Forgot your password?
typodupeerror
Security Your Rights Online

UK Court Rejects Encryption Key Disclosure Defense 708

Posted by samzenpus
from the do-not-pass-go dept.
truthsearch writes "Defendants can't deny police an encryption key because of fears the data it unlocks will incriminate them, a British appeals court has ruled. The case marked an interesting challenge to the UK's Regulation of Investigatory Powers Act (RIPA), which in part compels someone served under the act to divulge an encryption key used to scramble data on a PC's hard drive. The appeals court heard a case in which two suspects refused to give up encryption keys, arguing that disclosure was incompatible with the privilege against self incrimination. In its ruling, the appeals court said an encryption key is no different than a physical key and exists separately from a person's will."
This discussion has been archived. No new comments can be posted.

UK Court Rejects Encryption Key Disclosure Defense

Comments Filter:
  • by Tyrannicalposter (1347903) on Thursday October 16, 2008 @03:07AM (#25396149)

    I wish the US Supreme Court was that smart.

    Protection from self incrimination was to prevent confesions under duress or torture.

    I don't see the difference between refusing to turn over an encryption key and refusing to let the police in your house when they have a valid search warrant.

    Oh noes! You police can't come into my meth lab. Me letting you in would be self incrimination!

    • by Anonymous Coward on Thursday October 16, 2008 @03:14AM (#25396219)

      How is locking somebody up for a full year in a prison cell because they do not give up the encryption key, claiming they don't know it, other than torture?

      In short, how is it different?

      • Re: (Score:3, Interesting)

        So, by YOUR theory, subpoenas would be completely unenforcable.

        A subpoena ad testificandum orders a person to testify before the ordering authority or face punishment.
        Sorry Judge, I forgot.

        A subpoena duces tecum orders a person to bring physical evidence before the ordering authority or face punishment.
        Sorry, Judge, I lost it.

        Unless you're just stupid and say "No" instead of "I forgot"

    • by ShakaUVM (157947) on Thursday October 16, 2008 @03:18AM (#25396249) Homepage Journal

      The US has already ruled you can't be forced to give out an encryption key.

      It's nice having a Bill of Rights, ain't it?

      Laugh at all the British who say such a thing is unnecessary.

      • by Anonymous Coward on Thursday October 16, 2008 @03:39AM (#25396421)

        *cough*Gitmo*cough*

      • by Kokuyo (549451) on Thursday October 16, 2008 @03:49AM (#25396479) Journal

        Yeah, we'll laugh at them as soon as we're through laughing at the US for letting their bill of rights be trampled in the name of security.

        Freedom must not only be won, it must be protected. Fail to do so and what's coming to you is solely your own fault.

        • by NoobixCube (1133473) on Thursday October 16, 2008 @04:52AM (#25396931) Journal

          My thoughts exactly. People seem to get all pissy when I say something like "if you don't have the balls to protect your freedoms, you don't deserve them". I'm not a regular protester at any events or anything like that, but I'd rather be shot for defending my freedom than live to see it gone. Not that I believe privacy exists anymore. The whole world was too slow to act in learning about and defending their privacy in a new technological age. Sure, there were a few technologically aware people with a small voice that was easy to push aside. Too late, privacy's gone. Only way to get it back is to lay your own global network in secret and hope the governments of the world never hear about it.

          • by erroneus (253617) on Thursday October 16, 2008 @06:26AM (#25397547) Homepage

            A lot of things were lost when the use of the SSN was required in order to participate in the financial system. Interestingly enough, when the system was brought about, people protested that very thing and it was written into law that the SSN could only be used for the purposes of tracking your social security account. The IRS ignored it (though you can request a tax ID) employers ignore it, banks ignore it, the whole system ignores it.

            This isn't technology at play. It's something else.

            Now you can't have a normal life without participating in this system; without allowing your transactions to be tracked.

          • by fastest fascist (1086001) on Thursday October 16, 2008 @08:47AM (#25398943)

            I'm not a regular protester at any events or anything like that, but I'd rather be shot for defending my freedom than live to see it gone.

