Clink! Terrorist jailed for refusing to tell police his encryption password A convicted terrorist will serve additional time in jail after he was found guilty of refusing to supply police with the password for a memory stick that they could not crack. Syed Farhan Hussain, 22, from Luton, was handed a four-month sentence at the Old Bailey on Tuesday after a jury took just 19 minutes to deliver the …
You'd think the lawyer would have bothered to contest that particular law ...
If it's Law then it's law and there is no point in contesting it in this court. What needs to be done is to have the law itself contested in the High Court.
But you will need only one guess to work out how that will turn out.
> have the law itself contested in the High Court
Your post reads as if you are used to living in a jurisdiction where the legislation is framed by a constitution, e.g. the United States of America? We in the UK do not. There is no analogue of a Federal Judge or Supreme Court declaring a law to be unconstitutional, for the good and sufficient reason that the United Kingdom does not have a constitution. We have a constitutional monarchy, sure, which means [1] that any bill that Parliament can persuade the Queen to sign becomes an Act, and the operative law, i.e. in this case the Regulation of Investigatory Powers Act. There is no mechanism to petition a court, crying "Not fair!".
In the US, RIPA would be declared incompatible with the Constitution as amended by the 5th Amendment. Not here.
[1] Gross oversimplification warning!
You're correct that we don't have a document called "The Constitution", but you aren't correct that we don't have a constitution. A constitution is simply that which constitutes a thing - and we have that in spades. We have the founding documents of the modern United Kingdom, the Parliamentary Bill of Rights and a few other bits and pieces of legislation and treaty, and accompanying that we have legal precedent as set by the courts over about a thousand years.
Together the form our constitution - they constitute the legal foundation of Parliament and grant its authority to govern by the will of the people.
Up until about seventy years ago it was common for people of a certain sort to discuss British constitutional issues. Knowledge of the constitution of our nation was taught widely and in rather great depth. Not any more. The lack of knowledge of our constitution allows the current governments to sweep away huge swathes of our ancient liberties without even bothering to convince us why, and people aren't able to properly protest because they've accepted the idea that we have no constitutional body of law defining the limits of Parliament's power, and outlining the source of that power.
On top of that: courts can and do overturn legislation all the time. Our legal system rests on the assumption that the courts have the authority to overturn legislation that is unjust, or goes against the rights of the people, or when a precedent exists to contradict the legislation in place. The courts used to limit the power of the legislature rather nicely by this mechanism.
Where do you think the Americans got the idea in the first place?
I wasn't aware we were in the 23rd Century.
As too where we got our ideas from, it was the result of abuses of justice and fairness even within the boundaries that existed at the time. Hence they are more protected under our unitary constitution. Part of the problem with the assembled bits and pieces in the UK is that it leaves more than sufficient room for word manglers to rework clear intentions.
Not that it has helped us all that much on this side of the pond. Here judges just ignore the plain meaning and substitute their prejudices when they see fit, then claim stare decisis when someone challenges their interpretation in subsequent cases.
The underlying problem on both sides of the pond is that neither of our governments are fit for purpose under any except a religious people. Absent essentially immovable rights granted from an all powerful, just and sovereign God its all just words on paper that are easily re-arranged by other clever men. And if that fails, they can always just shoot you.
I agree with you entirely that the UK isn't anarchic, but wished to point out to the OP that we hadn't got a written constitution which sets up a legal framework for assessing the constitutionality of laws, and your accurate observation of the "swathes of ancient liberties" being swept away rather makes my point, I think.
You wrote "On top of that: courts can and do overturn legislation all the time. Our legal system rests on the assumption that the courts have the authority to overturn legislation that is unjust", but I don't recognise that in our current systems. At the risk of being mocked for quoting from Wikipedia:
"Because of the doctrine of parliamentary sovereignty, the Supreme Court is much more limited in its powers of judicial review than the constitutional or supreme courts of some other countries. It cannot overturn any primary legislation made by Parliament."
Source: http://en.wikipedia.org/wiki/Supreme_Court_of_the_United_Kingdom
My understanding of the legal position is this:
Per Factortame, some acts are of constitutional significance. The European Communities Act is the one that case is about but it's far from being the only one. Such acts are special because they are not subject to implicit repeal. If a later act wants to contradict a constitutional act then it has to do so explicitly.
Subsequent acts like the Human Rights Act (which incorporates the European Convention on Human Rights) have adopted some of the logic of this line of thinking: all acts are to be interpreted compatibly with the HRA unless they state explicitly that they're incompatible. Were there no recognition of the idea of a set of elevated acts, such a provision would be void since there's an underlying rule that no parliament can dictate which laws a future parliament may make or unmake.
