...and if he puts in a counter motion asking for all the NCA's passwords?
Lauri Love backdoor forced-decryption case goes to court in UK
Alleged hacktivist Lauri Love appeared in a London court on Tuesday in a case that could establish new powers for UK police to compel criminal suspects into handing over encryption keys. Love, 31, faces potential extradition to the US over his alleged involvement in #OpLastResort – the online protests that followed the …
COMMENTS
-
-
-
Wednesday 13th April 2016 17:06 GMT Preston Munchensonton
Re: Don't know about UK law
But US legal rulings have been clear for years - trying to compel passwords is like trying to compel the combination to a lock, and that has been considered a violation of the 5th Amendment of the US Constitution for more than a century.
How fortunate for the NCA that Mr. Love is being tried in Blighty and not the colonies.
-
Wednesday 13th April 2016 17:31 GMT Eddy Ito
Re: Don't know about UK law
The question, should they succeed, will be whether any evidence found can then be used by the US court if he is extradited for trial over here.
Given this is a civil case I can't imagine any reason why he should be compelled to hand over a password to his property. It's a bit like they impounded his car and in order for him to get it back he has to give them the keys so they can go on a joy ride first.
-
-
Wednesday 13th April 2016 19:30 GMT Anonymous Coward
Re: Don't know about UK law
> "...trying to compel passwords is like trying to compel the combination to a lock, and that has been considered a violation of the 5th Amendment of the US Constitution for more than a century."
A physical lock may be simply and quickly broken open, so it costs government and the courts nothing to protect combinations to said locks. Not so with encryption, where the government has no physical recourse to obtaining entry.
-
-
Thursday 14th April 2016 09:06 GMT Anonymous Coward
Re: Don't know about UK law
In the UK there's a law that can send you to prison for not revealing your passwords when compelled to do so. I seem to recall it being used in an animal liberation thingy a few years back?
That's the bit that confuses me a bit - what you're talking about is in criminal law, but for some reason this is a civil process where such does not apply.
-
Thursday 14th April 2016 10:28 GMT Anonymous Coward
Re: Don't know about UK law
This seems to be the NCA response to Love's civil action to get his computers returned. This may or may not be anything to do with the extradition request .. which would presumably be a criminal case.
The NCA have already returned some of Love's equipment. They didn't return other items on the grounds that they contained encrypted files. It looks to me that Love can either give up the key, and presumably once files are examined get the equipment back, or not allowing the NCA to keep the equipment.
The statement “There is a concern that the NCA is seeking in this application to access Mr Love's data by the back door rather than by the route sanctioned by parliament in Ripa,” by Love's brief is probably an attempt to conflate this case with the extradition request.
-
Thursday 14th April 2016 15:56 GMT Not That Andrew
Re: Don't know about UK law
They are not conflating it with the extradition request. This is an attempt by the UK government to expand it's ability to infringe on the privacy and right of it's citizen beyond even the overly generous boundaries provided by RIPA. Whether or not any evidence gained is admissible in the US is irrelevant.
-
-
-
-
Wednesday 13th April 2016 20:32 GMT Anonymous Coward
Re Big John: Don't know about UK law
Irrelevant. The issue is that in the US, the courts cannot compel you to give evidence against yourself. That is the crux of the 5th Amendment to the US Constitution. They are completely entitled to try to get the evidence another way.
“17. Azl Jan 26, 2012 4:34 PM CST” at the American Bar Association said it best:
http://www.abajournal.com/news/article/judge_orders_mortgage_fraud_defendant_to_reveal_encrypted_contents_of_lapto/
“Unlike files in a safe, the contents of an encrypted drive are entirely visible, just not understandable. A seized hard drive can have its contents examined right down the 1’s and 0’s of each bit, regardless of encryption.
Thus, turning over the password does not hand them new information, like papers out of safe. Instead, it interprets the data they already have, but do not understand.
