UK Government Wants Private Encryption Keys 822
An anonymous reader writes "Businesses and individuals in Britain may soon have to give their encryption keys to the police or face imprisonment. The UK government has said it will bring in the new powers to address a rise in the use of encryption by criminals and terrorists." From the article: "Some security experts are concerned that the plan could criminalise innocent people and drive businesses out of the UK. But the Home Office, which has just launched a consultation process, says the powers contained in Part 3 are needed to combat an increased use of encryption by criminals, paedophiles, and terrorists. 'The use of encryption is... proliferating,' Liam Byrne, Home Office minister of state told Parliament last week. 'Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of Part 3 of RIPA... which is not presently in force.'"
My God (Score:5, Insightful)
Re:My God (Score:3, Insightful)
Re:My God (Score:3, Insightful)
Or "Big Brother is Watching You, and If You Try To Stop Him, You Will Go To Jail."
Re:My God (Score:5, Insightful)
Or how about a new
This is nasty. You can always tell when there are no reasons that would fly with the public when they have to invoke the paedophiles. US government has War on Terror, the UK has paedophiles.
E-mail was a god-send for the intelligence services. Automated scanning and copies of everything to look back on if they ever chose. Encryption means the free party is coming to an end. GPG is turning off the stereo and saying "GO HOME!"
They managed without it before. They can manage without it again. And if that means the Government can't achieve omniscience over the population... good!
Re:My God (Score:5, Funny)
Re:My God (Score:5, Funny)
Re:My God (Score:4, Informative)
IIRC, the Brits wanted to extend the length 'terrorists' could be arrested & held without charge (from 14 to 90 days) so that the police could have more time to try and break encrypted data.
Here's the previous
http://yro.slashdot.org/article.pl?sid=05/11/04/1
I'm pretty sure that idea died a Horrifying death
Re:My God (Score:5, Insightful)
Wishful thinking, they extended it to 28 days without trial/evidence instead. Blair was still spouting on that the country's security had been compromised. Because police and security services had some power removed, right?
One of Blair's favourite lines went something like this,
"I don't understand why people seem to think that the rights of terrorist suspects should be more important than those of innocent people."
More like "Horribly Bad Joke." (Score:5, Insightful)
What absolute morons.
Re:More like "Horribly Bad Joke." (Score:5, Insightful)
Most people don't even realize how many keys they use. They could default on a law like this without even knowing it.
Re:More like "Horribly Bad Joke." (Score:3, Insightful)
Excellent! Everyone's a criminal. Now just make sure you toe the party line, otherwise we could, you know, check up on you.
Obligatory Ayn Rand (Score:5, Insightful)
Re:More like "Horribly Bad Joke." (Score:5, Insightful)
RTFA
Despite the poorly worded title, the UK govt. isn't about to ask you to submit every single key you ever generate.
It just wants the ability to 'force' you to hand over the keys if and when it asks for them.
Granted, this causes problems of it's own. I mean, I don't keep a list of every key i've used...
Re:More like "Horribly Bad Joke." (Score:5, Insightful)
They're talking about private keys (as in the private half of the public/private key pair in public key cryptography), not private keys (as in the only key in private key cryptography).
This is a huge difference. Private key cryptography is used as the underlying scheme for protocols like SSH, SSL, etc, but public key cryptography is used to ensure the secure exchange of that key. of the private half of the key pair is known, that initial exchange is not secure, and thus there is no need to be TOLD the private key cryptosystem's key: it is handed to any listener who knows the private key that goes with the public key used to initiate the session.
Oh, and the cell phone companies almost certainly already hand over the key pairs for the phones (or are issued them).
Re:More like "Horribly Bad Joke." (Score:4, Informative)
The export control rules for USA exports of crypto have been all but eliminated (done in the last year of the Clinton Administration). To export open source crypto from a web site, you just email the Feds telling them you are doing that. To sell binaries, you apply for a retail designation of your software, and can export with virtual impunity. Most or all OECD nations have followed suit.
