back to article Man facing rare refusal-to-unlock-encryption charge: Court date set

A 20-year-old Brit will appear before magistrates in Maidstone, Kent, on 20 December charged with launching denial-of-service attacks on the websites of Kent Police and Oxford and Cambridge Universities. Lewys Martin, from Walmer near Dover in Kent, also faces charges of theft of personal data and failure to disclose passwords …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

I often wonder how it will stand up in court if you gave the plod an incorrect decryption key/password?

The plod may come back and say that you provided the wrong password but you could easily argue it was the correct password and the file must be corrupted.

2
0
Silver badge

or an encrypted portion of a swap partition.

1
0
Silver badge
FAIL

ack replied to wrong post. sry!

0
0

I think it would end badly for you. It's the balance of probabilities and how beleivable you are in court. Trying to be a smart arse in court will alienate you from the jury and a lair normally gets found out. "it must be corrupted officer" excuses if found to be untrue will be reflected in your sentence.

To think a highly skilled hacker/cracker whatever manages to infiltrate networks and launch DDOS attacks but then the file the police are trying to unlock is corrupted ! Any decent barrister will be able to show either malicous damage or wilful obstruction.

Anyway, I have several dead bodies locked in a safe in my home and there is absolutely NO WAY that I am going to incriminate myself by giving the police the combination. I have NOTHING to hide ;-)

1
0
Facepalm

der! hidden volume!!!

Surely any self respecting terrorist would be using hidden volumes in a truecrypt container anyway!!!

3
0

This post has been deleted by its author

Joke

Re: der! hidden volume!!!

Having spoken to my local beat copper, you could probably just set the file attribute to hidden to confuse most. It's the clever ones you have to worry about, hence my encrypted files detailing the plans for the Death Star and world domination stored on lozenge shaped USB sticks carefully inserted in the rear of the local cat population....

4
0

Well mine has a sort of deadman's time lock. If I don't reset it once every 24 hours it zeroes all the drives, and then ejects the drives and they fall down through a T4 degausser to make sure the data is not recoverable.

Not go anything to hide though - just don't want those dodgy photo's of me ending up on the internet ;-)

3
0

that sort of thing is a great idea until you forget to reset it one day, or your flight gets delayed 24h..

0
0
Silver badge

Very interesting case ....

I'm curious as to what would happen if a computer were seized with - say - a file of data from SETI, and the police asked you to "decrypt" it.

1
0
Gold badge

Re: Very interesting case ....

Why so curious? Isn't it obvious that they'd assume that you'd given them the wrong password and that the file therefore contained instructions for how to create radioactive child porn?

2
1
Silver badge

Re: Very interesting case ....

So *any* assemblage of random bytes can be assumed to be encrypted ?

God help anyone researching radio white noise.

0
0

Re: Very interesting case ....

all those perlin noise textures on my hard drive....

0
0
Silver badge

Re: Very interesting case ....

> So *any* assemblage of random bytes can be assumed to be encrypted ?

That does seem to be the unqualified opinion.

The thing is, yer avrige copper assumes that any collection of random bytes )must_ be an encrypted file (probably because their forensic software tells them so, not due to any actual knowledge they possess). Further, they'll assume that you'd only encrypt something you wanted to hide, ergo that must be illegal, immoral or fattening.

What if every geek in the country spent a couple of minutes being subversive? If everyone sacrificed a partition of a few GB and went on record (e.g. with a youtube video) as dd'ing the contents of /dev/random into it? Once there was "proof" that blocks of random data were commonplace on peoples' disk, the suppository that it must be encrypted and it must be illegal fails.

1
0
Silver badge

He could offer to decrypt individual files ...

My reading of S49(2)(d):

that it is not reasonably practicable for the person with the appropriate permission to obtain possession of the protected information in an intelligible form without the giving of a notice under this section,

So: he offer to decrypt files on demand - one at a time. When PC Plod refuses and demands the key he says ''see you in court'' - I suspect that a jury may side with him, he did offer.

See: http://www.legislation.gov.uk/ukpga/2000/23/section/49

0
0
Anonymous Coward

Kent Police

Bear in mind that this is the same police force that refuses to investigate or arrest someone who falsely claims to have been a member of the SAS and apparently has a substantial stash of weaponry at his business in Kent....

http://www.arrse.co.uk/wiki/The_Baron_of_Castleshort

2
0
jke
Coat

I have nothing to fear since I have nothing to hide. I hid it in the woods ages ago. Mine is the one with the trowel in the pocket.

0
0
Anonymous Coward

So it was you!

Back in the days before the internet my only exposure to adult pictures was searching for 'hedge porn' in the woods near my house. It's nice to be able to thank someone for providing it.

