British Teen Jailed Over Encryption Password 1155
Posted
by
CmdrTaco
from the yeah-good-luck-with-that dept.
from the yeah-good-luck-with-that dept.
An anonymous reader writes "Oliver Drage, 19, of Liverpool has been convicted of 'failing to disclose an encryption key,' which is an offense under the Regulation of Investigatory Powers Act 2000 and as a result has been jailed for 16 weeks. Police seized his computer but could not get past the 50-character encrypted password that he refused to give up. And just to get it out of the way, obligatory XKCD."
Just Awesome (Score:5, Funny)
Re:Just Awesome (Score:5, Funny)
Where did they go? Sweden?
Re:Just Awesome (Score:5, Funny)
Pfft, Britan. Glad my ancestors were smart enough
If only they were smart enough to teach you how to spell "Britain".
Re:Just Awesome (Score:4, Funny)
It doesn't matter. Most of us are just going to pronounce it 'England' anyway.
Re:Different in the USA? (Score:5, Interesting)
No person (...) shall be compelled in any criminal case to be a witness against himself
Re:Different in the USA? (Score:5, Insightful)
I think you're forgetting the commerce clause. Specifically the part that says "LALALALALA I CAN'T HEAR YOU!".
Re:Different in the USA? (Score:4, Insightful)
I believe you will find it in the Magna Carta (MC.29 on http://alexpeak.com/twr/mc/ [alexpeak.com]) for an early variation on the concept.
"No freeman shall be taken captive or imprisoned, or deprived of his lands, or outlawed, or exiled, or in any way destroyed, nor will we go with force against him nor send forces against him, except by the lawful judgment of his peers or by the law of the land."
While this was originally intended for the nobles, since the emancipation of the masses, I believe it applies to everybody. However, there may be more recent statues that supersede it, such as European Convention on Human Rights.
Re:Different in the USA? (Score:5, Insightful)
These two statements are not the same and your entire argument in this thread relies on them meaning the same thing. In a legal system with formally defined rights they would be the same (ie the US legal system). But in a system of common law there can be principles that are not formally stated.
In the case of this principle [wikipedia.org], it has been widely stated and incorporated into rulings in the British justice system. As such it forms a part of British law, regardless of whether or not we have a document that "grants" this "right" to people.
Completely Utterly Wrong. (Score:5, Informative)
In britain there is no presumption of innocence.
Of course there is. The presumption of innocence in English and Scots law comes from common law. The concept itself has been part of British society for thousands of years - Alexander Volokh [bepress.com] says that it has been present since Greece and Sparta and Rome, all the way back to the first (Judaic?) legal systems.
Common law is the basis of the British legal system. Your logic is like claiming that "there is no law against murder in Britain" and then going on to claim that this means murder is legal. English Law - "there is no statute making murder illegal. It is a common law crime - so although there is no written Act of Parliament making murder illegal, it is illegal by virtue of the constitutional authority of the courts and their previous decisions." [wikipedia.org]
It after that went on and voted into the statute book several hundred criminal offences which explicitly postulate that you are guilty until proven innocent. The RIPA act, The H&S act, you name them. Half of Blair's legislation (Blair and Co raised the number of criminal offences on the statutes by more than 100% in 10 years) is based around "guilty until proven innocent".
[citationneeded]. Please name these "hundreds of acts that explicitly say British people are guilty until proven innocent.". And are you seriously blaming the Blair government (which came to power in 1997) for the 1974 Health and Safety Act?!? What?!
So the new government has actually promissed to fix this by accepting _ALL_ rights in the convention and repealing most of Blair's handywork as a big block vote including most of the RIPA act.
Right, that would be the same Conservative party that fully supported the RIP Act then? ('Only a pitiful handful of MPs (pictured below) were present to debate the bill, which was fully supported by the "opposition" Conservative party, and passed by 189 votes to 47 keeping the majority of its original clauses intact.' [infowars.net])
Re:Mod parent down, just plain wrong. (Score:5, Insightful)
This makes no sense in British terms - Parliament is sovereign and cannot be bound.
That said, the centuries old common law presumption of innocence was enshrined in positive law in the Human Rights Act, 1998.
I can't figure out if you are American with a Blair fixation, or British but enamoured of the concept of a written constitution. In either case I think you are misguided:
A written constitution is not "fundamental, nonrevocable and unalienable" since it can be amended, the procedure is just a little more involved than normal legislation. And you only need to look at Prohibition in the US to see that this is no bar to stupid laws that restrict freedom. It also makes them a lot harder to get rid of. Ultimately the cost of freedom is eternal vigilance either way; a citizenry that is either complacent or uncaring of their liberties will lose them in any system, whether or not you have the speed bump of a written constitution or not.
Also as a practical matter (Score:5, Insightful)
Even if a judge ruled that wasn't you testifying against yourself, you could still protect yourself if you simply said "I don't recall that password." You may notice that not being able to recall is used a lot when under oath. The reason is that there really isn't any way to challenge it. We forget shit all the time (hell everyone seems to forget their passwords if my job is any indication). You can't prove someone hasn't. So they say "What is the password and the 5th amendment doesn't protect you," you say "Sorry, I can't recall that password."
