back to article Computing student jailed after failing to hand over crypto keys

A computer science student accused of hacking offences has been jailed for six months for failing to hand over his encryption passwords, which he had been urged to do in "the interests of national security". Christopher Wilson, 22, of Mitford Close, Washington, Tyne and Wear, was jailed for refusing to hand over his computer …

  1. Anonymous Coward
    Anonymous Coward

    Ahh, Asperger's

    That old chestnut. Sounds like he's gone down for the lesser offence. Sensible enough , if he had anything worse to hide.

    1. CADmonkey

      Re: Ahh, Asperger's

      ....and when he gets out, they can ask him again.

      1. Trigonoceps occipitalis

        Re: Ahh, Asperger's

        Or wait for a quantum computer and charge him with the original offence?

        Presumably the police can retain the computers for further investigation. He came to notice bacuse he used compters easily linked to him, perhaps if anyone knws the birthday of his first cat .....

        1. DanDanDan

          Re: Ahh, Asperger's

          I thought that the quantum computing algorithms only worked against asymmetric keys? Or am I hugely mistaken?

  2. fixit_f

    Silly sod

    It's not just the several months of his life in prison he's chucked away, there's no way he'll get a responsible job in a computer related area after this!

    1. Anonymous Coward
      Anonymous Coward

      Re: Silly sod

      From the chronical - “He is aware he will struggle to find employment in this field now and as a consequence he has started his own business in real-time artificial intelligence based systems.”

      If he's as bright as the Chron makes out, he'll be ok.

    2. Natalie Gritpants

      Re: Silly sod

      Are you sure? Sounds like he a least knows how to make a system secure against police investigations.

    3. Anonymous Coward
      Anonymous Coward

      Re: Silly sod

      Are you serious? I've never been asked questions about my (lack of) criminality and I doubt time served for refusing to cough up passwords would do anything except comment on his strength of character. Yeah it might prevent employment with DOD or NHS but there's plenty of other places.

      But as an employer I would be more concerned by the silly things he appears to find amusing or important such as trolling Facebook etc.

      1. Anonymous Coward
        Anonymous Coward

        Re: Silly sod

        I've never been asked questions about my (lack of) criminality and I doubt time served for refusing to cough up passwords would do anything except comment on his strength of character. Yeah it might prevent employment with DOD or NHS but there's plenty of other places.

        Any responsible employer will do a background check on you, and this will stick out like a sore thumb. If you have exceptional skills you may get away with this, but as selections are typically made by HR tickbox droids they will normally play safe and rule you out. They don't ask why, they don't care.

        1. LucreLout Silver badge

          Re: Silly sod

          "Any responsible employer will do a background check on you, and this will stick out like a sore thumb. If you have exceptional skills you may get away with this, but as selections are typically made by HR tickbox droids they will normally play safe and rule you out. They don't ask why, they don't care."

          This ^^ Absolutely this.

          Every bank I've ever worked for has done significant background checks using one agency or another. The likelihood of his hiding such a prominent case is very slim, unless he does a deedpoll name change as soon as his Rehab of Offenders period is up. Even then, he's going to need to requalify under his new name and effectively begin a new work history.

          What I find most interesting, is that I remember when Aspergers was rare, very rare. Now literally anyone caught doing anything wrong seems to have it. Why is that? Is Autism increasing, or are people arrested for crimes rushing into a diagnosis they think might help them get off with a lighter punishment?

          1. NogginTheNog

            Re: Silly sod

            Aspergers' "used to be rare" because the diagnosis of autistic spectrum disorders is still something of a 'work in progress', and has only really started to become accepted in the last 20 years or so.

            1. Matt Bryant Silver badge
              Facepalm

              Re: Noggin Re: Silly sod

              "Aspergers' "used to be rare" because the diagnosis of autistic spectrum disorders is still something of a 'work in progress'..." And nothing to do with the fact that certain 'civil liberties' lawyers thought it was a great defence ploy to try and get assorted skiddies off with, especially given the inability for the diagnosis to be established beyond all reasonable doubt.

              1. chr0m4t1c

                Re: Noggin Silly sod

                I see that you're taking the Daily Fail approach of assuming the diagnosis was given during the judicial process.

                The story makes no mention of when he was diagnosed, would you have made a similar suggestion if he had been confined to a wheelchair?

                As has been pointed out, we are getting better at diagnosing mental conditions, which leads to more people being diagnosed (and treated) than would have happened in the past, which in turn leads to a greater percentage of people in the court system who have been diagnosed with some kind of problem.

                Implying that it is purely a ploy used to get obviously guilty people off the hook is offensive to people who have these problems, those who live with, work with and care for those people and to the justice system itself.

                1. Matt Bryant Silver badge
                  Facepalm

                  Re: chr0m4t1c Re: Noggin Silly sod

                  "I see that you're taking the Daily Fail approach of assuming the diagnosis was given during the judicial process....." You can thank Gary McKinnon's very timely diagnosis, very much during the judicial process, for that, thanks. I know people with Aspergers that cringe every time one of these cases gets public attention exactly because McKinnon's team and his supporters hammered on and on about how Aspergers reduced a supposedly competent person to a dribbling imbecile with no ability to be able to tell right from wrong. Otherwise feel free to trot about on your moral hobbyhorse as much as you like, it is quite amusing.

                  1. Bloakey1

                    Re: chr0m4t1c Noggin Silly sod

                    <snip>

                    " Otherwise feel free to trot about on your moral hobbyhorse as much as you like, it is quite amusing."

                    Well said Matt and brace yourself for a finger up or possibly a thumb.

                2. PDC

                  Re: Noggin Silly sod

                  Asperger's is a neurological issue, not a mental health one. Think of it as being a hardware rather than a software issue. I've my last assessment this coming Friday!

          2. Bloakey1

            Re: Silly sod

            <snip>

            "What I find most interesting, is that I remember when Aspergers was rare, very rare. Now literally anyone caught doing anything wrong seems to have it. Why is that? Is Autism increasing, or are people arrested for crimes rushing into a diagnosis they think might help them get off with a lighter punishment?"

            Autism is no better or no worse and ways of detecting it are no better either. There is however a bigger chance of the likes of us ElReg 'Tards having it and computer people in general having it than the general population.

            However ...

            We are living in a society that seems to eschew personal culpability and a reason has to be created for our actions. In this case he has aspergers or whatever therefore it is not his fault in some way.

            Were I to go into a pub and cause violence to someone , I would hope that people would see me for what I was i.e. nasty sociopath rather than a victim of some rubbish in my past and therefore not personally culpable for my actions.

            Sheesh.

          3. CLD

            Re: Silly sod

            "Why is that? Is Autism increasing, or are people arrested for crimes rushing into a diagnosis they think might help them get off with a lighter punishment?"

            Probably a little from Column A and a little from Column B...

            One thing I find interesting, is that studies show that kids from parents with technical backgrounds are more likely to have Autism (http://www.scientificamerican.com/article/are-geeky-couples-more-likely-to-have-kids-with-autism/). I would suggest that it is a form of natural selection / evolution whereby the offspring are genetically predisposed to reinforce certain traits which helped the parents / grandparents whilst neglecting others (e.g. Intense Focus on problems but loss of social awareness). More and more of us are living technical careers, so I could see this issue increasing in future.

          4. cortland

            Re: Silly sod

            Rare? I learned a few years ago -- I'm 70 -- that I'd been "on the spectrum," as they say, all my life.

            FWIW department: An "aspie" memory got me caned for obstinance at St Pirans, ca 1953, when I couldn't answer questions about what I'd learnt the day before. Ask me in a week.

            140 IQ (according to later US Army tests) but a doctor is asking me, slowly enough the imbecile he thought me would understand, "How many fingers am I holding up?" Fun, eh?

            1. Bloakey1

              Re: Silly sod

              "Rare? I learned a few years ago -- I'm 70 -- that I'd been "on the spectrum," as they say, all my life."

              <snip>

              Hi mate, I am a veteran as you say but I will tell you this (52 years). A lot of us here are probably in the spectrum as it comes with work we do or we are more inclined to do the work we do due to our place on the spectrum.

              See past subjects on the matter where the odd one of us comes out and we then admit our membership of the club.

              Note the use of the term 'our'.