0
0

Arms race

This is an arms race and ordinary people are badly outgunned. It *is* possible for someone like me (who can write the code) to make it very challenging to recover encrypted material, but it is almost mystically difficult to even generate good encryption keys. With sufficient determination, organizations like the NSA will likely be able to breach any barrier ordinary people can put in place.

What we need are laws that not only allow people to keep their privacy intact, but laws that punish people relentlessly attacking our rights. The real criminal elements are people pushing legislation to allow things like state surveillance and criminalization of modest civil breaches. Additionally, we need to make it so that things like data obtained by coercion or trickery is inadmissible in court. Most of that type of stuff is what I would consider 'fruit of the poison tree' and regardless of what is found that way, it should not have any legal standing.

Some electronically stored material, about plans or other ideas represent basically computer aided thought. They are a way to increase your power to form ideas and remember them so you can build upon them later. No entity besides yourself has any inherent right to inspect your thoughts. You should be at liberty to construct whatever fantasy or narrative you please.

Things change. What is an amusing artistic break from the mundane today could become a serious crime in the future.

We do, in fact, have a large variety of common-law rights which would adequately protect us if the newer laws contradicting them were struck down. Or if existing laws still in place were enforced.

People here seem to feel that coercing decryption keys is wrong. That is likely because they understand the subject area more than average. Somehow, someone with more grace and wit than myself needs to help people understand issues like these.

3
0

Re: Arms race

How is it possible to decrypt a hidden volume in a truecrypt container? Or even tell that there is a hidden volume?

0
0
Big Brother

"Some electronically stored material, about plans or other ideas represent basically computer aided thought. They are a way to increase your power to form ideas and remember them so you can build upon them later. No entity besides yourself has any inherent right to inspect your thoughts. You should be at liberty to construct whatever fantasy or narrative you please."

This has always been my argument, but then the further notion occurs that the only reason one's thoughts are sacrosanct is because nobody has yet invented the technology to read them. The day someone does, you can wave every last vestige of privacy goodbye. And that day may not be as far away as we'd like to believe.

There's is a sequence in one of Daniel Suarez' novels, either Daemon or its sequel Freedom, in which a man is being questioned by an AI while hooked up to an advanced fMRI. By showing him images and playing sounds, then reading which parts of his brain respond, the program is able to extract information by couching all questions in a form that only requires a Yes or No response. It shows him a Google Earth type map and narrows down his place of origin by sequentially zooming in on areas his brain responds to more strongly. For more complex information, such as his name, it simply shows sequential letters of the alphabet and selects each in turn as a positive response is recorded.

All of this seemed very cool, but comfortably far-fetched when the books were written just a couple of years ago. But recent breakthroughs like the case of Scott Routley (the culmination of earlier findings by the same doctor), while potentially offering fantastic news for vegetative patients and their families, should worry us greatly. When used with the subject's consent it's a miracle. But if a version that could coerce answers from the unwilling was developed it would be an Orwellian nightmare.

Personally I fear this sort of future technology at least as much as the autonomous weapons that everyone seems to be in such a flap over at the moment. Not least because I fear the "truth machine" could be with us long before the T-800s.

0
0
Linux

Christ Almighty in duck form...

The lad DoS attacks a couple of university sites, okay, factually did he breach the network perimeter... Or was it just attacking publicly facing sites, like any other DoS attacker?

How could one know that this kid stole personal data, if he hasnt handed over, purely for example, the AES-256 crypto seeds enabling the operator to distinguish this from a government secret or his secret porno stash?

I find it shocking SIB publicly accepts that they're unable to decrypt such at this present time, probably not by technical limitation, but due to privacy law... I'm sure the exclusion of breaching ones privacy is conditional for certain acts of terrorism.

It could be funny, but an expensive joke, if the encrypted data was corrupted or had nothing of value! You'd have wasted your time!

Sounds like the kid needs therapy, if hes got that much stuff to hide... The avalanches - frontier psychiatry anyone?

0
0
Anonymous Coward

Re: Christ Almighty in duck form...

He has been arrested and is subject to a court ordered search warrant. There is no expectation of privacy at this point. Refusing to hand over encryption keys, or any keys, in this circumstance is contempt of court and probably perverting the course of justice. The police don't care if you've got porn or if you've got some embarrassing financial situation or are having an affair, they are trying to investigate a (potential) crime.

0
0

Re: Christ Almighty in duck form...

But the police are strangers, though. Mommy always said 'don't trust strangers'.

0
0
Anonymous Coward

Re: Christ Almighty in duck form...

That might work in court or he could be punished even more.