            But that's not how it works nowadays, is it? By and large you're not going to be given the chance to martyr yourself for liberty. You just get to watch basic freedoms slowly erode away while most people don't give a damn. Your options are either to try to effect change through the political system (good luck with that, you godless nihilist), to start an outright armed revolt (good luck with that, you godless terrorist) or to simply quietly secede and disregard the authority of "your" government to rule you. The last option will pretty much inevitably lead you into conflict with law enforcement, and ultimately you'll be faced with either giving up or taking up arms (good luck with that, you godless nutcase).

            So either you're quiet and no-one notices or you're loud and your actions are used to further justify the need for increasingly draconian law enforcement.

      • Re: (Score:3, Insightful)

        Shame most Americans are ok with their government crapping all over the Bill of Rights and they're left with less rights than they started out with.
      • by radio4fan (304271) on Thursday October 16, 2008 @04:31AM (#25396773)

        It's nice having a Bill of Rights, ain't it?

        Laugh at all the British who say such a thing is unnecessary.

        Who are all these British who say such a thing?

        Britain has got a 'Bill of Rights': the Human Rights Act [opsi.gov.uk], which guarantees free speech, right to a fair trial (including the right not to incriminate oneself), etc, etc. This act formally enshrines rights that we've had under common law for centuries (eg, Habeas Corpus).

        The fact that this court (not the highest in the land, mind) has chosen to interpret an encryption key as not covered under the right not to self-incriminate does not alter the fact that we also have constitutional rights.

        So laugh away at your mythical British who say they don't need anything like the Bill of Rights.

        Disclaimer: I think Britain is royally fucked anyway.

      • Re: (Score:3, Insightful)

        by _Shad0w_ (127912)

        Yeah it is. We've had one since 1689 and we've had the Magna Carta since 1215.

    • by Koim-Do (552500) on Thursday October 16, 2008 @03:37AM (#25396409)

      A warranted police search of your meth lab does not require any consent on your side - that's what the warrant is for. they will just break down the door and go on with the search.

      same with the safe in your lab: you can either give the police the code for your safe, or refuse and watch them breaking it.

      Why is your encryption key any different from the safe/door you have?

    • by me at werk (836328) on Thursday October 16, 2008 @03:41AM (#25396441) Homepage Journal

      What about when there's no key to hand over [theregister.co.uk]?

    • by mbone (558574) on Thursday October 16, 2008 @05:09AM (#25397045)

      I don't see the difference between refusing to turn over an encryption key and refusing to let the police in your house when they have a valid search warrant.

      It is much more like refusing to tell the police where in your house the contraband is hidden, or if there is contraband at all, and being put in jail because of your refusal.

      • Re: (Score:3, Insightful)

        by guruevi (827432)

        If they don't announce properly they have a search warrant, you can shoot them. You also have a right to refuse to unlock doors. They have a right to get a locksmith. The problem with encrypted data is almost no entity (unless you're the NSA) has a locksmith.

  • Huh? (Score:5, Insightful)

    by someone1234 (830754) on Thursday October 16, 2008 @03:09AM (#25396169)

    Memorised encryption keys exist outside of your will?
    I'm sure the number exists somewhere out there, good luck finding it by brute force.

    • Re:Huh? (Score:5, Funny)

      by jamesh (87723) on Thursday October 16, 2008 @03:32AM (#25396373)

      Reminds me of this failed pick-up scenario:

      guy: Hey baby, what's your phone number?
      girl: It's in the phone book, look it up!
      guy: But I don't know your name.
      girl: That's in the phone book too.

  • by Ed Avis (5917) <ed@membled.com> on Thursday October 16, 2008 @03:12AM (#25396189) Homepage

    Suppose some incriminating evidence exists but it is hidden in a secret location. Can you be forced to disclose that location?

    If not, then why not store your encrypted data on a huge partition of random data. To get it you need both the key and the location of the data. The latter you can simply refuse to disclose.