      2. Alan Brown Silver badge

        Re: Silly sod

        In some parts of the DoD, his refusal to hand over passwords might well make him more desireable

    4. Anonymous Coward
      Anonymous Coward

      Re: Silly sod

      "It's not just the several months of his life in prison he's chucked away, there's no way he'll get a responsible job in a computer related area after this!"

      HAH!!!

      Some of the richest and most successful IT workers are convicted "criminals". He'll probably end up being a consultant for a security firm making a few hundred thousand a year.

      1. Anonymous Coward
        Anonymous Coward

        Re: Silly sod

        Some of the richest and most successful IT workers are convicted "criminals". He'll probably end up being a consultant for a security firm making a few hundred thousand a year.

        Hmm, must be an interesting sales process. "Let us check your security, because we employ lots of convicted criminals who won't take advantage of what they find" - you know, that may even work..

        /sarcasm

        It's not banking, you know :)

    5. henrydddd

      Re: Silly sod

      Who knows. He might get hired as security consultant as soon as he gets out of jail

      1. Anonymous Coward
        Anonymous Coward

        Re: Silly sod

        Indeed. Perhaps by a Major Political Party who might want to use his obfuscation skills.

    6. P. Lee Silver badge

      Re: Silly sod

      He worked in AI. He had no chance of a decent job anyway...

    7. weebs

      Re: Silly sod

      He's either got a huge stash of child porn in his encrypted disks/vaults, or he's a complete moron.

  3. Steve Evans

    A masters degree in computing?

    And yet he still sends criminal emails from his place of study...

    Genious!

    1. TwistUrCapBack

      Re: A masters degree in computing?

      You mean GENIUS ... Shirley

      1. Anonymous Coward
        Anonymous Coward

        Re: A masters degree in computing?

        "You mean GENIUS ... Shirley"

        Of course he doesn't. "Genious" is clearly the opposite of ingenious, and a highly appropriate term in the circumstances.

    2. Anonymous Coward
      Anonymous Coward

      Re: A masters degree in computing?

      >And yet he still sends criminal emails from his place of study...

      And of course it was the offense of which he was convicted, no it wasn't, it was apparently failure to provide evidence against himself.

    3. Bloakey1

      Re: A masters degree in computing?

      Hmmm.

      Dunno <sic>. I did a masters and it took me 8 weeks! I believe at certain establishments they give them away free.

      1. Steve Evans

        Re: A masters degree in computing?

        They certainly do at Cambridge... You get it free simply by not dying for a few years!

        (Then again, given the history of spy recruitment, maybe that is an accomplishment!)

        1. Bloakey1

          Re: A masters degree in computing?

          Yep and one has to pay 50 quid to get it. My degrees came from less exalted sources.

          Nahh, you have to be gay at Cambridge to get into spying. As for politicians, cough, spit.

          Check out Oxford Labour Party to find out where my shame lies (1.).

          1. Hint, my user name gives away more than one might think.

  4. Jamie Jones Silver badge

    Hmmmmmmmm.

    "For the prosecution, Neil Pallister concluded that:

    Effectively, the crown's case is, the only appropriate inference to draw from the defendant's refusal to disclose the password to allow access to the computer is it would have revealed activity of the type mentioned in the messaging, namely hacking of police, Serious Organised Crime Agency and university websites."

    1. JoshOvki

      Re: Hmmmmmmmm.

      Shame self-incrimination doesn't apply here. What happened to the right to remain silent?

      1. John G Imrie

        What happened to the right to remain silent?

        It was removed several years ago.

        1. Anonymous Coward
          Anonymous Coward

          Re: What happened to the right to remain silent? @John G Imrie

          >It was removed several years ago

          No it wasn't. You can still remain silent and not answer any questions only now the police can mention it in court as if to say that you must be guilty if you didn't say something.

          1. rh587 Silver badge

            Re: What happened to the right to remain silent? @John G Imrie

            Indeed. The right to remain silent is in place, and as worthless as ever. Silence means nothing.

            The bit worth having (which is frequently referred to as the right to remain silent) is the right not to incriminate yourself.

            However, that no longer exists. If you don't know who was driving your car when it got speed-gunned, the Police will assume it was the registered keeper despite the fact a rear-facing gatso will provide no conclusive evidence of who was driving.

            Likewise a Judge no longer instructs juries that they may not infer anything from a refusal to answer a question.

            1. Anonymous Coward
              Anonymous Coward

              Re: What happened to the right to remain silent? @John G Imrie

              If you don't know who was driving your car when it was speed gunned?

              Wasn't it either you, or the other person who uses your car, if you weren't driving it that day? In the real world?

              1. Roland6 Silver badge

                Re: What happened to the right to remain silent? @John G Imrie

                >If you don't know who was driving your car when it was speed gunned?

                It's going to get interesting if the driverless car ever gets on the road ....

              2. edge_e
                Boffin

                Re: What happened to the right to remain silent? @John G Imrie

                Wasn't it either you, or the other person who uses your car, if you weren't driving it that day? In the real world?

                Maybe it was the person on the other side of town who has the same car as you with the same plates

                1. Anonymous Coward
                  Anonymous Coward

                  Re: What happened to the right to remain silent? @John G Imrie

                  "Wasn't it either you, or the other person who uses your car, if you weren't driving it that day? In the real world?

                  Maybe it was the person on the other side of town who has the same car as you with the same plates"

                  Hmm, they're not using your car though, are they?

                  So presumably your defence in that situation ISN'T "I don't know who was driving that car on the journey I didn't make, on the day I was in my car going somewhere else". Presumably your defence is "that's not my car"

              3. Thorne

                Re: What happened to the right to remain silent? @John G Imrie

                "If you don't know who was driving your car when it was speed gunned?

                Wasn't it either you, or the other person who uses your car, if you weren't driving it that day? In the real world?"

                Not if someone nicked your plates or copied them.

                Extremely difficult to get rid of the charges despite showing it can't possibly be you.

      2. Jamie Jones Silver badge

        Re: Hmmmmmmmm.

        Indeed. I'd expect that summing up not from the prosecution, but from the defence as a way to demonstrate the futility of the case.

        But, it seems Matt Bryant was the judge ;-)

      3. yossarianuk

        Re: Hmmmmmmmm.

        The Tories removed that human right in the UK in 1994

        http://en.wikipedia.org/wiki/Criminal_Justice_and_Public_Order_Act_1994

        The Tories seemingly hate human rights.

        1. d3rrial

          Re: Hmmmmmmmm.

          Phew, good thing guilty until proven innocent is the new way of justice

    2. Suricou Raven Silver badge

      Re: Hmmmmmmmm.

      That's one conclusion that can be drawn. I wouldn't consider it the only one. Perhaps the encrypted data contains evidence of other, entirely unrelated crimes - maybe he has been running the university piracy network, or has a secret stash of some pornography of dubious legality.

  5. Buzzword

    Which crypto?

    Do we know which encryption algorithm(s) and which software he was using? Inquiring citizens might like to know which systems can't be broken by the police.

    1. Jamie Jones Silver badge

      Re: Which crypto?

      Remember how in WWII, allied soldiers were still sent on missions it was KNOWN they'd fail because the allies didn't want the Germans to suspect they'd cracked Enigma....

    2. Lee D Silver badge

      Re: Which crypto?

      Nobody has yet proven a break in AES or TrueCrypt. It's probably those.

      And beware the scaremongers - strange that OpenSSL/Truecrypt happened just as EC was starting to be proposed as a secure alternative, despite the fact that nobody has ever seen AES or Truecrypt broken...

  6. Destroy All Monsters Silver badge
    Holmes

    The upgruntling

    So he might have been disgruntled then got upgruntled by The Man into a national security threat?

    Standard operating procedure.

  7. JimmyPage Silver badge
    Stop

    Hang on a minute ...

    from my memory of the law, for the offence to be complete, it has to be shown the defendant was *able* to break the crypto, and that a forgotten password would not lead to jail.

    What made the cops so sure - after being provided with 50 possibilities - that the guy hadn't forgotten his password ?

    Otherwise we're back to the situation posited when the law was first proposed. Just send someone an encrypted (or sufficiently non-random) email, then call the cops, say "child porn" and sit back.

    What's David Camerons email address ?

    e2a: Just read that he refused to hand over the keys. One wonders how bright his legal team were ?

