Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Encryption

British Teen Jailed Over Encryption Password 1155

An anonymous reader writes "Oliver Drage, 19, of Liverpool has been convicted of 'failing to disclose an encryption key,' which is an offense under the Regulation of Investigatory Powers Act 2000 and as a result has been jailed for 16 weeks. Police seized his computer but could not get past the 50-character encrypted password that he refused to give up. And just to get it out of the way, obligatory XKCD."
This discussion has been archived. No new comments can be posted.

British Teen Jailed Over Encryption Password

Comments Filter:
  • by Anonymous Coward on Tuesday October 05, 2010 @06:34PM (#33800842)

    You don't have the right to keep your safe locked if there's a warrant for it to be opened. You don't have a right to not provide your fingerprints or DNA if that evidence is appropriate to the case and a warrant is issued.

    You have a right to refuse to testify. This only extends to your own testimony, not to everything about you.

  • by Anonymous Coward on Tuesday October 05, 2010 @06:36PM (#33800890)

    Don't you have the right to remain silent, so as to not incriminate yourself? We have it here in the US.

    No. That right was removed about 10 years ago.

    Now, if you refuse to answer questions during your arrest and questioning, the prosecution are allowed to use that silence as circumstantial evidence against you.

  • by Ynot_82 ( 1023749 ) on Tuesday October 05, 2010 @06:37PM (#33800902)

    You have the right to remain silent, unless they want something from you, in which case silence is an additional crime you've just committed in full and flagrant view of a police officer

  • by aztektum ( 170569 ) on Tuesday October 05, 2010 @06:37PM (#33800916)

    Never start with the head. It just makes the persons memory all fuzzy.

  • by Tobenisstinky ( 853306 ) on Tuesday October 05, 2010 @06:37PM (#33800918)

    RTFA - "Oliver Drage, 19, of Liverpool, was arrested in May 2009 by police tackling child sexual exploitation."

  • by Kjella ( 173770 ) on Tuesday October 05, 2010 @06:40PM (#33800954) Homepage

    Short answer: No. Through some creative legal thinking producing your encryption password is now considered equal to handing over the key to your safe, not to compel information from your mind. It's bullshit but Britain takes 1984 as a role model, not a warning.

  • by Mister Fright ( 1559681 ) on Tuesday October 05, 2010 @06:51PM (#33801100)

    TrueCrypt [truecrypt.org] has something where you can set up an encrypted virtual disk that you first put some files you don't care about on there with a password you wouldn't mind divulging. Then you make another virtual drive on that one that will store the files and a password you do care about. When asked for your password, you give the one you don't care about and it only shows files you don't care about. Plausible deniability.

  • by Anonymous Coward on Tuesday October 05, 2010 @06:51PM (#33801104)

    Correct me if wrong, but I believe this is only if you later choose to not be silent any more.

    E.g. you are accused of murdering someone two hours' drive away. You refuse to make any statement. A witness is able to clearly identify your car having seen it a few blocks from the scene of crime. Having been told this you say that you were just driving around randomly to clear your mind. In this case they would be able to use your earlier silence against you and imply that you are now only making excuses.

    Which I feel is certainly alright and in tune with commonly accepted notions of justice.

  • Re:50 char pass (Score:3, Informative)

    by jonbryce ( 703250 ) on Tuesday October 05, 2010 @06:53PM (#33801126) Homepage

    If it is 50 all lowercase letters, that gives you about 5.6*10^70 possible combinations. If you have a supercomputer that can do for example 2.8bn combinations per second (fastest example on this page http://www.elcomsoft.com/distributed_password_recovery.html [elcomsoft.com]), then it would take 6*10^53 years to go through them all. In other words 50 characters is a pretty secure password.

    Add uppercase, numbers and all the symbols on my keyboard to the mix, and you have 3.6*10^99 combinations. You can work out how much longer that would take, but it makes no difference, the world would come to an end long before you did it.

