Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption Security Your Rights Online

First Use of RIPA to Demand Encryption Keys 645

kylehase writes "The Regulation of Investigatory Powers Act (RIPA) is being used for the first time to force an animal activist to reveal encryption keys for encrypted files she claims to have no knowledge of. According to the article, she could face up to two years if she doesn't comply."
This discussion has been archived. No new comments can be posted.

First Use of RIPA to Demand Encryption Keys

Comments Filter:
  • solution (Score:5, Informative)

    by User 956 ( 568564 ) on Thursday November 15, 2007 @12:27AM (#21359889) Homepage
    The Regulation of Investigatory Powers Act (RIPA) is being used for the first time to force an animal activist to reveal encryption keys for encrypted files she claims to have no knowledge of.

    That's why you use an encrypted file system with a duress key. In the event of coercion, you give them a key that *oops* results in the destruction of the data.
    • Re:solution (Score:5, Informative)

      by PhrostyMcByte ( 589271 ) <phrosty@gmail.com> on Thursday November 15, 2007 @12:36AM (#21359953) Homepage
      any forensic team with an ounce of competence will copy the original HDD and work off the copy, so that just won't work.
      • Re:solution (Score:5, Funny)

        by Anonymous Coward on Thursday November 15, 2007 @12:46AM (#21360005)
        that is, of course, assuming that the police forensics team has an ounce of competence.
      • Re: (Score:3, Interesting)

        by Soporific ( 595477 )
        Is there any way the key would simply just give different data and not destroy it? I realize the file size might not add up, but look at OJ.

        ~S
        • Re: (Score:3, Informative)

          by Anonymous Coward
          Yep, I'm pretty sure TrueCrypt (the only program I'm familiar with) does this.

          Just dump some plausibly-incriminating stuff on it (e.g. kinky porn, ABBA songs) and they'll never realise there was anything else there to look for.
          • Re:solution (Score:5, Funny)

            by Nazlfrag ( 1035012 ) on Thursday November 15, 2007 @01:14AM (#21360257) Journal
            Just blind them with goatse as the first file, they won't go near the rest.
            • Re: (Score:3, Insightful)

              by gweihir ( 88907 )
              Correct- TrueCrypt has support for hidden and public volumes, both of which can use entirely seperate keys/keyfiles.

              And again, this does only help against incompetent computer forensics people. Detectin the presence of such a hidden, encrypted volume is easy. Proving that it is encrypted and not cryptographically strong randomness is hard. But that applies to encrypted things that are not hidden as well and the attack here is not technological, but legal.

              Come to think of it, I have a few disks that I wiped
              • Re: (Score:3, Insightful)

                by CastrTroy ( 595695 )
                You don't have to prove you're innocent, they have to prove you are guilty. If the data is cryptographically random, they can't prover there's any data there. This works for the hidden truecrypt partition, as well as the random data you wrote over your hard drive with.
                • Re:solution (Score:5, Insightful)

                  by Sponge Bath ( 413667 ) on Thursday November 15, 2007 @09:36AM (#21363679)

                  You don't have to prove you're innocent, they have to prove you are guilty.

                  That kind of thinking is *so* pre 9-11.

                • Re: (Score:3, Insightful)

                  by cayenne8 ( 626475 )
                  Can truecrypt and these hidden partitions be used somehow to mask/hide you swap partitions, etc....I mean, it doesn't do any good to hide all your files with plausible denyability, and just let them look over your swap space for damaging evidence. Windows and MS applications are notorious for swapping stuff around isn't it?

                  How do you make sure nothing is left in the open, even residual info from application usage?

                  • Re: (Score:3, Informative)

                    by CastrTroy ( 595695 )
                    For Linux you can just encrypt your swap partition on start up. It creates a random key each time it boots up, so there's no way to recover the data, because the key is lost when you powerdown the machine. I'm not sure if you can create an encrypted swap file on windows. I don't think you can, but you can run without a swap file. Get 4 gigs of RAM, and you should be fine.
                    • Re: (Score:3, Funny)

                      by cayenne8 ( 626475 )
                      "For Linux you can just encrypt your swap partition on start up. It creates a random key each time it boots up, so there's no way to recover the data, because the key is lost when you powerdown the machine."