It is precisely testifying against one’s self. It is the act of taking data the prosecution already has but does not understand and interpreting it for them so that they may use it against you.
A better analogy would be a diary written in code. The government, which already HAS the diary, can see its contents clearly, but without your cooperation, cannot understand it.
They are free to try and crack the diary code on their own [as they are free to try and brute-force your encryption] but to compel you to interpret it for them - to supply the meaning - is precisely the act of testifying against yourself. ”
-
Thursday 14th April 2016 12:33 GMT I am the liquor
Re: Don't know about UK law
"A physical lock may be simply and quickly broken open, so it costs government and the courts nothing to protect combinations to said locks. Not so with encryption, where the government has no physical recourse to obtaining entry."
So it's fine for people to have rights, just as long as it doesn't incovenience the authorities?
-
-
-
-
Wednesday 13th April 2016 16:19 GMT Anonymous Blowhard
"The NCA claimed officers saw evidence of hacking on Love’s computer screen at the time of his original arrest."
So they've got all the evidence they need then? Unless, of course, this eye-witness evidence turns out to be less-than-concrete under cross examination in court.
Sounds like the on screen "evidence" is just an excuse for getting access to the computers in the hope of finding actual evidence of a crime; but because the UK doesn't have a "fruit of the poisoned tree" law for illegally obtained evidence, they can use any old "honest guv', I saw him do XYZ" to justify fishing trips like this.
-
-
Wednesday 13th April 2016 17:15 GMT nsld
Sounds fishy to me
So unless the plod doing the raid had the prerequite skills and knowledge to quickly understand what they were looking at this seems very dodgy.
RIPA is fairly simple if they can see they need a password they can compel it.
I suspect they got confused with a Matrix screensaver
-
-
-
Thursday 14th April 2016 08:32 GMT Sir Runcible Spoon
Sir
Well, I don't think he is actually accused of a crime in the UK, it's the US that's doing the prosecution.
The US knows it can't compel the passwords out of him, and the UK has been asked to do it for them -but the UK doesn't have a legal way to do it, so they are trying to bully him into giving the passwords over.
I might be wrong, but it sounds about right :)
-
-
-
Wednesday 13th April 2016 16:56 GMT Sir Sham Cad
Re: I have forgotten
Unfortunately that's not how RIPA2000 works. You'd need to prove that you've forgotten. You'd need to prove that you do not have something that does not exist in a physical form.
The nearest I can find in the Act section 49 is this:
"2)If any person with the appropriate permission under Schedule 2 believes, on reasonable grounds—
(a)that a key to the protected information is in the possession of any person,"
I.E. if the rozzers think you can remember it you'd need to prove in court that you didn't. Good luck with that.
-
Wednesday 13th April 2016 17:31 GMT Adam 52
Re: I have forgotten
"believes, on reasonable grounds"
This phrase has a very specific legal meaning. For it to apply there must be a logically consistent reasoning leading to a high probability that the information is in the person's posession.
It can be challenged on that basis. See Court of Appeal decision from 2013.
-
-
Thursday 14th April 2016 04:53 GMT Anonymous Coward
Well Duh!
Any half decent hacker will probably have their system setup with two accounts.
One that is ok and the other that does an auto hard erase of everything on the computer (or triggers a self destruct explosion like Mission Impossible)
so he uses the second one and bingo, there is no data to see.
-
Sunday 17th April 2016 10:02 GMT YetAnotherLocksmith
*Simples then.... give him the PC back. If he logs into it, they own him. If he doesn't, than he probably did forget it.*
After it has had whatever they've secretly done to them done? Plug it in, get password wrong a few times, then go smash them with a hammer. Then burn them.
(Maybe scan with a microscope and publish photos of very subtle electronic tampering before you do?)
-
Thursday 14th April 2016 10:46 GMT phuzz
From TFA:
Earlier attempts to obtain data from computers seized by using section 49 of the Regulation of Investigatory Powers Act to compel Love to hand over encryption keys and passwords had failed after Love refused and the NCA seemingly backed off. The section 49 order expired without further consequences to Love.
