's not quite that bad. Yet.
In order to secure a conviction under S.53, the prosecution has to show several things (beyond reasonable doubt):
1) That the blob of data on the disk really is an encrypted blob, and not just random data. A file called "entropy.rand" is likely to be viewed differently than one called "cipher.enc".
2) That the key to that data is in the possession of the suspect, ie. there's a PGP key in his keyring which corresponds to the one used to encrypt the ciphertext
3) That the suspect could reasonably be said to have access to the key. So, for instance, if the keyring had been accessed in the last two days, "I forgot it" is pretty unlikely to wash. If, on the other hand, it was accessed six months ago, a jury might well be inclined to believe such an excuse.
And the court order for the key is supposed to be based upon the notion that there is sufficient evidence that the ciphertext is likely to be of interest. So, a cleartext file saying "Jihad targets listed in file cipher.enc", then the coppers probably have reason to believe that file cipher.enc is a legit target. However, if the coppers came across a USB key in someone's car with an encrypted "My Pr0n" folder, then that would possibly be deemed irrelevant. In any case, plaintext production would be far more likely ordered than key handover.
It would be interesting to note - was plaintext production ordered first, or was key handover? The code of practice says plaintext comes first unless special circumstance obtain.
I still think RIPA is a foul piece of legislation, but I don't think it's the "Arbitrary Detention Act 2000".
As for popular reaction, why would the Brits react differently to the American reaction to Gitmo? As long as people think "But it'll never happen to me, just to bad people" then such intrusions on liberty will go on.
I agree that it's not the Armageddon Act. But it's still stupid and unnecessary legislation, done for grandstanding purposes than any demonstrated need.
What annoys me is that Gordon Brown introduced all of this with a statement that it all had to be done on the basis of consensus - ie, cross party support. Now, that's not a bad approach. See if a consensus can be built, but if it can't, then withdraw the idea. No harm, no foul.
But he didn't do that. He went for consensus, saw that it couldn't be got, and said "Fuck it. I'll show these civil liberty bedwetters what a real man does with terrorists. Or tourists, if they piss me off. This bill will be supported by Chuck Norris".
End result: a pile of steaming crap. And, since it shadows the Civil Contingencies Act, it ends up in practice to give the government no more powers than they already have under emergency legislation. What a waste of time.
Well said. Although I suspect that even an elected upper house would have thrown this turd of a bill out. The question is: will GB use the Parliament Act to override the Lords on this matter. I suspect not - it'll be held up in committee stage for six months or so, and the Lords for a good few months - so it'll be around election planning time by the time it resurfaces. Strongly suspect a "time has run out" excuse, with a promise to reintroduce it if they get re-elected, which is not very likely. But at least Brown has shown himself to be tough. And that's so much more important than piddling matters like governing the country well.
Everything about it is gesture politics. Given all the caveats that have been put in place to get the bill through, it's actually just a shadow of the Civil Contingencies Act (which is already law).
In other words, if a genuine emergency takes place (ie, multiple terrorist outrages), Parliament can be called to grant the police emergency holding power - enabling suspects to be held for up to 58 days.
So, what this bill does is grant a weaker set of powers to the government than it already has. But GB had to show that he wouldn't be soft on these terrorist chappies.
Pure political grandstanding. And you know what? I really can't figure out who it's designed to impress. Normally, it would be the right wing tabloid segment, but the Daily Wail will never support Brown in anything he does - short of his televised public suicide - and then they'd whine about it being on at family viewing times.
In terms of actually getting used, I suspect that this legislation - even were it to be passed - would sit on the statute books until they rot.
Seems there was evidence the writer of CoreAVC-for-linux reverse engineered their codec to get his patch working, they have since given him permission to do so,
Wait a minute. Since when was reverse engineering illegal under the DMCA? Specifically, reverse engineering in order to promote interoperability.
It may well be that the DMCA produces such an effect - in which case this is an even more dreadful piece of legislation (just rename it the Competition Avoidance Act, and be done).
In the EU, the Software Directive explicitly allows reverse engineering for interoperability purposes (and any EULA conditions which stipulate otherwise are null and void).
It seems to me on first reading that the CoreAVC guys issued a DMCA without deciding that there was a prima facie case of infringement. If that is the case, then they should certainly face legal sanctions for perjury (doesn't a DMCA notice require that the declaration is made under penalty of perjury?).
