Two people have been successfully prosecuted for refusing to provide authorities with their encryption keys, resulting in landmark convictions that may have carried jail sentences of up to five years. The government said today it does not know their fate. The power to force people to unscramble their data was granted to …
What's encrypted data
I think people here are missing the point. The issue isn't around passwords and hidden partitions etc.etc. The issue here is how you identify encrypted data. The police can hardly charge you with failure to supply a password (or whatever) unless they can prove the file/partition whatever is encrypted. So, the question to then ask is; what's a foolproof way of proving a file etc. is encrypted?
Of course, there is no answer to this. A broken file system could be unreadable, but that doesn't mean it's encrypted. Data in a file doesn't have to be readable and doesn't have to be random to be perfectly reasonable unencrypted data. For instance, some data for statistical analysis might well look reasonably random and might not contain readable text, but that doesn't mean it's encrypted.
So, how do the police prove something is encrypted in court? File extensions prove nothing etc.etc. There is no way of proving 'beyond a reasonable doubt' that something is encrypted and that is the level of proof required in a criminal case, so basically, the only way they can charge you is if you drop yourself in it!! Otherwise, any computer expert should be able to take them apart in court. Simply saying the balance of probabilities suggests its encrypted data is not good enough as this is a criminal case.......
Re:My encrypted data self-destructs...
and after all that shit you're not keeping anything illegal in it? WTF is the point in that?
Ayn Rand summed up the UK's current Criminal Justice System beautifully when she wrote
"Dr. Ferris smiled. . . . . ."We've waited a long time to get something on you. You honest men are such a problem and such a headache. But we knew you'd slip sooner or later - and this is just what we wanted."
"You seem to be pleased about it."
"Don't I have good reason to be?"
"But, after all, I did break one of your laws."
"Well, what do you think they're for?"
Dr. Ferris did not notice the sudden look on Rearden's face, the look of a man hit by the first vision of that which he had sought to see. Dr. Ferris was past the stage of seeing; he was intent upon delivering the last blows to an animal caught in a trap.
"Did you really think that we want those laws to be observed?" said Dr. Ferris. "We want them broken. You'd better get it straight that it's not a bunch of boy scouts you're up against - then you'll know that this is not the age for beautiful gestures. We're after power and we mean it. You fellows were pikers, but we know the real trick, and you'd better get wise to it. There's no way to rule innocent men. The only power any government has is the power to crack down on criminals. Well, when there aren't enough criminals, one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws. Who wants a nation of law-abiding citizens? What's there in that for anyone? But just pass the kind of laws that can neither be observed nor enforced nor objectively interpreted - and you create a nation of law-breakers - and then you cash in on guilt. Now, that's the system, Mr. Rearden, that's the game, and once you understand it, you'll be much easier to deal with."
Create a three disk RAID5 unit and if they come looking just shuffle the disks. The system will sh*t itself and probably format the drives then you can probably claim plod f****d up your machine.
AC for obvious reasons
Re: Plausable deniability & TrueCrypt
There are flaws even with the likes of TrueCrypt. If someone has access to the PC over time (constantly or with periodic snapshots) they can snoop on changes and infer there is something there. Not to mention they can grab the unencrypted data before it gets to the encrypted partition. The easiest way to convict people is to intercept the data before it's encrypted rather than go through costly forensics on an already encrypted system.
With TrueCrypt it's also almost a guarantee you have a hidden inner partition even if they can't technically detect it, as that's why people use TrueCrypt. It is possible to detect the outer partition. If it's a file it's fairly easy and if it's an actual partition it's an obvious giveaway as why would you leave a chunk of your disc empty but which has random data in it?
Another giveaway is if you give the password for the outer partition with fake files, they can easily spot it hasn't been updated regularly and suspect there must be more to it.
Forensics can go a step further and detect physically where recent changes have been made on the disc in areas that should be empty.
Re:My encrypted data self-destructs... #
By Mark 65 Posted Wednesday 12th August 2009 10:34 GMT
and after all that shit you're not keeping anything illegal in it? WTF is the point in that?
It only BECOMES illegal when used for blackmail purposes?
Fundamentally flawed police state law...
Every computer has many thousands of OS and application data files stored in whatever format these programs wish to use. A lot of them are obscure to all but the programmers on that team.
So what if the police state decides to choose one of these obscure files and asks for it to be decrypted? ... A defense of I don't know means you are sunk. You can't say you've never seen it before and you cannot open it as you have no idea about what it is. Its also extremely unlikely even expert witnesses could identify all the files. No programmer could, let alone non-technical people who wouldn't have a clue. But even programmers couldn't protect against it completely as all programmers can create data files other programmers cannot identify what they are and what is encoded within them. So a truly innocent file can be implied to be illegal simply because its obscure and that is all that is needed to lock people up these days!.