They demanded his passwords under the law. He refused the hand them over. The government did nothing, even though presumably they could have prosecuted him.
-
-
-
-
-
Wednesday 13th April 2016 20:32 GMT Captain DaFt
Re: Question
So to prove you're not a criminal, you'd be happy with 24/7 camera surveillance in your home/car/office? After all, if you've nothing to hide...
But aside from that, they want to find something to incriminate him, or at least cast the shadow of suspicion.
So no matter how innocent it is, if they can find something to cast doubt, they will.
Cardinal Richelieu - If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.
-
-
-
Wednesday 13th April 2016 22:49 GMT Curtis
Re: Question
Because in the US, you're innocent until proven guilty. Therefore, if they are unable to prove a likelihood of guilt with the evidence, then the extradition should not take place.
This is actually much more sinister. In the US, a suspect cannot be required to provide a password. In the UK, they can. They're using the UK to get the password to then use it as part of the US case.
-
-
-
Wednesday 13th April 2016 19:22 GMT hellwig
Re: Evidence of Hacking
No no no, he had DOZENS of terminal windows open. He probably had three or four keyboards hooked up as well and 8 different displays. I'm willing to bet his desktop wallpaper was a mix of topless women and the Jolly Roger. Lets not forget his punk-ish attire, probably a shirt reading "Talk to dev/null!". Ooohhh I hate him already!
-
Thursday 14th April 2016 16:42 GMT Bluto Nash
Re: Evidence of Hacking
He had a window open that was flying through the 3 dimensional representation of the file system of the machine he was attacking, like all of the good hacks do in the movies, and a password prompt that took up a third of his screen with asterisks and made teletype sounds.
And a dot matrix printer!
-
Wednesday 13th April 2016 17:15 GMT Anonymous Coward
The important point about this court case is that the gubmint, actually the NCA acting on their behalf, is trying to compel key disclosure using a direction under a civil case instead of using the RIPA procedure under s49.
The reason for this is because the RIPA method has built in legal and procedural safeguards whereas the civil direction does not. So they're using one law to get around another law that makes it too difficult for the NCA to get what it wants, Lauri Love is trying to get his computers back, this is the back strike from the NCA to try and get what they couldn't before. Note that the original order had expired with no apparent action by the NCA.
-
Wednesday 13th April 2016 21:04 GMT Anonymous Coward
The Police are not representatives of the Government. They're representatives of the Crown, which most definitely is not Government. Hence also "Crown Prosecution Service", "Crown vs John Doe", etc. The government pays for it, but doesn't control it other than by passing law in Parliament.
And the route being pursued by the NCA in this case still has safeguards; the Judge, and the appeals court system. They're far from powerless and generally well qualified when it comes to reaching justifiable decisions.
-
Wednesday 13th April 2016 22:40 GMT Adam 52
"The Police are not representatives of the Government. They're representatives of the Crown, which most definitely is not Government."
"The government pays for it, but doesn't control it other than by passing law in Parliament."
This is only true in theory these days. Government targets drastically affect how the police work; a "missing" child who is known to be safely at home with their parents will get a drop-everything response whereas an adult being mugged may only qualify for a phone call in a fortnight's time.
Home Office guidelines, whilst not law, affect everything from crime recording to evidence gathering and not following them will render a prosecution futile.
-
Thursday 14th April 2016 05:32 GMT Anonymous Coward
@Adam 52,
You say it's only a theory, but then give a list of reasons showing how the government doesn't control individual cases but merely sets policy and targets (which is their job after all). We might not like the end result, but it doesn't amount to politicians directing individual criminal investigations. Care to remove the inconsistency in your statement and upgrade it to a full agreement?
-
Sunday 17th April 2016 10:23 GMT YetAnotherLocksmith
It's a subtle distinction in practise though. Extra-specially in rare cases.