Re:More like "Horribly Bad Joke." (Score:4, Funny)
Just wait. (Score:5, Funny)
"You mean we spent four days decrypting Gigs upon Gigs of vacation photos??"
"Well, they have an 8 Megapixel camera, lots of memory cards and use RAW format..."
"But that's all you found? There aren't even any racy photos in the bunch?"
"Should we start decrypting the second RAID array?"
"The one labeled 'Project Gutenberg text to speech files in WAV format'?'
"Yes, that one."
"Go for it. I don't know what this 'Project Gutenberg' is, but it's got to be seditious. Plebeians don;t label anything a 'Project' unless they have delusions of being all 'Cloak and Dagger.'"
Re:More like "Horribly Bad Joke." (Score:3, Interesting)
1) Information is only encrypted between the phone and the base station, so they can just tap the base station
2) Some of the encryption algorithms are known to be broken, others are secret and probably backdoored
Re:More like "Horribly Bad Joke." (Score:5, Insightful)
You are probably an expert on computers/encryption, being a part of the Slashdot crowd, that you can understand how messed up these rules are. But if you were a doctor, you would probably think these rules are reasonable, and instead would think that the laws on health care are messed up. You are critical of these laws, because you have the knowledge to understand what is wrong with them... and you are probably don't really question the laws on subjects which you might not understand.
So you must understand, the vast majority of the population who doesn't understand encryption, will think these laws are reasonable and nessicary, the same way you probably think the laws on education, or enviornment, or whatever are reasonable and nessicary. The average person is not going to take you any more seriously complaining about this, than you take the complaints from factory owners about enviornmental laws.
At some point you are going to have to realize it isn't "idiotic" leaders who are making "idiotic" policies that are the problem... that our leaders are very very smart and competent... but that it is the idiotic concept that a handful of experts and technocrats can manage virtually every aspect of a huge diverse society. It is the concept that society can be centrally planned / regulated / and managed by lawmakers that is the problem, not with the specific "central planning".
Actually... (Score:5, Funny)
Where does that put me in your example?
Re:Actually... (Score:5, Interesting)
It means that you have been fully indoctrinated to accept the political and social assumptions of your society, and you now indoctrinate others into those assumptions... in such a way that it perpetuates the current political system. You are to the modern state what a priest is in Catholisism.
An example of a political assumption in a society would be something like the debate over government's role in health care in Europe. There are those who argue that equality of care (everyone is entitled to equal care) is why health care should be provided and controled by the government... and those that disagree. There are those who argue that no-one should be without health care, and therefore the state should provide it to everyone... and there are those that disagree. BUT, no one questions the idea that the government can or will provide truly equal care, or that the government can or will provide the care to everyone. The political assumption is that government never fails to provide people with services, and that government always provides those services in a manner that is equal to everyone. Even the people who are against the state's intervention into health care don't question that government will provide health care, and they don't question that the government will do it with absolute equality.
In a reasonable debate, you would hear people argue that states have engaged in terrible acts of inequality... in fact the worst acts of inequality, such as mass genocide, have been commited by the state. In a reasonable debate one would argue that states have often commited horrible failures in providing services to it's citizens, in some cases resulting in millions of deaths. Yet, in modern mainstream political debate, it is unheard of and inconceivable that someone could support universal and equal health care for everyone, and also not support state control of health care. In mainstream politics, if you support equal and universal health care, YOU MUST SUPPORT STATE RUN HEALTHCARE. Through political "scientists" such as yourself, and many years of indoctrination and government controlled education, you have been able to control people's thoughs as such that THE STATE = EQUALITY, and THE STATE = PROVIDING FOR THE NEEDS OF SOCIETY... and to be against the state is to be against equality and providing for the needs of everyone. As a "scientist", you should be able to step out of your views for a second and see that is a very powerful form of brainwashing!