  • by kwerle ( 39371 ) <kurt@CircleW.org> on Tuesday October 05, 2010 @06:58PM (#33801190) Homepage Journal

    A.

    ...I don't see this a "self-incrimination" issue...

    Your neighbor spits on your lawn.

    This really pisses you off.

    You make a detailed journal entry (which you keep encrypted) about how much you hate your neighbor and you want to shoot him.

    Your neighbor gets shot.

    You still want to show them your data?

    B.

    You arrive home and find your neighbor's wife's dog (who continually craps on your lawn) has been slaughtered and hung like a side of beef in your bathroom.

    You call the cops even though you're an obvious suspect.

    They ask you a few questions and want to examine some of your stuff, including your computer.

    They find that your computer has been encrypted (not by you).

    Will the law think it's likely that someone encrypted your computer, or will they think that you don't want to share the data?

    Neither of these are even remotely likely, but that's what the law has to account for: the possible.

  • by dkleinsc ( 563838 ) on Tuesday October 05, 2010 @06:59PM (#33801192) Homepage

    Or more recently, Alberto "I do not recall" Gonzales.

  • by hedwards ( 940851 ) on Tuesday October 05, 2010 @07:02PM (#33801236)
    I can't blame him for hiding porn. I'm not sure about the UK, but in the US we don't have a mens rea requirement for possession of child porn. Meaning that if somebody emails you images anonymously, or you come across it randomly mixed in amongst an index of otherwise legal images you're just as guilty as if you were looking for them. And IIRC the courts over here recently ruled that comics of children are just as much child porn as real images are.
  • Re:Obligatory XKCD (Score:3, Informative)

    by siddesu ( 698447 ) on Tuesday October 05, 2010 @07:11PM (#33801346)

    Most likely, you clicked on the "Post Anonymously" checkbox in the left corner of the submit box.

  • by vakuona ( 788200 ) on Tuesday October 05, 2010 @07:21PM (#33801492)
    Um. Which is exactly what Truecrypt does, except for the wiping the disc part (Which doesn't work because any good forensics investigator probably clones said disc before attempting any data retrieval, and they won't use your system whilst doing it because they could give you deniability if timestamps change on the disc, and you could booby trap it, but I digress). The hidden volume is accessible by a second password which reads a key from the other end of the container. If you want to write to the outer volume without overwriting the inner volume, you provide both passwords.
  • by arth1 ( 260657 ) on Tuesday October 05, 2010 @07:22PM (#33801500) Homepage Journal

    The fifth amendment doesn't seem to apply in the courts; to quote his honor, William K. Sessions, Chief District Court Judge in Vermont in United States vs. Boucher:

    "Holding that the 5th Amendment privilege against self-incrimination does not require the conclusion that a criminal defendant may elect not to divulge a password for an encrypted hard drive."

    It also hasn't stopped judges from using the presence of encryption and unwillingness to give up the keys as evidence of misconduct [state.mn.us].

    If anything, Britain has stronger protection of individual rights than we have here in the US -- the defendant in this case doesn't risk a dozen years in jail, disenfranchisement and being barred from many occupations for life, like he would over here. I'd take good old Ius Commune over our system.

  • Re:Miranda rights (Score:5, Informative)

    by Anonymous Coward on Tuesday October 05, 2010 @07:22PM (#33801504)

    No this law was written as an ego trip by Jack Straw to prove his power. Among other things it reverses the onus of proof thus taking it outside fundamental principles of British (and US) law. It also goes further an limits the means by which you can prove your innocence, prescribing a few (probably impossible) ways. It also deprives the defendant of the right to a jury trial and gags the defendant from talking about the charge with anyone but his lawyer (and gags the lawyer).

    In effect a corrupt government official can send you an encrypted email then demand that you provide the key... As you never had it you can never prove your innocence, so they can lock you up for years after a secret trial.

    Add to this another set of laws formed by a radical feminist basically assuming any image of a female that you can't prove is of someone over the age of consent (16) is an image of a child (this includes cached images that may be advertisments that you never intended to view).

