Forgot your password?
typodupeerror
Encryption Security United Kingdom

UK Computing Student Jailed After Failing To Hand Over Crypto Keys 353

Posted by Soulskill
from the guilty-until-proven-guilty dept.
stephendavion sends news that Christopher Wilson, a 22-year-old computer science student, has been sent to jail for six months for refusing to hand over his computer encryption passwords. Wilson has been accused of "phoning in a fake warning of an impending cyber attack against Northumbria Police that was convincing enough for the force to temporarily suspend its site as a precaution once a small attack started." He's also accused of trolling on Facebook. Wilson only came to the attention of police in October 2012 after he allegedly emailed warnings about an online threat against one of the staff at Newcastle University. ... The threatening emails came from computer servers linked to Wilson. Police obtained a warrant on this basis and raided his home in Washington, where they seized various items of computer equipment. ... Investigators wanted to examine his encrypted computer but the passwords supplied by Wilson turned out to be incorrect. None of the 50 passwords he provided worked. Frustration with his lack of co-operation prompted police to obtained a order from a judge compelling him to turn over the correct passphrase last year. A judge ordered him to turn over these passwords on the grounds of national security but Wilson still failed to comply, earning him six months behind bars.
This discussion has been archived. No new comments can be posted.

UK Computing Student Jailed After Failing To Hand Over Crypto Keys

Comments Filter:
  • by Anonymous Coward on Wednesday July 09, 2014 @03:29PM (#47418183)

    Everything about this is a fiasco.

    • by sabri (584428) on Wednesday July 09, 2014 @05:03PM (#47419285)
  • Terror (Score:5, Funny)

    by SJHillman (1966756) on Wednesday July 09, 2014 @03:32PM (#47418197)

    "He's also accused of trolling on Facebook."

    If that doesn't spell out terrorist, I don't know what does.

  • by Anonymous Coward on Wednesday July 09, 2014 @03:33PM (#47418221)

    The passwords worked, they were just case sensitive and the police didn't realize they had Caps Lock on.

  • by gnu-sucks (561404) on Wednesday July 09, 2014 @03:34PM (#47418231) Journal

    I'm not saying this is likely, but what if he forgot the passphrase? This was two years ago after all.

    Who's to say if he has actually forgotten it or just doesn't want to supply it?

    (Haven't read the article of course, so maybe they covered this...)

    • by Justpin (2974855) on Wednesday July 09, 2014 @03:38PM (#47418287)
      Under similar UK laws, forgetting is a crime. For example in the UK if you get caught speeding by a speed camera, you have 30 days to tell the police who it was who was driving. Except there is no statute of limitations and speeding tickets can come through your door months after the event, though there is the frequently cited 2 week rule (Scotland has a statute of limitations). So if you genuinely forget then the registered keeper of the vehicle is usually given double the punishment of the speeding offence and sometimes the penalty for the speeding offence ontop. So a 3 points £100 fine becomes 9 points + £300 fine £90 tax (yes there is a tax on crime in the UK)
    • by camperdave (969942) on Wednesday July 09, 2014 @04:01PM (#47418613) Journal
      It doesn't matter. In the UK, you face jail time for not turning over passwords... even if you can prove you never had them. If the cops think that a photo has steganographically hidden data, you must produce the decryption key, or face jail time. If some anonymous so and so sends you a floppy disk, or USB stick, you must produce the decryption keys to any files on it.
    • by Aighearach (97333)

      The presumption is that where you valued the information enough to lock it in a safe and not write down the password, that you have a good enough memory that you anticipated being able to remember it. Where you didn't presume to remember it, you would write it down somewhere, or provide for some other means to access it.

      It isn't foolproof, you could eventually forget; but you could also "remember" after a few weeks in the can, too. Outside of brain damage or illness, you don't "forget" very much; even thing

      • by Justpin (2974855)
        I am notoriously bad at remembering passwords, my email accounts are filled with reset password reminders. I do remember my ebay one and my email account ones but websites that force me to make an account to buy stuff? something random gets typed in copied and pasted in the retype password box.
      • and then we can forget about your release date

      • by sjames (1099)

        Alas, a good sphincter clenching life event such as, for example, being aggressively interrogated, tossed into the clink, and then threatened with years of incarceration is a good recipe for forgetting things.

        People make up passwords they're sure they'll remember and then can't remember them the next day all the time.

        Quick, what did you have for breakfast on May 23rd 1998?

    • by Maltheus (248271)

      That would be my first assumption. Or what if you were using a key file, that you no longer have? I never really used PGP much, but I must have set it up a dozen times, with a different random password each time. And I certainly couldn't tell you what those passwords are now. It's barbaric to convict someone on this basis.

    • by freeze128 (544774) on Wednesday July 09, 2014 @04:18PM (#47418805)
      Valeris: "I do not remember."

      Spock: "A lie?"

      Valeris: "A choice."
  • by kharchenko (303729) on Wednesday July 09, 2014 @03:34PM (#47418233)

    I wish the penalties for trolling legislation would be at least half as severe ...

  • by meta-monkey (321000) on Wednesday July 09, 2014 @03:37PM (#47418273) Journal

    So now threatening to deface a police website is a matter of national security. Got it.

  • Ok, this is the UK and everything is admissible. So he's done unless there some EU Right (unlikely).

    But in the US -- mass lawless (warrentless) behaviour of the NSA & other govt agencies is such that any evidence from them should be considered "fruit of the poisoned vine". The agents willfully behave this way, apparently believing that prevention is more important the punishment (or that they can parallel (perjury) construct a conviction.

    They want it this way, so why not formalize it?

  • "He even suggested sending nasty messages on a condolence page set up for two female police officers shot dead in Manchester" this here will get you fucked up by the law. All the other stuff is just throwing whatever might stick at him in my opinion.

  • Seems to me if you want to stick to the strict letter of the law, just hand over your crypto key... so the police can decrypt your file... which is itself still encrypted with something else.

    Sorry, you asked for Key A, that's what you got, now you want another one? Call a lawyer and start again!

  • by jbmartin6 (1232050) on Wednesday July 09, 2014 @04:07PM (#47418699)

    None of the 50 passwords he provided worked

    I really want to meet the cop who said, after failure 35: "Hey come on guys let's ask one more time!"

  • by Maltheus (248271) on Wednesday July 09, 2014 @04:26PM (#47418899)

    I would love for gmail to give people the option of a random noise uuencoded .sig to be attached to each and every e-mail. Flood the world with random data and this issue goes away. No one would be able to say for sure what was encrypted or not. If done ubiquitously, it could bring all the STASI-like agencies to their knees.

The flow chart is a most thoroughly oversold piece of program documentation. -- Frederick Brooks, "The Mythical Man Month"

Working...