Your job, as a political scientist, is to maintain a faith in the state and political process. You may question a specific government policy (but that is like questioning what type of sandwich I should eat for dinner... there is a big assumption that I should be eating dinner, and that my dinner should be a sandwich), but your job is to make sure all debate about the political sytem preserves the political system.
Now, I will admit I am stereotyping political science people. I suppose there are few token anarchists or libertarians or classical liberals in the political science field. But I think that you would probably agree, that anarchists or libertarians or classical liberals are probably few and far between in the field of political science. You wouldn't expect a political scientists to be against the political system, any more than you would expect a carpenter to be against wood.
Re:Actually... (Score:5, Insightful)
Under pure anarchy, people COULD take care of each other and no-one would go without care. How successful they are is up in the air - Most anarchists or minarchists are not utopians, so just because we have anarchy doesn't mean our problems are all solved. In the same way that we support science, but we don't expect science to solve all our problems.
Here are some examples of ways everyone could have universal and equal health care without being provided by the state:
1. We could have such a wealthy society that healthcare would be so cheap and plentiful as to be essentially free and universal. Take, for example, television. Go to the poorest neighborhoods in the U.S., and all homes will have a television set. The vast majority will even have cable or satalite. In fact, people living in poverty are more likely to see a television as an "essential" item than rich people (who can afford other types of entertainment). There is no government run television program that provides it to everyone... it is just that our society is so wealthy that TV has become so cheap that it is universal. It is possible that we could have such a thriving economy that paying for health care is just not an issue.
2. We could have private, self-organized, voluntary organizations that provide health care to everyone. Churches aren't funded by the government, they rely totally on voluntary participation and funding, and yet churches exist everywhere. There is no reason why any service couldn't be provided equally to all people, based on voluntary contribution.
3. There could be some sort of technological advancement that renders conventional medicine irrelevant.
4. Labor could form unions, and demand health care as a standard part of all employment. Employeers would be forced to pay for medical care, or face a highly organized nationwide strike.
4. There could be any combination of the above. Or any number of other possible situations that I cannot even begin to list. Use your imagination.
Universal health care is impossible and there's no point in striving for it?
Universal Health care seems to be a failure as it has currently been implemented by governments. One could argue that by relying on the state to give universal health care, that we have given up on health care.
I'm just not sure what you'd call any entity that provided universal health care other than "the state".
The state is enforced on all who exist in a geographic location based on the threat of violence through the police and military. Any entity that does not use violence, and does not force participation in the system, would not be a state system. You may thing "the present system is not violent", but it is. The violence may be hidden under layers of beurocracy, but try refusing to pay your tax, or try opening a health clinic without government permission, and the government is going to send some armed individuals to deal with you pretty quickly.
But on a deeper level, the fact that you have to ask me how we could provide universal health care without a state, is a symptom of the bias and indoctrination. You should be able to think up a few methods for solving the problem without the use of the state yourself. Even if you think the state is still the best way to solve the problem, the fact that the average person cannot even comprehend there could be other solutions besides the government... the fact that virtually no-one gives the other solutions any thought should be warning signs that there is a serious problem. The fact that to be anti-government in our society means to be anti-equality, or anti-prosperity, means that any non-government solutions are going to be supressed. After all, who wants to be anti-equality or anti-prosperity.
Re:...what if... (Score:5, Insightful)
Re:More like "Horribly Bad Joke." (Score:5, Insightful)
I'm not a food scientist, but I think labeling laws and food safety inspection regulations are very necessary. Who doesn't think that? The food industry that doesn't want me to know that their product contains transfats and which would be happy to sell me contaminated meat.
I'm not a chemical engineer, but I support regulation of gasoline additives. Who doesn't support that? The oil companies who understand that lead is a very cheap way to increase octane levels.
The real question is why you think the laws on education, civil planning, economy, enviornment, health care, or anything else are more reasonable that these laws on encryption.