    So the cops can trawl your computer until they find something you can't prove is legal and lock you up. If you take the precaution of encrypting your PC they can lock you up for that too.

    We have now removed these politicians from power however the damage has been done. There are murmurs from some of the politicians about repealing some of the very dangerous laws that were brought in, however they are unlikely to repeal any of the technology based ones. There will be no pressure, the journalists over here consider it a point of pride to not understand technology.

  • by cappp ( 1822388 ) on Tuesday October 05, 2010 @07:22PM (#33801510)
    Huh, I was all ready to throw some facts at you about the age of concent in the UK being 16 and how it would be insane for child porn to include those who can have sex legally.
    Then I read the law and, shockingly enough, the Sexual Offences Act 2003 [hmso.gov.uk] changed the age of adult from 16 to 18.

    his clause redefines a "child" for the purposes of the Protection of Children Act 1978 ("the 1978 Act") as a person under 18 years, rather than under 16 years, of age. This change means the offences under that Act of taking, making, permitting to take, distributing, showing, possessing with intent to distribute, and advertising indecent photographs or pseudo-photographs of children will now also be applicable where the photographs concerned are of children of 16 or 17 years of age. The same change applies to the offence of possessing an indecent photograph or pseudo-photograph of a child at section 160 of the Criminal Justice Act 1988 (section 160(4) applies the 1978 Act definition of "child").

  • by History's Coming To ( 1059484 ) on Tuesday October 05, 2010 @07:28PM (#33801588) Journal
    “You do not have to say anything but it may harm your defence if you do not mention, when questioned, something which you later rely on in court. Anything you do say may be given in evidence. Do you understand?”

    Pretty much sums it up, a standard UK police caution when detaining/arresting somebody.
  • by John Hasler ( 414242 ) on Tuesday October 05, 2010 @07:31PM (#33801620) Homepage

    Wasn't his password.

  • Re:50 char pass (Score:3, Informative)

    by TruthSauce ( 1813784 ) on Tuesday October 05, 2010 @07:34PM (#33801666)

    Cryptographically speaking, each added character makes it an order of magnitude more difficult than the previous character.

    For a keyspace attack, beating a 50 character password is exactly the same amount of complexity as the ENTIRE SUM of the previous 49 characters possible passwords, times the keyspace for that 50th character.

    So no, it reduces the complexity by half, but we're still talking about a septillion years on a quadrillion supercomputers (and more passwords than there are atoms on earth, etc, etc).

  • by maxume ( 22995 ) on Tuesday October 05, 2010 @07:34PM (#33801668)

    So you are faced with the rather novel situation where any motivated individual can successfully resist the state and your instinct is to label it rabid anti-establishmentism?

    (and as others have pointed out, it is novel, doors can be broken, safes can be cracked, well used encryption is not so trivial to defeat)

  • by Deagol ( 323173 ) on Tuesday October 05, 2010 @07:49PM (#33801812) Homepage

    It's worse, given an over-zealous prosecutor. Search for the "little lupe child porn case". Poor dude had videos of an obvious, over-18 "pro" and even though a phone call and a fax would have produced the age custodial records, the prosecutor refused to cooperate and plowed head-on with trying to ruin the defendant. I hope there's a special hell for this woman (the prosecutor).

  • by nolife ( 233813 ) on Tuesday October 05, 2010 @08:05PM (#33801946) Homepage Journal

    The prosecution can and does use anything and everything they can against you. But.. giving information to the police or an investigating officer of the law is not the same as being in court and testifying and providing information in front of a jury and/or judge.