So if a barrister could find a suitably significant act then he or she could argue that the subsequent one is not to be applied literally as written. Similarly judges could try to finagle some sort of unintended meaning out of the literal words if they really put their minds to it.
But in England and Wales courts cannot strike down legislation in any broad sense. This is something the Americans explicitly did differently as a balance and measure to try better to ensure ongoing separation of powers. See e.g. the Lord Chief Justice prior to 2005 for an idea of how much the British system has ever been bothered about technical separation of powers. We like strong competing interests but have historically not generally been especially bothered about whether powers technically may flow from one body to another.
> So what happened to the whole "You don't have to say anything, but anything you do say will be taken down and used as evidence against you"?
It was heavily modified (and weakened, I guess) by the 1984 Police and Criminal Evidence Act. If you are now cautioned, it will (probably) take the form of words:
“You do not have to say anything. But it may harm your defence if you do not mention
when questioned something which you later rely on in Court. Anything you do say may
be given in evidence.”
Source: https://www.gov.uk/government/publications/pace-code-c-2008
Yeah, we're not doing that anymore in England and Wales. Dumb fuckwits thought "innocent until proven or assumed guilty" would give their judicial system better conviction rates, so they could claim they were being "tough on the causes of crime".
See http://en.wikipedia.org/wiki/Self-incrimination#English_.26_Welsh_law
I'm afraid it's like much of the CJS nowadays, it has abolsutely nothing to do with Justice anymore, it's about serving the interests of those who are members of it.
The other disgusting aspect of our law as it's developed over the last 20 years or so is the trick of turning a non-criminal act into a criminal one by creating a (potential) crime via an ASBO. I see the current Government have, unsurprisingly, some even more illiberal proposals in the pipeline.
Regardless of the morality or ethicity of the law, a barrister (as this is the UK) doesn't have any (strong) grounds to contest the law as it has been passed into law by both houses of parliament including a declaration from the home secretary stating that it complies with the human right act.
There's always the option of going to the European Courts of Justice to get them to declare that actually it doesn't comply with the human rights act but that will take more than 4 months and a convicted terrorist probably isn't the best poster child for that campaign
Regardless of the morality or ethicity of the law, a barrister (as this is the UK) doesn't have any (strong) grounds to contest the law
How about the English Bill of rights "excessive bail" and "cruel and unusual punishments" provisions. Locking someone up for refusing to hand over what amounts to a word, must surely class as excessive bail.
Generally in UK law the last bill passed takes precedence and implicitly amends the previous bill - the basic principle is that parliament can't be bound by decisions of past parliaments.
There's a couple of exceptions such as the Human Rights Act which explicitly has wording in that says it can't be implicitly amended instead parliament have to explicitly state that they are amending it in the later passed legislation (which they can do - although that may then be violating treaty obligations which could cause other political but not actually legal issues).
@Mole 13:11
Worse cases than that have won the blessing of the European Court.
But what a contempt for English law and England the terrorist showed. Could not remember his password, until suddenly he could. He would deserve to be jailed for contempt, even if the RIPA law did not exist. I hope we can throw him out one day.
It depends...
You can only be charged with contempt of court if a judge tells you to do something within his powers to command and you fail to obey.
He cannot command you to wear a pink miniskirt, for example.
Since there is a http://en.wikipedia.org/wiki/Right_to_silence_in_England_and_Wales, it is only the RIPA act that could give the court any teeth.
If you are a fan of Rumpole of the Bailey, you'll remember his waxing lyrical over the Golden Thread that ran through British justice. These were:
- The right to silence
- The presumption of innocence and the fact that the burden of proof rests with the prosecution
- The right not to be tried twice for the same offence.
Pillars of justice that had stood for centuries were removed in the space of about 10 years between 1994 and 2004 after terrorist attacks that killed, in this country, rather fewer than the number dying in road accidents in two weeks. Rumpole's Golden Thread is no more.
@ Richard Barnes
But those rules dont work against the current threats to our lives. We are now facing some of the worst terrorists you can possibly imagine, we used to call them the people. And of course to ensure every potential criminal can be identified we must remove the rights of the terrorists (formally known as the people) so we can identify which ones need arresting now or can be controlled under whatever government takes over.