Because most regulations are designed to establish the bounderies of various property rights. Who owns the air -- you or the oil companies? In this case, the regs define the limits of what an individual or company can do with a common resource. Should a food company have the property right to sell unlabled food? Here, the regs are designed to put buyer and seller on more even terms -- they reduce the transaction costs of buying and selling food.
But mandatory government access to private keys does nothing except make it easier for governments to invade personal privacy. In no way do such regs reduce the costs of transacting commerce or establish property rights boundries on common resources. These regs are fundamentally different from food, health, and environmental regulations.
Re:My God (Score:5, Informative)
There are current encryption technologies already deployed in the market that allow for two sets of data to be encrypted with two keys into a single file. This allows a user to encrypt a sensitive file with an innocuous one, so that when required to disclose a private key the user can just give the one that decrypts the innocent data.
Again, these new laws will only deteriorate the right to privacy of innocent people, while the real criminals will be allowed to roam free doing their dirty deeds with little more trouble then a software upgrade.
Re:My God (Score:3, Insightful)
Re:My God (Score:3, Insightful)
Except not: plausible deniability only works if you're innocent until proven guilty. In the U.S., and even more so in Britain, if you're using crypto, it isn't true anymore.
Re:My God (Score:5, Insightful)
v'z fher v'yy trg zbqqrq qbja sbe guvf fvapr v'z rkcerffvat n ceb-crefbany-svernezf ivrjcbvag, ohg naljnl...
Indeed, there is a very strong parallel between this and gun control schemes. The honest people give up their guns/keys to the government, the people who are already criminals have no reason to do so. The bad guys simply get smarter at hiding what they do. Who gets screwed in the end? It's always the honest, law-abiding citizens.
Oh yeah, dear UK government, you can pry the encryption key for this post from my cold, dead hands, along with my firearm... (Although in this particular case I think it will be more difficult to get the gun than the key.)
Doesn't seem like Orwell and friends really accomplished much, does it? They showed us the future but we're just walking right smack into it anyway, eyes wide shut.
Re:My God (Score:3, Insightful)
Re:My God (Score:3, Insightful)
This is already enacted, it just needs a ministerial order to bring it into effect. The debate was over five years ago. It came to prominance again in November last year, when the UK was debating how long it was reasonable to keep people in jail without trial [slashdot.org], with a key point of the Government's argument being that they needed three months to decrypt data - the opposition pointed out that with holding encryption keys was already an offence in its self so that argument was nonsense.
This law scares me, beca
Re:My God (Score:5, Funny)
Oh... wait a minute. This just in: Neither do the people in the United States, apparently. This appears to have expired somtime between Nov 2000 and Sept 2001.
Re:My God (Score:3, Funny)
Re:What the hell? (Score:5, Funny)
Switching a few words around in a famous bit of prose: (-1, Douchebag)
Knowing which words to switch: (+5, Interesting)
Some things (+1, Funny) can't buy. For everything else, there's metamod.
Simple solution. (Score:5, Funny)
Re:Simple solution. (Score:5, Interesting)
Methinks the UK government doesn't know that what it wants is technologically infeasible....
Re:Simple solution. (Score:3, Insightful)
All I ever see is a little icon that tells me the connection is encrypted when I go to my banks web page...so, am I responsible for reporting the keys or is the bank? Or both? And does it matter that they are useless as soon as I log out?
On the other hand (Score:3, Insightful)
Of course, its quite likely that if the UK is like every other country, the law would be selectively enforced. They wouldn't go after everyone using technology that made the mandatory reporting impractical, but if law enforcement got in in their mind that you were guilty of something else (whether another crime or just doing something no
Re:On the other hand (Score:3, Interesting)
But the thing about ephemeral keys is that they are ephemeral, i.e. they can't be "produced" on cue. All it takes is a permanent VPN connection to make this useless.