It is telling that the CoreAVC boys also intend (and have always intended) to produce a version of their software under Linux, as BetaBoy said. So the motive for squashing something which could affect their marketing is clearly there.
A company not only defending their rights honestly
That remains to be seen. If they had no reason to suspect infringement, then such defence is not honest.
Given what I've seen in the dark places of the net, SP1 doesn't prevent the crack working. A recent MS update was also supposed to attack the OEM crack, but it also seems to have had no effect.
Not really. The road has two sharp corners at each end of the village, which slow down cars just fine. Cars, bikes and pedestrians (just) get on fine. The trucks however, do not slow down - and the houses and walls beside the road bear testimony to that.
So I would say that the road is fine for certain types of traffic, but that the GPS nav systems need to be updated to recognise that just because a road is there doesn't mean that it's suitable for all uses. So - not a GPS problem per se: more a data interpretation issue.
PS: The Prince's Motto pub in Barrow Gurney is great, but the cider can get you into a hell of a state. Which makes the road difficult for another reason entirely...
I'll see your draft code of practice and raise you the Act itself.
You can try, but it won't work!:-)
The CoP is an official document. It's not just a "handy-dandy set of guidelines". There are similar CoPs for the Police and Criminal Evidence Act, and the Interception of Communications Act. They have legal standing.
If someone got dinged for failure to perform S.49 duties, and they could point to the fact that the notice was deficient as per the CoP, the courts would accept this as a defence (or, should they fail to do so, then the entire CoP would be rendered useless. And this would be terrible for the police, since it would open up the defence of "I don't know what an appropriate S.49 notice is. The Act doesn't specify. I'm not complying with this fake notice.")
You can't go reading Acts of Parliament as if they were code fragments. They fit into a whole range of previous Acts, constitutional settlements, Statutory Instruments and official codes of practise. RIPA, just like any other act, is not context free.
but the same argument does seem to have been made by various civil liberties groups
I know. I was and am a member of many. RIPA is a terrible piece of legislation - and there are still way too many holes in it. I would have preferred defences to be spelled out in the primary legislation - since that's as good for the prosecution as the defence. By leaving it to a CoP, it means that the prosecution services now have no clear statutory basis for issuance of notices (and will therefore be reluctant to issue them for fear of challenge); and the defence will certainly be able to delay production of plaintext (because of uncertainty) to the extent that any jury will believe the claim "Well, I probably did know the key at the time, but I've long since forgotten by now. But I couldn't have complied then because I didn't know if it was all kosher").
Note: I think this whole story is a pile of crap. No RIPA S.49 notice has been served. The IndyMedia article refers to the CPS (Crown Prosecution Service - the state prosecution service in England and Wales) issuing an "invitation" to release the key. Why would the CPS be investigating crime? That's the police's job. They investigate, forward a report to the CPS, who then decide whether to prosecute in the courts or not.
I don't believe it - and the reporter does himself no credit by scanning a few mailing lists, then cutting and pasting in Richard Clayton's responses from UKcrypto.
Whereas the entire point of RIPA is to ensure that saying "I don't know what the key is" is NEVER a defense, even if it's true.
Oh, come on! It's explicitly defined as a defence, in the text of the act. Section 53, subsections 2 and 4. And you don't have to prove you don't have the key - they must prove that you do - beyond reasonable doubt. (Originally they wanted balance of probabilities, but didn't get away with it).
The short answer is yes, if you do that and they bring a case, you could be considered a criminal.
The shorter answer is no - the state must prove that there is encrypted information on the disk to which you have a functioning key. Having random data on a disk by itself is proof of nothing.
Not only that, but the prosecution must show beyond reasonable doubt that you were in possession of the appropriate key at the time you were served with a S.49 notice. (Section 10.3 of the RIPA Pt. III code of practice - available here). However, you must state at the time of receipt that you don't have the key. You can't come up with the excuse later.
It's a dreadful piece of legislation, but it's not quite as bad as "encryption == guilty".
Personally I think we should just overthrow the government of Antigua, withdraw the complaint and arrest the US lawyer involved and charge him with Treason. That would send the appropriate message to those countries that are trying to take advantage of the moving on a moral situation.
