In UK, Two Convicted of Refusing To Decrypt Data 554
ACKyushu clues us to recent news out of the UK, where two people have been successfully prosecuted for refusing to provide authorities with their encryption keys, resulting in landmark convictions that may have carried jail sentences of up to five years. There is uncertainty in that the names of the people convicted were not released; and without those names, the Crown Prosecution Service said it was unable to track down details of the cases. "Failure to comply with a section 49 notice carries a sentence of up to two years jail plus fines. Failure to comply during a national security investigation carries up to five years jail. ... Of the 15 individuals served, 11 did not comply with the notices. Of the 11, seven were charged and two convicted. Sir Christopher [Rose, the government's Chief Surveillance Commissioner] did not report whether prosecutions failed or are pending against the five charged but not convicted in the period covered by his report."
What I want (Score:5, Interesting)
One decrypts the files or filesystem while the other key overwrites the contents with random data.
I would also like to know how the authorities could possibly tell a properly encrypted file from one that only contains random data and consequently how they could prove that a filesystem is, in fact, encrypted.
Can I ask.. (Score:4, Interesting)
Re:Can I ask.. (Score:5, Interesting)
Carefully crack a CD in various places, so that not data can be recovered from it, scrawl on it "Encrytion Keys - Keep Safe" and hide in a stack of CDs.
When arrested, tell them about this CD that has your keys. When they come back and inform you its damaged go psycho screaming at them for having lost your keys, and hence, years of data (cos your back ups are encrypted too right?).
Sue.
Profit!
Ok maybe not, worth a thought though.
Re:Self-incrimination becoming mandatory (Score:5, Interesting)
so no public accountability yet again by our government.
http://www.ckwop.me.uk/Articles/article01.html [ckwop.me.uk]
An analysis of Section 3 of the Regulation of Investigatory Powers Act 2000 The Regulation of Investigatory Powers Act 2000 is a piece of UK law that, among a range of other things, contains a section that is meant to require the surrender of cryptographic keys to certain authorised parties (which are in effect instruments of the government). If such a request is made as part of an investigation, then the party who disclosed the key is not allowed to tell anyone that the authorities have that key or they face up to two years in prison. Equally, if the party fails to disclose the key, they also face up to two years in prison.
Re:Self-incrimination becoming mandatory (Score:5, Interesting)
I'd be curious to learn how many of the four who did comply were subsequently convicted of the crimes for which they were being investigated, and what sentences these convictions entailed. I'm also very curious about what prevented the conviction of the other non-compliant nine. Essentially: was it worth it?
While I can see the arguments for and against permitting Section 49 sanctions, I want to know what the practical upshot is. Hypothetically, it may be worthwhile to a potential criminal to serve up to a couple of years in prison with a note on their record akin to "refused to assist in investigation" rather than face the potentially much more damaging convictions that their cooperation might incur.
My concern is that the law will be amended to reflect this, leading to much harsher sentencing in order to prevent this kind of cost-benefit decision being made by suspected criminals.
Re:What I want (Score:4, Interesting)
That's assuming that the police are drooling morons that have no clue what they're doing. Obviously they'll copy the drive before trying anything on it. You hand over the "wrong" key, data gets scrambled, the restore it from the copy they took and asks for the correct key.
This sounds like a good application for a TPM, don't you think? Isn't that supposed to stop anyone being able to remove data from the machine? (Unless the TPM is backdoored...)
Do modern TPMs have a "suicide" feature that allows them to destroy the secret and create a new one on operating system request? If not, they should have.
Remember this is the UK (Score:5, Interesting)
Somehow, by the time authorities took possession of the computer, the encrypted drive was no longer opened. The last court decision about that case I am aware of states that a subpoena for the encryption key can be enforced, because the government was already aware of the existence of illegal material, and where it was. All they needed was a "key". This is vastly different from demanding a key first, so they can poke around in your private material.
As an analogy, imagine a shed in your yard that you keep locked. Law enforcement would, under almost all circumstances, require probable cause or a warrant based on probable cause in order to go onto your property and search that shed. However, if they already knew, with little doubt, that there was illegal material in that very shed, then they have the legal justification for a warrant, or a subpoena of whatever information is necessary to open the shed.
The solution (Score:5, Interesting)
The solution to this and other similar "bad law" problems is making them big and visible to the common population.