Even better, I could see a fairly trivial encryption mechanism that would make this absolutely insanely fun for the UK government. Modify the crypto so that:
Re:On the other hand (Score:5, Insightful)
Re:Simple solution. (Score:5, Informative)
"Methinks the UK government doesn't know that what it wants is technologically infeasible...."
Methinks you didn't RTFA.
They are not asking that all keys be submitted. They are simply asking to give the police the power to force you to submit keys on request. In other words, after they've already confiscated your computer and discovered that there are encrypted files, they demand that you hand over the key, and if you don't, then they can throw you in jail.
I'm not saying I agree with it, just trying to clarify the misconception that everyone in this thread seems to be having about this.
Re:Simple solution. (Score:3, Interesting)
key turning point in government relations (Score:5, Insightful)
Encryption keys don't kill people, people kill people.
If owning (not divulging) encryption keys is criminalized, only criminals will own encryption keys.
These "rules" will only push the envelope of how and what criminals (or terrorists, etc.) use to hide their activities. And at the same time, they will add one more burden to the general population to manage and ensure the government is informed of their encryption infrastructure. Nuts.
The most effective infiltration into terrorist infrastructure is still social engineering. I'd rather the money spent creating and managing something like this spent training and hiring translators, covert agents, etc.
A convincing point about the futility of this proposed rule comes from the article:
Re:key turning point in government relations (Score:5, Insightful)
Re:key turning point in government relations (Score:3, Insightful)
Oh really? What happens if some blob of data on the computer is deemed "encrypted" by the Glorious Defenders from Assorted Boogeymen? How do you tell well encrypted data from random pile of binary junk?! Better the encryption, more mathematically similar
Re:key turning point in government relations (Score:5, Insightful)
Besides, there are already horribly injust mechanisms for detaining people in Britain without the need for a trial. Thats what we should be getting worked up about (although the Human Rights Act is doing for them, fortunately).
But this far more measured Act (which involves warrants, Section 49 orders, actual trials, and the need for evidence and all that) is what slashdotters choose to get worked up about. And why? Because it involves computers.
Frankly, thats pretty pathetic.
Re:key stupid point in government relations (Score:3, Insightful)
odd request (Score:3, Insightful)
Re:odd request (Score:3, Insightful)
Re:odd request (Score:5, Informative)
Re:odd request (Score:3, Informative)
But with hidden volumes, the header at the end is - just as the normal header at the beginning - indistinguishable from random data. TrueCrypt tries decrypting the hidden header "blindly". There is no header that says "here be hidden volume".
Telling someone hoe hidden volumes work helps him nothing to _prove_ that you actually used that feature.
Porn, not informative! (Score:3, Insightful)
Check the destination of that link before you click it... It goes to Bottle Guy - Just another site similar to Goatse or TubGirl.
Stop giving the US gov't ideas (Score:5, Funny)
Re:Stop giving the US gov't ideas (Score:5, Informative)
Even with a warrant they can not force you to give up your encryption keys. There is this thing called the 5th amendment to the constitution.
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
You can take the 5th when questioned about your keys. No matter what they do they can not compell you to give them that information.
Spaceballs: (Score:5, Funny)
1.....2.....3.....4.....5
Re:Spaceballs: (Score:3, Funny)
Damn the Americans! (Score:4, Funny)
I RTFA, but I don't get it... (Score:5, Funny)
no diffreance than real life (Score:4, Interesting)
Orwell, here we go again!! (Score:3, Insightful)
The UK needs to wake up and realize that these forms of crime control only waste money and create more crime, than stop crime from happening.
Warning (Score:5, Insightful)
Nah, you have *partitions* of random characters (Score:3, Informative)
What about global corporations? (Score:5, Interesting)
What about communication between offices on the internet? A japanese analyst creates some research, but due to technical problems the only Compliance office up is in Europe. So every program or service that can comminicate with Britain has to check if a request is going to/through the UK before applying the "approved" encryption.
