In UK, Two Convicted of Refusing To Decrypt Data 554
ACKyushu clues us to recent news out of the UK, where two people have been successfully prosecuted for refusing to provide authorities with their encryption keys, resulting in landmark convictions that may have carried jail sentences of up to five years. There is uncertainty in that the names of the people convicted were not released; and without those names, the Crown Prosecution Service said it was unable to track down details of the cases. "Failure to comply with a section 49 notice carries a sentence of up to two years jail plus fines. Failure to comply during a national security investigation carries up to five years jail. ... Of the 15 individuals served, 11 did not comply with the notices. Of the 11, seven were charged and two convicted. Sir Christopher [Rose, the government's Chief Surveillance Commissioner] did not report whether prosecutions failed or are pending against the five charged but not convicted in the period covered by his report."
Re:What I want (Score:5, Informative)
Look into the Phonebook filesystem. Not quite what you mentioned, but almost as good.
Re:What I want (Score:3, Informative)
There are a few encryption systems out there which provide plausible deniability, and would work something like this (in theory). However, most have pretty clear information, like standard file headers. I've never bothered to actually look at one for encrypted files, but I imagine the file headers essentially say something like "This is a file from APP. It's version X.Y. It's N bytes long. Encryption algorithm is A. Hash method is H. Data follows..."
Re:Can I ask.. (Score:4, Informative)
Obviously, yes.
Re:What I want (Score:5, Informative)
The issue is no longer whether you can prove their is nothing incriminating in the "ecrypted file" but whether the old memory you've had for 7 months is an encrypted file or not.
Further, TrueCrypt is well known. "Hey, do you have a second 'hidden' partition on this slightly incriminating but pretty inoccuous drive?" "No." "I don't believe you. Do not collect £200."
This is a very, very bad day for the British public.
One-way encryption (Score:2, Informative)
Re:Self-incrimination becoming mandatory (Score:4, Informative)
This means, you can be forced to do self-incrimination. What's next? Do we remove the right to remain silent? In dubio contra reo?
This is the UK. They already have removed the right to remain silent [urban75.org] in the Justice and Public Order Act 1994.
Re:It's an appalling piece of legislation (Score:2, Informative)
You raise a valid point. It is easy for people with incriminating data to spend a couple of years in the rig instead of screwing themselves and their organizations over. The UK is bat-shit crazy.
Re:The logic is obvious (Score:5, Informative)
Where the definition of 'terrorist cell' is up to the authorities, and in this case means 'animal rights activist'. It could mean anything according to this corrupt, overbearing government.
Some animal rights activists do use terror tactics, including bombing campaigns [latimes.com], so in this case it might not just mean 'animal rights activist', it could mean everything you normally mean by 'terrorist'. Yes, there are huge problems with the law, but its being used against animal rights campaigners is not de facto one of them.
Re:Self-incrimination becoming mandatory (Score:4, Informative)
There is not a death sentence in the UK...
Re:The logic is obvious (Score:4, Informative)
Actually the UK has a problem with extremist animal rights activists who do go round bombing things. Some of these are now behind bars and rightly so.
Re:Self-incrimination becoming mandatory (Score:1, Informative)
Sadly, yes.
In the UK you no longer have the right to remain silent, and for certain offenses ("anti-social" behavour etc.) no right of trial : simply the accusation of the police officer is enough to prove guilt, and require the payment of a fine.
The 800 year old law against double jeopardy has also been repealed in the UK : http://news.bbc.co.uk/1/hi/uk/4406129.stm
The right to jury trial, another ancient right, has been removed.
Finally the government now intends to remove the right to a state-paid lawyer for all cases, meaning that many people may well end up representing themselves against the state's own lawyers. Startling, sad, and all true.
Re:Self-incrimination becoming mandatory (Score:3, Informative)
ritual umbrage (Score:5, Informative)
I'm stunned, I don't know why, to see people debating this as if this is the first time the issue has crossed their consciousness. News flash: this has been in the public water supply for at least two decades now. It's important, and if you haven't given it some thought long ago, you're not taking life seriously, you're just a woodpusher in the game theory of human realpolitik.
It boils down to a very simple premise: that entropy is a munition.
If you have some large chunk (say 100MB) of random bits in a file on your computer, there is no way to prove that there isn't some password that will decrypt this block of bits into meaningful information. Any chunk of information content which looks like pure entropy can be accused of harboring munitions, if you're trying to hit the preservation of society nerve, or child pornography, if you're trying to hit the righteousness of the flesh nerve (we all care about flesh). Steganography is the art of boiling a thin soup: very small amount of pure entropy hidden in a huge amount of tedious backdrop (say 200GB of licit pink matter).
If you have a large quantity of real physical entropy, there is of course no way to produce a password, and neither is there any way to prove that the entropy is real.