See this doesn't work in Britain because they made it a crime not to provide the password period. If you fail to provide it, regardless of the reason, that's illegal. It was a specific law made for passwords. So can't remember? You are boned. The US has no such similar law. Thus the only way they could get you is if you said you knew the password, but refused to give it up, and it was ruled that wasn't protected under the 5th.
However if you look in to it you discover that while there's little case law, indeed it HAS been ruled that that the 5th prevents you from having to give up a password. As such that will probably stay, in general courts abide by the rulings of other courts of competent jurisdiction.
Re:Also as a practical matter (Score:5, Informative)
"See this doesn't work in Britain because they made it a crime not to provide the password period. If you fail to provide it, regardless of the reason, that's illegal. It was a specific law made for passwords. So can't remember? You are boned."
This isn't really true. The police have to have reasonable grounds to believe you have the information to be able to issue a notice- this may for example be as simple as getting computer forensicists to provide evidence that the encrypted content has been accessed recently, and that it's unlikely anyone else had access to it- if the file was for example, stored in a private documents folder specific to the user in question. See the relevant legislation, under 49.2 here which clearly states that someone pushing for a disclosure notice must have reasonable grounds to believe that person has it (part a) of 49.2):
http://www.legislation.gov.uk/ukpga/2000/23/part/III/crossheading/power-to-require-disclosure [legislation.gov.uk]
It's also worth pointing out to date, that those convicted of failing to adhere to a section 49 notice have all actively refused to hand the key over, rather than claiming they have forgotten it. Of those that have claimed they're not in possession of the key, to date the case has either not been pursued, or the person in question has been charged/convicted for other crimes. This is a common story when it comes to computer crimes- many supposed attempts to prosecute based on new laws, or new twists on old laws don't actually succeed- look at the failure to succesfully prosecute the Oink admin, look at the fact that to date, file sharing cases in the UK haven't succeded in UK courts (although one supposedly won by default due to defendant not showing according to ACS:Law, there is no evidence that this is even true). Ultimately the police have to depend on either scaring people into accepting fault- i.e. if they say they've forgotten the password, reminding them that if they are found to be lying it could lead to an increase in their sentence, or depend on the person being stupid enough to incriminate themselves, or alternatively, for them to simply get caught for other crimes. The police mostly rely on ensuring people are confused about what the law actually says in the hope of making them waver and admit guilt or at least incriminate themselves- by touting convictions like the one in TFA as evidence of how you should always hand your key over without a fight, or without playing innocent they strengthen that idea amongst the public as to that's how it works. It's worth noting that in the words of RIPA itself if you can either demonstrate somehow that the police do not have reasonable grounds to require access to encrypted content (perhaps by use of a witness who would testify that the contents of that file were personal, or trade secrets maybe?), or if you can argue succesfully that giving access to the content is disproportionate to the crime with which they're attempting to charge you with, then you can also escape RIPA's clutch.
In these respects, RIPA is quite similar to a search warrant- the police can only get one if they have reasonable evidence to suggest they have a need to enter the premises, and if it's proportionate to the crime they're investigating. The actual text of the legislation also seems to suggest that providing the content in an unencrypted form is an alternative to producing the key under the RIPA also.
"However if you look in to it you discover that while there's little case law, indeed it HAS been ruled that that the 5th prevents you from having to give up a password. As such that will probably stay, in general courts abide by the rulings of other courts of competent jurisdiction."
This is true, but it's also true that much like with RIPA, a defendant can be compelled by a court to provide access to encrypted content if not provide access to the key itself, in this respect US case precedence is basically similar
Re:Also as a practical matter (Score:5, Insightful)
by touting convictions like the one in TFA as evidence of how you should always hand your key over without a fight, or without playing innocent they strengthen that idea amongst the public as to that's how it works.
From TFA (my emphasis):
Oliver Drage, 19, of Liverpool, was arrested in May 2009 by police tackling child sexual exploitation.
Hmm, 16 weeks in prison for refusing to hand over keys or:
If guilty, 5 years in prison for sexually exploiting children.
If innocent, a lengthy trial with your name dragged through the mud by the tabloid press. Let's face it, everyone he knows will remember the trial but forget the verdict, and something like that's not the kind of thing you can easily shake off.
Tough choice.
Re:Also as a practical matter (Score:5, Insightful)
Not quite the same thing, but Terry Childs found out that this isn't really a winning strategy. IIRC, Childs got four years.
Not quite the same? Try completely different, it wasn't a password to decrypt his information and there was no fifth amendment issue. Irrelevant example.
Re:Also as a practical matter (Score:5, Informative)
Wasn't his password.
Re:Also as a practical matter (Score:5, Insightful)
If you want to be taken seriously, it might be time to set aside all that aristocracy and "House of Lords" stuff. I'd say it's "so last-century" but really it was "so last century" last century.