0
0
Anonymous Coward

access to the siezed devices

Does the defendent have the right to be present, alongside legal or techical representation, during any investigation of the contents of a hard drive or other digital data? Can they ensure that only copies of any files or data related to the alleged offence are considered or copied?

1
0
Anonymous Coward

Re: access to the siezed devices

Bluntly no.

By the way, it's no use trying to claim files are privileged. The Law Lords (as were) decided that privilege no longer exists when RIPA is used.

0
0
Silver badge
Thumb Up

Enhanced Biometric Passwords

The ultimate in password protecting. A biometric reader that will not release the key if you are sweating bricks in front of the rozzers or at the thought of porridge.

You could legitimately argue that its physically impossible to decrypt it :)

0
0

Oliver Drage

Whatever happened in the case with Oliver Drage:

http://www.bbc.co.uk/news/uk-england-11479831

0
0
Anonymous Coward

See also the case of JFL ..

Terror squad arrest over model rocket

In this country, not wanting to incriminate yourself is a sign of 'schizophrenia' ...

1
0
Anonymous Coward

Yes of course officer.....

....my password file is on the RAM disk at /mnt/passwords_disk , oh you unplugged it from the UPS, oh dear, no sorry I can't help you.....

2
0
Anonymous Coward

Call of Duty hacker?

"Earlier this year he was sentenced to an 18-month jail term for posting a bogus Call of Duty patch that was actually a data-stealing Trojan". link

0
0
Anonymous Coward

Worth remembering

that for RIPA to be valid, the police have to go to a judge first. They are very reluctant to do this (under home office guidelines) and will try to bully a suspect into volunteering the keys.

If you are ever asked by the police to provide keys, refuse. Call their bluff. By it's very nature, we have no idea how many people they've blindsided, only the ones who forced them to go to court.

As another poster has said, RIPA has been deemed to trump privileged communications ... this is something the ECHR will eventually throw out.

0
0
Vic

Re: Worth remembering

> for RIPA to be valid, the police have to go to a judge first.

No they don't.

Schedule 2 shows who can issue a Section 49 notice. In many cases, this needs to be someone to whom a Judge has granted the right to issue notices - but most importantly, once such powers are granted, there is no further judicial oversight. People issuing notices by way of this route (Section 1 of Schedule 2) do not need to be Police Officers or any other authority figure (although in practice they probably will be).

Section 2 opens things up considerably for the Police - authorisation for a Section 49 notice can come from the Police Act 1997. No judicial oversight is required.

There's loads more in there - it explicitly allows for anyone authorised under Section 94 of the Police Act[1], for example. Have a read at your leisure. It's scary stuff.

Vic.

[1] This pretty much equates to "anyone"...

0
0
Mushroom

I wonder if anyone thought of...

an encrypt / decrypt system with dual passwords - one to decrypt the data, and one that would show a normal decryption progress screen while secretly destroying the encrypted files (a nuclear option) ?

"I never used it to encrypt any files yet, yer honor. There was nothing to decrypt". Icon shows the nuclear option in use.

0
0
Vic

Re: I wonder if anyone thought of...

> one that would show a normal decryption progress screen while secretly destroying the encrypted files

If you get caught, that's perverting the course of justice. Expect to do time once the Judge finds out...

Vic.

0
0
Anonymous Coward

Re: I wonder if anyone thought of...

Additionally, they would probably do the decryption on a duplicated device so no harm done on the original.

0
0
Anonymous Coward

Honest gov....

Password?? Encrypted files?? On my computer?? Really?? Sorry, I have no idea what you're talking about.

0
0
Black Helicopters

Perhaps...

Perhaps you could have a variant of the "duress code" used by some alarm panels, where a special code disables the local alarm in the usual way, but sends out a silent alarm as well.

In this case payroll.dat would get decrypted, but real_payroll.dat would be silently ignored.

0
0
Thumb Up

Auto passwords

There are many ways around the encrypted password issue.

Decryption keys are often released using a password in the password table (certainly I understand that this is the method for LUKS).

You use a continuously changing password sequence that is generated from a password device that cycles through the same sequence in lock step with the machine.

When not using the machine, give the device to a 3rd party that is instructed to destroy the device if/when you are arrested.

You state that it is not possible to give the password/decryption key because the password device has been destroyed. There is never a single password that can be used twice to supply.

For the really paranoid, use a password device that obtains the password from a remote device by radio etc such that you never have the device in your possesion. So it can't be seized while you are using the machine.

0
0

Re: Auto passwords

How would that not be found as evidence tampering/perverting the course of justice etc?

0
0

Page:

This topic is closed for new posts.

Forums

Biting the hand that feeds IT © 1998–2018