    My son (who left home a few months ago) called me up a few days ago, asking for the passcode I had set on his TV, when he was younger. No way could I remember, despite going through all the obvious ones I use. And this is just a 4 digit number. Imagine a randomly generated password ...

    1. Jonathan 29

      Re: Hang on a minute ...

      Forgetting a password can't be a valid excuse or what's the point. Sending something illegal that can be tracked back to you sounds like an odd thing to do, but go ahead if you want to see Rolf's wobble board.

    2. Vic

      Re: Hang on a minute ...

      from my memory of the law, for the offence to be complete, it has to be shown the defendant was *able* to break the crypto, and that a forgotten password would not lead to jail.

      I'm afraid your memory is inaccurate.

      The material in question doesn't even need to be encrypted data - just that a "person with the appropriate permission" believes it is, and that the subject of the S49 notice has the key.

      The law is extremely poor, and this case shows how easily it can be abused.

      Vic.

      1. Matt Bryant Silver badge
        FAIL

        Re: Vic Re: Hang on a minute ...

        ".....The law is extremely poor, and this case shows how easily it can be abused....." Really? Looking at the result - time-wasting, moronically abusive, skiddie tw@ went to prison - it seems to be working just fine. Or do you want to justify his crimes?

        1. Ken Hagan Gold badge

          Re: Vic Hang on a minute ...

          " the result - time-wasting, moronically abusive, skiddie tw@ went to prison"

          The prosecution didn't have to prove *any* of those things. They simply asserted that the proof was behind a locked door and the defendant had not provided the key.

          1. Matt Bryant Silver badge
            Facepalm

            Re: Ken Hagan Re: Vic Hang on a minute ...

            ".....The prosecution didn't have to prove *any* of those things....." It's a bit like locking up Al Capone for tax evasion - not what you may want to lock him up for, but the result is prison time. In this case the result is another obnoxious skiddie gets removed from being a hassle to society. Hopefully he (and other skiddies out there) will learn the lesson, but if not then then courts can keep sending him back to prison until he either does or is too old to use a keyboard. TBH, if he is determined through his own stupidity to waste his life then that's his choice.

            1. Anonymous Coward
              Anonymous Coward

              Re: Ken Hagan Vic Hang on a minute ...

              So if I understand your argument correctly, If the police want to lock someone up, we don't need to worry about finding any evidence, but just apply whichever piece of anti terrorism legislation can be made to fit?

              Strikes me that you are feeding the crocodile and hoping it will eat you last.

      2. Yet Another Anonymous coward Silver badge

        Re: Hang on a minute ...

        When the law was introduced we asked how we could prove that the random noise in our detectors at the LHC weren't encrypted messages. We were assured that the law was only for use against terrorists so we didn't need to worry

    3. Benchops

      Re: Hang on a minute ...

      > My son (who left home a few months ago) called me up a few days ago, asking for the passcode I had set on his TV, when he was younger. No way could I remember, despite going through all the obvious ones I use. And this is just a 4 digit number. Imagine a randomly generated password ...

      Next time your son's home, hold on to your credit cards... ;)

  8. Anonymous Coward
    Anonymous Coward

    Hacked off...

    He should just have run a massive telephone hacking operation on behalf of the Murdoch Press. Dave would have given him a "second chance" and the penalty per offence would have been a lot less.

    The judiciary do seem to be terrified of anyone who knows how to use computers.

  9. bigtimehustler

    If indeed you do need to be being investigated for terrorism or national security reasons for this law to apply, then surely he could appeal because hacking a police force is not a threat to national security and neither is it terrorism. Surely a successful appeal on these grounds. Plus can the prosecution really prove he hasn't forgotten it... surely an appeal to the European Court on that ground.

    1. Jonathan 29

      Failure to hand over the password is an offence in and of itself. They don't have to prove anything else.

      1. Anonymous Coward
        Anonymous Coward

        "Failure to hand over the password is an offence in and of itself. They don't have to prove anything else."

        The offence is "Failure to comply" with a court order, and has nothing to do with the case itself. Which is why it is so cut and dry. The conviction in no way affects the outcome of the case, and the police are free to keep getting court orders and throwing this guy in jail when he fails to comply.

    2. Anonymous Coward
      Anonymous Coward

      > If indeed you do need to be being investigated for terrorism or national security reasons for this law to apply

      The forced disclosure of encryption keys is covered by Part III (sections 49 to 56) of RIPA 2000.

      Those sections mention terrorism exactly 0 times. What they do say is that as long as the Intelligence Services, Police, SOCA, SCDEA, Her Majesty's Revenue and Customs or anybody with the legal power to seize the stuff, legally obtained the encrypted material and as long as disclosure is:

      (a) in the interests of national security;

      (b) for the purpose of preventing or detecting crime; or

      (c) in the interests of the economic well-being of the United Kingdom.

      They can force disclosure.

      National Security is mentioned, but in this case its the "for the purpose of preventing or detecting crime" that allowed them to demand the keys.

      It is fairly wide ranging, especially the "anybody with the legal power to seize" as that gives an awful lot of people the right to seize stuff and then demand encryption keys.

      1. Anonymous Coward
        Anonymous Coward

        @ Condiment

        >National Security is mentioned, but in this case its the "for the purpose of preventing or detecting crime" that allowed them to demand the keys.

        I don't see how that can apply. The crime had already been committed hence detected and could not be prevented neither.

        1. Matt Bryant Silver badge
          Facepalm

          Re: Chris W Re: @ Condiment

          "....I don't see how that can apply. The crime had already been committed...." The DDoS had, but the threat of an armed attack on a member of the public had not been conclusively prevented. You could also argue that the little tw@ was keeping tools on his systems for use in future attacks already in the planning stage, which would give reasonable cause to search their contents.

          1. P. Lee Silver badge

            Re: Chris W @ Condiment

            You could... or you could suggest that he was keeping them tools on their source servers on the internet so that they couldn't be traced to him. The attack data could be encoded into a photo or a music track or video hidden amongst terabytes of data.

            If he rescinds the threats made, you'd have to argue that he wrote something new and un-duplicatable in that truecrypt partition. That seems unlikely. Having access to the partition is not going to stop further crimes. If putting him in jail for 6 months doesn't stop the crime, jailing him for death-threats for 5 years is unlikely to stop it either.

            So the most applicable item would be to detect if he committed the crime himself. That seems a bit odd if they can't prove that, given that that's what they arrested him for. Normally, you get the proof, then arrest. It sounds like an economical short-cut to me.

            It seems to me that it is prudent to have two encrypted, unmarked partitions and some empty space on your disk. Yes, officer, I was playing with crypto partitions - here's the passphrase. I know, its just some cat videos I was using to test. The free space? I wasn't sure if I'd need it for Windows or Linux data.

            Or have a micro SD card with the passphrases (or critical data) on in one pocket and a strong magnet in the other. You could eat it too.

            He might be an oik, but we shouldn't put people in jail for that. Hard cases making bad law and all that.

            1. Anonymous Coward
              Anonymous Coward

              Re: Chris W @ Condiment

              > Normally, you get the proof, then arrest.

              Nope. The standard is reasonable suspicion (in the US it is probable cause) which is a fairly low standard.

              Reasonable Suspicion: A reasonable person would have grounds to suspect that a crime had been committed and that the suspect might be responsible.

              Probable Cause: A reasonable amount of suspicion, supported by circumstances sufficiently strong to justify a prudent and cautious person's belief that certain facts are probably true

            2. Brenda McViking
              Holmes

              Re: Chris W @ Condiment

              What is a magnet going to do to a flash based MicroSD card? To disturb electrons in silicon based NAND flash memory you'd need a magnet capable of sucking iron out of your blood cells.

              Shoving it in a microwave, on the other hand...

              1. Matt Bryant Silver badge
                Coffee/keyboard

                Re: Brenda Re: Chris W @ Condiment

                ".....Shoving it in a microwave...." I nearly fell off the chair laughing at the idea of wannabe hacktivists reading that and then all running around with a microwave oven under their arms 'just in case I iz knocked'!

                Hey, it's an idea for a new way to fleece the sheeple - battery-powered, pocket-sized, microwave ovens, just for 'emergency sanitising' of media cards! Has anyone told Glenn Greenwald or Pierre Omidyar?