Easy, tiger. Someone might point out that generations of politicians are quite common in the US. In fact, the Kennedys were about as close to royalty as you could get without actually wearing a crown.
Re:Also as a practical matter (Score:5, Funny)
(like the Great Australian Firewall)
I prefer Great Barrier Router of Australia, personally.
Re:Also as a practical matter (Score:4, Informative)
While it seems to have fallen out of fashion, it should be pointed out that one of Teddy Roosevelt's kids (Teddy Jr.) fought in both World Wars, and one of FDr's sons was a Marine in WW2.
In both cases, the sons in question were in places where the bullets were flying. In one case, the son shouldn't have been there at all, since his health was questionable enough he should have had a medical discharge long before he got around to a heart attack in the field.
Re:Also as a practical matter (Score:4, Informative)
Hillary made "I don't recall" a house hold phrase.
Actually, Ronald Reagan [moldea.com] Made the phrase in popular in American politics. I'm curious if you were pushing any particular political agenda yourself with your selective memory, or if you're simply too young to remember Reagan's famous hearings...
-=Geoskd
Re:Also as a practical matter (Score:5, Funny)
I'm not so sure about this. I seriously doubt many Republicans (male ones anyway) frequent (female) hookers. Male hookers, sure; Republicans seem to have a thing for being gays in denial. But they seem to prefer getting it from strangers in public restrooms, rather than paying for it.
The Democrats are probably much more active in frequenting female hookers. They seem to like to cheat on their wives a lot. But they seem more likely to spend a little money on their sexcapades, instead of looking for free sex from strangers with unknown diseases.
Now, if you're wondering which politicians are mostly honest, and don't cheat on their spouses or partners, I think the answer is none. There's definitely none who are honest about wanting to actually help the country.
Re:Different in the USA? (Score:5, Informative)
The fifth amendment doesn't seem to apply in the courts; to quote his honor, William K. Sessions, Chief District Court Judge in Vermont in United States vs. Boucher:
"Holding that the 5th Amendment privilege against self-incrimination does not require the conclusion that a criminal defendant may elect not to divulge a password for an encrypted hard drive."
It also hasn't stopped judges from using the presence of encryption and unwillingness to give up the keys as evidence of misconduct [state.mn.us].
If anything, Britain has stronger protection of individual rights than we have here in the US -- the defendant in this case doesn't risk a dozen years in jail, disenfranchisement and being barred from many occupations for life, like he would over here. I'd take good old Ius Commune over our system.
Re:Different in the USA? (Score:5, Insightful)
The reason the courts see it this way is because of the distinction the legal system places on written vs oral evidence. Oral evidence is obvious; the person giving it may or may not be telling the truth. Written evidence however has a more privileged status. Once you've written something down, you can't "take it back". It's out there as physical evidence and can be used against you. This is why even the most gung ho characters will back up if you ask them to put things in writing. The written word is powerful rope with which to hang yourself.
As far as most judges and lawyers are concerned, data on computers is simply another form of the written word, and so anything you've "written" there--encrypted or not--is legitimate evidence waiting to be used against you. In some sense they are in fact right. Personally, I view computer data by its very nature to be more abstract and far more transitory than the traditional written word, and so worthy of less... distinction as evidence in a court. But that said, it is a (quasi-)permanent record of events and that's what courts are interested in.
Bottom line, the old rules still apply. If you don't want to reveal something, never, ever write it down. Encrypting it on your computer is just not good enough. If you don't want people reading it and aren't willing to take a risk, then you either need to delete the data or better yet not write it down in the first place. All that said, encryption is preferable to just leaving your papers lying around, but don't expect encryption alone to magically make your written words disappear.
Re:Different in the USA? (Score:5, Interesting)
That's why my passphrase is "I committed the crime."
Oops, now I need to change the passphrase on my luggage. Maybe I'll change it to "is my little secret" and when the keystone kops come after me, I'll quip a cryptic comment about Quine.
Re:Different in the USA? (Score:5, Funny)
I think I'll make my passphrase "I don't remember". That should make for a fun interview.
Re:Different in the USA? (Score:5, Insightful)
Eh. The Boucher case is a special one, because the idiot was stupid enough to first show his child-porn collection to a law enforcement officer, and then - after the computer was rebooted - refused to provide the password. Initially the state ruled that he couldn't be forced to divulge the password, and in most cases this would hold; however, due to the fact that the presence of child porn on his computer had already been verified, the appeals court ruled that he isn't protected under the 5th. The problem here is that their definition of "already verified" is too loose, because it depends solely on the testimony of the arresting officer(s). Now, if the cops had had the common sense to take a few pictures of the laptop screen, then there would be no issue at all. As it is, if he appeals I'd say he has a pretty good chance of having the decision overturned.
As for the second case, you're talking about a guy who was convicted based on multiple lines of evidence, and is now bitching because the state lawyer happened to mention that "encryption programs" were present on the computer. That's asinine.