Fortunately for the US population and the rest of the planet, the USG does not conduct itself with the morality and restraint of a drunken redneck at a incest festival. And a US lawyer suing the US government for breach of its own laws is treason now? Does the US Constitution now count as "quaint", like former A-G Gonzales' opinion of the Geneva Conventions?
Look - withdraw from the WTO, if you don't like it. Withdraw from the UN if you don't like it. Remove yourself from every single international obligation and build up a 2 mile high wall around your territory. It's your tax money and your right to spend it how you will. We in the rest of the world cannot and will not stop you.
But don't sign up to a particular deal, accept a particular arbitration method, then squeal like a stuck pig that you shouldn't be held to the rules which apply to everyone else when things don't go your way. That's not exhibiting morality - that's the definition of treachery.
Russia manufactured its own T34 tanks, which were far superior to ours, it had nothing to do with us other than some Americans helped designed them, but it was not an official effort, no more than IBM's automation of the holocaust. Sorry but no, Rosie the riveter wasn't cranking out T34s.
That's not the entire story. The USA did supply the felt boots which kept the Soviet Army marching through the Russian winter in 1941, while the Germans froze. And it was Dodge trucks which kept troops moving to and from the slaughterfields.
Also, when you say "fought boys... and reservist troops", are you referring to troops like SS Panzer Divisions "Das Reich", or "Liebstandarte"? I don't think you could reasonably count those guys as a second string team.
It's no lie to say that the Russians did most of the dying in the European theatre of WW2, and that without that massive drain on German resources, victory in Europe would have been much, much harder; but to say that the US and British contribution was of little import is stretching it too far.
I think it's high time we started shipping opium back to China.
Did the USA do this as well? I thought it was just the Brits. Oddly enough, the whole opium war was derived from restrictive trade practices from China. We (the Brits) wanted their tea, they would only accept silver as payment, so we sold opium to the population and would only accept silver as payment, that we then used to buy their tea.
Of course, then we just stole the tea and planted it in India anyway. I guess that would be an IP violation in today's world.
In the history of not-our-finest-hours, this episode was a real bitch.
Now that's an interesting point. Since only the government of the USA can represent the states in international relations, it may well be that the USA has signed up for a treaty obligation for which it has not been granted specific power. In the old days where the gambling had to be physically located in a geographical location, this was easy to enforce. Now we have the situation where gambling crosses physical boundaries (falling within the purview of the federal government), but the power to regulate it remains with non-signatory bodies (the individual states).
Thus, could the states compel the USA to repudiate the treaty, if the USG acted outside its constitutionally limited power?
Unless you believe that the computing industry is going to suddenly embrace virtualisation as an integrated part of the everyday computing experience
And there, AC, is where you hit the nail on the head. The computing industry is doing exactly that. Not suddenly, but as a growing process of introducing virtualisation into the desktop. Grandma will never know that her desktop OS uses VM techniques, any more than she knows that it uses virtual memory, or kernel/user modes, or memory-mapped I/O.
We all know why WE (==/.ers) are going to virtualise things, what's your answer for why Grandma Sixpack would want to?
All of the reasons I gave apply as well to the average user as to a/. geek. Why wouldn't Grandma want fault isolation, so that when she clicks on harmful links it doesn't crap all over her machine? Is there something particularly geeky about wishing your desktop machine to behave itself and not become a spambot?
I fail to see what purpose the average user has for VM technology. Sure, it's great for server systems, and as a developer I find it extremely handy, but if all you do with your computer is read e-mail, browse the web and run MS Word, why would you want a VM?
Lots of reasons: fault isolation (e.g. jail() on steroids); compatibility isolation (e.g. while most of my system runs the newest version, I keep my old apps running in a VM with an older kernel); hardware interoperability isolation (e.g. this bit of hardware is only supported in Windows, but I stick an API translator on top so I can use it from Linux with a stripped down Windows installation); virtual appliances - so that I boot my laptop only to play my DVD or check my email [without a large kernel to support it], but I want to be able to use the same application when I'm in full OS mode, so I run the app in a VM; Reliable suspension of desktop OS and associated (virtualised) peripherals. A lot of these things can be done without virtualisation - but since its now a CPU supported system, why not use a hypervisor?
Virtualisation is a useful technology in many ways - it's just deployed in different ways from use case to use case.
I don't think its right to to steal wireless bandwidth against an owner's wishes, but any punishment more severe than a fine is going too far.
