Man facing rare refusal-to-unlock-encryption charge: Court date set A 20-year-old Brit will appear before magistrates in Maidstone, Kent, on 20 December charged with launching denial-of-service attacks on the websites of Kent Police and Oxford and Cambridge Universities. Lewys Martin, from Walmer near Dover in Kent, also faces charges of theft of personal data and failure to disclose passwords …
I think it would end badly for you. It's the balance of probabilities and how beleivable you are in court. Trying to be a smart arse in court will alienate you from the jury and a lair normally gets found out. "it must be corrupted officer" excuses if found to be untrue will be reflected in your sentence.
To think a highly skilled hacker/cracker whatever manages to infiltrate networks and launch DDOS attacks but then the file the police are trying to unlock is corrupted ! Any decent barrister will be able to show either malicous damage or wilful obstruction.
Anyway, I have several dead bodies locked in a safe in my home and there is absolutely NO WAY that I am going to incriminate myself by giving the police the combination. I have NOTHING to hide ;-)
This post has been deleted by its author
Having spoken to my local beat copper, you could probably just set the file attribute to hidden to confuse most. It's the clever ones you have to worry about, hence my encrypted files detailing the plans for the Death Star and world domination stored on lozenge shaped USB sticks carefully inserted in the rear of the local cat population....
Well mine has a sort of deadman's time lock. If I don't reset it once every 24 hours it zeroes all the drives, and then ejects the drives and they fall down through a T4 degausser to make sure the data is not recoverable.
Not go anything to hide though - just don't want those dodgy photo's of me ending up on the internet ;-)
> So *any* assemblage of random bytes can be assumed to be encrypted ?
That does seem to be the unqualified opinion.
The thing is, yer avrige copper assumes that any collection of random bytes )must_ be an encrypted file (probably because their forensic software tells them so, not due to any actual knowledge they possess). Further, they'll assume that you'd only encrypt something you wanted to hide, ergo that must be illegal, immoral or fattening.
What if every geek in the country spent a couple of minutes being subversive? If everyone sacrificed a partition of a few GB and went on record (e.g. with a youtube video) as dd'ing the contents of /dev/random into it? Once there was "proof" that blocks of random data were commonplace on peoples' disk, the suppository that it must be encrypted and it must be illegal fails.
My reading of S49(2)(d):
that it is not reasonably practicable for the person with the appropriate permission to obtain possession of the protected information in an intelligible form without the giving of a notice under this section,
So: he offer to decrypt files on demand - one at a time. When PC Plod refuses and demands the key he says ''see you in court'' - I suspect that a jury may side with him, he did offer.
See: http://www.legislation.gov.uk/ukpga/2000/23/section/49
This is an arms race and ordinary people are badly outgunned. It *is* possible for someone like me (who can write the code) to make it very challenging to recover encrypted material, but it is almost mystically difficult to even generate good encryption keys. With sufficient determination, organizations like the NSA will likely be able to breach any barrier ordinary people can put in place.
What we need are laws that not only allow people to keep their privacy intact, but laws that punish people relentlessly attacking our rights. The real criminal elements are people pushing legislation to allow things like state surveillance and criminalization of modest civil breaches. Additionally, we need to make it so that things like data obtained by coercion or trickery is inadmissible in court. Most of that type of stuff is what I would consider 'fruit of the poison tree' and regardless of what is found that way, it should not have any legal standing.
Some electronically stored material, about plans or other ideas represent basically computer aided thought. They are a way to increase your power to form ideas and remember them so you can build upon them later. No entity besides yourself has any inherent right to inspect your thoughts. You should be at liberty to construct whatever fantasy or narrative you please.
Things change. What is an amusing artistic break from the mundane today could become a serious crime in the future.
We do, in fact, have a large variety of common-law rights which would adequately protect us if the newer laws contradicting them were struck down. Or if existing laws still in place were enforced.
People here seem to feel that coercing decryption keys is wrong. That is likely because they understand the subject area more than average. Somehow, someone with more grace and wit than myself needs to help people understand issues like these.
"Some electronically stored material, about plans or other ideas represent basically computer aided thought. They are a way to increase your power to form ideas and remember them so you can build upon them later. No entity besides yourself has any inherent right to inspect your thoughts. You should be at liberty to construct whatever fantasy or narrative you please."
This has always been my argument, but then the further notion occurs that the only reason one's thoughts are sacrosanct is because nobody has yet invented the technology to read them. The day someone does, you can wave every last vestige of privacy goodbye. And that day may not be as far away as we'd like to believe.