1 - Get a worm that allows to save data on infected computers.
2 - Get an encrypting program that supports plausible deniability.
3 - Infect self with worm.
4 - Install encrypting program in all infected machines.
5 - Accuse random people of having criminal data in their computers. (e.g.: "I was playing a WoW game and this guy told me he had several thousand [criminal data]").
Re:What I want (Score:3, Interesting)
So in the UK it is a crime to possess DRMed media? :-)
Re:Can I ask.. (Score:3, Interesting)
You can always write a single text file containing something that looks like encryption keys and then when they discover that none of the keys work, you can say that they have corrupted the disk. Whatever, write a corrupt disk in the first place. I have a half-broken cd-writer that writes half broken cds all the time.
Re:What I want (Score:5, Interesting)
I've been thinking about that for awhile. You don't want a system that will destroy the encrypted data - as others have pointed out, the cops will image your drive before they do anything, so it's sort of pointless. But I think you could do even better with a set of one time pads. I'm envisioning a system that works like this:
Re:Self-incrimination becoming mandatory (Score:1, Interesting)
"You do not have to say anything, but anything you do say will be taken down and may be used as evidence against you" is the standard line for UK police. Either that, or "you're nicked".
The UK can suffer serious blowback for this (Score:3, Interesting)
Yes, the Brits might be able to find something by untrained criminals by this hard handed method, but the blowback from this strategy is going to seriously hurt them in the long run.
Trading partners will be leery to send envoys over to make agreements when at a whim, their machines can be searched, and any trade secrets copied off. If deals are done with British companies, they will be done out of the country, or via electronic means. Companies will not want to set up branch offices in the UK because their facilities can be searched at any time and trade secrets taken. Finally, where does this end? Does someone in the UK have to give up all root/Administrator/sa passwords on request that are on the remote company's VPN or else go to prison?
Of course, the true terrorists are not going to be caught. They don't bring laptops in with their super secret plans. It seems the UK is aiming the RIPA act for more of an industrial espionage type of game than anything else, intending to demand trade secrets via the heavy hand of their bobbies, then hand the results over to their domestic interests. Other countries do this too, but those are very repressive regimes, not a First World nation.
Of course, legitimate people will get around this, but it requires backflips and makes PHBs less interested in doing business with the UK. Some means that people will use:
1: TrueCrypt is the first thing. Perhaps even a TC hidden OS with the decoy OS storing some random chaff in the outer volume. This way, there are no MRU traces of anything in there.
2: BitLocker and multiple users. The laptop's owner has a non administrator user and given the password of the account with the business critical data once in the UK before the meeting. Then when it comes time to head back to the States, the user account is disabled via remote. Of course, a hardware device to grab the Bitlocker volume key can get around this. The user account with the data can be protected via EFS, so when it expires, not even an Administrator can access it. Of course, there are varying methods to recover EFS protected files, so perhaps an Administrator-only accessible script that runs that would erase the sensitive user account before hitting the airport might be needed. If the user is questioned, he could show that he had no access and likely no knowledge of that functionality, it was corporate HQ who did that.
3: VMWare ACE installations. Similar to #2 above, the laptop will have an ACE install with a complete Windows VM present that has all the information needed to access a company network. The ACE install will be valid from a certain starting time and expires before the overseas traveler boards the plane home. Also, the company will E-mail the user the password to the ACE VM once he or she checks in. This way, a traveler will pass through security, and if questioned about the ACE install, will be unable to provide any information on it. On the way back, if the laptop is seized, the ACE VM would be expired and not accessible even with the right credentials. (Of course, the ACE VM would have some security inside it so just using it wouldn't mean free reign on the home corporate VPN.)
4: The hard disk for the business stuff would be mailed to the envoy's hotel. Traveler has a decoy OS on the laptop that is being used for travel, has a hard disk with the real data sent via post (and the password to the data sent via another method). Then the user puts in the real HDD, does his/her work, and when it comes time to head home, the real HDD is either sent back via mail, erased, or physically destroyed. (2.5" laptop drives are delicate and a couple hits from a ball peen hammer have a good chance of shattering the platters.
5: Then, there is the old fashioned way of having the laptop just be a remote client with no data stored locally. The user would have network access that would start when he or she got to the hotel and called in with a coded "OK" message, and expire before he or she goes to the airport.