                      Do you have any links to articles or HOWTO's...on how to do this?

                    • Re:solution (Score:5, Informative)

                      by gweihir ( 88907 ) on Thursday November 15, 2007 @11:57PM (#21374809)
                      Very easy: Assume your swap is on /dev/sda2:

                          cryptsetup --key-file=/dev/random create c1 /dev/sda2
                          mkswap /dev/mapper/c1
                          swapon /dev/mapper/c1

                      This reads a cryptogtaphically very good key from /dev/random, that has a lot of true randomness in it in addition.
              • Re: (Score:3, Funny)

                by Thanshin ( 1188877 )

                I have a few disks that I wiped using cryptologically strong random data. There is no information on them, but I cannot prove that. In fact such a proof is fundamentally impossible in a very strong, mathematical sense.
                You should have used a cryptologically strong systematic oven. Then the absence of information would be possible to prove, and such a proof would be fundamentally obvious in a very strong physical sense.
              • Re:solution (Score:5, Insightful)

                by Kjella ( 173770 ) on Thursday November 15, 2007 @07:32AM (#21362267) Homepage
                I don't think you understand how a hidden container works, it's not the same as a hidden partition. A hidden container is contained within another container, and looks just like random data.

                During normal operation, you mount both the outer container and the hidden container using both the outer and hidden key. This enables truecrypt to see the hidden container and move around hidden data as you write to the outer container.

                When you are arrested, you provide the key to the outer container, but not to the hidden one. In this mode, it's as if the hidden container doesn't exist and can of course be overwritten. There's absolutely nothing to prove that the hidden container exists, as long as you have a plausible outer container and can say "Look, this is what I was trying to hide".
        • Re:solution (Score:4, Informative)

          by Bonker ( 243350 ) on Thursday November 15, 2007 @01:19AM (#21360293)
          Yeah. Truecrypt does this.

          http://www.truecrypt.org/hiddenvolume.php [truecrypt.org]

          Truecrypt is pretty nifty all around.
        • by Futurepower(R) ( 558542 ) on Thursday November 15, 2007 @01:30AM (#21360389) Homepage
          TrueCrypt [truecrypt.org] allows hidden volumes [truecrypt.org], indistinguishable from one volume. The file size is constant.

          TrueCrypt works very, very well. I use it with just one volume to protect passwords and other files.

          When you don't want to encrypt a volume, but just a file, Gnu Privacy Guard [gnupg.org] is best.
          • by Futurepower(R) ( 558542 ) on Thursday November 15, 2007 @01:57AM (#21360567) Homepage
            I forgot to say that TrueCrypt is open source and free, and, in my experience, perfectly reliable. There are Windows and Linux versions, and a Mac OS X version is planned.

            Don't forget to donate if you use TrueCrypt extensively.

            The present government corruption in both the U.S. and U.K. started when secret violence was authorized as a way of protecting oil investments of British and U.S. investors. Tending toward outlawing privacy is a way of continuing that corruption. Any government that can act in secret cannot be a democracy, because citizens cannot participate in things that are unknown to them.

            This is a good site to read about the corruption, and to contribute links: U.S. Government corruption TimeLines [cooperativeresearch.org]. Example: Complete 911 Timeline, 3895 events.
            • by Red Flayer ( 890720 ) on Thursday November 15, 2007 @07:49AM (#21362373) Journal

              The present government corruption in both the U.S. and U.K. started when secret violence was authorized as a way of protecting oil investments of British and U.S. investors.
              I'm a cynic, so that colors what I have to say... but I disagree.

