... here in freedom loving UK you can be locked up simply for not handing over your passwords when demanded...
An Australian man who set up an elaborate network of hidden cameras to spy on his flatmates has escaped jail time after police were unable to crack the encryption scheme protecting his computer. When police raided the residence of Rohan James Wyllie, they found found a series of peepholes drilled into the walls and doors of …
... here in freedom loving UK you can be locked up simply for not handing over your passwords when demanded...
...not just for refusing to hand over the password - you also go to jail for even telling folks that the police have requested a password from you.
Seriously? Or is that a joke? If it's serious, I'd like to see a reference. That's one of those things you'll tell people that they refuse to believe - though a large number of english laws seem to be falling into that category lately...
"On Monday, Part III of the Regulation of Investigatory Powers Act 2000 (RIPA) came into effect. Under Section 49 of RIPA Part III, police can serve a notice that requires encrypted data to be "put into an intelligible form" or, in other words, decrypted.
Failure to comply with a Section 49 notice can result in a two-year jail sentence, and failure to hand over an encryption key to the police can result in a five-year sentence."
....man, that movie haunted me for YEARS
It's true, though I suspect it is more of a comfort law (makes legislators feel better about themselves) than useful for its original intent, which was to stop terrorism. See http://security.homeoffice.gov.uk/ripa/encryption/faqs/
The law is, I think, a response to those ticking-bomb scenarios. So, there's a bomb on a bus someplace, and MI5 have the guy, but wait! - somehow they know that his laptop has the map, but it's all encrypted! We'll force him to give us the password. This might work for a typical citizen but terrorists aren't going to be persuaded by the threat of 2 years in the clink vs. pulling off their mission, meeting the 72 virgins (or is it raisins? Either way, it always seemed pervy to me) and so on.
I call bullshit. How the frak do you know for a fact that the crypto spared him? That encrypted file might be embarrasing christmas photos of the guy dancing nakid and making secret love with a table. The only thing you know legally, is what he's admitted.
The police should have given the files to McGee from NCIS. That guy can decrypt anything in three seconds flat just by mashing his keyboard randomly.
"That guy can decrypt anything in three seconds flat just by mashing his keyboard randomly."
That's how I generated my encryption password so it stands to reason that he could generate the decryption password using exactly the same method. Makes me wonder why I bothered .......
yes, but if two of them type on the keyboard at the same time, it only takes 1.5 seconds
just give the laptop to Gary McKinnon...
... used a TrueCrypt Decoy Partition.
Encrypted file? What encrypted file?
Eric Beal of NCIS:LA uses a hacked Bot-Net to break a laptop encryption. Much more devious.
Well, technically, the legal system can't FORCE anybody to hand over their passwords. Well, not without torturing them anyway. So, in the UK, we're safe. If we get branded a criminal for not divulging our password, we'll get treated a hell of a lot better than the hapless victim!
Of course, in some areas of the world law enforcement regimes wouldn't think twice about sitting you in a bamboo field for an afternoon (boy, that stuff grows quick!!).
According to the RIPA, forgetting your encryption password can now get you 2 years in the slammer. The assumption is that you are guilty until proven innocent by remembering your password and being able to prove that the data on your disk wasn't criminal. I don't know how long we'll have to put up with this travesty of a law before whichever of a jury or the ECHR or our new supreme court throws it out first by refusing to convict despite clear evidence of failure to provide a key on demand.
It won't prevent me from creating plenty of encryption passwords which I promptly forget. Why should I have to remember them all if I only need to use a key once, e.g. to send a single file containing malware to a responsible party for analysis securely ?
This is one law I'm going to ignore because it deserves an appropriate level of respect, i.e. none whatsoever.
Totally agree, failing anything else, doing a constant ls -l command is always the best way to break unix password files. Jeez dont the police watch movies?
Back in my student days in the 80s, a mate and his girlfriend had a bedsit where they shared a common bathroom with about 5 other bedsits. We were round there late one night smoking (but naturally not inhaling) when the GF came back from the toilet looking rather pale. "There's a bloke in the bathroom cupboard" she said. Boyfriend legged it to the toilet to find the cupboard door open, but no bloke. There was however a hole drilled in the hardboard cupboard wall, pointing right at the toilet.
Turns out she was sitting on the bog, heard a scraping noise, and the cupboard door swung open to reveal a guy squatting in the rather cramped space. This is 2am, but unbelievable as it seems now, he muttered something about "plumbing", at which point she made a hasty and undignified exit. He must've sat in there for an age just waiting for someone to come in; if it was women he wanted to see, he really would have been in there as I think she was the only one in the building.
She recognised him as from one of the rooms on the lower floor. His door was duly knocked, but he'd evidently decided to go for an expedient walk. We were very averse to the Filth at the time, so she didn't call them and that was kind of that - except she now checked the cupboard every time she had a bath or a crap and dried her smalls in her room.