  • by freedom_india (780002) on Thursday October 16, 2008 @03:14AM (#25396207) Homepage Journal

    Why these jokers didn't say i forgot i will never know.
    I mean how hard is it to NOT self-incriminate oneself: Say you forgot. Just like every other government official says after losing a laptop full of Witness Protection persons or intelligence officers, etc.
    They can't compel you to recall something you don't remember.
    Simply say "iam sorry i can't remember: my memory is a bit hazy from all the manhandling the cops did, your honor."
    What's the worst? Gitmo? I don't think so (although Britain has a track record of renditioning suspects to US).
    At a time when courts and the government make a combined assault on our privacy and rights, while being more secretive themselves, it is up to us protect ourselves. Call me paranoid, but am the Burt Gummer type.
    The Government has NO right to force me to divulge my self-secrets just like i can't force a government of the people, by the people and for the people to divulge its dirty secrets.
    I can't be transparent when the Government wants to be opaque.
    After all it has been proven that the Government cannot be trusted even with the most basic secrets.
    What is the criminal penalty for jokers who lost various laptops holding government secrets and OUR data? NONE.
    What is the financial and criminal penalty the Government will pay if it causes me harm by leaking my secrets? NONE.
    Until the Government pays for its mistakes(and heavily), am not going to divulge anything more to it. After all the Government am not trusty enough to know about its secrets, so why should i trust Government.
    Ben Franklin, Hamilton and Mark Twain were absolutely right: You CANNOT and SHOULD NOT trust the government, if it doesn't trust you.

    You can take my keys from my cold dead hands.

    • They don't say they forgot because there's usually other evidence that they know the key.

      For example, timestamps on the encrypted file, unencrypted corroborating data in a swapfile, or evidence that the machine was switched on at some recent point in time.

      By the way, everyone gets it wrong, but RIPA does not require that you reveal your key. It requires that you make the data available in "intelligible form". You can read the details here [opsi.gov.uk].

      Rich.

      • by freedom_india (780002) on Thursday October 16, 2008 @04:12AM (#25396619) Homepage Journal

        It is interesting to note than while section 53 states criminal penalties for non-disclosure on part of defendant, section 55 does NOT state any criminal penalties against misuse/abuse of such information.
        The Government has covered its shiny metal a$$ well with this section.
        So the courts can sentence you to 6 months imprisonment for NOT revealing the key, but if you reveal the key and some government official loses it in the next train (which happens monthly), the CP or the government official cannot be imprisoned for the loss or any such loss caused to you by that loss.
        Brilliant!
        All the more reason for me to NOT give out my key.
        Until such time i see a CP or a minister sentenced to jail for loss of residents' confidential information, am not comfortable with providing ANY information to this orwellian government.
        I WILL claim memory loss for this. let them prove am lying

  • by 91degrees (207121) on Thursday October 16, 2008 @03:22AM (#25396279) Journal
    Create an encrypted file. A lolcat or something. Encrypt it. Encrypt it again. Encrypt it again. Encrypt it again. Encrypt it again. And so on... See how long it takes for the police to get bored. You would need some decent legal representation to make sure to keep a loophole open so they can't demand all encryption keys.
    • by jamesh (87723) on Thursday October 16, 2008 @03:36AM (#25396401)

      Is there a system which will allow the use of a 'duress' key? If the duress key is given instead of the real key the encrypted data is erased. This would be easy enough to defeat by a suitably motivated investigator, but they'd have to have figured out what was going to happen first...

      • Re: (Score:3, Informative)

        by scientus (1357317)
        truecrypt [truecrypt.org]
      • by Wavebreak (1256876) on Thursday October 16, 2008 @04:30AM (#25396769)
        Not quite, but TrueCrypt has supported hidden volumes for a long time. That is, the encrypted container has two passwords, one will open the main volume that you can fill with sensitive/private but non-incriminating stuff, while the other opens the hidden volume within the same container. It's also completely impossible to tell whether or not a given container has a hidden volume.
      • by locofungus (179280) on Thursday October 16, 2008 @05:08AM (#25397041)

        Yes and no. :-)

        The "duress" key cannot possibly guarantee to erase the encrypted data - after all someone can make a copy of the encrypted data before entering the duress key.

        However, OTP has a "duress" key (actually it has many). The real key decrypts the data to whatever you stored. But the duress key decrypts the same data to war and peace (or whatever you think appropriate). The duress key has to be regenerated every time the real data is changed.

        One problem is that the two keys are each as large as the original data. So the fundamental problem becomes keeping the two keys secure and being able to supply the duress key without revealing the real key.

        If you managed it sufficiently well, OTP is unconditionally secure in this way. Truecrypt attempts to do the same without the key management problem. As a result it's usable but there are possibly hints that will show that there is another key.