Re:A thought experiment (Score:1, Interesting)
Well, Truecrypt doesn't NEED to be installed. You can have it on a flashdisk/CD etc.
Also, it allows the creation of a fake directory with fake encrypted data which shows when the specific password for that (which differs from your "real" password) is entered.
Re:How about if a Policeman... (Score:3, Interesting)
As for laws in UK i am not sure, but for US its been in debate cause a guy that crossed in the US from canada had encrypted data and they tried to make him give the key up.
Re:Self-incrimination becoming mandatory (Score:5, Interesting)
Not any more. Now it is:
"You do not have to say anything. But it may harm your defence if you do not mention when questioned something which you later rely on in court. Anything you do say may be given in evidence."
The reason for the change is that the "right to silence" has gone: if you don't immediately tell the police your defence when you are arrested, the court may ignore anything you say in your trial, and convict you anyway.
Re:What I want (Score:3, Interesting)
That is easily done. A quick search of history of accessed programs might be able to turn up a volume with information in it that is not present on the system.
In fact, most programs have a most recently used list. So, an adversary who looks at the MRU traces would just resume questioning even if the user gave all passwords to any TC volumes on the system.
To get around this, the best bet would be to use TC's decoy OS functionality, where a user can boot the decoy OS, mount the outer volume of partition where the hidden OS is present, and show that the volume is just a large place for storing private files. Using a hidden/decoy OS system ensures that there are no suspicious traces to files.
Re:Self-incrimination becoming mandatory (Score:1, Interesting)
In the UK the right to remain silent has effectively now been removed - the police no longer say
"You have the right to remain silent, but anything you do say will be taken down and may be used in evidence against you"
but instead say
"You do not have to say anything, but it may harm your defence if you do not mention, when questioned, something which you later rely on in court. Anything you do say may be given in evidence."
The Criminal Justice and Public Order Act 1994 provide statutory rules under which adverse inferences may be drawn from silence.
Adverse inferences may be drawn in certain circumstances where before or on being charged, the accused:
* fails to mention any fact which he later relies upon and which in the circumstances at the time the accused could reasonably be expected to mention;
* fails to give evidence at trial or answer any question;
* fails to account on arrest for objects, substances or marks on his person, clothing or footwear, in his possession, or in the place where he is arrested; or
* fails to account on arrest for his presence at a place.
Essentially, shutting up and saying nothing will be actively harmful to your defence.
Re:Not very surprising historically (Score:1, Interesting)
IAAL (UK) and no, it's not that simple. It never is.
If you want to look at the US legal situation for example, a good start would be to read United States v. Hubbell, 530 U.S. 27 (2000) [justia.com] then compare and contrast it to In re Boucher, (D.Vt. Nov 29, 2007) (NO. 2:06-MJ-91) (2007 WL 4246473) ("Boucher I") and In re Boucher, (D.Vt. Feb. 19, 2009) (No. 2:06-mj-91) (2009 WL 424718) ("Boucher II") (still under appeal). Read the full cases if you can find them, not a summary from some random website.
Case law is evolving and it's far from settled.
Re:How about if a Policeman... (Score:3, Interesting)
We might have to move towards "Triple-Blind" keys or such. Bruce Schneier had an article of the sort. "I don't know the key officer. I never did. It's remote-encrypted/etc".
Maybe you could store the key in a Schrodinger's Cat Lock.
"Not only do I not know the key, but I can only retrieve it if I have not been served a police demand. I am monitored by a live web-recorder with quad redundancy. If you serve me notice, the key will expire permanently."
Re:What I want (Score:3, Interesting)
Re:The logic is obvious (Score:5, Interesting)
Re:The logic is obvious (Score:4, Interesting)
Re:What I want (Score:3, Interesting)
Further, TrueCrypt is well known. "Hey, do you have a second 'hidden' partition on this slightly incriminating but pretty inoccuous drive?" "No." "I don't believe you. Do not collect £200."
What this means is that if you run Truecrypt, they can send you to jail, even if you honestly do not have a hidden partition. There's no way for you to prove that there is no hidden partition. Anybody running Truecrypt in the UK could go to jail for this reason.
Excuse me? (Score:4, Interesting)
Bad examples make for bad arguments. You broadly characterize "anti-gun-control activists" as "bonkers and dangerous".
That's not a good analogy. There are lots of folks on slashdot who understand that "pro-personal freedom" == "pro-owning the means to engage in justifiable violence". We're as rational and peaceful a bunch as you're ever likely to encounter.