              The present government corruption began as soon as our hairy forebears realized that people in positions of power would abuse those positions of power when given gifts. This can probably be traced back to the first time Ogg gave more meat to Oggette and her little Oglodytes simply because she was willing to grab her ankles for him.

              It's human nature to try to twist the political structure to one's own ends, and it's a failure of modern society that 'the people' don't insist upon fairer means of government.

              Any government that can act in secret cannot be a democracy, because citizens cannot participate in things that are unknown to them.
              Very good point. However, I'd add that far too many people are willing to let this happen -- how many people follow the order, "Pay no attention to the man behind the curtain!" without question?

              In addition to a secretive government being undemocratic, a population disinterested in the workings of government cannot produce a democratic government.
    • Re:solution (Score:5, Informative)

      by mlts ( 1038732 ) * on Thursday November 15, 2007 @12:47AM (#21360023)
      Having a known self destruct switch may cause a person to end up even worse trouble. This is a discussion that occurs periodically on a number of cryptography forums.

      Almost all police departments will image the drive, then present the person with the image to decrypt. If the image gets stung by a self destruct Trojan, then the police will know that its not a forgotten password, and then proceed to use rubber hose decryption to obtain the contents of the drive.
    • Better solution (Score:5, Interesting)

      by Whiney Mac Fanboy ( 963289 ) * <whineymacfanboy@gmail.com> on Thursday November 15, 2007 @12:49AM (#21360035) Homepage Journal
      A Better solution is plausible deniability [truecrypt.org].

      One password gives your uber-secret-plans-for-world-conquest, the other password gives a few hundred meg of soft porn (or whatever).

      That way, you appear to not be resisting their demands.
      • by drgonzo59 ( 747139 ) on Thursday November 15, 2007 @02:05AM (#21360603)
        Exactly!


        Encrypting your data and not hiding it is the same as getting a $100k super secure safe, locking your stuff in it, but leaving it in the middle of the living room. Any { law enforcement agency / criminal gang / anyone with more resources and more muscles that you } will just force you to give them the key. In other words, they see the super secure safe and automatically assume there must be at least $1M in there and then they force you to give them the key. The govt will cite all kinds of stupid idiotic laws, the criminals will start cutting of the fingers (yours or your loved ones').


        The solution is to use something like steganography and hide the data such that nobody even will suspect anything. The best secrets are the ones that are not even known to exist.


        If the adversary is convinced that you do have the data and knows the data type, then create a similar but fake data set to be substituted for the real one.

      • Re: (Score:3, Funny)

        by Jim Hall ( 2985 )

        One password gives your uber-secret-plans-for-world-conquest, the other password gives a few hundred meg of soft porn (or whatever).

        Do you have any example files ... you know, that work well for this? I'm only interested to keep my files safe. And for the articles. :-)

    • Re: (Score:3, Informative)

      by ucblockhead ( 63650 )
      That's a great way of getting charged with obstruction of justice.
  • Heh. (Score:5, Interesting)

    by Renraku ( 518261 ) on Thursday November 15, 2007 @12:28AM (#21359895) Homepage
    Acquire virus.

    Virus encrypts hard drive with unknown key.

    Virus forwards CP to authorities.

    Authorities bust you for having CP, for not revealing those encrypted files, AND for probably having more CP. Most likely will be averaged..say..15k is a picture..you have 200GB. The media will say that you were arrested with 100k+ pieces of child pornography.