        There are some other possible defenses - for example consider a disk encrypted with a key. If you shut down the computer correctly, the key is written to the disk (or a usb stick etc) before shutdown. If the computer is shutdown inappropriately then the key is lost. When the computer starts up again it reads the key but then generates a new one and proceeds to reencrypt the entire disk with the new key.

        Of course, you're a bit screwed if the power fails.

        I've actually considered trying to implement something like this using fr1 and network block devices to have a RAID1 setup on two computers. That way you're protected if one computer crashes for any reason. Put them on a UPS and you can decide whether you want to auto-shutdown when the battery gets low or whether you will require a special action otherwise the data is lost.

        AIUI, in the UK when the police do a raid they're allowed to move the mouse to wake up the screen in case there's anything on it but after that the first thing they do is pull the power. So a UPS solution would be ok.

        It's all a rather academic interest for me. I do have a small encrypted partition where I keep a record of usernames/passwords/secret information etc including banking information. I have a cron job that unmounts the encrypted partition every hour, so I don't forget and leave it mounted. But while it would be an enormous pain for me to have to disclose the key it's not something I need plausible deniability of knowing the key. (The partition is only 10Mb - initially at least I might try to withhold the key by arguing that whatever they were looking for could not possibly be just 10Mb but I'd not go to jail over it)

        More concerning is that I've played with gpg, encrypted partitions etc and I've got stuff scattered around that is encrypted that I've no idea what the key is or was. Mostly I try and delete experiments like that but I do a nightly backup and I can go back several years so some of these experiments will be on backups somewhere. Unless the key is something like test, test1234, hello, fred then I'm never going to be able to decrypt it. (Of course, the emails I've encrypted have always just had the text "test", "test1234" etc so they're going to be a big disappointment to whoever manages to decrypt them :-)

        Tim.

      • by Eivind (15695) <eivindorama@gmail.com> on Thursday October 16, 2008 @06:15AM (#25397463) Homepage

        A duress-key that wipes data is no good. Any serious investigation will take a complete copy of the data as the first step, so wiping does you no good at all.

        What you can do, and which is done, is to have "plausible deniability". Truecrypt does it like this:

        You have a 1GB (for example) file that contains an encrypted filesystem that contains 500MB of files.

        The free space (500MB) *may*, or may not, contain a second encrypted filesystem. There is no way to tell without knowing the second "inner"-key.

        So, if pressed to give up the key, you give up the outer key, giving access to 500MB of perhaps mildly embarassing, but ultimately harmless stuff. If asked about the "inner"-key you say there isn't one. The default operation of Truecrypt is for there NOT to be one.

        So, it's plausible you're telling the truth; could be the volume is larger than the filesystem simply because you wanted space for more files. It's not as if a half-full filesystem as such is suspicious.

        It's unlikely they could force you to give up certain information without even showing a likeliness that the information EXISTS.

        That's "plausible deniability".

        You can say: "There is no second key", and there is no way of figuring out if that answer is truthful or not.

  • by Gordonjcp (186804) on Thursday October 16, 2008 @03:23AM (#25396297) Homepage

    Firstly, this doesn't mean that the police can come and demand your encryption keys at any time. This isn't the US, where the police can kick your door in at any time for any reason, just because they feel like having a look at your stuff and maybe relieving you of a few high-value items. If they're looking for an encryption key, it's pretty much going to be because they've already had a warrant to search your property. It really *is* no different to being forced to hand over the key to the basement dungeon where you keep your step-daughter - chances are that they already know what they're looking for and where to look for it.

    Of course, if you don't feel like handing it over, you can always say you left it on a bus, or in a taxi, or you posted it somewhere and it was never seen again...

  • by Lincolnshire Poacher (1205798) on Thursday October 16, 2008 @03:24AM (#25396303)

    I am not a lawyer and this is not advice, but I did consult on the RIPA.

    If the encryption key is destroyed by a pre-configured ``technical measure'' then by my reading of the Act one cannot be held in contempt for failure to disclose.

    For example, a dead-man's switch that destroys all traces of keys if the owner does not log-in for a pre-arranged number of days.

    Note that *all* traces must be destroyed. The Act can compel other parties ( e.g. work colleagues or holders of back-ups ) to disclose even if they are not directly involved in the case.