Please be mindful that using bad analogies tends to render less impactful your otherwise insightful statements.
Re:The logic is obvious (Score:4, Interesting)
Replacing "keys" with "incriminating documents":
"If you a part of a criminal gang and the police obtains incriminating documents, telling the rest of your gang will enable them to destroy their own compromised data before the cops arrive. That is the logic behind this law."
And then:
"The alternative is to lock up everybody where incriminating documents have been found until the case is over, so they cannot communicate the news. That is the logic behind this idea, which would mean no calls to a lawyer therefore being declared unconstitutional for decades."
One suspected criminal is arrested and the police has to catch all other pieces of evidence before the rest of the gang destroys them. Nobody would declare that law is unable to keep up with that and nobody would ever dare to abolish due process, in dubio pro reo and all that which make the primary and most important differences between Law Enforcement under the Rule of Law and the Mafia themselves.
Simply because documents are electronic and not paper should not change one iota of due process. Criminals have been able to destroy evidence since the dawn of mankind and definetly since the dawn of Western democracies, when we decided to rather let some of the guilty be unpunished than to punish any single innocent.
Forcing suspects to incriminate themselves is organized thuggery, not law enforcement.
Digital crimes are hard to prove as they were and easy enough to incriminate the innocent, with USB sticks of only a few grams and millimeters capable of holding hundreds of thousands of the most grotesque and heineous pictures known to man - and no humanly way for the defendant to prove they're not his/her own. -
Now imagine /dev/random but an extension .gpg on it.
- a tiny USB stick found in your jacket after arrest.
- a 4gig blob of
- you facing 2 years of jail for not revealing a password neither you nor God ever knew because neither you nor Bruce Schneier can prove it is random and NOT encrypted data.
or even without intervention of a malicious police officer who framed you because he's after your wife
- you are the suspect of some crime, for whatever reasons, but you are innocent.
- police search and seize your property, lawfully and with a legal warrant.
- police finds a nondescript CD-R, hidden deep in your closet that contains data that looks suspicious AND encrypted
- it really IS encrypted data which you yourself encrypted. It is raunchy, but harmless (read: legal) stuff from college times.
- you produced this material several years ago, while in college in Alpha Beta Gamma frat and wanted to never ever have your roommates watch it.
- you kept the CD for sentimental reasons and summarily forgot the password and the fact that it ever existed. It was just sitting in the bottom drawer and went along the other stuff when you moved.
- you really forgot the password, in fact, you didn't remember that you even had the CD at all
- when the district attorney presents this CD as exhibit XY, you remember what it was and become nervous because your wife and kids are in the courtroom. You still don't remember the password as it was really long.
- the judge noticed you became nervous and will now never believe any story you tell unless you present the password as proof.
- result: you are innocent, but you are probably facing a 2 year non-commutable sentence for not revealing the password
Hands up who thinks that's a good law.
Re:What I want (Score:3, Interesting)
It's not even practical because letting them in doesn't help you at all, but it can potentially get you into real trouble. The cops might see something illegal/suspicious that you didn't even know was illegal, or maybe some friend of yours stashed drugs in your home and you didn't know (that happened to someone I know, but with his car, and it cost him his job). You don't have to prove your innocence, they have to prove your guilt. So in this situation you are much safer standing up for your rights. It's good in the long term and the short term. And, on a lesser note, you also aren't wasting your time, and their time, showing them around.
This was linked by someone else too: it's a lecture by a lawyer and a cop about why it's a bad idea to cooperate with the police more than is required to by law. Dont Talk to Police [youtube.com]. The video is probably worth reviewing once a year.
Re:What I want (Score:3, Interesting)
Because I was using it as a workstation. This means that it included my SSH keys and client documents, and I wanted to keep it secure from physical compromise.
Now, I worked as a security consultant at the time, so it at various times included data such as network layouts for clients, incident response plans for financial institutions, new vulnerabilities that could be used to trick an online banking system, and so on, so I could possibly have used that to demonstrate that I had strong reasons to encrypt that disk.
However, even before I started working as a security consultant, I had a habit of tightly securing machines, and I still tend to be fairly careful. And I know people that are paranoid about it - to the level where it could be considered clinical. That's not enough that they should be put in prison if they also have a lapse of memory.