So this law is now the perfect tool to not only silence anyone you want to choose to use the law against, (to get them locked up) plus as a bonus you also get to discredit their character by implying they are doing wrong. Great way to run a police state. It would be the perfect tool to use against political opponents, or better yet simply use it against political protesters, say protesters against the growing and rampant state corruption. Pick them up, search their computer, lock them up for a few months or even years and when they are released its too late for them to help stand against the growing corruption. Doesn't even matter if they appeal and win, all that happens is they get a very small amount of state money but the real goal was to silence them during the protests, so its money well spent. Anyway tax payers pay for locking them up and pay for the appeal payouts. So its a win win move for a police state.
As for “the government's Chief Surveillance Commissioner, ” ... WTF!?!
So yet again, another day and another way our ever growing police state tightens its grip once more around all our necks. Now all unknown files can be uses against us. Oh great. How many more legal and political tools do they need to run a repressive regime? Surely they have enough already, but then with greedy control freak people who seek power over others, sadly history shows no amount of power is enough for them, as they always want more because more means more personal gain from having such growing power over everyone else.
Even more worryingly, the more the greedy power seekers clamp down on all of us, the more they create a pressure for change away from their control, but I fear this won't end once the Conservatives wipe out NuLabour at the next election. The Conservatives are very likely to just keep using what NuLabour have created and just blame Labour for the mess. In one core regard, everyone in politics (regardless of which party they are in) is at their core, the same kind of person. They all seek power over other people. Thats why they go into politics. So as they are all power seekers then they all seek the personal gain they get from having such power over us all. So this decent into a police state isn't going to stop. The better technology gets the worse they will get. They will just build on what they already have from NuLabour. All MPs seek power over others and new technology is given them ways to gain ever more power their predecessors could never have ever dreamed possible. There needs to be a line they cannot cross but they don't want to listen.
The more they fail to listen the more this is coming down to a US vs THEM situation where its everyone in the UK against the minority of greedy control freaks who seek to rule over us all, ultimately for their own gain. Computers, the Internet, even all of technology in general are just pawns in their battle for ever more power and the more they clamp down on our lives the more they heat up that battle and the growing anger against them. So every day now I fear we are taking another step towards what was once unthinkable in the UK, a full scale revolution against the ever more corrupt and greedy political elite. The way its going it looks ever more likely the public anger against the expenses claims was just the first round of this coming battle.
“Alas, that these evil days should be mine.“ :(
You have the right to remain silent so as to not self-incriminate*.
Or do you???
* It may harm your defense if you later rely on something in court that you failed to mention now.
>I don't know what the hell a "squat team" is
Hahahaaa... thanks, even now it still took me a while to figure out what was wrong with my comment.
@Anonymous Coward -16:23 GMT
"In any case, if the justification for the stupid law is child porn, then that's a stupid justification because perverts looking at pictures, however disgusting you or I might find them, is a victimless activity and shouldn't be a crime."
I understand the sentiment behind this, while not agreeing with it 100%. I don't get why this is good for 1-2 years, whereas raping someone and pouring caustic soda on her's good for 4. Why 6 people pinning down some chap and smashing a bottle over his head gets 150 hours community service. I could cite dozens more examples, of course.
My personal opinion is that this is simply the powers that be venting their frustration at the lack of results in shutting down CP sites. It really is pathetic. An IP address is traceable for God's sake! You'd think that a known location, where the punters go to get their 'stuff' would be easy to target. You'd think that even at the international level the government would be able to exert some pressure. Jeez, we start enough wars for less don't we?
@right to silence - self incrimination unlawful under EU law
Minor nit-pick, but the European Convention on Human Rights is nothing to do with the EU. It was enacted in 1948 under the aegis of the Council of Europe, before the EU or its predecessor the EEC existed, and it applies to all the Council of Europe countries, which is much larger than the EU.
A quick look at Wikipedia suggests that it does not give the right not to self-incriminate, but even as a non-lawyer I'd've thought that the reversal of the burden of proof must surely be contrary to Article 6, section 2:
"Everyone charged with a criminal offence shall be presumed innocent until proved guilty according to law."
I'm surprised that neither of the persons convicted have appealed to the European Court of Human Rights on this ground.