    This was posted to /. in the past and worth watching.
    http://video.google.com/videoplay?docid=-4097602514885833865# [google.com]
         

  • by Anonymous Coward on Tuesday October 05, 2010 @08:05PM (#33801952)

    If the authorities chose to arrest you, with or without good cause, they often put you in a pre-sentencing prison, then repeatedly "postpone" your trial for stupid reasons. I have seen MANY people who have been subject to this treatment in excess of two years (yes... in the USA). So, just to be clear:
    1. you can be 100% innocent and remain imprisoned in the USA if they want you there
    2. if you are politically connected or wealthy enough to afford an expensive laywer (even better if you ARE a lawyer) - no problem... get out of jail free card.
    3. never, EVER, tell the police or anyone investigating you anything. There are thousands of laws all intended to prosecute you, and only one which affords you protection -- the right to remain silent. Every good defense lawyer will tell you this.

    Finally, if you actually believe America is free, then you are:
    1. a lawyer, or politician
    2. stupid
    3. insane

    At least in China they tell you the truth -- USA, not so much.

  • by blair1q ( 305137 ) on Tuesday October 05, 2010 @08:08PM (#33801970) Journal

    You mean cryptology, but we'll go over that when we get you downtown.

  • by c6gunner ( 950153 ) on Tuesday October 05, 2010 @08:14PM (#33802044) Homepage

    Yeah, it would. Or it would under the definition of most governments, anyway.

  • by anUnhandledException ( 1900222 ) <davis.geraldNO@SPAMgmail.com> on Tuesday October 05, 2010 @08:23PM (#33802150)

    I think you had a typo.

    You were trying to write HIGHER crime rate than the US right?

    http://www.nationmaster.com/graph/cri_tot_cri_percap-crime-total-crimes-per-capita [nationmaster.com]

    Before you complain about the weak nationmaster source you can go to the original sources but honestly I don't care enough to look those up.

    So your choices are:
    a) accept you are wrong
    b) refused to accept you are wrong and try to prove it only to discover you are wrong and the original sources confirm it
    c) live in denial.

  • by veganboyjosh ( 896761 ) on Tuesday October 05, 2010 @08:41PM (#33802328)
    For more, check out Mike Diana's case:

    http://en.wikipedia.org/wiki/Mike_diana [wikipedia.org]

    I remember reading about this in some underground zines almost 15 years ago. Dude got railroaded for drawing adult comics that depicted child abuse. Alot of which Mike himself lived, and he used the drawing as therapy. He was sentenced to real live prison, and wasn't allowed to draw.

    They essentially took away his right to draw with a pen and paper for drawing things with pen and paper.
  • Trucrypt (Score:4, Informative)

    by CFD339 ( 795926 ) <andrewp@thenor[ ]com ['th.' in gap]> on Tuesday October 05, 2010 @08:42PM (#33802334) Homepage Journal

    The very best drive encryption out there (IMCO) is Tru-Crypt and is both open source and free.

    For the truly security crazed, you can set up a hidden operating system that you use for only your most secure stuff and use a DIFFERENT but valid password to get at it. Use your regular password for day to day stuff and only log in with the really secure one to get into the alternate OS.

    The whole purpose of that is so if someone has a gun to your head (or a court order, or a $5 pipe wrench) you can give them your perfectly valid password and they can access all your perfectly normal files --and never even know the alternate data is there (it can be hidden across thousands of normal looking data and executable files in the normal OS).

    Seriously cool stuff.

    In security, there are only two levels of paranoia. Absolute, and insufficient.

  • by moortak ( 1273582 ) on Tuesday October 05, 2010 @09:01PM (#33802522)
    The US comes in higher on assault, murder, and rape on the site you listed. Crimes per capita is meaningless if each country has different standards that they report. So in the UN report mentioned on the nationmasterlist the US comes in with a higher rate on violent crimes and the UK comes in higher on fraud and various property crimes. Choice D, the US has higher crime rates in the things that are generally considered more severe and that have more similar reporting criteria.
  • by anUnhandledException ( 1900222 ) <davis.geraldNO@SPAMgmail.com> on Tuesday October 05, 2010 @09:09PM (#33802600)

    Post your address so I can mail you a USB drive with random data on it.

    Then a phone call to your local Police dept will be very interesting.

    I see no legitimate reason why you would refuse to provide your local police the password to your USB drive full of kiddie porn.
    So just provide the password or go to jail.