If anything, Britain has stronger protection of individual rights than we have here in the US
Thanks for the lulz :)
Re:Different in the USA? (Score:4, Interesting)
"May contain" isn't the same as "did contain", and I'd hate to see anyone convicted of a crime he or she "might" have done.
Even if the agent believed it to be child porn doesn't necessarily make it so -- he could have been a Melissa Ashley fan, for example.
Of course, the pr0n might have been illegally copied, in which case it's perfectly valid to not want to incriminate oneself.
I have no idea whether the guy was guilty or not, but I know that forcing him to decrypt his HD in order to find evidence to convict him with is mocking the intent of the fifth amendment.
The problem in that case isn't over the guy's guilt, but that both the judge and the review found that the mere presence of encryption was admissible as evidence against the accused.
It's like arresting someone for arson and using the presence of a ski mask as evidence against him, with absolutely nothing that indicates that a ski mask was used, whether during the crime or to hide his face.
But apparently, possession of encryption software is allowed used as incriminating evidence in itself, and the fifth amendment doesn't cover refusal to disclose encryption passwords.
Yes, we most certainly live in the land of the free. For very small values of free.
Re:indeed it is (Score:4, Insightful)
If you're so committed to the truth, then you should give them the password and the truth shall set you free.
Erm, maybe not so much Doc, if that collection of Bugs Bunny cartoons on your hard drive, some of which featuring Bugs in "drag", are declared to be "kiddy porn" at some point in the near future.
Th-th-th-that's all, folks!
Strat
Yes, different in the USA (Score:4, Insightful)
Re:Yes, different in the USA (Score:4, Insightful)
The really sad part is that I've heard people say Muslims shouldn't have constitutional rights ("they are the enemy"), even if they were natural-born Americans.
Stupid, stupid bastards.
That's exactly what the Germans did - redefine jewish-German citizens as "not german" and therefore executable whenever the government felt like it. And then the US did it in 1942 by defining japanese-Americans as "not american" and locked up 0.2 million of them. Why are we repeating the same mistake in 2010?
Re:Yes, different in the USA (Score:5, Insightful)
Re:Yes, different in the USA (Score:5, Insightful)
After that, it says, "The government is assuming extraordinary powers to stop and search individuals within this zone," but it cites none of these "extraordinary powers", nor does it cite a single case of abuse of these powers, nor does it explicitly say that any of them are actually unconstitutional. Instead, they resort to shady wording and scare tactics by labeling that 100 mile border/coastal region as a "Constitution Free Zone" on the basis of these uncited and unsubstantiated powers. And their "Fact Sheet" is no better, resorting purely to unsubstantiated claims of wrongdoing which even they admit are being upheld in court.
If this is true, why didn't they cite a single law, a single case, or a single ruling? Not even one. The whole thing reads like a conspiracy theorist paper, except at least the conspiracy nuts can cite examples of these things actually happening. Apparently the ACLU is still working on that.
Re:Yes, different in the USA (Score:5, Informative)
linky [findlaw.com]
linky [openjurist.org]
linky [resource.org]
While not specific to the case of searches inside borders based on these laws you may find this [syr.edu] link enlightening, it's what our congresscritters are reading about these things.
Warrentless stops and searches inside our borders are being done and it needs to stop.
But it's hard to remember... (Score:5, Funny)
But it's hard to remember all those special characters after they beat you with a wrench. Be sure to choose a password that's easy to remember under bludgeoning to limit the number of times they have to hit you in the head.
Re:But it's hard to remember... (Score:5, Informative)
Never start with the head. It just makes the persons memory all fuzzy.
Re:But it's hard to remember... (Score:4, Funny)
mod this +1 nefarious
Re:But it's hard to remember... (Score:5, Funny)
I'm more afraid of the people finding it "Informative". In my mind's eye I'm seeing the CIA taking careful notes while reading /.
It'd be more like the CIA wondering what took Slashdot so long to figure that out.
Re:But it's hard to remember... (Score:4, Insightful)
Or, he really does care about his rights and truly believes that he should not be compelled to divulge this password. You're probably right, but it is possible.
Re:But it's hard to remember... (Score:5, Interesting)
But is it only 16 weeks, and that's it, or at the end of the 16 weeks do they ask again? If he refuses again do they just put him back for another 16 weeks (or more)?
What is he hiding? (Score:4, Funny)
I wonder what he is hiding.
Re:What is he hiding? (Score:5, Insightful)
Re:What is he hiding? (Score:4, Informative)
downloaded music? games? movies? software? (Score:4, Insightful)
downloaded music? games? movies? software?
Re:What is he hiding? (Score:5, Funny)
His encryption password, obviously.
