Forgot your password?
typodupeerror
Encryption

British Teen Jailed Over Encryption Password 1155

Posted by CmdrTaco
from the yeah-good-luck-with-that dept.
An anonymous reader writes "Oliver Drage, 19, of Liverpool has been convicted of 'failing to disclose an encryption key,' which is an offense under the Regulation of Investigatory Powers Act 2000 and as a result has been jailed for 16 weeks. Police seized his computer but could not get past the 50-character encrypted password that he refused to give up. And just to get it out of the way, obligatory XKCD."
This discussion has been archived. No new comments can be posted.

British Teen Jailed Over Encryption Password

Comments Filter:
  • by Xeleema (453073) on Tuesday October 05, 2010 @06:29PM (#33800794) Homepage Journal
    Pfft, Britan. Glad my ancestors were smart enough to split that dive and setup someplace safe for me to live....
    • by pipedwho (1174327) on Tuesday October 05, 2010 @06:43PM (#33800996)

      Where did they go? Sweden?

    • by amicusNYCL (1538833) on Tuesday October 05, 2010 @06:52PM (#33801118)

      Pfft, Britan. Glad my ancestors were smart enough

      If only they were smart enough to teach you how to spell "Britain".

  • by txoof (553270) on Tuesday October 05, 2010 @06:30PM (#33800800) Homepage

    But it's hard to remember all those special characters after they beat you with a wrench. Be sure to choose a password that's easy to remember under bludgeoning to limit the number of times they have to hit you in the head.

  • by BadAnalogyGuy (945258) <BadAnalogyGuy@gmail.com> on Tuesday October 05, 2010 @06:30PM (#33800806)

    I wonder what he is hiding.

    • by jcookeman (843136) on Tuesday October 05, 2010 @06:33PM (#33800830)
      That's the typical British response. The reason England is in the position it's in.
    • by Joe The Dragon (967727) on Tuesday October 05, 2010 @06:43PM (#33800998)

      downloaded music? games? movies? software?

    • by Yvan256 (722131) on Tuesday October 05, 2010 @06:58PM (#33801182) Homepage Journal

      His encryption password, obviously.

    • by Blue Stone (582566) on Tuesday October 05, 2010 @07:56PM (#33801860) Homepage Journal

      Theoretically it could be something as innoccuous as a photo of his 16 year old girfriend's boobs (not to mention all sorts of other stuff, like diaries, etc)

      The Labour party when it was in power and creating laws out its wazoo (including the RIP Act deployed here) made it an offence to have photos of persons under the age of 18 engaged in sexual acts. To put that in context, you can have a gangbang with a 16 year old (assuming that's her thing) and it's perfectly legal. But if you have a photo of the same girl with her boobs out, taken while you weren't there (!) or if you aren't in a government-sanctioned relationship, ie, long-term or stable (I shit you not) you're a dirty sex criminal.

      And that means your life could be destroyed: sex offender's register (probably just for 5 years for a photo of the boobs of a legal to fuck, but not photograph girl) and a bar on any career you might want or develop in all sorts of areas to do with children and 'vulnerable adults'. And maybe any chance of decent employment.

      Compared to any of that, even 16 months in prison, after which you at least get to rebuild your life, is probably a price well worth paying. Even for something as trivial as legal-to-touch teen boobs. Or a bit of manga. Or a sexualized stick-figure srawing that some prosecutor might say was 15.

      Maybe they think that bikini shot of that cute girl is over-sexualized, and she was only 17 when it was taken...

      Maybe it's just regular porn. Or you think so. But get this: you own one picture from a series, which you've never seen. That series of photos contains 'extreme pornography'. Even though your photo doesn't, you still may be guilty of an offence! And stuck on the sex offender's register.

      You'd have to be an idiot, assuming the most, er, innocent of porn collections to want to take that risk, hand over your password and place your entire life in the hands of the Criminal Prosecution Service.

  • Only 16 weeks? (Score:5, Interesting)

    by Freddybear (1805256) on Tuesday October 05, 2010 @06:34PM (#33800840)

    He's getting off easy. In the USA, the cops would get a court order and the judge could order him jailed for contempt of court until he gives up the password.

    • Re:Only 16 weeks? (Score:5, Insightful)

      by h4rr4r (612664) on Tuesday October 05, 2010 @06:40PM (#33800964)

      Which is why you never refuse. You simply forget it. It is not illegal to forget something 50 chars long, it could easily happen.

  • Bleh (Score:5, Insightful)

    by Chaonici (1913646) on Tuesday October 05, 2010 @06:34PM (#33800844)

    Oliver Drage, 19, of Liverpool, was arrested in May 2009 by police tackling child sexual exploitation.

    Well, I guess that makes it okay, then. After all, we can't allow people accused of child sexual exploitation to be free, can we?

    On a more serious note, this sucks.

    Det Sgt Neil Fowler, of Lancashire police, said: "Drage was previously of good character so the immediate custodial sentence handed down by the judge in this case shows just how seriously the courts take this kind of offence.

    "Computer systems are constantly advancing and the legislation used here was specifically brought in to deal with those who are using the internet to commit crime.

    "It sends a robust message out to those intent on trying to mask their online criminal activities that they will be taken before the courts with the ultimate sanction, as in this case, being a custodial sentence."

    I guess insisting on your privacy is taboo now. Even if you're a good kid, if you refuse to let the police into your private files just on principle, you're boned.