    Starting to see the problem?

    There is no way to prove that you honestly DON'T know the password or even that the random data ISN'T an encrypted disk of kidde porn.
    When the govt simply has to point to random data and claim you are a criminal and all the burden is on you to prove that you aren't well you can be put in jail to any reason at anytime.

    Likely there is some random data on your hard drive right now (in the "blank" space). Prove it isn't an encrypted kidde porn pic.

  • by Swave An deBwoner ( 907414 ) on Tuesday October 05, 2010 @09:11PM (#33802618)
    Just a small correction, from the wikipedia article you provided:

    He was not sentenced to any jail time, but spent four days in jail between the dates of the verdict and the sentencing.

    and

    Diana moved to New York, where he was granted permission to serve out his sentence, and fulfill his community service obligation through volunteer work for the Comic Book Legal Defense Fund.

  • by mykos ( 1627575 ) on Tuesday October 05, 2010 @10:01PM (#33803076)
    So we're required to participate in search and seizure of our own property now? I thought it was the burden was on the police to gather all the evidence, but I guess I was wrong. Looks like the court can coerce you into locating evidence against yourself.
  • by Anonymous Coward on Tuesday October 05, 2010 @10:19PM (#33803214)

    This isn't the US where there is still a remnant of liberty, the Bill of Rights. England never had this. There, there is no such thing as citizens in the UK; they are still known as subjects.

  • Re:Miranda rights (Score:3, Informative)

    by MichaelSmith ( 789609 ) on Tuesday October 05, 2010 @11:02PM (#33803518) Homepage Journal

    I have a copy of the Australian constitution. It is full of paragraphs which read like The Queen may decide to create a house of representatives, and may decide to take advice from such a body... and so on. Nowhere does it say what the Queen must do. Thats how it will be until we vote for a republic and write A proper constitution.

  • Comment removed (Score:4, Informative)

    by account_deleted ( 4530225 ) on Tuesday October 05, 2010 @11:10PM (#33803584)
    Comment removed based on user account deletion
  • by westlake ( 615356 ) on Wednesday October 06, 2010 @12:09AM (#33804160)

    so if what you have encrypted is worth more than that, keep your mouth shut and do your time

    The contempt citation means you remain in the lock-up until hell freezes over or a judge sets you free, whichever comes first. I believe the record in a divorce case is 14 years.

  • by Anonymous Coward on Wednesday October 06, 2010 @12:27AM (#33804302)

    Don't you have the right to remain silent, so as to not incriminate yourself? We have it here in the US.

    No. That right was removed about 10 years ago.

    Now, if you refuse to answer questions during your arrest and questioning, the prosecution are allowed to use that silence as circumstantial evidence against you.

    Pre-arrest silence can be used against you.
    Post-arrest silence can not be used against you.
    You must invoke the right to remain silent in order for Miranda protections to apply.
    Your invocation must be clear and unequivocal.

    Choosing to be silent cannot be used against you after your arrest. And, if a prosecutor brings it up in trial, it's grounds for a mistrial.

    Source: Employee of the State Appellate Defender's Office.

  • by arivanov ( 12034 ) on Wednesday October 06, 2010 @02:38AM (#33805008) Homepage

    You are all forgetting the fundamentals.

    In britain there is no presumption of innocence. There is no "Right To Be Presumed Innocent Until Proven Guilty". That thing IS NOT on the British statute book. It is IMO the most basic of all human rights and a country that does not have it cannot claim to have human rights at all because not having this cornerstone allows it to suspend any other right at any given time with or without reason.

    Interestingly enough it is part of conventions which Britain has signed like the European convention on human rights. However the Labour government that signed them specifically opted out of these clauses. It after that went on and voted into the statute book several hundred criminal offences which explicitly postulate that you are guilty until proven innocent. The RIPA act, The H&S act, you name them. Half of Blair's legislation (Blair and Co raised the number of criminal offences on the statutes by more than 100% in 10 years) is based around "guilty until proven innocent".