There's is a sequence in one of Daniel Suarez' novels, either Daemon or its sequel Freedom, in which a man is being questioned by an AI while hooked up to an advanced fMRI. By showing him images and playing sounds, then reading which parts of his brain respond, the program is able to extract information by couching all questions in a form that only requires a Yes or No response. It shows him a Google Earth type map and narrows down his place of origin by sequentially zooming in on areas his brain responds to more strongly. For more complex information, such as his name, it simply shows sequential letters of the alphabet and selects each in turn as a positive response is recorded.
All of this seemed very cool, but comfortably far-fetched when the books were written just a couple of years ago. But recent breakthroughs like the case of Scott Routley (the culmination of earlier findings by the same doctor), while potentially offering fantastic news for vegetative patients and their families, should worry us greatly. When used with the subject's consent it's a miracle. But if a version that could coerce answers from the unwilling was developed it would be an Orwellian nightmare.
Personally I fear this sort of future technology at least as much as the autonomous weapons that everyone seems to be in such a flap over at the moment. Not least because I fear the "truth machine" could be with us long before the T-800s.
The lad DoS attacks a couple of university sites, okay, factually did he breach the network perimeter... Or was it just attacking publicly facing sites, like any other DoS attacker?
How could one know that this kid stole personal data, if he hasnt handed over, purely for example, the AES-256 crypto seeds enabling the operator to distinguish this from a government secret or his secret porno stash?
I find it shocking SIB publicly accepts that they're unable to decrypt such at this present time, probably not by technical limitation, but due to privacy law... I'm sure the exclusion of breaching ones privacy is conditional for certain acts of terrorism.
It could be funny, but an expensive joke, if the encrypted data was corrupted or had nothing of value! You'd have wasted your time!
Sounds like the kid needs therapy, if hes got that much stuff to hide... The avalanches - frontier psychiatry anyone?
He has been arrested and is subject to a court ordered search warrant. There is no expectation of privacy at this point. Refusing to hand over encryption keys, or any keys, in this circumstance is contempt of court and probably perverting the course of justice. The police don't care if you've got porn or if you've got some embarrassing financial situation or are having an affair, they are trying to investigate a (potential) crime.
Does the defendent have the right to be present, alongside legal or techical representation, during any investigation of the contents of a hard drive or other digital data? Can they ensure that only copies of any files or data related to the alleged offence are considered or copied?
Terror squad arrest over model rocket
In this country, not wanting to incriminate yourself is a sign of 'schizophrenia' ...
that for RIPA to be valid, the police have to go to a judge first. They are very reluctant to do this (under home office guidelines) and will try to bully a suspect into volunteering the keys.
If you are ever asked by the police to provide keys, refuse. Call their bluff. By it's very nature, we have no idea how many people they've blindsided, only the ones who forced them to go to court.
As another poster has said, RIPA has been deemed to trump privileged communications ... this is something the ECHR will eventually throw out.
> for RIPA to be valid, the police have to go to a judge first.
No they don't.
Schedule 2 shows who can issue a Section 49 notice. In many cases, this needs to be someone to whom a Judge has granted the right to issue notices - but most importantly, once such powers are granted, there is no further judicial oversight. People issuing notices by way of this route (Section 1 of Schedule 2) do not need to be Police Officers or any other authority figure (although in practice they probably will be).
Section 2 opens things up considerably for the Police - authorisation for a Section 49 notice can come from the Police Act 1997. No judicial oversight is required.
There's loads more in there - it explicitly allows for anyone authorised under Section 94 of the Police Act[1], for example. Have a read at your leisure. It's scary stuff.
Vic.
[1] This pretty much equates to "anyone"...
an encrypt / decrypt system with dual passwords - one to decrypt the data, and one that would show a normal decryption progress screen while secretly destroying the encrypted files (a nuclear option) ?
"I never used it to encrypt any files yet, yer honor. There was nothing to decrypt". Icon shows the nuclear option in use.
There are many ways around the encrypted password issue.
Decryption keys are often released using a password in the password table (certainly I understand that this is the method for LUKS).
You use a continuously changing password sequence that is generated from a password device that cycles through the same sequence in lock step with the machine.
When not using the machine, give the device to a 3rd party that is instructed to destroy the device if/when you are arrested.
You state that it is not possible to give the password/decryption key because the password device has been destroyed. There is never a single password that can be used twice to supply.
For the really paranoid, use a password device that obtains the password from a remote device by radio etc such that you never have the device in your possesion. So it can't be seized while you are using the machine.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2021