        2. Anonymous Coward
          Anonymous Coward

          Re: Chris W Re: @ Condiment

          > The crime had already been committed hence detected and could not be prevented neither.

          Detecting also means investigating a crime or its perpetrators (clue: It is what Detectives do).

    3. Vic

      If indeed you do need to be being investigated for terrorism or national security reasons for this law to apply

      You don't.

      S49(3) says :-

      A disclosure requirement in respect of any protected information is necessary on grounds falling within this subsection if it is necessary—

      (a)in the interests of national security;

      (b)for the purpose of preventing or detecting crime; or

      (c)in the interests of the economic well-being of the United Kingdom.

      ...Which is about as broad as it is possible to be :-(

      Vic.

    4. Matt Bryant Silver badge
      FAIL

      Re: bigtimeloser

      ".....hacking a police force is not a threat to national security....." Please don't try and elevate this skiddie's download-script DDoS to 'hacking'. And interfering with the operation of the Police is potentially a threat to national security as it is usually the Police that are the first responders to a terror attack, along with the Fire and Ambulance services.

  10. DougS Silver badge

    Are there any defenses to this law?

    What if you legitimately forgot the password (which he might after some time in jail) or you used some sort of password manager app on your phone and never actually knew the password yourself, and when the police were at your door you deleted its contents?

    Could they keep him locked away "forever" until he tells them the password, and if he says he forgot or destroyed it they can say "too bad"?

    1. asiaseen

      Re: Are there any defenses to this law?

      They would probably like to.

    2. Jonathan 29

      Re: Are there any defenses to this law?

      The maximum in a national security case or child abuse case is 5 years. I would advise not forgetting your keys.

      The defence would have had to show that the person to whom the disclosure notice was given was not in possession of the keys at the time.

    3. Anonymous Coward
      Anonymous Coward

      Re: Are there any defenses to this law?

      "Could they keep him locked away "forever" until he tells them the password, and if he says he forgot or destroyed it they can say "too bad"?"

      The Naked Rambler seems to be in a revolving door to prison for refusing to wear clothes in public - even though public nudity per se is not illegal. So presumably the encryption key case would be a similar legal revolving door for as long at the police wanted to keep repeating the prosecution each time.

    4. Roland6 Silver badge

      Re: Are there any defenses to this law?

      Interesting, just had a problem with a Thinkpad, it's hard disk failed, discovered that the Thinkpad password vault seems to be invisibly linked to both the HDD and the security chip, loose one and the vault is unreadable unless you happen to have an exported version which in turn is only readable on another Thinkpad ...

  11. A K Stiles Silver badge
    Big Brother

    Self-Incrimination?

    IANAL, clearly, but how does the RIPA law play in terms of your right to not incriminate yourself?

    1. John G Imrie

      Re: Self-Incrimination?

      IANAL, clearly, but how does the RIPA law play in terms of your right to not incriminate yourself?

      I don't think we have one. We used to have a right to silence that could not be used to assume guilt, but IIRC that was changed under Tony Blairs premiership

    2. knarf

      Re: Self-Incrimination?

      your guilty until you prove otherwise.

      1. Jamie Jones Silver badge
        Headmaster

        Re: Self-Incrimination?

        my guilty what?

        :-)

    3. Turtle

      @ A K Stiles

      "IANAL, clearly, but how does the RIPA law play in terms of your right to not incriminate yourself?"

      If you have in mind some sort of "right not incriminate yourself" that goes beyond a conditional "right not to make self-incriminating statements", then I would like to see any reason to think that such a right has ever existed anywhere.

      1. A K Stiles Silver badge

        Re: @ A K Stiles

        well I was essentially wondering about the “You do not have to say anything. But it may harm your defence if you do not mention when questioned something which you later rely on in Court. Anything you do say may be given in evidence.”

        So when they ask you for the password "You do not have to say anything."

        1. Matt Bryant Silver badge
          Boffin

          Re: @ A K Stiles

          So when they ask you for the password "You do not have to say anything." When the Police arrest you, at that point you do not have to say anything that may harm your defence. However, if the judge later issues a notice after you have been arrested asking you for the encryption key, not saying anything then puts you in breach of the notice.

        2. Vic

          Re: @ A K Stiles

          So when they ask you for the password "You do not have to say anything."

          No, you don't.

          But you will go to prison if you don't.

          As you can probably tell, I have significant reservations about this law...

          Vic.

          1. A K Stiles Silver badge

            Re: @ A K Stiles

            right, thanks for that clarification. So at that point you're essentially down to doing the quick sums about whether the punishment for refusing to comply or for the 'evidence' they might find on your machine is the lesser.

            Vague thoughts about if I had anything worth hiding, I'd like a system with 2 passwords where the alpha password lets you in normally, but the beta password 'obliterates' the incriminating stuff whilst allowing access to the innocent but private stuff...

            1. Vic

              Re: @ A K Stiles

              I'd like a system with 2 passwords where the alpha password lets you in normally, but the beta password 'obliterates' the incriminating stuff whilst allowing access to the innocent but private stuff...

              That's called a "duress password". It's used in many situations.

              It's entirely precluded by people insisting on biometrics as authentication...

              Vic.

            2. Matt Bryant Silver badge
              Facepalm

              Re: @ A K Stiles

              "....but the beta password 'obliterates' the incriminating stuff whilst allowing access to the innocent but private stuff..." Again, great in theory, but if the Police do a before-and-after comparison of the disk and note the changes, then you will be back facing a spoilation of evidence charge.

              1. A K Stiles Silver badge

                Re: @ A K Stiles

                "erm... the disk contents changed when it wrote the unencrypted stuff back to the disk, yer 'onour"?

                1. Matt Bryant Silver badge
                  Facepalm

                  Re: @ A K Stiles

                  "erm... the disk contents changed when it wrote the unencrypted stuff back to the disk, yer 'onour"? Please note - Mr Plod is not stupid! The Police in the UK (and the FBI in the States) employ a lot of very skilled and experienced computer forensics analysts. Before analysing your disk in any way, the first thing the coppers do is make an exact copy to work on. Differences between the before-and-after would therefore not only be very obvious, it would also not take them long to find - by simply making more copies and observing the deletion in action - that you had used a mechanism to deliberately destroy evidence. Seriously, if you want to take up a life of 'hacktivism'/e-crime, do a bit more research first, for your own good.

                  1. Tom 260

                    Re: @ A K Stiles

                    Not only do they make their exact copy, but they use a write-blocker on the original device too.

                    El Reg article (page 3 goes into a bit of detail on this): http://www.theregister.co.uk/2013/11/07/feature_what_happens_when_you_arrested_by_computer_police/

                  2. A K Stiles Silver badge
                    Angel

                    Re: @ A K Stiles

                    I am quite sure that 'Mr. Plod' isn't stupid. It is one of the reasons I don't try and live a life of crime - that and actually just a general sense of being a decent human being, of course! You'll have to take my word for that though, but then as, I assume, you're also a decent person, the world can stay a happy place... right?

                    1. Matt Bryant Silver badge
                      Pint

                      Re: @ A K Stiles

                      ".....I assume, you're also a decent person, the world can stay a happy place... right?" Hmmm, it seems that there are many differing and often quite opposing views of what makes a 'decent person' on these forums, including some that seem to think illegal behaviour is a must. Let's just say I am a law-abiding person and leave the character judgements at that. Salut!

                      1. A K Stiles Silver badge
                        Pint

                        Re: @ A K Stiles

                        Sláinte!

                  3. Bloakey1

                    Re: @ A K Stiles

                    <snip>

                    " The Police in the UK (and the FBI in the States) employ a lot of very skilled and experienced computer forensics analysts."

                    <snip>

                    Errr sorry but they do not. They do what budget allows and what local knowledge reccommends.

                    I can't say more then that.

            3. PrivateCitizen

              Re: @ A K Stiles

              "Vague thoughts about if I had anything worth hiding, I'd like a system with 2 passwords where the alpha password lets you in normally, but the beta password 'obliterates' the incriminating stuff whilst allowing access to the innocent but private stuff..."

              One of the great parts of truecrypt was the hidden container which allowed you to reveal one password granting access to the outer container but the inner container remained invisible.