  • So what's worse? (Score:4, Insightful)

    by Anonymous Coward on Thursday October 16, 2008 @03:30AM (#25396357)

    If I'm the defendant, I'm simply going to assess which is worse:

    1. The punishment you'll get for not divulging your encryption key

    2. The punishment you'll get when you divulge your encryption key and they find 18 gigs of child porn on your computer

    Depending on the encrypte data in question, the decision whether to divulge your key could an easy one.

    • Re:So what's worse? (Score:5, Interesting)

      by phoenix321 (734987) * on Thursday October 16, 2008 @03:47AM (#25396473)

      This is the precise argument that They will be using for lenghtening the prison terms for NOT divulging the key once we've swallowed the fact that not-remembering something can get you in prison.

      And then They just need to send a collection of /dev/random with a filename suggesting underage pornography to your email address and keep you imprisoned for decades. Your ex-girlfriend could do and call the police. Your enemies from the cubicle farm could do, too. Your competing business and even blackmailing spammers could.

      I smell serious blackmailing business: pay up and we'll send you the key you need to prove yourself innocent.

      • by Chris_Jefferson (581445) on Thursday October 16, 2008 @04:42AM (#25396863) Homepage
        How is that any different from me just physically mailing you a box of child pornography, along with a letter saying "Here is your order from kid's-r-us"? To me this seems to be an area where the parallels with existing situations are compelling. You should have to give over your virtual keys and locations of data in the same situations you had to give over physical keys and locations of real things.
        • Re:So what's worse? (Score:4, Informative)

          by meringuoid (568297) on Thursday October 16, 2008 @05:34AM (#25397185)
          How is that any different from me just physically mailing you a box of child pornography, along with a letter saying "Here is your order from kid's-r-us"?

          Because it's not real CP, it's random binary gibberish with a note attached saying 'Here is your encrypted CP'. The police will pick up that email (in other news today, they're going to be monitoring all emails) and go 'Oho, we have caught ourselves a paedophile and will soon look good in the newspapers when we lock him up for ever and always', and come around and arrest you. The they demand you decrypt the file so they can present you along with the CP to the court and get you sent to prison.

          No CP exists - no key exists - it's not encrypted data at all, just noise. But you can't prove that. And so you go to jail for failing to provide the key.

        • Re: (Score:3, Interesting)

          by hey! (33014)

          Well, remember the OJ trial?

          Good defense lawyers do two things with evidence: they either discredit it, or they interpret it in a benign context.

          When the Big Box O' Porn is produced in court, a competent defense lawyer demands the police produce a chain of custody showing how the box allegedly got from the defendant's home to the court. If the police can't show that, it's not evidence any longer. If the police can't prove the DNA sample analyzed actually came from the crime scene, it's not credible any l

  • by phoenix321 (734987) * on Thursday October 16, 2008 @03:37AM (#25396411)

    An encryption key is separate from a physical key, because no one can reliably prove if I still have it or not. Physical keys I may have hidden or swallowed can be found or the locks picked open. But for strong encryption, this is not feasible and the defendant might very well have forgotten the passphrase and never remember it.

    What will They do when the defendant claims to have forgotten their key? (capital "They" intentional for Them being Orwellian monsters) - No one can ever prove or disprove that the passphrase still exists in the defendants brain cells, not the accuser and not the accused.

    And then? Sleep deprivation? Torture? Guilty unless proven innocent? In dubio contra reo?

    Releasing the defendant is under this view obviously unfeasible, because otherwise EVERY defendant would claim to have forgotten the passphrase, which would render this judicial scheme moot. But NOT releasing a possibly innocent defendant because they really have forgotten their passphrase - and no one knows whats inside the encrypted files - is a serious crime in itself.

    I doubt there's a possible solution to this problem. Keeping people in prison for even one day because of abstract words that *possibly* exist in their minds (and only there) is pretty laughable - and pretty dangerous.

    Something that no human and no machine can reliably prove or disprove cannot be the basis of a prison sentence. In the Western civilized society after the Renaissance era anyway.

    Also, this is stuff from the darkest dystopian novels and can be misused in thousands of ways. We've all heard rumors about cops who place contraband in a defendants pocket or house. But that takes at least physical access to a contraband item.