    Five years later, turns out that it really was a virus. Sorry about that..here's your freedom again.
    • Re: (Score:3, Insightful)

      by Anonymous Coward
      >>Five years later, turns out that it really was a virus. Sorry about that..oops, you're already dead, shanked in a prison shower.

      fix'd

      Even felons are taught to hate supposed pedophiles. Registered as a sex offender but turns out you're innocent? Too late, pariah for life. Registered for public indecency for pissing in a bush? Not our fault the us has no public bathrooms.
    • Re: (Score:3, Insightful)

      by Kjella ( 173770 )
      Of course, there's no reason why you'd need an encrypted disk and missing keys to do any of that screwing over. Just distribute the CP and wipe itself, he'll be plenty fucked already.
  • by A Pancake ( 1147663 ) on Thursday November 15, 2007 @12:28AM (#21359905)
    The biggest problem I see with these kinds of "give it up or else" laws is how do you account for the situations when someone genuinely doesn't know the information you are seeking? Should someones ignorance be a jailable offense?
    • by mrbluze ( 1034940 ) on Thursday November 15, 2007 @12:34AM (#21359935) Journal
      Put her in a lead vest and throw her into the sea. If she drowns, it means she didn't have the keys, but if she swims, she's a wicked witch and deserves to be punished.
    • by hedwards ( 940851 ) on Thursday November 15, 2007 @12:43AM (#21359987)
      There are a number of problems with these sorts of laws. One is if the person lost the keyfile which is required to open the file, or if the encrypted volume got corrupted or if the keyfile became corrupt the file can't be decrypted without cracking it. There just isn't any good way of knowing for sure if the person gave a bad password or if there was a genuine problem with it.

      Two is that there isn't genuinely any way of knowing what has been encrypted, it could be evidence of wrong doing, or it could be just some sort of embarassing, but legal, porn.

      Three is that there is a tendency of these sorts of laws to end up sending innocent people to prison for not being able to reveal the information in a virus or malware encrypted file.

      It is a tough situation, increasingly people engaged in illicit activities are turning to encryption as a means of keeping evidence secret, and from a technical standpoint refusing to decrypt the information is obstruction of justice.
    • by Harmonious Botch ( 921977 ) * on Thursday November 15, 2007 @12:47AM (#21360013) Homepage Journal
      Torture a fish in front of her. She'll talk if she knows the answer.
  • by definate ( 876684 ) on Thursday November 15, 2007 @12:29AM (#21359911)
    Are you telling me, that I could output /dev/random to a file, place it on my friends hard drive, say it contains valuable information pertaining to a case and he could go to jail or be fined for not revealing the password/key?

    This gives me an idea!

    Either way, if you need to you can get around this with TrueCrypt by taking some precautions such as:

    1) Not naming it with the default extension (.tc)
    2) Put it somewhere inconspicuous and name it appropriately
    3) Making sure that it's a hidden encrypted volume
    4) Open it through TrueCrypt and don't save the history, or passwords, or as automount, or similar

    Shit, that was a typo, I meant to type FIRST POST!!!
  • huh (Score:5, Insightful)

    by Anonymous Coward on Thursday November 15, 2007 @12:31AM (#21359919)
    how can you be put in jail for not knowing something?
    • Re:huh (Score:5, Insightful)

      by zazzel ( 98233 ) on Thursday November 15, 2007 @03:37AM (#21361041)
      The best is: IF you know, and IF the encrypted material really IS incriminating, how does that NOT invoke your right to remain silent, as you as a defendant cannot be forced to give incriminating information?

      Or does this basic rule of justice not apply here, for some reason I (IANAL) cannot imagine?

      • Re:huh (Score:4, Insightful)

        by theCoder ( 23772 ) on Thursday November 15, 2007 @08:54AM (#21363099) Homepage Journal
        Since the case (and the RIP law) are in the UK, I'd imagine that our (the United States) Bill of Rights doesn't apply. You can draw your own conclusions as to whether that means the basic rule of justice applies.