    Thankfully, someone pointed this to Cameron and Co in the run up to the elections as the Conservatives initially wanted to revoke Britain's signature under the convention altogether. So the new government has actually promissed to fix this by accepting _ALL_ rights in the convention and repealing most of Blair's handywork as a big block vote including most of the RIPA act. Unfortunately, that fix has not been forthcoming as fast as it should. It was promissed for mid-summer before the parliament goes in recess. However it looks like it was what all politician promisses are... Talk the talk, but cannot walk the walk.

  • by gedhrel ( 241953 ) on Wednesday October 06, 2010 @03:38AM (#33805234)

    The caution now runs thus:

    “You do not have to say anything. But it may harm your defence if you do not mention when questioned something which you later rely on in court. Anything you do say may be given in evidence.”

    which is to say, the prosecution is permitted to sneeer and imply that you've found an alibi after the fact; the judge won't censure them for it, and will not instruct jurors to ignore those comments.

  • by Anonymous Coward on Wednesday October 06, 2010 @04:07AM (#33805408)

    At the end of the 16 weeks, they will formally ask him again and then charge him with the same crime. The RIPA allows for perpetual recharging, no "cant be charged twice for the same crime" or "right not to incriminate yourself" laws in the UK.

  • by Iamthecheese ( 1264298 ) on Wednesday October 06, 2010 @05:42AM (#33805822)
    Here's [aliciapatterson.org] an illegal checkpoint based on that law. here [gao.gov](warning: pdf) is a whole slew of them. This article [wired.com] tells of one specific victim. So does this one. [boingboing.net]Here's [wikipedia.org] a dragnet for you folks in the UK. This case [findlaw.com] is the one where they stretched it to include all mail sent anywhere in America. But [findlaw.com] wait! [findlaw.com] There's [findlaw.com] more! [findlaw.com]

    linky [findlaw.com]
    linky [openjurist.org]
    linky [resource.org]

    While not specific to the case of searches inside borders based on these laws you may find this [syr.edu] link enlightening, it's what our congresscritters are reading about these things.

    Warrentless stops and searches inside our borders are being done and it needs to stop.
  • by agingell ( 931397 ) on Wednesday October 06, 2010 @05:44AM (#33805840) Homepage
    In the UK witness coaching is not allowed even if you are the defendant. So you are not allowed to refer to council if you are on the stand, you just have to answer the questions asked. Your lawyer can go through questions that may be asked but they cannot tell you how to answer them.
  • by chrb ( 1083577 ) on Wednesday October 06, 2010 @06:06AM (#33805942)

    In britain there is no presumption of innocence.

    Of course there is. The presumption of innocence in English and Scots law comes from common law. The concept itself has been part of British society for thousands of years - Alexander Volokh [bepress.com] says that it has been present since Greece and Sparta and Rome, all the way back to the first (Judaic?) legal systems.

    Common law is the basis of the British legal system. Your logic is like claiming that "there is no law against murder in Britain" and then going on to claim that this means murder is legal. English Law - "there is no statute making murder illegal. It is a common law crime - so although there is no written Act of Parliament making murder illegal, it is illegal by virtue of the constitutional authority of the courts and their previous decisions." [wikipedia.org]

    It after that went on and voted into the statute book several hundred criminal offences which explicitly postulate that you are guilty until proven innocent. The RIPA act, The H&S act, you name them. Half of Blair's legislation (Blair and Co raised the number of criminal offences on the statutes by more than 100% in 10 years) is based around "guilty until proven innocent".

    [citationneeded]. Please name these "hundreds of acts that explicitly say British people are guilty until proven innocent.". And are you seriously blaming the Blair government (which came to power in 1997) for the 1974 Health and Safety Act?!? What?!

    So the new government has actually promissed to fix this by accepting _ALL_ rights in the convention and repealing most of Blair's handywork as a big block vote including most of the RIPA act.