    But encryption keys that may not even exist anywhere? It is ridiculously easy to incriminate people that way, say for example to create a file containing several megabytes from /dev/random. Name it "pre-teen_volume_320.7z" and send it via mail to the defendant with a fake note "here's the 320th delivery of your stuff, you pervert and the password is the same as last time. the photos of your kids were nice, too".

    And then? No one can distinguish between random data and well-encrypted data. No one can prove the defendant does NOT know the "password" to this "encrypted" file. Will They let them go or will they be imprisoned and tortured forever until they "remember" the nonexisting password or simply confess to having had intercourse with the devil?

    • Re: (Score:3, Insightful)

      by scientus (1357317)
      The key is not digital, it does not exist on any machine. It *may* exist, and then only in the mind of the defendant. It only becomes digital when it is typed in, and then is erased after, it is like knowing where a treasure is hidden, and the right to refuse to tell of that is solidly defended, both in physical reality and in law (at least here in the us). By ruling that he (or anybody) has to give up a key he (or anybody) may or may not have (only those on trial truly know) the law becomes guilty until pr
  • by Xest (935314) on Thursday October 16, 2008 @04:12AM (#25396621)

    Perhaps this was the crux of the problem, they used a defence of suggesting if they hand it over it would be self-incriminating?

    Wouldn't a better defence have been to suggest that the data encrypted was entirely irrelevant to the case. Wouldn't it then be up to the police to actually do some police work and prove otherwise?

    By using a self-incrimination defence it's effectively admitting, yeah you've got some data that's evidence locked up but you're not handing it over. Surely it's better to simply just deny the encrypted data is relevant to the case or even that you've no idea what that encrypted data is. Hell, claim it's your own personal copyrighted works or some trade secrets and get them to prove to a court either that it's not or that they need access to said private content. I'd have thought both of these would put the burden on the police to do police work in an ideal scenario.

    That said, Labour's totalitarian regime doesn't follow the ideal scenario mindset and innocent until proven guilty means nothing anymore so I guess either way these people were screwed.

    If the people are guilty then it's great they've been caught, but the way they go about reach the goal is entirely unacceptable and comes down to one thing - the police are too damn lazy to actually do any police work nowadays. It's all about abusing various laws and technologies Labour has handed them which they really shouldn't have.

  • by seeker_1us (1203072) on Thursday October 16, 2008 @04:39AM (#25396825)

    Exactly when did they start to go insane?

    Once I would have like to go there. Now it sounds like an Orwellian nightmare. Cameras everywhere (that happen to be "malfunctioning" when police hold down an unarmed, ticketed Brazillian subway passenger and shoot him in the head multiple times). Laws passed monitoring all communications. No privacy. Jail sentences if you will not or cannot tell them an encryption key.

    This is the kind of shit they would tell us about Russia during the cold war.

    Who's getting rich and who's gaining power through this?

  • by benwiggy (1262536) on Thursday October 16, 2008 @04:53AM (#25396947)
    I'd be surprised if this didn't go before the House of Lords and get over-turned.
    It's amazing how many of the draconian, rights-reducing laws drawn up by democratically elected representatives get knocked back by the House of Lords, an un-elected body.

    The Lords can alter Bills before Parliament, but are also the last appeal court (before going to the European Court of Human Rights).

    Let's hear it for a benevolent oligarchy!

    • Re: (Score:3, Insightful)

      It's amazing how many of the draconian, rights-reducing laws drawn up by democratically elected representatives get knocked back by the House of Lords, an un-elected body.

      The reason the elected people are more problem is because quite frankly most people aren't educated enough to vote properly. The house of Lords don't have to answer to half-wits who believe in the "if you have nothing to hide" ideology.

      Sure they could abuse that power but luckily they've proven to generally be a sensible bunch and I think that's why the government has been trying to destroy the house of Lords and make their positions electable by the public as well.

  • by Ihlosi (895663) on Thursday October 16, 2008 @06:25AM (#25397545)

    ... my encryption key consists of a complete confession of my latest crime plus GPS coordinates of where I've buried the evidence. I'd definitely be incriminating myself by divulging it, so I won't.

This process can check if this value is zero, and if it is, it does something child-like. -- Forbes Burkowski, CS 454, University of Washington

Working...