The authorities find this unbearable, so we are now deep into guilt by association. Caught hanging out with random bits, go directly to jail.
Any public discussion of the matter would conclude that our social concept of judicial fairness is incompatible with this new guilt by association model. What kind of society would declare entropy a munition? How would we all go about scrubbing anything that looks like entropy from our electronic records? It's not clear it is possible to comply with the implications of this, even if greater society drank the Orwellian Spook-Aid.
Hence the secrecy. If the spooks destroy 1000 innocent lives in the course of protecting society as we know it, it appears to be a cost we're going to have to bear.
The easy way to cease to think seriously about this is to invoke Stalinist escalation: that 1000 lives is soon 30 million lives.
Don't be so hasty. Sun Tsu beheaded one giggling princess to make every other princess march with the discipline of soldiers. For his needs, one was enough.
The credit industry doesn't work on principles much better than our agents of darkness. The suits have succeeded in labeling credential fraud as identity theft. Note the slight shift in blame here: it's not the design of VISA at fault (which could hardly be worse), it's your fault for offering up your digits in the first place (well, you can't use your VISA card without doing so, but why niggle?)
I hand pieces of information about myself to thousands of institutions. If the information is gathered and used against me, somehow I'm to blame, not the thousands of institutions who regard protecting the sensitive information they demanded from me as a cost center to be outsourced to India.
The great line in Brazil is "Confess quickly, or you'll jeopardize your credit rating."
Our credit system is nearly as arbitrary and secretive as this business of guilt by entropy. Innocent before proven guilty. The credit system is exempt from our normal social protections against slander. Any merchant can file a damaging untruth about me with little basis in fact, few avenues of complaint, and no ultimate liability whatsoever. The rating agencies will then spread this slander around and I can't prosecute them for spreading damaging falsehoods about me, even if I finally prove that the original merchant lied, and no sensible agency would persist in believing the original claim.
If we're not up in arms about the violation of our social norms concerning slander implicit to the credit industry, I don't harbour much hope that cottage outrage in this forum over incrimination by entropy is going to make any dent in the real world.
Stay tuned for the next exciting chapter, where encryption keys are extracte
Re:Self-incrimination becoming mandatory (Score:5, Informative)
Indeed. Here's two different videos to drive the point home, one from an attorney [google.com] and the other from a police officer himself [google.com].
Never ever EVER talk to the police. Nothing you can say to them is going to help you. Shut your damn mouth and ask for an attorney.
Re:The logic is obvious (Score:3, Informative)
Absolutely true. I'll admit that this isn't even my original Slashdot user ID. The original one I forgot the password to and it's email is set to a long dead account, so I'm certainly not getting any hints or resets via email.
I've forgotten tons of others too. Just because someone can't give you the password to an encrypted container or file doesn't mean they're withholding it. Heck I've setup plenty of Truecrypt volumes for sending data back and forth to vendors at work. Lord knows I've forgotten most of those passwords after the projects they were associated with were completed.
Re:Self-incrimination becoming mandatory (Score:3, Informative)
Technically, they're meant to ask "Do you understand?" immediately after that and you're perfectly entitled to say "No, I don't understand, Officer".
In theory, they're then meant to produce a copy of the Police and Criminal Evidence act which you are free to read until such time as you do understand.
Whether or not anybody's ever got away with something simply by "not understanding" indefinitely I really don't know, but it's nice to think it may have happened.
Re:The logic is obvious (Score:5, Informative)
"Seven animal rights activists who tried to close down Huntingdon Life Sciences by blackmailing companies linked to the animal testing laboratory were jailed today for between four and 11 years. ... a six-year campaign involving hoax bombs and falsified allegations of child abuse"
"The activists plotted their campaign from their headquarters, a country cottage near Hook, in Hampshire. From the building -- which police had bugged -- they used encrypted emails, spreadsheets and coded messages to organise the blackmail of the companies and individuals."
"While rarely causing physical harm, these offenders thrived on the fear they created through threats and intimidation."
http://www.guardian.co.uk/business/2009/jan/21/huntingdon-animal-rights [guardian.co.uk]
Re:Self-incrimination becoming mandatory (Score:1, Informative)
Furthermore, your silence cannot be taken as compelling evidence against you. The court is entitled to give your silence whatever weight it feels is deserved, when taking all things into consideration. What the court cannot do is to convict you by your silence. i.e.:
Wrong: "She didn't say anything to the police. Of course she's guilty."
Right: "She didn't say anything to the police. On top of everything else I've heard that is just one more reason for me to think she's guilty."
Also right: "She didn't say anything to the police, but I'm still not swayed by the strength of the prosecution's case. I can't convict."
Anonymous Magistrate.