    Right, that would be the same Conservative party that fully supported the RIP Act then? ('Only a pitiful handful of MPs (pictured below) were present to debate the bill, which was fully supported by the "opposition" Conservative party, and passed by 189 votes to 47 keeping the majority of its original clauses intact.' [infowars.net])

  • Re:Just Awesome (Score:2, Informative)

    by stormhair ( 718450 ) on Wednesday October 06, 2010 @06:41AM (#33806090) Homepage

    Not only that, but is that XKCD reference implying that British police are beating the teen with a wrench to get his encryption password?!?

    No, over here, we'd hit him with a spanner [wikipedia.org].

  • by stupid_is ( 716292 ) on Wednesday October 06, 2010 @07:21AM (#33806320) Homepage

    It's also the first case I've noticed where it's been used.

    If The Daily Mail [dailymail.co.uk] has done their research correctly (hahahahaha), it's the fourth time a prosecution has resulted in a conviction under this law (see final paragraphs)

    "In 2008 the then Labour Home Secretary Jacqui Smith told the House of Commons the legal provisions for withholding passwords and encryption keys to hard drives came into force on 1 October 2007 and eight notices have been served on PC users - four of which had resulted in prosecutions all relating to terrorism activity.
    Last year the first person jailed for not giving police access to encrypted material, was a 33-year old businessman known only as JFL.
    He was not judged to be a threat to national security, and the encrypted material in question was not suspected of securing illegal material.
    The man who ran a software company in London told a judge he was refusing to disclose the code on principle, on the basis that he should have a right to silence but was jailed for 13 months for refusing to hand over his decryption keys."

  • by Xest ( 935314 ) on Wednesday October 06, 2010 @08:16AM (#33806568)

    "See this doesn't work in Britain because they made it a crime not to provide the password period. If you fail to provide it, regardless of the reason, that's illegal. It was a specific law made for passwords. So can't remember? You are boned."

    This isn't really true. The police have to have reasonable grounds to believe you have the information to be able to issue a notice- this may for example be as simple as getting computer forensicists to provide evidence that the encrypted content has been accessed recently, and that it's unlikely anyone else had access to it- if the file was for example, stored in a private documents folder specific to the user in question. See the relevant legislation, under 49.2 here which clearly states that someone pushing for a disclosure notice must have reasonable grounds to believe that person has it (part a) of 49.2):

    http://www.legislation.gov.uk/ukpga/2000/23/part/III/crossheading/power-to-require-disclosure [legislation.gov.uk]

    It's also worth pointing out to date, that those convicted of failing to adhere to a section 49 notice have all actively refused to hand the key over, rather than claiming they have forgotten it. Of those that have claimed they're not in possession of the key, to date the case has either not been pursued, or the person in question has been charged/convicted for other crimes. This is a common story when it comes to computer crimes- many supposed attempts to prosecute based on new laws, or new twists on old laws don't actually succeed- look at the failure to succesfully prosecute the Oink admin, look at the fact that to date, file sharing cases in the UK haven't succeded in UK courts (although one supposedly won by default due to defendant not showing according to ACS:Law, there is no evidence that this is even true). Ultimately the police have to depend on either scaring people into accepting fault- i.e. if they say they've forgotten the password, reminding them that if they are found to be lying it could lead to an increase in their sentence, or depend on the person being stupid enough to incriminate themselves, or alternatively, for them to simply get caught for other crimes. The police mostly rely on ensuring people are confused about what the law actually says in the hope of making them waver and admit guilt or at least incriminate themselves- by touting convictions like the one in TFA as evidence of how you should always hand your key over without a fight, or without playing innocent they strengthen that idea amongst the public as to that's how it works. It's worth noting that in the words of RIPA itself if you can either demonstrate somehow that the police do not have reasonable grounds to require access to encrypted content (perhaps by use of a witness who would testify that the contents of that file were personal, or trade secrets maybe?), or if you can argue succesfully that giving access to the content is disproportionate to the crime with which they're attempting to charge you with, then you can also escape RIPA's clutch.

