First Use of RIPA to Demand Encryption Keys 645
kylehase writes "The Regulation of Investigatory Powers Act (RIPA) is being used for the first time to force an animal activist to reveal encryption keys for encrypted files she claims to have no knowledge of. According to the article, she could face up to two years if she doesn't comply."
solution (Score:5, Informative)
That's why you use an encrypted file system with a duress key. In the event of coercion, you give them a key that *oops* results in the destruction of the data.
TrueCrypt - Plausible Deniability (Score:1, Informative)
http://www.truecrypt.org/docs/?s=plausible-deniability [truecrypt.org]
Re:solution (Score:5, Informative)
Re:solution (Score:5, Informative)
Almost all police departments will image the drive, then present the person with the image to decrypt. If the image gets stung by a self destruct Trojan, then the police will know that its not a forgotten password, and then proceed to use rubber hose decryption to obtain the contents of the drive.
Re:solution (Score:3, Informative)
Just dump some plausibly-incriminating stuff on it (e.g. kinky porn, ABBA songs) and they'll never realise there was anything else there to look for.
Re:enryption keys = keys? (Score:4, Informative)
Re:solution (Score:3, Informative)
Re:solution (Score:4, Informative)
http://www.truecrypt.org/hiddenvolume.php [truecrypt.org]
Truecrypt is pretty nifty all around.
Re:Reasonable Search & Seizure (Score:2, Informative)
Re:Better solution (Score:5, Informative)
You never used Truecrypt eh? It's not a zip file. It acts as a virtual hard drive partition that can be mounted as a drive.
When you create the volume it generates random bits throughout the virtual partition. You can copy whatever files you want onto the virtual partition, the rest of it is random noise. You may or may not choose to have additional hidden encrypted partitions within that noise. Adding up the size of know files tells you nothing about what may or may not lurk in the rest of the space on the virtual partition.
don't be so quick (Score:4, Informative)
I wouldn't be so sure. The 5th amendment only protects against self-incrimination, but the search may be for evidence against a third party, in which case you may be compelled to comply.
It's also not clear that giving up your encryption keys would be considered "testimonial", so it might not be protected under the 5th amendment according to US courts. See here (somewhat outdated in other aspects, but an accurate reflection of US policy on the legal hair splitting):
http://www.cybercrime.gov/cryptfaq.htm [cybercrime.gov]
TrueCrypt is the best for Windows and Linux. (Score:5, Informative)
TrueCrypt works very, very well. I use it with just one volume to protect passwords and other files.
When you don't want to encrypt a volume, but just a file, Gnu Privacy Guard [gnupg.org] is best.
Re:What if she doesn't actually know? (Score:4, Informative)
I would assume that the British have a similar set up at this point. Otherwise, criminals would just say no, I'm not going to allow you to use your valid search warrant to gain entry and so that they could find that massive stash of child porn and Vicodin that I keep around for special occasions.
But, IANAL so I may be a bit off on this.
Two things (Score:1, Informative)
Second, the Brazilian was shot by the Metropolitan Police. Thank God, most of the police forces in England are nothing like the Met. Very few police officers in the Met would qualify to join, say, the NYPD.
Finally, animal rights activists in the UK are not warm and fuzzy people. They bomb babies, desecrate graves, issue death threats, and one of their members has been locked up for a bombing campaign. There are plenty of legit animal rights bodies they could join which have real political influence - but they don't.
Re:TrueCrypt is the best for Windows and Linux. (Score:5, Informative)
And besides, not entirely true:
A: There is no "back door" implemented in TrueCrypt. However, there is a way to "reset" a TrueCrypt volume password/keyfile. After you create a volume, backup its header (select Tools -> Backup Volume Header) before you allow a non-admin user to use the volume. Note that the volume header (which is encrypted with a header key derived from a password/keyfile) contains the master key with which the volume is encrypted. Then ask the user to choose a password, and set it for him/her (Volumes -> Change Volume Password); or generate a user keyfile for him/her. Then you can allow the user to use the volume and to change the password/keyfiles without your assistance/permission. In case he/she forgets his/her password or loses his/her keyfile, you can "reset" the volume password/keyfiles to your original admin password/keyfiles by restoring the volume header (Tools -> Restore Volume Header).
Re:solution (Score:4, Informative)
Re:Go To Prison Act (Score:5, Informative)
Several animal rights groups in the UK are officially designated terrorist organisations, because frankly they engage in acts of terror.
Re:What if she doesn't actually know? (Score:3, Informative)
While I strongly disagree with this law (and would refuse point blank to hand over my passwords), the group that this woman belongs to has passed far beyond the bounds of legitimate protest, and needs to be investigated and disrupted by all legal means.
Access to financial data, call records etc. is already a key tool in criminal investigations, and is covered by RIPA in it's less draconian sections.
So long as the provisions of RIPA are adhered to, I see nothing wrong in police officers using such powers proportionately (i.e. only in cases where the seriousness of the offence merits such intrusion into my privacy) - most policemen that I have come across are professional, intelligent men and women who do a good job trying to keep the peace.
Re:solution (Score:2, Informative)
Re:What if she doesn't actually know? (Score:2, Informative)
In this case the suspect is a Animal Rights activist who has obviously been involved with the Huntingdon Life Sciences protests, according to her "facist thugs" stole her PC from her a few months ago and are now demanding encryption keys for all the encrypted files she has on her PC. She claims she's too stupid to be able to uncencrypt all this encrypted stuff people send her and hasn't a clue about anything complicated like passwords or anything.
For those not aware of the situation these sort of Animal Rights activists are basically terrorists, they undertake bombing campaigns, engage in unreasonable stalking, verbal and physical violence against anyone they don't like, dig up the dead bodies of their targets relatives and hold them for ransom. They are basically really really nasty ignorant people and I think it's highly likely this woman is involved in all sorts of horrible things and that her claims of ignorance about whats in the encrypted files is nonsense.
In this case I can see a use for this sort of law if it will help lock more of these evil people away in jail.
Reductio ad absurdam (Score:2, Informative)
"Choice" is an interesting word. People are trained to do jobs and sometimes take years to learn the skills to do that specific job. Choosing to leave that job for another one probably would involve severe loss of income.
In short, HLS is performing a legitimate activity and therefore should be protected. It is also legitimate to campaign for banning of experiments on animals; but such campaigning should not involve violence and intimidation.
Linux? You need a hardware write blocker, period. (Score:5, Informative)
- Please explain to the court how you made a copy of this piece of evidence...
- I connected the drive to our forensic machine and...
- You mean, you connected this hard disk... to your machine?
- Yes of course, then I...
- Did you use a hardware write block?
- Er... I used Linux and mounted the...
- Please, just answer the question. Did you or did you not use a hardware write blocker device to connect the disk to your machine?
- I did not, but...
- Thank you, no further question. I now call for the evidence to be declared tainted and inadmissible in court, since the forensic team failed to use the proper hardware to ensure that no changes would be made to the disk.
There is a whole range of forensic-specific hardware available: write blockers, hardware disk imagers... Use them, or loose your case.
Re:As a Brit... (Score:5, Informative)
Re:They are, however, terrorists... (Score:2, Informative)
Im Confused... (Score:3, Informative)
Re:solution (Score:3, Informative)
Re:solution (Score:4, Informative)
Re:solution (Score:2, Informative)
Re:solution (Score:5, Informative)
cryptsetup --key-file=/dev/random create c1
mkswap
swapon
This reads a cryptogtaphically very good key from