Re:What is he hiding? (Score:5, Interesting)
Theoretically it could be something as innoccuous as a photo of his 16 year old girfriend's boobs (not to mention all sorts of other stuff, like diaries, etc)
The Labour party when it was in power and creating laws out its wazoo (including the RIP Act deployed here) made it an offence to have photos of persons under the age of 18 engaged in sexual acts. To put that in context, you can have a gangbang with a 16 year old (assuming that's her thing) and it's perfectly legal. But if you have a photo of the same girl with her boobs out, taken while you weren't there (!) or if you aren't in a government-sanctioned relationship, ie, long-term or stable (I shit you not) you're a dirty sex criminal.
And that means your life could be destroyed: sex offender's register (probably just for 5 years for a photo of the boobs of a legal to fuck, but not photograph girl) and a bar on any career you might want or develop in all sorts of areas to do with children and 'vulnerable adults'. And maybe any chance of decent employment.
Compared to any of that, even 16 months in prison, after which you at least get to rebuild your life, is probably a price well worth paying. Even for something as trivial as legal-to-touch teen boobs. Or a bit of manga. Or a sexualized stick-figure srawing that some prosecutor might say was 15.
Maybe they think that bikini shot of that cute girl is over-sexualized, and she was only 17 when it was taken...
Maybe it's just regular porn. Or you think so. But get this: you own one picture from a series, which you've never seen. That series of photos contains 'extreme pornography'. Even though your photo doesn't, you still may be guilty of an offence! And stuck on the sex offender's register.
You'd have to be an idiot, assuming the most, er, innocent of porn collections to want to take that risk, hand over your password and place your entire life in the hands of the Criminal Prosecution Service.
Well no. (Score:4, Funny)
DUH. Obviously he's a terrorist.
Re:What is he hiding? (Score:5, Interesting)
"Oliver Drage, 19, of Liverpool, was arrested in May 2009 by police tackling child sexual exploitation"
He was probably suspected of having pictures of his 17-year old naked self on his computer. Quite frankly, I don't give a rat's ass about child porn accusations anymore. If somebody tells me to think of the children, I say "fuck the children" (well, not literally). It's an empty argument, a way of saying "I don't want to discuss this, it's going to happen so shut up." I instinctively assume that anyone who brings up child porn accusations is lying. This is just another instance: They want to read his hard disk, so they accuse him of something unspeakable. The punishment for not remembering a 50 character password after 6 months of not using it is atrocious. These people deserve our deepest disdain. THEY have done wrong and parade their deeds in front of us, while Oliver Drage, for all I know, has not been convicted of anything I would consider a wrong-doing.
Re:What is he hiding? (Score:5, Insightful)
You know it's bad when you need to post as AC just to even speak such 'blasphemy'. The additional effect that has happened is anyone defending an accused 'pedophile', for any reason, is assumed to be a pedophile themselves and attacked accordingly. We may actually be watching the end of the age of reason.
Re: (Score:3, Informative)
Re:What is he hiding? (Score:4, Informative)
It's worse, given an over-zealous prosecutor. Search for the "little lupe child porn case". Poor dude had videos of an obvious, over-18 "pro" and even though a phone call and a fax would have produced the age custodial records, the prosecutor refused to cooperate and plowed head-on with trying to ruin the defendant. I hope there's a special hell for this woman (the prosecutor).
Re:What is he hiding? (Score:5, Informative)
http://en.wikipedia.org/wiki/Mike_diana [wikipedia.org]
I remember reading about this in some underground zines almost 15 years ago. Dude got railroaded for drawing adult comics that depicted child abuse. Alot of which Mike himself lived, and he used the drawing as therapy. He was sentenced to real live prison, and wasn't allowed to draw.
They essentially took away his right to draw with a pen and paper for drawing things with pen and paper.
Only 16 weeks? (Score:5, Interesting)
He's getting off easy. In the USA, the cops would get a court order and the judge could order him jailed for contempt of court until he gives up the password.
Re:Only 16 weeks? (Score:5, Insightful)
Which is why you never refuse. You simply forget it. It is not illegal to forget something 50 chars long, it could easily happen.
Re:Only 16 weeks? (Score:5, Funny)
You know you want to.
+1 inciteful
Re:Only 16 weeks? (Score:5, Interesting)
just a random idea: suppose you need some salt (maybe that's not the right word) to add to the key to make it really secure. and that salt comes from something that must be accessed regularly or the time skews (or something like that) and you'll never (...) be able to get your data back. as a precaution; a dead-man's switch of sorts.
so you go to court and they ask for the key. you tell them YOUR part of the key but one aspect is outside their control; while they had you locked up, time marched on. you were not 'at your desk' to refresh the clock or keygen and so the machine detected an abonormality. at that point, given this theoretical situation, you are now UNABLE to unlock the disk. you may WANT to, but its beyond your control. the machine that gives you the 2nd part is now out of sync and you 'cant fix it' since it may not be your own coding (again, lets say for agument sake).
has that been thought of or tried? a dead-man switch that needs to be kept alive or it won't give up ITS part of the password? its no longer YOU denying the cops, but some other system.
maybe a loophole? maybe someone can use this concept?