  • Miranda rights (Score:3, Interesting)

    by Dutchmaan (442553) on Tuesday October 05, 2010 @06:35PM (#33800886) Homepage
    I know It's the UK, but couldn't this be defended as the right to not self incriminate? IANAL, but I'm just throwing that out there.
    • Re:Miranda rights (Score:5, Informative)

      by Anonymous Coward on Tuesday October 05, 2010 @07:22PM (#33801504)

      No this law was written as an ego trip by Jack Straw to prove his power. Among other things it reverses the onus of proof thus taking it outside fundamental principles of British (and US) law. It also goes further an limits the means by which you can prove your innocence, prescribing a few (probably impossible) ways. It also deprives the defendant of the right to a jury trial and gags the defendant from talking about the charge with anyone but his lawyer (and gags the lawyer).

      In effect a corrupt government official can send you an encrypted email then demand that you provide the key... As you never had it you can never prove your innocence, so they can lock you up for years after a secret trial.

      Add to this another set of laws formed by a radical feminist basically assuming any image of a female that you can't prove is of someone over the age of consent (16) is an image of a child (this includes cached images that may be advertisments that you never intended to view).

      So the cops can trawl your computer until they find something you can't prove is legal and lock you up. If you take the precaution of encrypting your PC they can lock you up for that too.

      We have now removed these politicians from power however the damage has been done. There are murmurs from some of the politicians about repealing some of the very dangerous laws that were brought in, however they are unlikely to repeal any of the technology based ones. There will be no pressure, the journalists over here consider it a point of pride to not understand technology.

  • by Fëanáro (130986) on Tuesday October 05, 2010 @06:36PM (#33800898)

    Could he have given them a random password, and then act dumbfounded when it does not work?
    Maybe even accuse them of breaking his system?

    It is hard to prove that the header of an encrypted disk has not been corrrupted.

    Would that work with the current law? Has anyone already tried it?

    • Re: (Score:3, Funny)

      by Facegarden (967477)

      Could he have given them a random password, and then act dumbfounded when it does not work?
      Maybe even accuse them of breaking his system?

      It is hard to prove that the header of an encrypted disk has not been corrrupted.

      Would that work with the current law? Has anyone already tried it?

      I wonder if it works the other way around? When they take my un-encrypted system, I'll claim it is in fact encrypted, and all the apparent data on the disk is just random garbage that happens to look like a windows 7 file system full of furry midget porn. I'll provide them with the 'real' encryption key and they'll see that all I was keeping on the disk was random garbage data.
      -Taylor

    • Re: (Score:3, Informative)

      TrueCrypt [truecrypt.org] has something where you can set up an encrypted virtual disk that you first put some files you don't care about on there with a password you wouldn't mind divulging. Then you make another virtual drive on that one that will store the files and a password you do care about. When asked for your password, you give the one you don't care about and it only shows files you don't care about. Plausible deniability.

      • Re: (Score:3, Interesting)

        by AshtangiMan (684031)
        What would be really usefull for master criminals is having two passwords, one) the real password that gives you regular access, and two) the password you give the authorities which when entered essentially wipes the disk. Does anything out there do that?
  • by assemblerex (1275164) on Tuesday October 05, 2010 @06:43PM (#33801010)
    16 years
  • by ScientiaPotentiaEst (1635927) on Tuesday October 05, 2010 @06:51PM (#33801106)

    ... yet government cameras are everywhere, can't keep data private (nor, as I understand it - have a full right to remain silent), can't get DNA samples removed upon acquittal (despite EU court directive), proposals for Inland Revenue to take paychecks and forward to the wage earner what's left, proposal to tax graduates at a higher rate, etc., etc., etc.

    Of course, the UK is not unique in much of this. But what makes these examples so sad for me is how the UK was the foundation for much of what one might consider Western freedom. It fought the good fight against totalitarianism (let's not Godwin this). I don't think those who struggled back then would consider all this to be what they were struggling *for*.

    Will this constant erosion of freedom ever stop?

  • by joeflies (529536) on Tuesday October 05, 2010 @07:21PM (#33801486)

    I wonder how they found out that the length of the passphrase is 50 characters. Did he brag to the authorities? Was there some way of detecting the length of the passphrase when they looked at the encrypted key?

  • by TimFreeman (466789) <tim@fungible.com> on Tuesday October 05, 2010 @08:04PM (#33801936) Homepage
    So he's spending 16 weeks in jail. At the end of those 16 weeks, can they ask him for the password again and throw him in jail again if he does not divulge it?
  • Trucrypt (Score:4, Informative)

    by CFD339 (795926) <andrewpNO@SPAMthenorth.com> on Tuesday October 05, 2010 @08:42PM (#33802334) Homepage Journal

    The very best drive encryption out there (IMCO) is Tru-Crypt and is both open source and free.

    For the truly security crazed, you can set up a hidden operating system that you use for only your most secure stuff and use a DIFFERENT but valid password to get at it. Use your regular password for day to day stuff and only log in with the really secure one to get into the alternate OS.

    The whole purpose of that is so if someone has a gun to your head (or a court order, or a $5 pipe wrench) you can give them your perfectly valid password and they can access all your perfectly normal files --and never even know the alternate data is there (it can be hidden across thousands of normal looking data and executable files in the normal OS).

    Seriously cool stuff.

    In security, there are only two levels of paranoia. Absolute, and insufficient.

  • by mykos (1627575) on Tuesday October 05, 2010 @10:01PM (#33803076)
    So we're required to participate in search and seizure of our own property now? I thought it was the burden was on the police to gather all the evidence, but I guess I was wrong. Looks like the court can coerce you into locating evidence against yourself.

FORTRAN is a good example of a language which is easier to parse using ad hoc techniques. -- D. Gries [What's good about it? Ed.]

Working...