              AFAIK this technique was able to keep the hidden container from detection using pretty much all current forensic tooling. The final audit findings may reveal more.

  12. Anonymous Coward
    Anonymous Coward

    A doofus, with weak lawyers, but the law is broken

    If the description of Wilson's activity is true, he is a doofus, not a l33t haxx0r. Sending dodgy emails from the university server? Don't they have internet cafes in Newcastle? Or Tor? Or free ports on the lan in an empty office? Amateur.

    BUT: being imprisoned for refusing to hand over your password smells awfully like being imprisoned for refusing to incriminate yourself.

    Until that law is repealed, the only recourse is to have rigorous data cleanliness standards and protection (eg only use portable apps and stick them on a self-destructable USB key like the sadly-ridiculously-expensive ironkeys).

    1. Anonymous Coward
      Anonymous Coward

      Re: A doofus, with weak lawyers, but the law is broken

      Until that law is repealed, the only recourse is to have rigorous data cleanliness standards and protection (eg only use portable apps and stick them on a self-destructable USB key like the sadly-ridiculously-expensive ironkeys).

      Nope. You are compelled to provide access to the information, irrespective of whatever wrapper you put around it. This is also what all those US startups developing "NSA proof" email don't seem to get: the technology becomes entirely irrelevant if you can be legally forced to cough up the data in cleartext.

      This also shows how dangerous it has become to experiment with crypto: unless you keep a good log of passwords when experimenting, any file of which you have forgotten the password of can basically land you with a contempt of court charge as you'll be unable to comply. If you can no longer remember a password for something, best delete it or hope you're never near any investigation..

      1. Ken Hagan Gold badge

        Re: A doofus, with weak lawyers, but the law is broken

        "This is also what all those US startups developing "NSA proof" email don't seem to get: the technology becomes entirely irrelevant if you can be legally forced to cough up the data in cleartext."

        I'm sure the startups understand this point. It's their prospective customers who don't.

        1. LucreLout Silver badge

          Re: A doofus, with weak lawyers, but the law is broken

          "I'm sure the startups understand this point. It's their prospective customers who don't."

          I'm sure the startups understand this point. It's their prospective investors who don't. Fixed that for you.

          1. Ken Hagan Gold badge

            Re: FTFY -- "investors"

            Ah, yes, of course. Thanks for the heads-up.

      2. Anonymous Coward
        Anonymous Coward

        Re: A doofus, with weak lawyers, but the law is broken

        >Nope. You are compelled to provide access to the information, irrespective of whatever wrapper you >put around it. This is also what all those US startups

        >developing "NSA proof" email don't seem to get: the technology becomes entirely irrelevant if you >can be legally forced to cough up the data in cleartext.

        (1) Only if you have the key, and so far the law requires failure to be knowing.

        S.49 is not a key escrow law. You are not compelled to disclose a key or plaintext if you demonstrably have no ability to do so.

        RIPA does not impose an obligation on cloud providers to build backdoors into their systems or software.

        If the encryption is client side and performed by the user on his own computer, the cloud service is demonstrably not responsible.

        Few other countries have laws similar to S.49.

        Violation of RIPA is not an extraditable offense so what would the UK government do if a German or Swede set up a cloud service outside UK jurisdiction.

        Violation of RIPA is not covered by the EU Arrest warrant but could only happen if the offense of failure to disclose the encryption key is otherwise covered by a particular extradition or mutual legal assistance treaty.

        1. Vic

          Re: A doofus, with weak lawyers, but the law is broken

          S.49 is not a key escrow law. You are not compelled to disclose a key or plaintext if you demonstrably have no ability to do so.

          Whilst that is probably how a judge would apply it, it's not how the law is *written*.

          S49 makes it an offense to fail to hand over keys or decrypt a file when a notice is issued. An "appropriate person" makes the decision that it is an encrypted file, and it is not an absolute defence in law for the subject not to have the key, nor even for the file not to be anything of the sort.

          And that's the problem I have with it: it criminalises someone else's errors.

          Vic.

          1. Anonymous Coward
            Anonymous Coward

            Re: A doofus, with weak lawyers, but the law is broken

            "S49 makes it an offense to fail to hand over keys or decrypt a file when a notice is issued. An "appropriate person" makes the decision that it is an encrypted

            file, and it is not an absolute defence in law for the subject not to have the key, nor even for the file not to be anything of the sort."

            There is one lower burden of proof for imposing the original order -- but for the criminal sanction to be imposed failure to disclose must be knowing on the part of the subject.

            That aspect of S.49 has so far not been tested, likely because the government is careful only to pick defendants who more or less overtly refuse to cooperate.

            There are other interesting scenarios where the mens rea can be argued but unfortunately remain unexplored -- shared computer environments with multiple users and encrypted data.

            If Alice and Bob shares a computer and the police finds a folder with encrypted files, proving who knows the decryption key is virtually impossible.

            Since the failure under S.49 must be knowing both Alice and Bob can plausible deny knowing the password unless the government has additional evidence.

            Note that the common pattern in the media reported cases has been (1) Use of common easily detected encryption schemes; (2) computer equipment already seized incident to another ongoing investigation; (3) recalcitrant defendants openly refusing to cooperate.

            But change just one of the variables, and the government could lose.

            1. Anonymous Coward
              Anonymous Coward

              Re: A doofus, with weak lawyers, but the law is broken

              "If Alice and Bob shares a computer and the police finds a folder with encrypted files, proving who knows the decryption key is virtually impossible."

              Wouldn't they just respond they're BOTH in cahoots and covering each other's butt? I still have to wonder what happens when someone gets charged and the police discover a drive full of pure random data? Given encrypted partition design, it's going to be very hard to argue it really is random data (say for a one-time pad) and not an encrypted partition the suspect is trying to cover up.

        2. Matt Bryant Silver badge
          Facepalm

          Re: AC Re: A doofus, with weak lawyers, but the law is broken

          "....Violation of RIPA is not covered by the EU Arrest warrant ....." True, but then it doesn't need to be. The request for an encryption key usually comes as part of an investigation into another crime, such as terrorism, which is covered by the EAW. Alternatively, our coppers notify the foreign coppers that there is a reasonable suspicion that Company X's servers are being used to stash evidence of a crime (terror, hacking, kiddieporn, etc.), local coppers then raid the company and confiscate the servers and storage and ask the owners for access. Our court requests the servers and storage as evidence, and when they are in the UK, local court then issues the request for the encryption key. That's if Company X's owners haven't folded and given their coppers access to all the info already rather than see their business go down the toilet, at which point the encrypted data is sent back to the UK as evidence and our court issues the request for the key. You would need to find a foreign country with no links with the UK, which is rare given that even countries like Russia co-operates with the UK on investigating certain crimes, at which point you also run the risk of that foreign country's spooks taking a nasty interest in your activities.

          1. Anonymous Coward
            Anonymous Coward

            Re: AC A doofus, with weak lawyers, but the law is broken

            "....Violation of RIPA is not covered by the EU Arrest warrant ....."

            >True, but then it doesn't need to be. The request for an encryption key usually comes

            >as part of an investigation into another crime, such as terrorism, which is covered by the EAW. Alternatively, our coppers notify the >foreign coppers that

            >there is a reasonable suspicion that Company X's servers are being used to stash evidence of a crime (terror, hacking, kiddieporn, >etc.), local coppers

            >then raid the company and confiscate the servers and storage and ask the owners for access. Our court requests the servers and >storage as evidence, and

            >when they are in the UK, local court then issues the request for the encryption key. That's if Company X's owners haven't folded and >given their coppers access to all the info already rather than see their business go down the toilet, at which point the encrypted >data is sent back to the UK as evidence

            >and our court issues the request for the key.

            Yes, this is so far how the mutual legal assistance process works, but the state requested to produce the information is not required to sanction a corporation for failing to comply with S.49.

            So what happens is likely that the UK asks Sweden, Germany or Denmark to seize information stored on a server, and when it is discovered that it is encrypted the UK police gets the information but is still unable to compel the foreign subject to produce the plaintext.

            The teeth in RIPA's disclosure mandate is the criminal sanction, and without the ability to extradite the foreign subject under S.49, which lacks an analogy in most other EU member states, the mandate in this instance can't be enforced.

            Now there may well be other unpleasant consequences for the foreign subject such as having to avoid vacation in the UK or being monitored for terrorism or CP, but being monitored is better than going to jail.