Bleh (Score:5, Insightful)
Oliver Drage, 19, of Liverpool, was arrested in May 2009 by police tackling child sexual exploitation.
Well, I guess that makes it okay, then. After all, we can't allow people accused of child sexual exploitation to be free, can we?
On a more serious note, this sucks.
Det Sgt Neil Fowler, of Lancashire police, said: "Drage was previously of good character so the immediate custodial sentence handed down by the judge in this case shows just how seriously the courts take this kind of offence.
"Computer systems are constantly advancing and the legislation used here was specifically brought in to deal with those who are using the internet to commit crime.
"It sends a robust message out to those intent on trying to mask their online criminal activities that they will be taken before the courts with the ultimate sanction, as in this case, being a custodial sentence."
I guess insisting on your privacy is taboo now. Even if you're a good kid, if you refuse to let the police into your private files just on principle, you're boned.
Miranda rights (Score:3, Interesting)
Re:Miranda rights (Score:5, Informative)
No this law was written as an ego trip by Jack Straw to prove his power. Among other things it reverses the onus of proof thus taking it outside fundamental principles of British (and US) law. It also goes further an limits the means by which you can prove your innocence, prescribing a few (probably impossible) ways. It also deprives the defendant of the right to a jury trial and gags the defendant from talking about the charge with anyone but his lawyer (and gags the lawyer).
In effect a corrupt government official can send you an encrypted email then demand that you provide the key... As you never had it you can never prove your innocence, so they can lock you up for years after a secret trial.
Add to this another set of laws formed by a radical feminist basically assuming any image of a female that you can't prove is of someone over the age of consent (16) is an image of a child (this includes cached images that may be advertisments that you never intended to view).
So the cops can trawl your computer until they find something you can't prove is legal and lock you up. If you take the precaution of encrypting your PC they can lock you up for that too.
We have now removed these politicians from power however the damage has been done. There are murmurs from some of the politicians about repealing some of the very dangerous laws that were brought in, however they are unlikely to repeal any of the technology based ones. There will be no pressure, the journalists over here consider it a point of pride to not understand technology.
Just give them something? (Score:3, Interesting)
Could he have given them a random password, and then act dumbfounded when it does not work?
Maybe even accuse them of breaking his system?
It is hard to prove that the header of an encrypted disk has not been corrrupted.
Would that work with the current law? Has anyone already tried it?
Re: (Score:3, Funny)
Could he have given them a random password, and then act dumbfounded when it does not work?
Maybe even accuse them of breaking his system?
It is hard to prove that the header of an encrypted disk has not been corrrupted.
Would that work with the current law? Has anyone already tried it?
I wonder if it works the other way around? When they take my un-encrypted system, I'll claim it is in fact encrypted, and all the apparent data on the disk is just random garbage that happens to look like a windows 7 file system full of furry midget porn. I'll provide them with the 'real' encryption key and they'll see that all I was keeping on the disk was random garbage data.
-Taylor
Re: (Score:3, Informative)
TrueCrypt [truecrypt.org] has something where you can set up an encrypted virtual disk that you first put some files you don't care about on there with a password you wouldn't mind divulging. Then you make another virtual drive on that one that will store the files and a password you do care about. When asked for your password, you give the one you don't care about and it only shows files you don't care about. Plausible deniability.
Re: (Score:3, Interesting)
Re:Just give them something? (Score:4, Insightful)
Anyone who enters a password to decrypt a disk they haven't already imaged belongs on a prime time cop tv show.
Re:Just give them something? (Score:5, Informative)
16 weeks is better than (Score:4, Insightful)
Can't photograph policemen on duty... (Score:5, Insightful)
Of course, the UK is not unique in much of this. But what makes these examples so sad for me is how the UK was the foundation for much of what one might consider Western freedom. It fought the good fight against totalitarianism (let's not Godwin this). I don't think those who struggled back then would consider all this to be what they were struggling *for*.
Will this constant erosion of freedom ever stop?
Re:What history books did you read? (Score:4, Interesting)
The UK has NEVER been a model for any "freedom" as we think of it here. Remember that whole revolutionary war thing? The one we had to fight TWICE just to be free of the King?
Fun times: after saving Europe from the tyranny from the Nazis, Britain went right back to their own tyranny in holding on to the dying embers of the British Empire. Churchill in fact bragged of shooting "savages" in places like South Africa (i.e., he shot black people) in his young days, before his government tortured Barack Obama's paternal grandfather in the 50's during Churchill's second stint as Prime Minister. Which makes it even more awesome when Obama pushes forward in the military trial of a 16 year old child soldier - who's confession was given under....wait for it....torture.
How did they find the length of the passphrase? (Score:4, Interesting)
I wonder how they found out that the length of the passphrase is 50 characters. Did he brag to the authorities? Was there some way of detecting the length of the passphrase when they looked at the encrypted key?
Re:How did they find the length of the passphrase? (Score:4, Insightful)
"Your Honor (or however they say it on that side of the pond), how can I possibly remember a 50 character long passphrase while under all this stress of unfounded charges?"