And to be fair, thats probably what's going to happen to this guy. The last guy to get nailed for this got a £500 fine. The CMA does have severe penalties (ie, jail time) but it's unlikely to the point of non-existent that it would be applied in these sorts of cases. If the guy was doing this persistently, he could end up with community service, but that's about it.
You don't get arrested for parking illegally (well, as long as you pay your tickets), and this should be much the same way.
OK. You try parking across a main entrance way to a government building in your car. Let's see if you get away with something as trivial as a ticket!:-)
So unless he knew that his access to the wireless network was unauthorised, the Computer Misuse Act doesn't apply. From the detail in the article, we don't know if he knew or not.
Correct. The standard that any court would use is the "reasonable person" one, ie, would a reasonable person conclude that the access was likely unauthorised, or could he reasonably have thought that it was a public network (which exist up and down the UK). If you're in a Starbucks, or whatever, and the SSID shows up as "STARBUCKS", as well as there being a "Wi-Fi Hotspot here" sign on the wall, any reasonable person would conclude that this was a public hotspot. Similarly, if (as seems to be the case here), the connection was made in a residential area, a reasonable person would not normally consider that available WiFi association == "Use my broadband".
The tricky bit comes in when you've got people who leave a Linksys in a pretty much vanilla state in what could be a public access area. Would a reasonable person conclude that access was prohibited? If there's reasonable doubt, then any jury should acquit. This is, after all, a criminal charge.
The question of stealing broadband access is a different one. The Computer Misuse Act doesn't make any reference to resources used, i.e. broadband download limits. There may be a case to answer here under the terms of the Communications Act, I don't know.
Any computer equipment, even so much as a bluetooth dongle, is covered under the CMA. If you didn't buy it, and you don't have permission to use it (or could reasonably think you do have permission to use it), then it's an offence to use it.
If anything, we should be looking at reducing the length of copyright for written works (books and stuff) to match that for music.
Actually, Andrew Gowers (chairman of the copyright review) said that there is a solid economic case for reducing copyright - but that only political reality prevented his panel from recommending such an action. Traditionally, big copyright has represented reduction in copyright term as expropriating their income without due compensation. Perverse, I know, but there you go. We could just reduce copyright terms for future works, and see if artists create less. If they create at the same rate, it must mean that copyright was too long.
AFAIK the EU has ruled that length should be 70 years, so this should make UK almost unique in the Europe
I think you might be mistaking the authorial copyright (life + 70 years) versus the mechanical copyright (50 years from publication). In the case of music, the composer(s) are assigned the copyright, so that anyone covering the song must give royalties to the composer. The mechanical copyright extends only to the actual recording of a particular song. So, in a few years, the Beatles tracks will enter the public domain, but anyone wishing to re-record a Lennon-McCartney Beatles number will still need to render money to Paul McCartney (and I guess Yoko Ono).
The complaints from the record labels was that the mechanical copyright needs to be extended to 95 years. I think they're content to leave the authorial copyright where it is.
I don't think the UK is out of wack with the rest of the EU. We harmonised copyright terms in 1995 (which was a sodding disaster, since films moved from 50 years from first showing, to life of director/screenwriter/music composer + 70. Thus making film copyright essentially forever).
Slashdot Mirror
IIRC, that's been the case since the RIPA was first proposed. If the police come knocking and say "Give us the key", the burden of proof is on you to be able to show that you can't.
Nah - they first have to show what reasons they have to believe that you have the key. An old bit of ciphertext lying around which is months old would be childsplay for any competent lawyer to show that you couldn't remember the key.
Failure to give them the key can lead to 3 years in prison.
Two years. Five in the case of an terrorism related investigation.
There was also talk of a proposal whereby if you discuss the order to hand over the key with anyone, you can get 5 years in prison.
S.59 - tipping off offence. But they have to show that the course of the investigation would be compromised if you disclosed that your key was under police control. However, revoking your key is not a violation of S.59. (Just don't revoke it with the reason code of "The rozzers have my key").
1) You forgot the password. This happens. I deal with many password reset requests a year and this is for computer/e-mail accounts that people use on a regular basis. If these people can't remember that, I find it extremely reasonable to assume they'd forget the password to an encryption volume they don't often use. Well, if you can go to jail for refusing to disclose your key, then you can go to jail for being forgetful.