The government simply has you arrested due to a new policy of being tough on alleged hackers, then while you sweat they change policy to be tough on *whatever they find out about you*. (Which affects no-one else - you're the only person accused of hacking the DoD and this week we are being extra tough on hacking them.)
For an example, look at the entirely disproportionate sentences handed out to the 2011 rioting kids! Far harsher than actual criminals ever get. Because policy was changed. But the government *didn't get involved in any individual case*.
-
-
-
-
-
Wednesday 13th April 2016 17:40 GMT EddieD
"Stephen Cragg QC, representing Love, told Westminster Magistrates' Court that the NCA application, if successful, would be a significant blow against individual privacy."
Why the heck does he think that they're doing it this way? As with the Apple cases ongoing in the US, the case against Microsoft in Ireland, this case and many others, all government agencies are seeking legal precedents for invading our privacies. These cases will run and run until the governments and agencies get their way, they have deep pockets and the ability to amend laws.
-
Wednesday 13th April 2016 17:58 GMT Adam 52
A bit more background, because El Reg clearly copied the BBC without applying any understanding.
He was arrested and his kit seized. At the time they got screenshots of some stuff that may or may not have been "stolen".
They couldn't prove anything but didn't return the kit. The procedure to get kit back is to apply to the Mags, which he did, and got some stuff back but not everything.
The US are now trying to extradite.
He's still trying to get his kit back.
My take is this:
No doubt the computers would be useful evidence for the US. But US law wouldn't allow a password to be compelled. The NCA have either dropped the ball or can't RIPA, either way they're trying this new approach to make amends to their American friends.
-
-
-
-
-
Thursday 14th April 2016 11:25 GMT Anonymous Coward
Re: Bah!
Ah yes he had the bible ... "For his latest extradition hearing, Love appears in Westminster Magistrates’ Court wearing a green hat with a bear on it while carrying a copy of the book ‘Saving Gary McKinnon: A Mother’s Story’.".
Although it would seem his extradition request is now scheduled for the 28 - 29th of June. This would be his appearance at the hearing of his own civil case for return of equipment.
-
-
-
-
Wednesday 13th April 2016 22:47 GMT anniemouse
control freaks going nuts because they are Stupids & Lazies (S&L's)
This is what happens when you put people in position of power and authority who are S&L's. S&L's do not exercise proper control of their resources and seek to blame others for their failure. Did Love try to break into something or was he just knocking on the door to see if anyone would answer? Either way, not a good idea. But to break the social compacts of the relationships of life on earth by seeking total control of everything is worse and the S&L's either fail to recognize that or don't care, and they don't mind abusing others (cough invade iraq, spy on everyone, rendition and torture). The real breakin criminals are them.
-
Thursday 14th April 2016 03:24 GMT Andrew Jones 2
So what exactly are they trying to get access to? if it's just his computer - HirensBoot CD will reset the Windows password - or..... use the well known and well publicised windows bug pre WIndows 10, rename the accessibility app, copy the cmd app and name it the same as the accessibility app and then reboot, on the login screen click the accessibility button which will launch a command prompt, but because Microsoft are not wonderful about security, for some reason it launches as the SYSTEM user, and then net user <username> <new password> and you have reset the users password and can access the account. It's been known about since Windows XP, has has persisted through Vista and Windows 7 - showing that Microsoft really aren't bothered about it. But the point is - if the FBI can gain access to a locked and encrypted iPhone, then there is no reason basic plod can't get access to a Windows machine.
-
Thursday 14th April 2016 07:28 GMT Anonymous Coward
So is this the US trying to circumvent the 5th
By getting to the UK courts to do extract encryption keys for them, prior to extradition? If a conviction is dependent on what the encryption keys are hiding, Love might be better off getting on the next plane to NYC and speaking directly to the prosecutors*. Ultimately, he can fight in the UK, until the bitter end, or bargain for less severe penalties.