      3. Anonymous Coward
        Anonymous Coward

        Re: A doofus, with weak lawyers, but the law is broken

        >Nope. You are compelled to provide access to the information, irrespective of whatever wrapper you >put around it. This is also what all those US startups

        >developing "NSA proof" email don't seem to get: the technology becomes entirely irrelevant if you >can be legally forced to cough up the data in cleartext.

        If the encryption is done client side, the cloud service is not responsible.

        Most of the new supposedly NSA proof upstarts take this into account.

        Also note that UK is one of the few countries with a criminal prohibition similar to S.49.

        Germany and Sweden have no such law because such a mandate likely violates the ECHR.

        The only reason why it has not been tested is that the UK government is careful only to go after the inept 'criminals'.

      4. Alan Brown Silver badge

        Re: A doofus, with weak lawyers, but the law is broken

        "This is also what all those US startups developing "NSA proof" email don't seem to get: the technology becomes entirely irrelevant if you can be legally forced to cough up the data in cleartext."

        The law as written is the legal equivalent of "beat him with a $5 wrench until he gives you the key"

        As others have noted, refusing to disclose the keys could easily be a revolving door - all they have to do is keep demanding the keys the day you're let out of jail.

    2. ElReg!comments!Pierre
      Pint

      Re: A doofus, with weak lawyers, but the law is broken

      > Sending dodgy emails from the university server? Don't they have internet cafes in Newcastle?

      Ha. I wouldn't advise sending those from an Internet Café. These have CCTV now, and chances are that you could not disguise your connection very well, so even a throwaway webmail account will correctly stamp the IP and date.

      > Or Tor?

      That would work, although using TOR too much for unlawful purposes will ruin it for everyone (another problem entirely, but I thought I'd mention it anyway).

      > Or free ports on the lan in an empty office?

      That and a spectacularly incompetent IT dept., then. I've yet to see unused-but-active network sockets in empty offices. In most places even active in-use sockets are retricted to a single MAC adress. You can circumvent that, by cloning the MAC of the legit machine before unplugging it and using the socket, but it's hard to do it if it's not your machine, and a bit pointless if it is. You could set up some sort of covert router that would transparently allow the "leeched" machine to connect while allowing you to connect via wifi for example, but there's some night work involved, because you'll want to hide it very well. In the offices here for example I _could_ probably open the cabling duct, terminate the Cat5 a bit before the socket, put a passive splitter, reconnect one branch to the wall socket and the other to a very small wifi router (a hacked Fonera would fit, once stripped from its plastic casing, or a Pi with a USB wifi dongle).

      Then I'd have to draw the power from somewhere. I'm guessing I'd derive cabling from the lights system wich is in the adjacent duct, because it's easy to turn off: I'd hate having to work on live mains, and I'm not sure I wouldn't expose the whole scheme if I tripped the mains by "inadvertently" spilling tea in a power plug on the same breaker. My pirate wifi would only be up while the lights are on, but that's probably enough: I can pass by, catch the wifi from the corridor and send my emails without even stopping (assuming the email is already typed and only needs to be sent). Of course I'd have to trick the network into accepting the SMTP connection (webmail is too easily traceable /leaks too much info), but that's doable.

      Or, since I'd need to come in at night anyway, I could just come in, spoof the MAC, plug my laptop in, send the email and leave; but I would need to break back in each time I wanted to send an email, which is hardly safe, given the CCTV cameras in the corridors.

      > Amateur.

      Fair enough; but again, since you forgot an easy and (almost) safe way to do it (anonymous remailers), perhaps _you_ are the amateur ;-)

      Man, does it feel like a Friday... it's gonna be a long week.

      1. Matt Bryant Silver badge
        Facepalm

        Re: Pierre Re: A doofus, with weak lawyers, but the law is broken

        ".....I _could_ probably open the cabling duct, terminate the Cat5 a bit before the socket, put a passive splitter, reconnect one branch to the wall socket and the other to a very small wifi router (a hacked Fonera would fit, once stripped from its plastic casing, or a Pi with a USB wifi dongle)....." I think you'll find that, not only would it put you in breach of laws relating to unauthorised access (to the LAN in this case), you would be leaving a very easily traceable piece of hardware for the Police to use as evidence. Have you lot forgotten Aaron Swartz already?

        1. ElReg!comments!Pierre

          Re: Pierre A doofus, with weak lawyers, but the law is broken

          > I think you'll find that, not only would it put you in breach of laws relating to unauthorised access (to the LAN in this case)

          Yeah well, that's the whole point of this though experiment, so I'll give you that

          > you would be leaving a very easily traceable piece of hardware for the Police to use as evidence

          Really? I won't even mention bitcoins because I probably couldn't be arsed, but last time I checked cash was quite hard to trace. There's a a few shops around where I can physically buy a Pi without being traced or even recorded on CCTV (well, looping CCTV systems don't count when the device won't be discovered for a few month -and that's if I'm out of luck). Preferably 100-200km away from home just in case the temp behind the counter would recognise me. Or I could buy (cash) a virtual credit card and buy it over the 'net, having it delivered somewhere almost random with a false name: in _some_ delivery points they ask you for real ID but in others anything laminated will do.

          FACEPALM right back at you, amateur ;-)

          1. Matt Bryant Silver badge
            Facepalm

            Re: Pierre A doofus, with weak lawyers, but the law is broken

            ".....Or I could buy (cash) a virtual credit card and buy it over the 'net, having it delivered somewhere almost random with a false name: in _some_ delivery points they ask you for real ID but in others anything laminated will do....." Yeah, because such a device being found in an office only a limited number of people (including you) will have had access to, and only a sub-section of those people will have the skills, there's no way that would help the Police very quickly narrow it down to you. And if it is discovered without your knowledge, they can sit and monitor it to gather evidence when you carry on using it. I think you should take your head out of your rectum before you try that facepalm.

            1. Bloakey1

              Re: Pierre A doofus, with weak lawyers, but the law is broken

              <snip>

              "I think you should take your head out of your rectum before you try that facepalm."

              Calm down boys. You are both using very complex trade craft and with complexity comes increased chance of failure points.

              Bootable USB, any old crap laptop probably with no hard drive, boot up, connect to open wireless, open Wibbly Wobbly Way, login to disposable mail account, do nefarious deed, shut down computer, separate USB stick and laptop pronto. Stash both in separate locations that are not linked to you per se (stash USB in local pub, laptop in friends garage). Job done. Let them come, give them all the keys they want you are safe.

              I use the password "gofsckyourself" on a hardware encrypted drive I travel with. Anybody demanding a password from me is likely to start an argument about inappropriate language rather than the type of data contained therein.

            2. ElReg!comments!Pierre

              Re: Pierre A doofus, with weak lawyers, but the law is broken

              > Yeah, because such a device being found in an office only a limited number of people (including you) will have had access to,

              Why would I put a covert wifi AP in my office? At night? The entire point is to put it in an area I don't (normally) have access to, so that the connections come from a network socket, an IP (and a MAC) that do exist on the network but can't possibly be traced back to me.

        2. ElReg!comments!Pierre

          PS: Re: Pierre A doofus, with weak lawyers, but the law is broken

          > I think you'll find that, not only would it put you in breach of laws relating to unauthorised access (to the LAN in this case),

          I would also have to break in, which is arguably worst.

        3. LucreLout Silver badge

          Re: Pierre A doofus, with weak lawyers, but the law is broken

          "Have you lot forgotten Aaron Swartz already?"

          Aaron who? :-)

          No, seriously, I'm pretty sure there are no parallells to draw between Swartz and some ass clown maiking threats against the police and university at which he studied. I'm absolutley sure there are no parallells between Newcastle University and MIT.

          1. Matt Bryant Silver badge
            Boffin

            Re: LucreLout Re: Pierre A doofus, with weak lawyers, but the law is broken

            ".....I'm pretty sure there are no parallells to draw between Swartz and some ass clown maiking threats against the police and university at which he studied..." The reference was not to the case in the thread but in response to the idea of attaching an unauthorised system to a LAN in order to 'misuse' the resource, which was how Aaron Swartz was originally caught and charged. He attached a laptop to the MIT LAN and got charged with 'breaking-and-entering' as well as the unauthorised access. The point is that, no matter how 'noble' you think your cause is, the law still applies.