So what's the problem? If you can convince a jury that you've forgotten the passphrase, then you're off scot-free. You don't have to convince a judge - you need to convince a jury. This was an appeal to see if the original judge had made an error in law. Hence no jury.
2) A file that isn't yours. Your computer gets hacked, or someone you know uses it without your permission. Whatever the case, an encrypted file gets stuck on your computer that isn't yours. You can't had over the key, you don't know it. However there's no way to prove that so you go to jail.
No. You don't have to prove a damn thing. The prosecution has to prove that you do know the key. If there's reasonable doubt, then the charge can't stick. But if there's forensic evidence on the computer that the ciphertext and keyring were accessed when the computer was known to be in your possession, then that could establish such ownership.
3) Random data. Good crypto is nice and random. You can't distinguish it from other random or pseudo random noise. So you have a random file on your computer, or maybe just random data that there is a deleted file record for (as in there was a legit file there, it got deleted, it's space has now been overwritten by garbage). You can't prove it isn't encrypted data so you go to jail.
The prosecution needs to prove that it isn't random data.
Look - let's be clear here. If I see an S/MIME or OpenPGP email in someone's inbox, I'm not going to think "Well, it could just be random data". That's perverse. If someone said that a huge file on a disk is a One Time Pad, and showed software on the computer which makes use of the pad, then that's a reasonable excuse for not decrypting the data.
The folks in this case probably used PGP or the like. The "it could be random data" excuse just won't fly. They didn't want to produce documents because they were hidden, and the documents might convict them. That's not self-incrimination, it's refusal to obey a court order.
I have no doubt that if a safe deemed to contain likely evidence could not be opened without destroying the contents, then a court would order the keyholder to open the safe, or risk contempt proceedings upon refusal.
With things like this in place there is nothing preventing anybody (police/government or over-wise) from creating files of random data (which encrypted data is indecipherable from) that contain nothing, labeling them in alluring way, and as the defendant (whom the files were laid on) cannot come up with encryption keys, putting them in jail.
Forgive me, but how is this different from the police manufacturing any other sort of evidence? The courts still demand an untainted evidence trail, leading from seizure to production. Unless you're suggesting that the executive, judiciary and police forces are all in collusion to ignore standard jurisprudence?
In which case, why bother with courts and democracy at all, if we're already in such a corrupt state? You have to have some faith that the court processes are geared towards justice at some level.
It's not enough to produce a random blob of data - you have to produce ancillary evidence that this blob is an actual enciphered blob. How does the CPS/Procurator Fiscal do that? That's their problem - not the defendant's.
Now, this isn't enshrined wholly in RIPA - but that's why you can't read statute like code. It's not self contained or referentially complete. All sorts of other information go to make up the balance of judgment.
No. The enforcement of the Constitution lies within the power of the institutions it creates and over the territory that the United States control. And yes, that includes Guantanamo.
All people, citizens or not, are afforded constitutional protection within United States territory. Otherwise, do you think that the police should be able to torture a suspect, merely on the grounds that he is not a citizen?
If constitutional rights were merely artifacts of citizenship, then they would hardly be inalienable, would they?
Your point regarding China is irrelevant in this instance, since the discussion was around a US controlled territory (yes, not a US state, but still under US control).
Result:If you live in the UK and own any form of electronic storage you can be jailed at at time.
No - it's not quite that bad. Yet.
In order to secure a conviction under S.53, the prosecution has to show several things (beyond reasonable doubt):
1) That the blob of data on the disk really is an encrypted blob, and not just random data. A file called "entropy.rand" is likely to be viewed differently than one called "cipher.enc".
2) That the key to that data is in the possession of the suspect, ie. there's a PGP key in his keyring which corresponds to the one used to encrypt the ciphertext
3) That the suspect could reasonably be said to have access to the key. So, for instance, if the keyring had been accessed in the last two days, "I forgot it" is pretty unlikely to wash. If, on the other hand, it was accessed six months ago, a jury might well be inclined to believe such an excuse.
And the court order for the key is supposed to be based upon the notion that there is sufficient evidence that the ciphertext is likely to be of interest. So, a cleartext file saying "Jihad targets listed in file cipher.enc", then the coppers probably have reason to believe that file cipher.enc is a legit target. However, if the coppers came across a USB key in someone's car with an encrypted "My Pr0n" folder, then that would possibly be deemed irrelevant. In any case, plaintext production would be far more likely ordered than key handover.