When he gets out, can they ask for it again? (Score:4, Interesting)
Trucrypt (Score:4, Informative)
The very best drive encryption out there (IMCO) is Tru-Crypt and is both open source and free.
For the truly security crazed, you can set up a hidden operating system that you use for only your most secure stuff and use a DIFFERENT but valid password to get at it. Use your regular password for day to day stuff and only log in with the really secure one to get into the alternate OS.
The whole purpose of that is so if someone has a gun to your head (or a court order, or a $5 pipe wrench) you can give them your perfectly valid password and they can access all your perfectly normal files --and never even know the alternate data is there (it can be hidden across thousands of normal looking data and executable files in the normal OS).
Seriously cool stuff.
In security, there are only two levels of paranoia. Absolute, and insufficient.
Participating in our own searches and seizures? (Score:4, Informative)
Re:right to not incriminate yourself? (Score:4, Informative)
You don't have the right to keep your safe locked if there's a warrant for it to be opened. You don't have a right to not provide your fingerprints or DNA if that evidence is appropriate to the case and a warrant is issued.
You have a right to refuse to testify. This only extends to your own testimony, not to everything about you.
Re:right to not incriminate yourself? (Score:5, Insightful)
They can cut the safe open, you can say you forgot the combination. Forgetting is legally great, Reagen forgot iran-contra and look how that turnout for him.
Re:right to not incriminate yourself? (Score:4, Funny)
He would have died eventually in any case though, I suspect.
Re:right to not incriminate yourself? (Score:5, Informative)
Or more recently, Alberto "I do not recall" Gonzales.
Re:right to not incriminate yourself? (Score:5, Interesting)
But if you've encrypted the hard drive of your main computer, and you have to enter a password every time you start it... a jury isn't necessarily going to believe that you've suddenly conveniently 'forgotten it'.
I'm going to have to go against the prevailing view on /. on this one. Of course you have a right to encrypt your files so that people can't snoop through without your permission. But I don't think it's a problem that the state can, with good reason, compel you to decrypt it. If the police get a search warrant, that overrides your normal right to refuse them entry to your house. What's wrong with something similar for computers? Or is this just rabid, unthinking anti-establishmentism I smell?
Re:right to not incriminate yourself? (Score:5, Interesting)
But if you've encrypted the hard drive of your main computer, and you have to enter a password every time you start it... a jury isn't necessarily going to believe that you've suddenly conveniently 'forgotten it'.
There are other ways to remember passwords other than committing them to memory. I seem to remember hearing about intelligence agencies teaching spies passwords based on muscle memory so that they couldn't be divulged under torture.
I'm a pianist and I've experimented with using passwords based on songs that I know by heart and it works great. My left hand is a bit sloppy, so I just use it on the shift key as if it was the sustain pedal. I had one password that was over 100 characters long and I had no problems entering it in. And even if someone knew the song, it's doubtful they could determine the password since it depends entirely on how I play the piece and which part of the piano key I use for each note. I suppose someone could figure it out by watching me play the piece, but I'm not even sure that would work and I could always play it slightly differently if I knew I was being watched.
If someone is a talented musician, I could see them plausibly telling a jury that they're unsure of the password because they enter it by playing a particularly difficult part of a song. Bonus difficulty points for telling them that the software is time sensitive and expects keys to be keyed in at the same rate as when the password was set.
Re:right to not incriminate yourself? (Score:4, Insightful)
ok sir, here is your keyboard, a copy of your hard drive and a mouse.
please 'play' your password at the prompt.
great way to generate a secure password, but I don't think it gets you around the requirement to give up your password when required to do so.
Re: (Score:3, Insightful)
You have the right to not provide the combination, which would result in them getting a safe cracking team in and adding that onto your legal fee's should you lose your case. You have the right to not provide your passwords, which will result in them getting a crypto team in to crack the password and adding THAT to your legal fee's WHEN you lose your case.
Re:right to not incriminate yourself? (Score:5, Insightful)
So only rich people have privacy?
Seems like that could be improved, why not just make being poor a crime?
Re:right to not incriminate yourself? (Score:5, Interesting)
Well, they can also say: -Tell us where the body is. If you don't tell us where the body is, we'll throw you into the slammer.
You'll tell me that it's not the same thing because if you didn't kill anybody you wouldn't know about the body's location and that if the kid is hiding child porn on his computer and is not 'telling where the body is', he must be guilty then.
But it is the same thing is there is no child porn on that computer just as well. If you don't have any child porn on your computer you are innocent of that crime, whether there is or there isn't a court order telling you to give up the password.
So now let's say there isn't child porn on that computer. The judge is still saying: -Show us the child porn on your computer.
If you refuse to show the child porn on your computer (and there is no child porn there) then throwing you in jail for not showing the files is equivalent to throwing your ass in jail for not providing whereabouts of a body of a person, when you have no idea about the body and you are innocent of any crime there.
