Bastids

Score one for the police state.

What pisses me off is that there are people out there who literally *cannot* see the line between *reasonable* justice and "protecting pedos".

<sigh>

Pint 'cause i could use one right about now.

Colour you a hysteric

They need 17 notices to improve conviction rates? Name *any* crime (by regional force remember) where 17 conviction will not be a drop in the ocean.

Never let the facts get in the way of a hysterical rant eh? Your sentiments may be bang on - how about thinking of a less extreme way of presenting them - otherwise you are as bad as them.

Hard drive passwords

Hmm.. most if not all modern SATA and IDE drives let you set the password without which they won't boot.

Good luck trying to explain that a malicious boot sector virus set it...

Nice try

From useage stats it will be pretty clear if they're active or not. And always logging in on your mates name (who'll forever be glad you included him in your scheme) isn't gonna help, as he'll demonstrably be somewhere else at some of your login times.

Not much use

They'll have to find steganographic software on your computer first, etc. Don't go on inventing fears. Not that steganography is much use if you have more than a few thousand characters to hide; definitely not to hide your child pron archive.

Close...

TrueCrypt allows for plausible deniability by actually having 2 volumes encrypted with different keys in the same file - one starts at the start (the throwaway one), one starts at the end of the file (the secret one).

You can either use just one volume or two - and there's no way to determine if the second volume exists

When you enter a password, it tries to decrypt a header at the start of the file. If that fails, it tries to decrypt a header at the end of the file - so using a different password accesses a different volume.

You can also use BOTH password so that TrueCrypt is aware of both volumes - which allows it to be more careful about letting one volume overwrite the other.

That said, I use TrueCrypt to secure source code from work on my home machines - Simply as a precaution. I don't bother with a hidden volume. Of course, whether they'd believe me if it ever came to that is another matter - And of course, because I know how to do it must mean I've done it, right? Isn't that how the law works nowadays? It's like being able to undelete files - If you know how to do it, you can be arrested for deleted stuff.

@AC 15:08

Excellent points sir.

Could TrueCrypt have weaknesses? Yes, undoubtably. The possibilty of a seam is one; I can think of others. The forensics equipment used to examine hard drives is enormously sensitive. Could it detect that the data at the end of the primary volume has been written to far more regularly than would be expected if a hidden volume were not in use? But far the biggest weakness is simply incorrect usage. Without careful consideration, one could be leaving a trail of forensics all over the primary volume, or an unencypted one, all pointing to a volume that shouldn't exist.

I do know that its dev team take their work very seriously indeed. Being open source, there's also an active community able to pore over both the concepts and the implementation looking for just such pitfalls. IMHO, its certainly the best option yet available.

For RIPA, I would be amazed if there wasn't some element of 'reasonable grounds' necessary before a conviction could be obtained. Most UK laws, especially criminal ones, have such terms either embedded in the wording, or subsequently inferred by judges under statutory interpretation.

I suspect the only way that we'll know for sure is through a test case, specifically on PD. I'd expect massive coverage and numerous appeals before the final outcome would be reached. Whichever side wins, all that would be achieved would be an escalation in the arms race. If the prosecution won, expect the relevant exploit to be rapidly patched by the TrueCrypt team. If the defence won, expect new legislation criminalising the mere ownership of any PD capable software. Neither would settle the matter for long.

tl;dr - TrueCrypt could have weaknesses, RIPA is not carte blanche to jail those genuinely unable to decrypt any suspicious-looking file. Only a test case will answer the current questions.

PGP still rules, too

They haven't cracked PGP after all these years.

Thanks, Phil Zimmerman.

RE: Not Quite

An aquaintance that may work for a government might have inferred that the reason the CIA et al have been able to find and launch Predator strikes against AQ leaders in Iraq and Pakistan may have alledgedly been because AQ were relying on the security of encryption products often touted as "never having been broken". Alledgedly, of course, in a purely hypothetical discussion, etc, etc, etc (no black helicopters needed, thanks, Mr NSA). Just to remind you all of the consquences of falling for security hype, just go ask your Wifi LAN admin why he's not using WEP anymore, another supposedly "unbreakable" solution.....

Either way, the Police get two years to work on your encrypted drive whilst you try not bending over in the showers, and then they simply ask you again and send you back for another two years if you decline. And you end up with a criminal record and the inference you are either an animal rights nutter, kiddie fiddler or terrorist even if they do decide to let you back into society at some point, none of which bodes well for future employment or a happy family life.

RIPA trumps *everything*

including any concept of legal privilege.

The was a case which went to the House of Lords recently where a solicitor was forced to divulge client information under RIPA. The HoL stated that the law specifically provided for these communications to be covered by RIPA.

Right to a fair trial

Without client-lawyer privilege there is no right to fair trial. It's always been the case that a few more people who belong in jail would be jailed if a lawyer's records aren't privileged information, but police have never had access to this information because it would undermine the whole criminal justice system.

I hope they take the case to the European Court of Human Rights because that is a fucking terrible precedent.

I agree

and so did a lawyer on the uk.legal forum back in December when I posted this there. Initially he didn't believe me, but then went and checked:

TIMES 12/3/2009 pp65 (Law Report)

STATUTE OVERRIDES LEGAL PROFESSIONAL PRIVILEGE

House of Lords

McE v Prison Service of Northern Ireland and Another

C and C v Chief Constable of the Police Service of Northern Ireland

M v Same

Moralists should be shot.

"For now, the moral panic knows no bounds - not even those of it's own laws."

Well put.

Modern version on inquisition and witch hunt where the accused is either guilty (for something) or guilty (for something else). There are no other options.

These moralists should be shot as a dangerous lunatics and everybody who support them put into jail as a danger to society. Much graver danger than the accused ever was.