To quote, "this is madness"
This is bizarre (Score:5, Funny)
"Oh, yeah, you think that telephone call database is slick, check this sh*t out. We're gonna make our subjects give up their crypto keys or go to jail"
"Oooh, good one!" (high five)
Steganography (Score:5, Insightful)
http://en.wikipedia.org/wiki/Steganography [wikipedia.org]
In other news... (Score:5, Insightful)
- cameras are used by criminals, paedophiles, and terrorists - we need access to your negatives/memory disks.
- houses are used by criminals, paedophiles, and terrorists - we need access to your house keys.
- cars are used by criminals, paedophiles, and terrorists - we need copies of your car keys.
- ATM machines are used by criminals, paedophiles, and terrorists - we need to know your PINs.
- Online email services are used by criminals, paedophiles, and terrorists - we need to know your username/passwords.
- Computers are used by criminals, paedophiles, and terrorists - we need to install a backdoor on your computer.
1984 news (Score:5, Informative)
You're behind the times.
The UK is already (planning) installing a system of automatic licence plate recognising camera's throughout the country. The resulting database will allow a very comprehensive following of cars and thus persons.
The next step is of course that you have to report to the police whenever you've driven an other car but your own...
Re:In other news... (Score:4, Funny)
Sincerely yours,
Tony Blair
England Prevails (Score:5, Interesting)
Parliment better watch out... hear there's a train heading there loaded with fireworks and other things that go boom.
And how about wifi? (Score:3, Insightful)
And my car remote lock fob, that too?
Is it April the 1st?
New encryption scheme (Score:5, Interesting)
Re:New encryption scheme (Score:4, Informative)
They won't find the photos (Score:4, Funny)
Good idea. Then you can give up the key showing your terrorist plans and just get a few years in jail. They will never find your photo collection and your secret letters.
In Soviet Russia... (Score:5, Insightful)
Yeah, no "In Soviet Russia" Joke here.
This is frightening. It's like we're becoming the very thing we fought in the cold war. A totalitarian government.
But at least we have 37 types of cereal.
Re:In Soviet Russia... (Score:3, Funny)
Are you counting the new Rice Krispies Berries?
Actions are criminal, not tools (Score:5, Insightful)
A criminal that shoots someone in the head used a gun -- it is the shooting that is evil. He could have used a baseball bat.
A criminal that blows up a building might use a cell phone -- it is the building exploding that is evil. He could have used e-mail or writing a big X on a tree.
We have to stop government from criminalizing actions that are part of our right to speech. This right is not something Constitutional or created out of any government document -- it is a natural right that all humans share, no matter what the laws say.
I'll continue to encrypt, and I'll dare the government to try to restrict me. If I have to, I'll encrypt by using an encryption program that hides my real text to make it look like readable language. Let them try to stop that. Or I'll use my own spoken code. Will they find a way to criminalize it?
Don't criminalize tools, criminalize criminal actions.
A solution (Score:3, Interesting)
Specifically, the public key is published, but private keys are pretty much unknown. The only thing you really know about your private key is the passphrase needed to use it (note that the computer using an entropy source generated the key in the first place).
The key itself? Should be stored on a flash memory card. Or another easily destroyed medium. If broken, you have NO way of supplying the key to the government.
The issue is key management. If the key doesn't exist, no amount of threatening or torture can cough it up. Sure, the passphrase (at the drop of a hat), but the key?
Ratboy
Summary is not complete (Score:5, Informative)
The basic argument is that the purpose of a search warrant is defeated by encryption. Now I think that's wrong, or at least part wrong, and I think an alternative would be to make material held by the defendant which he does not choose to decrypt something that the jury can take account of, just as refusal to testify is now, under limited circumstances, something the judge can point to during summing up. And the alternative of forcing decryption isn't offered (although quite how someone would demonstrate that plain text they offered really _was_ the decryption is a whole other question).