This is a sick situation where the people have their protection stripped from them in the name of protecting them. And regardless of our faith in current governments (if we have it) is leaving us open to abuse by a future gov
There are a few changes in resource usage that could be more useful than switching effort from antiterrorism. For example we could make all those nasty drug things availanble from state-organised shops at a far lower price than the current criminal system delivers them, and put a lot of big criminals out of business while making a nice income for the state which could perhaps be used on helping people hooked on the really bad stuff, probably reducing a lot of small scale crime because addicts would not have to spend so much to servuice their habits, and completely eliminating the process of dealers persuading people to step up from comparatively harmless drogs to more harmful (and more expensive) ones. Or we could scrap nuclear armaments and use the savings either to produce some useful naval power and give the army some of the reources it needs instead of just cutting it back while throwing ever-growing commitments at it or, if defence is less important, to reduce the fiscal deficit.
But the chances of a British government adopting any sort of sensible policy on anti-terrorism, drugs, human rights, surveillance, immingration, defence, or taxation are even less than those of democracy replacing plutocracy in the USA; recent years of Labour government took us in the wrong direction on all those thigs, and the current mob have continued to push most of the same antidemocratic statist and syndicalist ideas.
@Bartholomew: I don't think you'll find that availability of weapons is what makes a terrorist. It's the perception of oppression, unjust treatment, prejudice, and so on, real or imagined, and a general impression that there is no legal way to change the situation which leads to acts of desperation on the part of those who want to change things.
Weapons provide the means for terrorists, but not the motivation
They seem to have been the worst bunglers anyone could possibly imagine.
The worst we could imagine having had a shot at Britain were the green and orange ****ers that Blair bought off by letting George Bush bugger us.
I can't think of a more badly managed episode since Blair introduced martial law into the UK. At least when the Irish bungled a threat and blew themselves up they did it by accident :) These monkeys couldn't peel a banana.
As for GCHQ not decoding that silly password...
His password was unlocked immediately and the police failed to inform him of the fact, thus adding to his incarceration. No doubt the secondary case brought against him after the sell by date for the password one lapsed was framed -as in framed; to suit the mentality of the imbecile.
after so many days unattended. Assuming that the GCHQs antics wouldn't count.
He should have kept his mouth shut. And he should have put the USB in a timelock device where it would blank itself after so many days unattended (assuming that GCHQ's antics wouldn't count) and blanked if mishandled in some way al la Cryptonomicon
In the world of terrorism and espionage are there no memory sticks that are designed to lose all their data when attacked?
Is that not irredemably inept?
It's about as inept as an Arab terrorist using dollar signs in his password. He should have used some non Latin characters. And burned the keyboard every time he used it. A foreign keyboard that required three or so keys to produce each character would be difficult to force, especially if it didn't exist. It might take a few seconds as opposed to instantaneous.
What we want in the free world is a password that is time dependent as well as having any imaginable character in it. Only the characters must be home made. How long do you think it would be before owning such a device would be deemed and act of terrorism?
Despite the fact that to be a terrorist means you have to be unimaginably stupid enough to use a blown password that is easily forced.
Ah well, it takes all sorts, الحمد الله.
The trick is to hide it down the back of a sofa and wipe it clean before dropping it there. But you must do all this before you are convicted and have a seemingly identical USB that is also password protected (but obviously doesn't contain evidence against you) and has a different password. A GIANT! fail for the fool.
But at least after reading all this, the others will know better. (Or not, as the case will be.)
Why the hell did he need a USB to tell him what he'd been up to?
And why was any reference to any crime clearly identifiable?
What an absolute mutt!
Why do we need draconian laws to deal with idiots like that?
".....his waxing lyrical over the Golden Thread that ran through British justice....." Yeah, well that are a lot of old laws that people used to wax lyrical over - like being able to beat your servant, employ children to clean chimneys and work down mines, or shoot Welshmen with a longbow if they enter Chester after midnight (oops! that one's still legal! http://news.bbc.co.uk/1/hi/wales/6204511.stm). Laws change and develop as the society we live in develops and faces new challenges.
".....The right to silence......" The Section 49 bit does not remove his right to silence, it merely allows him to be prosecuted for obstructing the Police investigation in a very narrow set of circumstances.
"....The presumption of innocence and the fact that the burden of proof rests with the prosecution....." He was already found guilty of the terrorism charges which meant the Police were free to insist he decrypted the drive in the interest of protecting others. The fact it turned out to be related to a different crime (fraud( is neither here nor there as these twits were trying to use the stolen credit card numbers to fund their terror plans.
"....The right not to be tried twice for the same offence...." Where does it say he was tried a second time for the same offence? First charge for terrorism, second for not answering a Section 49.
I think he has just cause for claiming the police withheld evidence. But I very much doubt he can prove it.
Maybe he can find a case where the experts that failed to crack the password managed to crack a similar one in times past?
Or can claim they must have already known it?
How much would it cost him to appeal?