* Yes, it's as dirty as dirty can be, but that's how the US works - the prosecutors hold all the cards (including where and when the trial is held, which, I understand, can be delayed as for as long as they choose while the defendant bleeds cash).
-
Thursday 14th April 2016 17:03 GMT kain preacher
Re: So is this the US trying to circumvent the 5th
I understand, can be delayed as for as long as they choose while the defendant bleeds cash)..
Psst there is a thing called the 6th amendment (right to a speed trial)
Speedy Trial Act.
charge is pending, whichever is later.[3]
Moreover, in order to ensure that defendants are not rushed to trial without an adequate opportunity to prepare, Congress amended the Act in 1979 to provide a minimum time period during which trial may not commence.[4] Thus, the Act provides that trial may not begin less than 30 days from the date the defendant first appears in court, unless the defendant agrees in writing to an earlier date.[5] In United States v. Rojas-Contreras, 474 U.S. 231 (1985), the Supreme Court held that this 30-day trial preparation period is not restarted upon the filing of a substantially similar superseding indictment.
-
-
Thursday 14th April 2016 08:27 GMT Anonymous Coward
"Love, who has been diagnosed with Asperger’s..." - and the relevance of that is?
Getting a bit fed up of that "excuse" being trotted out every time someone does something they shouldn't. It's getting to the point when the public will start to think that everyone who has been diagnosed with Aspergers cannot control themselves or doesn't know right from wrong.
It's insulting to those of us who are on the spectrum. Bloody lawyers, mutter, mutter, mutter.....
-
Thursday 14th April 2016 14:42 GMT Sir Alien
Just don't use disk encryption...
Okay okay, before I get a million down votes first hear me out.
Logically, if you wanted to do something suspicious you would use a completely disk-less computer. The moment the machine turns off, everything is gone. I remember hearing about a Linux distro built specifically for this where you traffic only goes over TOR and only in encrypted form. Though the distro was intended for privacy advocates, just like a knife it can be used for doing both good and bad.
So listening into such traffic would be extremely difficult though not impossible. Anyway, since laws can compel you to reveal a key, if there is no data stored in the first place there is no key to disclose and the device is merely a blank piece of hardware.
Don't have any persistent storage in the machine present, even unused and use a write-once optical disc so that it provides a sure measure nothing is persistently being stored.
-S.A
-
-
Sunday 17th April 2016 10:46 GMT YetAnotherLocksmith
Re: Just don't use disk encryption...
(How do I edit? Never figured that out!)
However, when downloading 55 million voters' data from the Philippines (apparently including fingerprint data!) with terabytes of data (which is what would get you done as proof of the crime!) TAILS can't help you. Because you have to store it somewhere.
-
-
Friday 15th April 2016 16:14 GMT Asterix the Gaul
The NCA have the hardware that contains the data they seek.
This individual owns the hardware,unless the NCA back up their line that there is actvity related to hacking when they seized the hardware,they should be compelled to return that hardware.
If they have taken screenshots,let them produce them in court,along with uncontestable proof that they came from that computer's hard drive & that it wasn't planted there by the NCA.
They cannot do so,that's for sure,for doing so would likely have caused a change to the current state of that computer at the time,thus invalidating such evidence in court & there are very strict rules governing admissibility of such 'evidence'.
'Cloning' the data by the NCA is 'theft' , that is something that cannot,or should not be used to seek extradition of a UK national.
It's time that the ECHR ruled that 'extradition' for any alleged crime committed in any EU country is illegal,that any EU citizen should have protection from extradition in such cases & that any country wanting to try any EU citizen must do so on EU territory.
-
Friday 6th May 2016 21:49 GMT Asterix the Gaul
It's funny how some young naive folks believe that,"If you have 'nothing' to hide,you have nothing to fear".
Well, the FACT is,"The NSA\GCHQ have EVERYTHING to hide & NOTHING to fear" .
Their grandfathers\mothers fought two world wars to avoid the situation's that these people are now subject to.