        Every time I think that the US government has gone off the deep end, it seems like the UK government is several steps ahead showing how much worse it could get.
  • by GoatRavisher ( 779902 ) on Thursday November 15, 2007 @12:43AM (#21359981)

    Historically, the legal protection against self-incrimination is directly related to the question of torture for extracting information and confessions.[citation needed] The legal shift from widespread use of torture and forced confession dates to turmoil of the late 16th and early 17th centuries in England. Anyone refusing to take the oath ex-officio (confessions or swearing of innocence, usually before hearing any charges) was taken for guilty. Suspected Puritans were pressed to take the oath and then reveal names of other Puritans. Coercion and torture were commonly employed to compel "cooperation." Puritans, who were at the time fleeing to the New World, began a practice of refusing to cooperate with interrogations. In the most famous case, John Lilburne refused, in 1637, to take the oath. His case and his call for "freeborn rights" were rallying points for reforms against forced oaths, forced self-incrimination, and other kinds of coercion. Oliver Cromwell's revolution overturned the practice and incorporated protections, in response to a popular group of English citizens known as the Levellers. The Levellers presented The Humble Petition of Many Thousands to Parliament in 1647 with thirteen demands, of which, the right against self-incrimination (in criminal cases only), was listed at number three. These protections were brought to the American shores by Puritans, and were later incorporated into the United States Constitution through its Bill of Rights.
    http://en.wikipedia.org/wiki/Fifth_Amendment_to_the_United_States_Constitution [wikipedia.org]
  • FOOLPROOF SOLUTION (Score:4, Interesting)

    by Anonymous Coward on Thursday November 15, 2007 @12:44AM (#21359991)
    1) Generate a file with whatever you like in it (anything believable and non-incriminating). Make sure the file's lenght matches the encrypted file.
    2) Reverse-engineer a one-time pad using this file and the encrypted file.
    3) Supply the one-time pad to authorities with instructions on how to use it.

    Ta dah!
  • by Garridan ( 597129 ) on Thursday November 15, 2007 @12:47AM (#21360021)
    1) IANAL.
    2) I am not familiar with the details of this case.


    That said, I believe that there *is* a time and place where this sort of activity counts as reasonable search & seizure. Say the cops get a warrant to search your house, and you have a safe, and you say, "gee, officer, I have *no* idea how that safe got mounted behind that picture," nobody will believe you and you'll get subpoena'd for the combo. Encryption keys shouldn't be treated any differently from a combination to a safe. If there's a reasonable suspicion for evidence to be hidden somewhere, the cops have a duty to search it.
    • by tftp ( 111690 ) on Thursday November 15, 2007 @01:10AM (#21360223) Homepage
      The problem here is that the court has no proof that the information is in fact in possession of the accused. How would you like if you, or any other random person, are grabbed off the street and tortured (or jailed) until you correctly tell where Osama is hiding - which nobody knows, as it seems. Modern PCs have millions of files in them - some of your own, and some coming from random sources, like the Web, friends, guests - who knows. You can not be expected to know everything about every file, even if this is your computer - not any more than you can be held responsible for every minute scrap of paper on your property. If someone prints a PGP message on a piece of paper, makes an airplane out of it and sends it flying over your fence you probably shouldn't be jailed if you have no idea where is the key.
    • The difference is that with a physical object, all these things are pretty clear-cut: either there is a safe or there isn't, either it contains drugs or counterfeit money or it doesn't. And if you insist that you forgot the combo to the safe, no big deal, they will simply force it open, and that will settle the matter.

      With encryption, you can't even tell whether there is a safe there. I might well keep big files of random numbers on my machine, and just because a UK cop with a two digit IQ is incapable of
    • by arkhan_jg ( 618674 ) on Thursday November 15, 2007 @02:43AM (#21360809)
      The difference is, they didn't make a special law of 'failure to open a safe on demand' with up to 5 years in jail if they suspect the safe contains terrorist materials (2 years for everything else). "reasonable suspicion of evidence" is the important point; there's no such requirement under RIPA.

      There are already laws against perverting the course of justice and hiding or tampering with evidence. The difference is that they have to show some evidence that there's relevant evidence in the safe. If RIPA applied to safes, they'd just have to show you have a safe and won't open it. They only have to have a 'reasonable belief' that you can open it, and having it on your property, or on property in any way associated with you is enough to meet that criteria. That's sufficient to carry up to 5 years in jail, regardless of what's actually in the safe, or what they can demonstrate might be in the safe.