Not showing them the child porn images on your computer by not providing the password, while being innocent and not having any images of child porn on your computer, and being thrown in jail for that? I say it's bullshit and a violation of your rights. You say on the contrary, that nobody has a right to refuse to help an investigation by providing some information.
--
OK, so you are throwing somebody in jail because they don't want to help you with investigation. Good path on the way of becoming a police state on one hand, on another hand it's an example of a police state in action.
Re:right to not incriminate yourself? (Score:5, Insightful)
Actually, everyone has it everywhere. What varies from place to place is whether the government recognizes the right and refrains from violating it. This is true of all human rights.
Re:right to not incriminate yourself? (Score:5, Informative)
Don't you have the right to remain silent, so as to not incriminate yourself? We have it here in the US.
No. That right was removed about 10 years ago.
Now, if you refuse to answer questions during your arrest and questioning, the prosecution are allowed to use that silence as circumstantial evidence against you.
Re:right to not incriminate yourself? (Score:4, Interesting)
At common law, and particularly following the passing of the Criminal Justice and Public Order Act 1994, adverse inferences may be drawn in certain circumstances where the accused:
* fails to mention any fact which he later relies upon and which in the circumstances at the time the accused could reasonably be expected to mention;
* fails to give evidence at trial or answer any question;
* fails to account on arrest for objects, substances or marks on his person, clothing or footwear, in his possession, or in the place where he is arrested; or
* fails to account on arrest for his presence at a place.
Re:right to not incriminate yourself? (Score:5, Interesting)
So what happens when you say:
"No,I do not understand. I will need my lawyer to explain this to me"
Re: (Score:3, Informative)
You have the right to remain silent, unless they want something from you, in which case silence is an additional crime you've just committed in full and flagrant view of a police officer
Re:right to not incriminate yourself? (Score:5, Insightful)
Re:right to not incriminate yourself? (Score:4, Funny)
Re:right to not incriminate yourself? (Score:5, Informative)
Short answer: No. Through some creative legal thinking producing your encryption password is now considered equal to handing over the key to your safe, not to compel information from your mind. It's bullshit but Britain takes 1984 as a role model, not a warning.
Re:Obligatory XKCD (Score:4, Funny)
i know this is slashdot, and we dont RTFS, but come on!
Re: (Score:3, Informative)
Most likely, you clicked on the "Post Anonymously" checkbox in the left corner of the submit box.
Re:What do they want? (Score:4, Insightful)
I can see how it's easy to miss, as it is the first sentence in TFA:
Re: (Score:3, Funny)
REMEMBER, in the intertubes, no one can hear you shout unless you use ALL CAPS.
REMEMBER, ALL CAPS.
GOT IT. THANKS.
Re: (Score:3, Funny)
My ears! The goggles do nothing!
Re: (Score:3, Funny)
please stop... since caps are larger, they will fill up the tubes faster.
Re: (Score:3, Insightful)
They haven't tried him on their other evidence.
When they do, they'll use his refusal to give up his password as evidence, added to whatever else they have.
He can get years anyway. But he may know he has hundreds of files on that computer and that each one can be counted as a single crime, so years in lieu of centuries may be his best defense.
Of course, if he's guilty, I don't much care what they do to him.
Re:perspective (Score:4, Insightful)
Re: (Score:3, Informative)
If it is 50 all lowercase letters, that gives you about 5.6*10^70 possible combinations. If you have a supercomputer that can do for example 2.8bn combinations per second (fastest example on this page http://www.elcomsoft.com/distributed_password_recovery.html [elcomsoft.com]), then it would take 6*10^53 years to go through them all. In other words 50 characters is a pretty secure password.
Add uppercase, numbers and all the symbols on my keyboard to the mix, and you have 3.6*10^99 combinations. You can work out how much
Re:I Agree With This Law (Score:5, Informative)
A.
...I don't see this a "self-incrimination" issue...
Your neighbor spits on your lawn.
This really pisses you off.
You make a detailed journal entry (which you keep encrypted) about how much you hate your neighbor and you want to shoot him.
Your neighbor gets shot.
You still want to show them your data?
B.
You arrive home and find your neighbor's wife's dog (who continually craps on your lawn) has been slaughtered and hung like a side of beef in your bathroom.
You call the cops even though you're an obvious suspect.
They ask you a few questions and want to examine some of your stuff, including your computer.
They find that your computer has been encrypted (not by you).
Will the law think it's likely that someone encrypted your computer, or will they think that you don't want to share the data?
Neither of these are even remotely likely, but that's what the law has to account for: the possible.
Re:I Agree With This Law (Score:5, Insightful)
How do you know the encrypted data is related to the case?
How do you know the encrypted data is not something that is, at least to the 19 year old suspect, even worse?
What if he's secretly gay, his entire family are raging homophobes, and he KNOWS beyond the shadow of doubt that revealing his encryption password will get him disowned?
If this was you, would YOU reveal the password?