It would be interesting to note - was plaintext production ordered first, or was key handover? The code of practice says plaintext comes first unless special circumstance obtain.
I still think RIPA is a foul piece of legislation, but I don't think it's the "Arbitrary Detention Act 2000".
As for popular reaction, why would the Brits react differently to the American reaction to Gitmo? As long as people think "But it'll never happen to me, just to bad people" then such intrusions on liberty will go on.
I agree that it's not the Armageddon Act. But it's still stupid and unnecessary legislation, done for grandstanding purposes than any demonstrated need.
What annoys me is that Gordon Brown introduced all of this with a statement that it all had to be done on the basis of consensus - ie, cross party support. Now, that's not a bad approach. See if a consensus can be built, but if it can't, then withdraw the idea. No harm, no foul.
But he didn't do that. He went for consensus, saw that it couldn't be got, and said "Fuck it. I'll show these civil liberty bedwetters what a real man does with terrorists. Or tourists, if they piss me off. This bill will be supported by Chuck Norris".
End result: a pile of steaming crap. And, since it shadows the Civil Contingencies Act, it ends up in practice to give the government no more powers than they already have under emergency legislation. What a waste of time.
Well said. Although I suspect that even an elected upper house would have thrown this turd of a bill out. The question is: will GB use the Parliament Act to override the Lords on this matter. I suspect not - it'll be held up in committee stage for six months or so, and the Lords for a good few months - so it'll be around election planning time by the time it resurfaces. Strongly suspect a "time has run out" excuse, with a promise to reintroduce it if they get re-elected, which is not very likely. But at least Brown has shown himself to be tough. And that's so much more important than piddling matters like governing the country well.
Everything about it is gesture politics. Given all the caveats that have been put in place to get the bill through, it's actually just a shadow of the Civil Contingencies Act (which is already law).
In other words, if a genuine emergency takes place (ie, multiple terrorist outrages), Parliament can be called to grant the police emergency holding power - enabling suspects to be held for up to 58 days.
So, what this bill does is grant a weaker set of powers to the government than it already has. But GB had to show that he wouldn't be soft on these terrorist chappies.
Pure political grandstanding. And you know what? I really can't figure out who it's designed to impress. Normally, it would be the right wing tabloid segment, but the Daily Wail will never support Brown in anything he does - short of his televised public suicide - and then they'd whine about it being on at family viewing times.
In terms of actually getting used, I suspect that this legislation - even were it to be passed - would sit on the statute books until they rot.
In which case, your point becomes "The police can break the law". Which, of course, is true - but lacks any sort of argumentative strength.
Wait a minute. Since when was reverse engineering illegal under the DMCA? Specifically, reverse engineering in order to promote interoperability.
It may well be that the DMCA produces such an effect - in which case this is an even more dreadful piece of legislation (just rename it the Competition Avoidance Act, and be done).
In the EU, the Software Directive explicitly allows reverse engineering for interoperability purposes (and any EULA conditions which stipulate otherwise are null and void).
It seems to me on first reading that the CoreAVC guys issued a DMCA without deciding that there was a prima facie case of infringement. If that is the case, then they should certainly face legal sanctions for perjury (doesn't a DMCA notice require that the declaration is made under penalty of perjury?).
It is telling that the CoreAVC boys also intend (and have always intended) to produce a version of their software under Linux, as BetaBoy said. So the motive for squashing something which could affect their marketing is clearly there.
That remains to be seen. If they had no reason to suspect infringement, then such defence is not honest.
--Ng
Given what I've seen in the dark places of the net, SP1 doesn't prevent the crack working. A recent MS update was also supposed to attack the OEM crack, but it also seems to have had no effect.
--Ng
Not really. The road has two sharp corners at each end of the village, which slow down cars just fine. Cars, bikes and pedestrians (just) get on fine. The trucks however, do not slow down - and the houses and walls beside the road bear testimony to that.
So I would say that the road is fine for certain types of traffic, but that the GPS nav systems need to be updated to recognise that just because a road is there doesn't mean that it's suitable for all uses. So - not a GPS problem per se: more a data interpretation issue.
PS: The Prince's Motto pub in Barrow Gurney is great, but the cider can get you into a hell of a state. Which makes the road difficult for another reason entirely...
--Ng
You can try, but it won't work!