      The law is intended to allow them to put suspected terrorists and pedophiles in jail, even when they have no evidence they did anything illegal, and don't have the capability to brute force their encrypted files, and don't have sufficient grounds to charge them with something else. As we can see, once the british justice system get an 'anti-terrorism' power, it immediately becomes a tool to use against everyone.
  • by MobyDisk ( 75490 ) on Thursday November 15, 2007 @12:48AM (#21360031) Homepage
    Can't a court order someone to provide a physical key as part of a subpoena or a warrant? Why does law treat encryption keys differently?
  • New Act (Score:5, Funny)

    by Soporific ( 595477 ) on Thursday November 15, 2007 @12:50AM (#21360049)
    Why don't they just sign the "We'll Do Whatever The Fuck We Want Anytime We Want Act" and just get it over with already?

    ~S
  • by paulthomas ( 685756 ) on Thursday November 15, 2007 @12:58AM (#21360117) Journal
    If such a law were enacted in the US, we would be protected, ostensibly, by the 5th amendment to the Constitution. I say ostensibly because apparently the Constitution is "just a piece of paper" now, and we (some of us) have forgotten about the rule of law.

    So, this could happen here. Easily. We need to find some way to restore the rule of law here lest we become like that other large country just across the Bering Strait from us.

    Hmmm...
    • Re: (Score:3, Interesting)

      by Anonymous Coward
      The DOJ has taken the position that giving up your encryption keys is not testimony, so it isn't protected by the 5th amendment. The issue hasn't even been resolved for forcing people to hand over paper-based personal notes (cf the Packwood case).

      So, I wouldn't be so sure that the 5th amendment protects you.
  • this blows (Score:4, Insightful)

    by rice_burners_suck ( 243660 ) on Thursday November 15, 2007 @01:43AM (#21360471)
    This is an outrage. Here, we have a case where a person claims she does not know something, but the government is demanding of her to comply. But let's suppose, for a moment, that she is telling the truth and she has no knowledge of these encryption keys. How could she prove it? There is no way to prove a negative. It is impossible to prove that you DON'T have something; you can prove that you DO have it by producing it. There, you see, I have it. But if you don't have it, there's no way to prove it. They should let her go.
  • As a reminder (Score:3, Insightful)

    by pembo13 ( 770295 ) on Thursday November 15, 2007 @02:07AM (#21360615) Homepage
    It is all well and good to discuss technical ways to escape such requests. But we need to move _towards_ not needing to encrypt your important data and not towards better ways to do the encryption. Ie. I prefer not to have to encrypt that perfect encryption.
  • by niceone ( 992278 ) * on Thursday November 15, 2007 @02:13AM (#21360647) Journal
    You will find that it is not clear that RIPA is actually being used - in fact it probably is not:

    It's unclear if the woman was given an official Section 49 notice or simply "invited" to hand over the data voluntarily as part of a bluff by the authorities.

    Richard Clayton, a security researcher at Cambridge University and long-time contributor to UK security policy working groups, said that only the police are authorised to issue Section 49 notices. "What seems to have happened is that the CPS (who couldn't issue a notice anyway) have written asking the person to volunteer their key," he adds.

    "Should they refuse this polite request, they are being threatened with the subsequent issuing of a notice, which might or might not require the key to be produced (it might of course just require the putting into an intelligible form of the data)."