The problem with your floors in Truecrypt is that time travel isn't as easy as it used to be (or as it will used to be once it's been invented in the past). </facetiousness>. Requiring cops to get the files before they're encrypted rather defeats the object of the discussion.
Also, stating that monitoring the tc file over time allows you to see which bits have changed and which bits haven't is meaningless. It only allows you to say "I think there's something there otherwise their behaviour is a bit weird". It doesn't let you prove anything.
T600 as the time travel that's undergone doesn't fit either ;)
technology changes the balance. get over it.
you can't wax nostalgic for some dust covered 'due process' when criminality is so well armed.
Encryption keys same as physical keys?
"If there is reasonable suspicion of crime and its gone through the legal process, of course they should, same as they would their house keys, safe keys or shed keys......"
I'm not aware there is a law requiring you to surrender house keys, shed keys or even safe keys. Nor is it generally illegal to destroy or hide incriminating evidence. If I shoot someone I won't get into further trouble by wiping my prints off the gun, or for refusing to tell the police where I have hidden it.
It's a basic principle of natural justice that you shouldn't be required to incriminate yourself. It's true that businesses are required to maintain and make available certain records. But this is required whether or not they are under investigation. And individuals have more rights to privacy than public corporations..
You are not allowed to impede police investigations but you are not required to assist them either. Except for RIPA, it seems...
Not just kids
"You see, if a pervert has PHOTOS of kids having sex with each other, then to take those photos somebody had to, you know, actually force some real kids to have sex with each other. Not exactly victimless, eh?"
Bear in mind the definition of "kids" in this case is anyone under 18. If you think 14-17 year olds need any external persuasion to have sex with each other, then you're clearly not living in the real world - and some of them will record it, and some of those will even distribute the video publicly, again without any external coercion.
You are Mr Mandelson and I claim my £5...
I'm not an expert on law in the U.K., but in the U.S. (who's legal traditions closely mirror the U.K.'s) you're under no obligation to provide evidence -- it's up the the government thugs to make use of what they steal & if they can't use it -- well too bad for them.
With that said, my pedestrian understanding of U.K. legal traditions posits that the the same is suppossed to hold true there, so the law mentioned in the ariticle about requiring someone to decrypt their stuff for "Authorities" sounds like it is null and void and needs to be challenged in your legal system, because it is in direct conflict with the U.K.'s legal traditions (which your ancestors fought and died for, just as the U.S. Founders fought and died for similar ideologies).
Illegal to conceal incriminating evidence
"Nor is it generally illegal to destroy or hide incriminating evidence. If I shoot someone I won't get into further trouble by wiping my prints off the gun, or for refusing to tell the police where I have hidden it"
Well it seems now that it's "perverting the course of justice" if you attempt to hide evidence of your crime: http://uk.news.yahoo.com/5/20090814/tuk-bbc-presenter-sacked-after-attack-on-45dbed5.html
"The 40-year-old was also found guilty of perverting the course of justice by throwing the pole into a neighbouring garden centre in an attempt to conceal it from police."
How long until we have a system with two keys? A real one and the one you tell No. 10 - which decodes as "Pat-a-cake, pat-a-cake, baker's man"?
What if some US government contractor goes to another country already pizzed off at this type of intrusion and they're ordered to hand over their keys?
Do you think the US Gov would stand for that?
Hell, I've been in line in Brazil where they turned the US mindfcuk tricks back on them. Hah, fifty people in my group, the only two that got picked on was the two US Passport holders. Their comment? "You can't do that to me, I'm an American." Yeah, you and everyone else pal.
2 years in jail seems draconian for what amount to refusing to cooperate with search and seizure. If you refuse to hand over the keys to your safe they just get a safe cracker in and charge you with obstruction. The same if you put your hard disk in a safe deposit box and refuse to tell them where it is. The charge you with obstruction and go find the box themselves.
This sounds like one of those nasty little laws designed to find reasons to hold people for longer or to trump up charges. They don't have the evidence to hold or charge you with the crime that they're accusing you of, so they find other charges to hold you on. This is the equivalent of charging somebody with loitering because you've waited all day and haven't seen them do a drugs deal.
@ "Domestic extremism"
You owe my client a new keyboard =)
- Review This is why we CAN have nice things: Samsung Galaxy Alpha
- Hey, YouTube lovers! How about you pay us, we start paying for STUFF? - Google
- MEN: For pity's sake SLEEP with LOTS of WOMEN - and avoid Prostate Cancer
- Vid BONFIRE of the MEGA-BUCKS: $200m+ BURNED in SECONDS in Antares launch blast
- Tim Cook: The classic iPod HAD to DIE, and this is WHY