The is bad, illiberal law, and those of us involved in campaigning against it have been in correspondance with our MPs for some years. But it's not just Britain that is tearing up its freedoms in the face of minor terrorism: the USA collectively shat its pants and ripped up a century of jurisprudence on the 12th of September. It makes far more sense for people with a desire for freedom to work together, rather than to assume that we're a bunch of proto-fascists while Bush Jr defends your constituional rights.
ian
Re:Summary is not complete (Score:3, Funny)
Oh who am I kidding, this is slashdot.
Implementation (Score:5, Insightful)
This is referred to as a "catch-all" type of law. Beware the wonders of selective enforcement.
The idea here is that if you find a suspected terrorist, and they use encryption, you don't even need to bust them for terrorism OR for not providing their encryption keys when demanded. You can just go to step A, look up their name in the government encryption key database, find out that no, they did not provide their encryption key to , and take them directly to jail.
Regardless of whether or not the are a terrorist, regardless of whether or not they are willing to turn over their encryption keys when asked, you can find them guilty.
This is not about collecting everyone's encryption keys (at least not at first). Initially, this will be used as a blunt stick to smack anyone the government doesn't like. Think of the way seat belt laws are enforced; cops won't stop you for not wearing your seat belt, but they'll sure as hell issue a ticket for it even if you aren't speed, have all your paperwork in order, and have done nothing else wrong. It's a sort of standby crime they can get you on.
How do they know for sure? (Score:3, Informative)
what will this do? (Score:3, Interesting)
I'd like to see some stats... (Score:5, Insightful)
Like so many others, I see this as nothing more than an attack on privacy and not as an aid to criminal investigations. Criminals are not going to turn over their keys. People who turn over their keys aren't likely engaged in criminal acts. "honest" people who believe in the right to privacy will become criminals, however.
I'm not sure "police state" is the right word, but we're certainly talking about criminalizing the general population to the point that only people "in office" can have the right to privacy under the guise of "national security." And a funny thing happens to your rights when you become "a criminal." You lose them along with your ability to run for public office and all manner of other things.
Cat. Mouse. Cat. Mouse. Cat. Mouse. (Score:5, Insightful)
The use of illegal government spying on innocent citizens is proliferating.
Your move now.
...(and no, you may not have my encryption keys [gnu-designs.com]).
Bad Legislation (Score:4, Interesting)
These days encryption software like truecrypt have multiple levels of "plausible deniability" so even if a key was coerced out of someone you don't know if the data that is decrypted is the real deal or just another decoy.
These so called government security advisers really don't know anything about security. The UK Government can't even remember to deport foreign criminals after they server their sentence. The country will be a lot safer if the Government fixed their own incompetence rather than pass TROLL laws which deprive the real law abiding citizens of their liberties whilst allowing the terrorists to carry on business as usual.
I'm out of here... (Score:3, Insightful)
Plausible Deniability (Score:5, Interesting)
TrueCrypt lets you mount the container as a filesystem, which is a convenient way to go. This sort of thing allows you to:
a) Deny that there is anything encrypted for which you have not proffered a key. "Oh yeah, show me what I have encrypted and I'll show you the key."
b) If that's not enough, proffer the false key that gives them the alternative access. "Ok, here you go. Let me know if you find anything incriminating. (tee hee)"
Lastly, if you use things like encrypted swap on a unix device, you can plausably say that what is there is just an encrypted swap file, and you don't have a key because the key is never saved to the disk. Why isn't it mounted now? You only set it up temporarily and forgot to delete the file when it was done. (for 1Gb files or larger...) If you have a 20Gb file, you're probably going to have to explain it... and go for option (b) above.
Of course, if your 20Gb file is not a file, but is just an "empty" partition... well there you go.
Please note - I'm not advocating breaking any law here - just outlining what this will drive people who care enough to do.