      2. Bloakey1

        Re: A doofus, with weak lawyers, but the law is broken

        <snip>

        "Fair enough; but again, since you forgot an easy and (almost) safe way to do it (anonymous remailers), perhaps _you_ are the amateur ;-)

        Man, does it feel like a Friday... it's gonna be a long week."

        Take a cruise into suburbia and a plethora of open wireless networks will be found and even if the routers are half secure then other devices such as modern printers, tethered phones etc. will get you up and running. An anon account such as sebastian@hotmail.com or a spoofed account etc. and bob is your uncle. Change writing style, induce regular spelling mistakes and generally use a 'legend' and you might be surprised how far you get.

        Some times the obvious ways are the best.

      3. Thorne

        Re: A doofus, with weak lawyers, but the law is broken

        "Ha. I wouldn't advise sending those from an Internet Café. These have CCTV now, and chances are that you could not disguise your connection very well, so even a throwaway webmail account will correctly stamp the IP and date."

        20 minutes war driving will get you open wireless access (and then someone's grandparents will go to jail instead)

        1. ElReg!comments!Pierre

          Re: wardrive

          'round these parts there's a legal requirement that FAIs provide default-on encryption on all WiFi routers. Wardriving is not really an option anymore. Even my elderly gand-parents have a hex-key WPA2-encrypted wifi at home...

      4. Hans 1 Silver badge

        Re: A doofus, with weak lawyers, but the law is broken

        >I'd hate having to work on live mains

        Chicken ? I have always worked on live mains, mostly because I cannot be bothered to go to the fuse box ;-) - Shit, I even remove the plastic around wires to put them in a domino without cutting power ... do not touch the copper ... is that so difficult ?

        The rest is very silly. Plug a usb stick into a windows system in a shop, autorun your shit e.g. a vbs that creates a wireless hotspot ... come back at night, no need to break in, there, you have internet, come back next day and remove your usb stick ... otherwise hide in the bushes around a MacD, connect to its wifi and there you go ... replace MacD with whatever chain of shops/restaurants offers free wifi to their customers ... you are only on CCTV if you are caught close to the cams ... small shops have fake cams and USB ports on their systems.

  13. Anonymous Coward
    Anonymous Coward

    Arrests

    If I remember rightly you can be arrested without suspicion under terrorist laws. That arrest then permits the Police to search your home etc. There was some legal constraint that the arrest was only applicable in certain designated areas - and they had to be re-designated every so often.

    That happened to a French? guy a few years ago in London. Arrested in the street - and then escorted home for his PCs to be searched. It probably made photographers a bit nervous about taking pictures in public places.

    The Blair government also abolished the distinction between arrestable and non-arrestable offences. Every offence is now classed as arrestable. A favourite is probably "suspicion of conspiracy to....". Being arrested automatically gives the Police the right to search your home etc - and take away computers, media, etc for several months to be examined. There is no redress if they then cannot find anything at all with which to charge you. Their suspicion level is raised considerably if you happen to be employed as an IT techie.

    Apparently such an arrest will also prevent you getting a "quick" visa to visit the USA - even if there was no evidence and no charge.

    1. gazthejourno (Written by Reg staff)

      Re: Arrests

      All spot on. The abolition of non-arrestable offences was a cunning move by New Labour to circumvent the protections of section 15 of the Police and Criminal Evidence Act. Why bother applying for a court warrant, running the risk of being told to wind your neck in, when you can arrest someone for an imaginary offence and then turn their home and possessions over at your leisure in the hope of finding something that'll stick?

      1. Anonymous Coward
        Anonymous Coward

        Re: Arrests

        You know, for a club that sold itself as "socialists", New Labour have engaged in some serious mowing down of human rights when they were in power.. Makes you wonder what they had to hide that they were so enthusiastically expanding the surveillance state..

        1. Anonymous Coward
          Anonymous Coward

          Re: Arrests

          for a club that sold itself as "socialists", New Labour have engaged in some serious mowing down of human rights when they were in power

          Unsurprisingly, the party of telling other people how to live their lives and interfering in everything you do has little need for human rights. But they solved boom and bust..

          1. Ken Hagan Gold badge

            Re: Arrests

            " the party of telling other people how to live their lives "

            All parties exist pretty much solely to tell the supporters of other parties how to live their lives.

            1. Fluffy Bunny
              Angel

              Re: Arrests

              Yes, but the labor/green aliance make such a sanctimonious production of it.

        2. Malmesbury

          Re: Arrests

          "You know, for a club that sold itself as "socialists", New Labour have engaged in some serious mowing down of human rights when they were in power.. Makes you wonder what they had to hide that they were so enthusiastically expanding the surveillance state.."

          You may remember that they were selling themselves as the "Third Way" - nearly fell out of my chair when I heard that one

          Arthur Moeller van den Bruck was going to write a book entitled the "Third Way". But he changed it to a much snappier title in the end. Which inspired a generation. And how.....

        3. Yet Another Anonymous coward Silver badge

          Re: Arrests

          > for a club that sold itself as "socialists" New Labour ....

          I think the "national" got missed out in a printing error.

    2. John Sturdy
      Black Helicopters

      Re: Arrests

      That'll be David Mery: http://gizmonaut.net/bits/suspect.html

  14. Yet Another Anonymous coward Silver badge

    How things have changed

    "advocating the posting of deliberately inflammatory messages" is now a crime?

  15. LucreLout Silver badge

    Am I the only person trying desperately hard to recall the first time they created a TrueCrypt vob?

    Its entirely possible I created and failed to delete a tiny vob on one of my PCs for experimental purposes, prior to creating the main one in my dropbox account. I might have created a tiny vob within the main vob.... I simply don't recall clearly.

    There's simply no way for me to remember whatever throw away password(s) I may have used at the time.

    1. Anonymous Coward
      Anonymous Coward

      There's simply no way for me to remember whatever throw away password(s) I may have used at the time.

      Well, under RIPA that means jail time - that's exactly the problem with that aspect of RIPA. I can see why, because "I have forgotten the password" is going to be excuse no1 for any criminal, but the harm by reversing "innocent until proven guilty" is IMHO much greater than the gain for society :(

  16. John H Woods Silver badge

    I still want to see ...

    ... RIPA vs the claim that "it's actually a big block of random numbers that I use for statistical / mathematical / cryptographic purposes".

    What if someone had downloaded the Wikileaks 'insurance' file? You don't know what's in it, and you don't have the keys - can you just prove it has the same hash as the published file? Or is it an offence just to possess it?

    1. Yet Another Anonymous coward Silver badge

      Re: I still want to see ...

      From what I remember when the law originally came in it doesn't have to be encrypted - there was something about any message with a hidden meaning.

      So if you have a copy of paradise lost or Midsummer nights dream lying around I hope you have an English lit degree to explain it to the plod. You are probably screwed if you have anything by William S Burroughs or James Joyce.

      1. Voland's right hand Silver badge

        Re: I still want to see ...

        So if you have a copy of paradise lost or Midsummer nights dream

        Or Bulgakov, Pasternak, Vysotski, Okudjava, etc - pretty much any Russian writer from the second part of the 20th century wrote in a way that has 5+ meanings in it. Part of expressing your thoughts while living in a police state I guess.

        We should probably learn some lessons from them. It is becoming useful.

  17. Leeroy Silver badge

    uh oh

    I think I may just delete that 5Mb Truecrypt container from my dropbox account. I can remember the password now but in 10 years I doubt it very much.

    Does this count for pdf's as well ? I have a few from suppliers that I don't know the password to view the 'hidden' data.

  18. Anonymous Coward
    Anonymous Coward

    Time for an encryption chip

    That stops working after x tries.

    Give the police x wrong passwords - then the right password.

    You technically supplied what they were asking for - not your fault it melted on them.

    I guess there is one reason to live in the USA.

    1. Matt Bryant Silver badge
      FAIL

      Re: Anon Cluetard Re: Time for an encryption chip

      ".....You technically supplied what they were asking for - not your fault it melted on them....." Not only is it legally your fault, if the Police can show in court that you bought the items with the sole intent of preventing the Police from examining your disk then you are then going to be convicted of interfering in a Police investigation and destruction ('spoilation') of evidence - do not pass go, do not collect £200, just go straight to jail!