    In these respects, RIPA is quite similar to a search warrant- the police can only get one if they have reasonable evidence to suggest they have a need to enter the premises, and if it's proportionate to the crime they're investigating. The actual text of the legislation also seems to suggest that providing the content in an unencrypted form is an alternative to producing the key under the RIPA also.

    "However if you look in to it you discover that while there's little case law, indeed it HAS been ruled that that the 5th prevents you from having to give up a password. As such that will probably stay, in general courts abide by the rulings of other courts of competent jurisdiction."

    This is true, but it's also true that much like with RIPA, a defendant can be compelled by a court to provide access to encrypted content if not provide access to the key itself, in this respect US case precedence is basically similar

  • by CrimsonAvenger ( 580665 ) on Wednesday October 06, 2010 @08:33AM (#33806678)

    After all, the royals do fight, unlike the protected children of US presidents,

    While it seems to have fallen out of fashion, it should be pointed out that one of Teddy Roosevelt's kids (Teddy Jr.) fought in both World Wars, and one of FDr's sons was a Marine in WW2.

    In both cases, the sons in question were in places where the bullets were flying. In one case, the son shouldn't have been there at all, since his health was questionable enough he should have had a medical discharge long before he got around to a heart attack in the field.

  • by Xest ( 935314 ) on Thursday October 07, 2010 @04:32AM (#33821900)

    No, re-read my post and have a look at the relevant legislation I linked. As I pointed out it's quite clear that the police have to have a good reason to believe you have the key in the first place. If they issue a notice without having enough evidence to demonstrate they had a reasonable belief that you have ownership of the key, then they would have not correctly followed procedure, and if you stood your ground you'd almost certainly get away with it on a technicality when it got to court in that the order was issued innapropriately in the first place. The point is they can't just demand the key without any real solid demonstrable basis for demanding it.

    My analogy to search warrants holds quite well in this respect too- the police can't just raid a house without a warrant, and they can't get a warrant without having enough evidence to justify it. If they faked a warrant or lied to the courts to get one under false pretenses or whatever and searched based on that then their case would similarly fall apart in court.

    We don't have enough information available on the relevant cases, but I would be willing to bet that this is why so many of the section 49 notices issued so far have not been pursued or have failed when the person refused to hand over the keys- because the police know full well that they didn't have valid grounds to issue the notice in the first place and were just hoping the people in question would just agree to hand them over. Of the initial 15 notices issued (which covers the first year of the relevant portion of the act being enforced), 11 refused to comply, 7 were charged and only 2 were ever convicted for refusing to comply, also of those 7 charged, we can't even be sure if they were charged under RIPA, and not something else because the information released by the previous government is so vague. This suggests that they're not going as well as the police like to claim, and it's why when one does succeed, as in this case, they make a big fuss over it to try and push the idea that it's a tool they can use largely without challenge as people like yourself believe, such that more people simply just hand them over when they don't actually have to because the notice wasn't legitimately issued in the first place. Another rather disgusting problem with the act is that part of the act makes a provision such that anyone issued with a section 49 notice may not be allowed to talk about it, which is why we haven't heard much about those cases that failed, or the cases where charges were never even filed against people refusing to adhere to the notice.

    To date, a much larger percentage of people issued a section 49 notice have avoided handing over their keys, than have been convicted for not doing so, and this is quite telling. I'll also reiterate the point that those where the case has succeded to date, have always admitted having the key but refused to hand it over, rather than denying they have the key in the first place. Also, based on the most recent figures, the number of people convicted is still half the number of people issued a notice, who refused to comply, but who the police then backed down from pursuing under RIPA once they refused to comply.

    Personally, I think this is just another good reason why the act should be abolished though- it clearly seems to be being used innappropriately as a tool to strong arm people whether guilty or not, and whether the police had valid grounds to issue a notice in the first place or not.

1 1 was a race-horse, 2 2 was 1 2. When 1 1 1 1 race, 2 2 1 1 2.

Working...