Re:Plausible Deniability (Score:3, Insightful)
a) Deny that there is anything encrypted for which you have not proffered a key. "Oh yeah, show me what I have encrypted and I'll show you the key."
b) If that's not enough, proffer the false key that gives them the alternative access. "Ok, here you go. Let me know if you find anything incriminating. (tee hee)"
The problem I can see with "rubberhose" systems like this is that governments w
Unenforcable Law (Score:3, Interesting)
Re:Unenforcable Law (Score:3, Insightful)
Nothing compared to Tuesday's Dictatorship Bill (Score:5, Informative)
Or the human cattle ID cards Act [no2id.net], which creates by far the world's most intrusive Big Brother database on citizens by linking up 5+ previously unconnected databases...
The Dictatorship Bill, also called the Abolition of Parliament Bill [timesonline.co.uk], Totalitarianism Bill [impactnottingham.com] or (by the Govt) the Legislative and Regulatory Reform Bill is nothing less than a naked grab for power. After being amended 3x, the Bill was passed in the form described here [thebusinessonline.com].
LRRB [parliament.uk] enables ministers to rewrite our constitution with only rudimentary scrutiny. Consider the extraordinary mass surveillance / coersion [bristol-no2id.org.uk] implications of the ID Cards Act. Even the well-organised opposition [no2id.net] could not stop this legislation.
What chance then of:
1. Spotting obscure but deeply damaging clauses hidden in the boring legislation?
2. Motivating the Tories, LibDems and enough New Labour drones to subsequently block it?
LRRB is then carte blanche for Blair to do what he will with this country. What can we deduce of his plans?
New Labour already rejected [libertycentral.org.uk] an amendment to stop LRRB re-writing our most important constitutional laws. They then promised to introduce new amendments fulfilling the same thing. Our skepticism was once again justified [spy.org.uk]. This is more than enough evidence that Blair wants dictatorial powers.
LRRB is obviously a precursor to passing laws which Parliament wouldn't otherwise pass.
Considering the deeply scary laws he's got through Parliament, the likelihood is that he wants something so badly, and so unpalatable that he won't even risk presenting it for proper Parliamentary scrutiny.
- He does not need Parliamentary approval to invade Iran
- He already has Hitler's Enabling Act [blogspot.com].
- He has already passed RIPA [magnacartaplus.org] and the ID Cards Act for more Big Brother snooping than anything China or North Korea have.
- He already has locked up people for 3 years without trial or even being questioned - although he has been twice been 'told off' for breaching the Human Rights Act in this way.
I did not believe that he needs LRRB to repeal the HRA - indeed one welcome amendment [spy.org.uk] was to exclude the HRA from being amended. When every other explanation has been ruled out, whatever remains, however unlikely, must be considered. I think something much worse is coming although I dread to think what.
In related news... (Score:3, Interesting)
The criminals dont follow laws anyhow.. (Score:4, Insightful)
Re:perfectly reasonable (Score:3, Insightful)
Re:perfectly reasonable (Score:5, Insightful)
patently wrong (Score:5, Insightful)
Re:Brilliant idea... (Score:5, Interesting)
I'm sure the criminals, paedophiles, and terrorists will just be lining up to hand over their keys, too.
That's the odd thing about this. You can get up to 2 or 5 years in the can (depending on if they think you're a terrorist). So if you have gigs of terrorist info that could get you sent away for life, just say you lost your keys and go away for 5 years max.
Re:Who needs encryption? (Score:5, Interesting)
Re:Who needs encryption? (Score:3, Insightful)
Re:Just following suit. (Score:3, Insightful)
Re:Actually it is easy to avoid (Score:3, Informative)
You should at least understand the terminology of the software you are using. TrueCrypt has a feature called hidden volumes that provide plausible deniability.
Plausible deniability means just that: You can plausibly deny that there is some encrypted data beyond the first level, i.e. the other party cannot prove that there is such data.
Since you can nest hidden volumes, there can alwa