      1. h3

        Re: Anon Cluetard Time for an encryption chip

        But if the police do it then it is fine. (See the lack of evidence West Yorkshire Police has about Saville).

    2. LucreLout Silver badge

      Re: Time for an encryption chip

      "I guess there is one reason to live in the USA."

      Californian girls?

  19. Anonymous Coward
    Anonymous Coward

    Re. disks

    What about the hypothetical case of "found media" ?

    Say when clearing out an office/etc you find an abandoned thumbdrive, or as happened to me found a box of craploza at a recycling point which contained not one but four thumbdrives, a memory card and some other goodies including the asshat's personal details.

    Under RIPA you have to prove that the drive belonged to a third party which is damned hard if it has your fingerprints/DNA/microbes on it.

  20. Anonymous Coward
    Big Brother

    You do not have to say anything ..

    You do not have to say anything. If you don't talk, then you can't hand over your decription keys. The court may draw negative inferences from the fact of your silence in the following circumstances:

    * Failure to mention a fact when questioned under caution before charge which is relied on in your defence.

    * Failure on being charged with an offence or informed of likely prosecution, to mention a fact which it would have been reasonable for you to mention at the time.

    * Failure or refusal to account for objects, substances or marks found on your person, in or on your clothing or otherwise in your possession, in the place where you were arrested.

    * Failure or refusal after your arrest to account for your presence at a place at or about the time the offence is alleged to have been committed.

    Uses RIPA has been put to include: detecting dog fouling, school non-attendance, littering, storage of petrol without a licence, alleged planning breach.

    1. Yet Another Anonymous coward Silver badge

      Re: You do not have to say anything ..

      And you don;'t have to say anything while you are held in prison for contempt of court for as long as the judge feels like - no trial, no jury, no parole ....

    2. Vic

      Re: You do not have to say anything ..

      You do not have to say anything. If you don't talk, then you can't hand over your decription keys

      But if you take that line, then you are committing a specific offence (failure to comply with a S49 notice) in addition to whatever they wanted you for in the first place. Think of it like resisting arrest - i doesn't replace the original charge, it's something else for which you can get thrown in the slammer.

      Vic.

  21. Anonymous Coward
    Anonymous Coward

    Guys, there's no other way to say this: your country really sucks. Admittedly, mine isn't all peaches and cream either. Maybe we should move to mars and start over while leaving the politicians behind.

    1. Dr. Mouse Silver badge

      Or just send the politicians to Mars? Oh, and ensure the operating instructions are encrypted, and we have forgotten the password :)

      1. Johan Bastiaansen

        encrypted?

        Nah, just put the instructions in plain English. No politician will understand.

  22. Anonymous Coward
    Anonymous Coward

    Why inflict them on Mars?

    Send them to Venus instead, problem solved.

    1. Thorne

      Re: Why inflict them on Mars?

      "Send them to Venus instead, problem solved."

      Why? Who said we'd give them a spaceship? Just a big catapult.........

      1. Alan Brown Silver badge

        Re: Why inflict them on Mars?

        Either way, if thet get to venus, they're baked.

  23. Anonymous Coward
    Anonymous Coward

    I bet Judge Simon Hickey is not so tough when he finds a hardened criminal in his courtroom.

    Judge Simon Hickey, what you were doing was for your own satisfaction, showing what you could do with your undoubted skill with the legal system.

    But this is a serious offence and the peoples council will decide on the appropriate punishment in due time

    Judge Simon Hickey, you are a disgrace to your profession, a threat to democracy, abusing your powers and the notion of "national security". You would have fitted in really well in Hitlers justice system, you are the Roland Freisler of our era. We hope you meet a similar fate.

    1. LucreLout Silver badge
      WTF?

      "the peoples council will decide on the appropriate punishment in due time"

      WTF?

      Or, alternatively, lots of frustrated teens will leave their bedrooms when mammy calls them for dinner, and nothing will happen to Judge Hickey.

    2. EssEll

      Wait a minute, pretty sure I've seen this in a film somewhere....

  24. Furbian
    Go

    Send your MP an encrypted file campaign?

    Wasn't there a campaign sometime back to have an encrypted file sent to your MP, and to then tell the Police to investigate them for being up to no good? The MP's would then claim not to know the password, and since they have the e-mail or CD in their possession, they would be guilty of not supplying the password. Would have been fun to send encrypted copies of their expenses as an MP, for the irony of it.

    1. Matt Bryant Silver badge
      Facepalm

      Re: Furbian Re: Send your MP an encrypted file campaign?

      "Wasn't there a campaign sometime back to have an encrypted file sent to your MP, and to then tell the Police to investigate them for being up to no good?...." A good way to get yourself charged with wasting Police time, TBH. Apart from the email trail back to you, they will also have your ISP logs showing you looked at the site with the original idea and then advocated it here.....

      1. Furbian
        Go

        Re: Furbian Send your MP an encrypted file campaign?

        Which is why I mentioned a 'CD' (for those not savvy enough to be able to cover their tracks on-line)... then again with CCTV's everywhere, maybe they'll see who posted it, could be a bit tricky if one drops it in a post box in the centre of a large city though.

    2. Yet Another Anonymous coward Silver badge

      Re: Send your MP an encrypted file campaign?

      Yes blocks of random numbers where emailed to Jack Straw (the home secretary at the time) but since the laws are only used against "terrorists" there was no need to investigate a Labour politician

  25. RISC OS

    Aspergers...

    FFS, what has that got to do with it? You may as well have written: 'Wilson, who has Athletes Foot, was suspected of "trolling"...'

    My stepson has AS, it gets on my tits how everyone and there dog tries to use it as a "get out of jail free" card.

  26. Anonymous Coward
    Anonymous Coward

    Re. Aspergers...

    A few more cases like this and Aspies may end up finding themselves even more unemployable than ex convicts. (Personal experience, got turned down for two jobs and this was one of the reasons)

    The problem is that under the new employment rules you have to include information like mental health and previous "problems", failure to mention which is an auto-sackable offense.

    The system seems set up to red flag anyone with mental health issues which IMHO is totally Orwellian when many people with Aspergers simply need minor adjustments to their work environment such as their own workspace and freedom to take breaks from noise etc when they need them.

    Anon, because I live somewhere with no Disability Discrimination laws...

  27. This post has been deleted by its author

  28. Anonymous Coward
    Anonymous Coward

    Please type your user-name and password here

    For hundreds of years, political and economic immigrants took refuge in the UK, where later democracy and voting rights came into effect, long before people on the continent could enjoy even the most basic civil rights. Much good came from across the North Sea.

    But in these days, the once great country seems intent to mimic the surveillance terror we had to suffer behind the iron curtain for decades. CCTV cameras everywhere, pseudo-anti-terrorist laws, a spying organisation on par with the NSA - and no meaningful protest in sight. What's going on? Do Britons really not care anymore? Is it all just about increasing house-prices, better home decoration and affordable holidays in France and Spain?

    This is saddening.

    1. Hans 1 Silver badge

      Re: Please type your user-name and password here

      Well, they are all fed BS daily on TV, where <scapegoat> was arrested before he could carry out <x> - they never mention similar arrests of <non-scapegoats> in the media ... unless there is something to the story like "he liked to wear a bra and pink panties" or "had a mental disease".

      In France, where I live, they often just say a Roma stole a car or a descendant of north African immigrants (an Arab as they like calling them) stole a necklace. When it is a white a French guy who can prove he has French ancestors for at the least 5 generations and there is something to the story they say a bloke from Auvergne did this and that ...

      They scare ppl all the time so they come to accept surveillance state ... as long as the "others" are surveyed and not them. Get the tax evader next door and not me please, thanks.

      1. Anonymous Coward
        Anonymous Coward

        Re: Please type your user-name and password here

        Plus with nukes and super-plagues ever possible, they can always trot out the existential threat. Sure, the Founding Fathers had something to say about security and such, but did they ever live in a world of constant existential threats, where the one that gets away is the one that dooms not only you, but maybe your country if not your entire civilization? All one has to say is, "Do this or the world is DOOOOOOMED!" And we won't be in a position to protest since, being an existential threat, if it comes, it's game over and we won't be alive to concede they're right.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020