  • by Seraphim_72 ( 622457 ) on Thursday November 15, 2007 @08:28AM (#21362763)
    Them: Give us the key or else!
    You: Else what?
    Them: Else its 2 years in the pen.
    You: Eeek! Alright, but it is a very complicated key...
    Them: Give us the key!
    You: Alright alright, let me at my PC and I will open it.
    Them: This is a copy and we are watching.
    You: OK, first I need an internet connection.
    Them: OK, but don't try anything funny.
    You: OK, now I have to play BF2 for two weeks solid, then I got to level a Priest in WoW to 59 and as close to 60 as I can get, lets hope I don't go too far by accident, oh and I will be needing a copy of UT3 as soon as it comes out, and a copy of Crysis I need to work on both those too. But first I need to be in the right frame of mind, so a case of red bull, cheetos, and pizza from flown in hot from Chicago. Oh, and if Ms Sexy-with-a-badge over there isn't doing anything important I could use some *personal* help if you get my meaning. Now lets talk...er...decrypting video cards, I hear the new NVidia one is out and....
  • by jc42 ( 318812 ) on Thursday November 15, 2007 @10:23AM (#21364381) Homepage Journal
    With any new law, it's always useful to ask yourself "How could someone abuse this, and victimize innocent people?" In this case, it's quite easy.

    First, ask yourself whether you may have any files on your machine that you don't know about, or which you couldn't decrypt. For most people, the answer is quite simple: "Yes." For example, do you run a browser? That browser has a cache. That cache contains files in an assortment of formats. It's quite likely that you've never seen some of those files' contents (maybe just because you didn't scroll far enough down the page to see the content). And if presented with only the file without any context, you'd have no idea what app to use to display its content, or even whether you have such an app installed.

    On my web site, I have a demo of a bit of javascript that downloads files but doesn't display their contents. The intended use is to "preload" files used in the rest of the web site while you're looking at the main page, so that subsequent pages render faster. I also point out how this can be abused: My demo page downloads a file that is never used in subsequent pages. This "hidden" file can contain anything I like, from any web site. It could contain child porn, copyrighted MP3 music, a proprietary program that you haven't paid for - or an encrypted text for which you don't have a key.

    As far as I can tell, this law doesn't distinguish this situation. The contents of your browser's cache are on your disk. This will be "proof" to most judges and juries that you downloaded them. So by merely viewing my web page or any other that uses such javascript, you could be framed for possession of such files. What would be your defense?

    The obvious defense would be to try to convince the court that you could have been framed in this fashion. But even if you succeed at this, similar things could be done to you by any number of other means. Do you have anything installed that contains "auto-update" code? Note that most browsers now do this. Firefox asks you if you want an update installed, and it's probably trustworthy. But we recently learned that Microsoft software sometimes installs updates silently, even when you have turned auto-update off. An auto-update routine doesn't install its files in a labelled "cache" directory. Files can easily (and reasonably) be installed in any directory that you can write. So if anything at all on your machine has an auto-update feature, anyone who knows how to trigger it can install any files they like on your machine. And you could be prosecuted for failure to deliver the keys to decrypt these files that you didn't know about.

    Almost every government contains people whose job includes finding ways to frame perceived "enemies" when the top people want. They won't have that as their job description, of course, and usually they are really working for the top officials or for a political party. This sort of law makes their job really easy, especially now that we have widely-used software such as browsers with caches, auto-update packages, and other things that download files without always telling the user about it.

    To comply with this law, you had better be prepared to decode every file on your disks, including those that belong to any proprietary apps that you may have installed. If there's a single file anywhere on your disk that you can't convert to a human-readable form, you can be jailed for violating this law.

    It's always a good idea to ask yourself "How can this be abused?"

  • Im Confused... (Score:3, Informative)

    by l4m3z0r ( 799504 ) <kevin@NoSPAM.uberstyle.net> on Thursday November 15, 2007 @11:25AM (#21365405)
    How can this result in any problem for anyone since you could easily say: I can't give you the encryption key as that information would incriminate me. This is in fact why we have the 5th amendment(in the US anyway).
  • Bad Memory (Score:3, Interesting)

    by nurb432 ( 527695 ) on Thursday November 15, 2007 @12:58PM (#21367111) Homepage Journal
    So I'm going to be put in jail because i forgot my key due to all the emotional stress of being investigated?

A complex system that works is invariably found to have evolved from a simple system that works.

Working...