The CoP is an official document. It's not just a "handy-dandy set of guidelines". There are similar CoPs for the Police and Criminal Evidence Act, and the Interception of Communications Act. They have legal standing.
If someone got dinged for failure to perform S.49 duties, and they could point to the fact that the notice was deficient as per the CoP, the courts would accept this as a defence (or, should they fail to do so, then the entire CoP would be rendered useless. And this would be terrible for the police, since it would open up the defence of "I don't know what an appropriate S.49 notice is. The Act doesn't specify. I'm not complying with this fake notice.")
You can't go reading Acts of Parliament as if they were code fragments. They fit into a whole range of previous Acts, constitutional settlements, Statutory Instruments and official codes of practise. RIPA, just like any other act, is not context free.
I know. I was and am a member of many. RIPA is a terrible piece of legislation - and there are still way too many holes in it. I would have preferred defences to be spelled out in the primary legislation - since that's as good for the prosecution as the defence. By leaving it to a CoP, it means that the prosecution services now have no clear statutory basis for issuance of notices (and will therefore be reluctant to issue them for fear of challenge); and the defence will certainly be able to delay production of plaintext (because of uncertainty) to the extent that any jury will believe the claim "Well, I probably did know the key at the time, but I've long since forgotten by now. But I couldn't have complied then because I didn't know if it was all kosher").
Note: I think this whole story is a pile of crap. No RIPA S.49 notice has been served. The IndyMedia article refers to the CPS (Crown Prosecution Service - the state prosecution service in England and Wales) issuing an "invitation" to release the key. Why would the CPS be investigating crime? That's the police's job. They investigate, forward a report to the CPS, who then decide whether to prosecute in the courts or not.
I don't believe it - and the reporter does himself no credit by scanning a few mailing lists, then cutting and pasting in Richard Clayton's responses from UKcrypto.
--Ng
Err...I'm aware of the fact that it's in the UK. So am I. And the home office site I referred to is HMG's Home Office. Sorry - you got it wrong here.
--Ng
Oh, come on! It's explicitly defined as a defence, in the text of the act. Section 53, subsections 2 and 4. And you don't have to prove you don't have the key - they must prove that you do - beyond reasonable doubt. (Originally they wanted balance of probabilities, but didn't get away with it).
--Ng
The shorter answer is no - the state must prove that there is encrypted information on the disk to which you have a functioning key. Having random data on a disk by itself is proof of nothing.
Not only that, but the prosecution must show beyond reasonable doubt that you were in possession of the appropriate key at the time you were served with a S.49 notice. (Section 10.3 of the RIPA Pt. III code of practice - available here). However, you must state at the time of receipt that you don't have the key. You can't come up with the excuse later.
It's a dreadful piece of legislation, but it's not quite as bad as "encryption == guilty".
--Ng
Fortunately for the US population and the rest of the planet, the USG does not conduct itself with the morality and restraint of a drunken redneck at a incest festival. And a US lawyer suing the US government for breach of its own laws is treason now? Does the US Constitution now count as "quaint", like former A-G Gonzales' opinion of the Geneva Conventions?
Look - withdraw from the WTO, if you don't like it. Withdraw from the UN if you don't like it. Remove yourself from every single international obligation and build up a 2 mile high wall around your territory. It's your tax money and your right to spend it how you will. We in the rest of the world cannot and will not stop you.
But don't sign up to a particular deal, accept a particular arbitration method, then squeal like a stuck pig that you shouldn't be held to the rules which apply to everyone else when things don't go your way. That's not exhibiting morality - that's the definition of treachery.
--Ng
That's not the entire story. The USA did supply the felt boots which kept the Soviet Army marching through the Russian winter in 1941, while the Germans froze. And it was Dodge trucks which kept troops moving to and from the slaughterfields.
Also, when you say "fought boys
It's no lie to say that the Russians did most of the dying in the European theatre of WW2, and that without that massive drain on German resources, victory in Europe would have been much, much harder; but to say that the US and British contribution was of little import is stretching it too far.
--Ng
Did the USA do this as well? I thought it was just the Brits. Oddly enough, the whole opium war was derived from restrictive trade practices from China. We (the Brits) wanted their tea, they would only accept silver as payment, so we sold opium to the population and would only accept silver as payment, that we then used to buy their tea.
Of course, then we just stole the tea and planted it in India anyway. I guess that would be an IP violation in today's world.