He did however get his desserts in the end. His room was in the front of the house and had a large window with no net curtains. He evidently decided to have a mid afternoon wank while sitting on the floor, in clear view of a flat in the house opposite - which just happened to be tenanted by two female coppers. It may have been pre sex offenders register, but the local rag ran it's own line in "name and shame" when reporting local court cases with seriously cheesy headlines. In this case, something like: "Flasher exposed by WPCs given suspended sentence".
Ermm nice try at justifying it but no. When RIPA was first dreamed up the only "terrorists" the UK was facing were the remnants of the IRA - Continuity/Real - who knew better than to put things on disk.
RIPA had NOTHING to do with terrorism. It was simply that back then it appeared there was no possibility of breaking some codes within the "suspect's" lifetime. I suspect that GCHQ now know better but back in the mid-1990s there was more than a little panic down Chelteham way....
Its worth pointing out that the sentences mentioned are more like contempt of court sentences than "normal" criminal sentences. ie - you get banged up for refusing to disclose password then you get released, rinse and repeat until you act like a good little citizen.
Neither set of scum (tory or nulab) can claim any credit or avoid any blame for RIPA because the legislation started life under the last tory govt.
"It may have been pre sex offenders register, but the local rag ran it's own line in "name and shame" when reporting local court cases with seriously cheesy headlines. In this case, something like: "Flasher exposed by WPCs given suspended sentence"."
While the guy no doubt got what he deserved, isn't this part a little disturbing?
He is in his own house and is being spied on by 2 women, and HE gets arrested?
So if he was looking through the window at the WPC playing with herself, then she would have been arrested would she?
No, you have to hand over the decrypted versions, not the keys themselves.
True crypt hidden volumes for the win !
... It's simply a file/partition/drive that I secure wiped using random data.
Note to moderator - Previous comment had incomplete URL sp please discard it, this one's good
Why not just give the hard drive to an infinate number of monkeys for an infinate amount of time? At the end of it you'll get the decrypted hard drive, plus some nice new Sonnets by William Shakespear.
Won't an inspection of the PC will likely show references to the hidden volume or pointers to the data it contains? Than it's hidden no longer. Same goes for hiding data in jpegs and so on.
Excellent comment earlier about NCIS guy "mashing the keyboard randomly".
I wonder how many people have files on their computer that they don't know the passwords to - I know I have a few myself, stuff from years and years ago (mostly work backups).
Kind of worrying that the establishment set up to protect people can be used to punish them for not keeping records of every detail of their lives.
***"It was simply that back then it appeared there was no possibility of breaking some codes within the "suspect's" lifetime."***
Whereas today it would take longer than the age of the universe to brute-force "some codes"
"call bullshit. How the frak do you know for a fact that the crypto spared him? That encrypted file might be embarrasing christmas photos of the guy dancing nakid and making secret love with a table. The only thing you know legally, is what he's admitted."
come on.... I'm sure they found the camera equipment, even though it wasn't set up. with wires in place and holes in the walls - YOU ARE CAUGHT!!!.
If it was anything OTHER than incriminating evidence I'm sure he could have decrypted and shown it to the judge to prove his innocence, embarrassing or not, its better than what you are being accused of.
Now that the legal system has failed on the fathers of these two young ladies to teach this guy a lesson. - teach him what real paranoia is.
I understand there may be circumstances, and had i sat in the courtroom I may come to a different conclusion, but based on the evidence presented in this article, I would have locked up the guy as a sex offender and given him at least 5 years.
"I would have locked up the guy as a sex offender and given him at least 5 years."
Then it's a good thing morons like you are emptying bins rather than judging people, isn't it?
Five years for spying on people? You get less than that for manslaughter in most cases. Also, you must have a dirty mind if you automatically assume this is sexual.
Failed the fathers of these two young ladies? I get it: you're a parody, not a real person, right?
In the US at least Ollie North showed the effectiveness of the phrase: "I have no recollection of that".
How about in the UK? What happens if you try to give them the password and honestly don't remember it? Or don't know it?
So they appear now. I'm old enough to remember the astonishment that greeted the EFFs custom gate array "DES cracker" - mainly because of how little it cost.
I'm not sure you'd find anyone in the crypto community who'd stake their future liberty on a current algorithm. I certainly wouldn't - I can look back at 30 years of computing "brute force" advances which seem all too obvious now. Hindsight is wonderful eh? In another 30 years there could be (probably will be in govt labs) quantum machines and that changes ALL the rules. Or not. Who knows....
I've got old documents on a cd that I haven't had access to in around 10 years due to not realising my backup was encrypted. I hold on to that cd for the day when I can decrypt it.
I tell this story in case the police ever find it and demand to know whats on it. I'll use this AC post as evidence if it goes to court...
The mad young fool. Next time use wireless Cam's and spread the story about someone breaking into the building to snoop. There is after all a whole army of public officals in the UK who can do that legally.
Then store the results on encrypted WO disks (Write Only).