In the history of not-our-finest-hours, this episode was a real bitch.
--Ng
Now that's an interesting point. Since only the government of the USA can represent the states in international relations, it may well be that the USA has signed up for a treaty obligation for which it has not been granted specific power. In the old days where the gambling had to be physically located in a geographical location, this was easy to enforce. Now we have the situation where gambling crosses physical boundaries (falling within the purview of the federal government), but the power to regulate it remains with non-signatory bodies (the individual states).
Thus, could the states compel the USA to repudiate the treaty, if the USG acted outside its constitutionally limited power?
--Ng
And there, AC, is where you hit the nail on the head. The computing industry is doing exactly that. Not suddenly, but as a growing process of introducing virtualisation into the desktop. Grandma will never know that her desktop OS uses VM techniques, any more than she knows that it uses virtual memory, or kernel/user modes, or memory-mapped I/O.
All of the reasons I gave apply as well to the average user as to a
--Ng
Lots of reasons: fault isolation (e.g. jail() on steroids); compatibility isolation (e.g. while most of my system runs the newest version, I keep my old apps running in a VM with an older kernel); hardware interoperability isolation (e.g. this bit of hardware is only supported in Windows, but I stick an API translator on top so I can use it from Linux with a stripped down Windows installation); virtual appliances - so that I boot my laptop only to play my DVD or check my email [without a large kernel to support it], but I want to be able to use the same application when I'm in full OS mode, so I run the app in a VM; Reliable suspension of desktop OS and associated (virtualised) peripherals. A lot of these things can be done without virtualisation - but since its now a CPU supported system, why not use a hypervisor?
Virtualisation is a useful technology in many ways - it's just deployed in different ways from use case to use case.
--Ng
And to be fair, thats probably what's going to happen to this guy. The last guy to get nailed for this got a £500 fine. The CMA does have severe penalties (ie, jail time) but it's unlikely to the point of non-existent that it would be applied in these sorts of cases. If the guy was doing this persistently, he could end up with community service, but that's about it.
OK. You try parking across a main entrance way to a government building in your car. Let's see if you get away with something as trivial as a ticket!
--Ng
Correct. The standard that any court would use is the "reasonable person" one, ie, would a reasonable person conclude that the access was likely unauthorised, or could he reasonably have thought that it was a public network (which exist up and down the UK). If you're in a Starbucks, or whatever, and the SSID shows up as "STARBUCKS", as well as there being a "Wi-Fi Hotspot here" sign on the wall, any reasonable person would conclude that this was a public hotspot. Similarly, if (as seems to be the case here), the connection was made in a residential area, a reasonable person would not normally consider that available WiFi association == "Use my broadband".
The tricky bit comes in when you've got people who leave a Linksys in a pretty much vanilla state in what could be a public access area. Would a reasonable person conclude that access was prohibited? If there's reasonable doubt, then any jury should acquit. This is, after all, a criminal charge.
Any computer equipment, even so much as a bluetooth dongle, is covered under the CMA. If you didn't buy it, and you don't have permission to use it (or could reasonably think you do have permission to use it), then it's an offence to use it.
--Ng
Actually, Andrew Gowers (chairman of the copyright review) said that there is a solid economic case for reducing copyright - but that only political reality prevented his panel from recommending such an action. Traditionally, big copyright has represented reduction in copyright term as expropriating their income without due compensation. Perverse, I know, but there you go. We could just reduce copyright terms for future works, and see if artists create less. If they create at the same rate, it must mean that copyright was too long.
--Ng
I think you might be mistaking the authorial copyright (life + 70 years) versus the mechanical copyright (50 years from publication). In the case of music, the composer(s) are assigned the copyright, so that anyone covering the song must give royalties to the composer. The mechanical copyright extends only to the actual recording of a particular song. So, in a few years, the Beatles tracks will enter the public domain, but anyone wishing to re-record a Lennon-McCartney Beatles number will still need to render money to Paul McCartney (and I guess Yoko Ono).
The complaints from the record labels was that the mechanical copyright needs to be extended to 95 years. I think they're content to leave the authorial copyright where it is.
I don't think the UK is out of wack with the rest of the EU. We harmonised copyright terms in 1995 (which was a sodding disaster, since films moved from 50 years from first showing, to life of director/screenwriter/music composer + 70. Thus making film copyright essentially forever).
--Ng