It may still be on the books but it is illegal as it is superseded by the murder laws. That is how English law works, there is no great rule book and that is it, but instead a great big rule book and a shed load of case law. Most of these old laws that people claim still exist are like this (London cabs and bails of hay etc), sure they were never repealed but they have been superseded by newer laws that cover the area
English Law is all about the interpretation for example it is very hard to get someone convicted for stealing a car as to be classed as stealing you need to have stolen it with the aim of permanently depriving the rightful owner of their property. If you steal a car and joyride it, then dump it you have not permanently deprived them of it and therefore cannot be charged with theft. You can be charged with Taking Without Owners Consent (TWOC) which is why car thefts are charged as TWOC's and not theft.
"[...] terrorist attacks that killed, in this country, rather fewer than the number dying in road accidents in two weeks."
Yes, I know what you mean, and didn't Uncle Jo Stalin himself say that you cannot make omelettes without cracking eggs? So yes, fuck those who might die of terrorism, let 'em die with the words of a fictional character from a TV legal soap echoing in their ears, never mind all of the plots that were thwarted. I'm right with you; "let freedom ring".
"Pillars of justice that had stood for centuries were removed in the space of about 10 years between 1994 and 2004 after terrorist attacks that killed, in this country, rather fewer than the number dying in road accidents in two weeks."
And yet, we'd suffered far more deaths from domestic terrorism in the twenty years prior to the cited period, without our rights being so smartly whisked away.
It's the same as "failure to provide a breath test specimen", and I'm sure it's not coinicdence that the punishment happens to be the same as drink driving.
>>That's all this is really, a law that says "if you don't give us evidence against you, it means you are guilty".
Nope, the way the law is, is means "if you don't give us the means to easily gather evidence, it means you are guilty of not allowing us to easily gather evidence".
Personally, I suspect that they wanted to firstly convict him of something easily provable (not supplying the key) which gives them time to build a subsequent case around what they have already found, this buys them lots of time.
I struggle to see what is wrong with this law. This is just an extension of the law to take account of technology. Just as the court can issue a warrant to allow a search of premises for evidence, the same applies to encrypted information.
In any event, in this case, I definitely can’t see what is wrong the defendant has already been convicted of terrorism offences.
"I struggle to see what is wrong with this law. This is just an extension of the law to take account of technology. Just as the court can issue a warrant to allow a search of premises for evidence, the same applies to encrypted information."
<snip>
Yes a court can issue a warrant. In this case we are obliged without any warrant and at the whim of an officer to allow access to private data. I would have no problems if due process took place and I was then legally obliged to supply a key or password. At the moment a bloke in a pub with a warrant card can do it.
A section 49 request, which may then lead to prosecution under section 53 has to authorised in the same way as a search warrant.
No, that's not true.
A search warrant has to be authorised by a magistrate.
A Section 49 notice may be issued by a number of people detailed in Schedule 2; each must have been granted permission to grant Section 49 notices by a member of the judiciary, but each individual notice does not require judicial oversight.
IMO, this is way, way too lax...
Vic.
A Section 49 notice may be issued by a number of people detailed in Schedule 2; each must have been granted permission to grant Section 49 notices by a member of the judiciary, but each individual notice does not require judicial oversight.
IMO, this is way, way too lax...
That isn't the way I read the law ......
Schedule 2 (1)Subject to the following provisions of this Schedule, a person has the appropriate permission in relation to any protected information if, and only if, written permission for the giving of section 49 notices in relation to that information has been granted —
(a)in England and Wales, by a Circuit judge [or a District Judge (Magistrates' Courts)
(b)in Scotland, by a sheriff; or
(c)in Northern Ireland, by a county court judge.
I would read this as a permission is given for a specific instance of a section 49 notice by variety of magistrates .......very much analogous to a search warrant.
> > A section 49 request, which may then lead to prosecution under section 53 has to authorised in the same way as a search warrant.
> >
> No, that's not true.
>
> A search warrant has to be authorised by a magistrate.
No, it doesn't. In England and Wales a police inspector (or any higher rank constable) can authorise a search in some circumstances (for example to find evidence which is at risk of being destroyed if the search is delayed), so not all searches require a warrant authorised by a magstrate (and this power is easily abused - - for example it's been know for the authorisatio to have been issued after the search took place because the inspector wasn't available fast enough; but I'm not sure whether the inspector's authorisation is even required by law, as opposed to by policy or regulation or guidance promulgated by ACPO or some such body). Certainly any police constable can conduct an unwarranted search of your car or your person without even authorisation from an inspector or higher oficer if he has "reasonable grounds for suspicion" that he will find items of certain tyoes, and if a serious violent incident has taken place he/she doesn't even have to have reasonable grounds.
Of course it is completely different in Scotland - a vehicle or premises can't be searched without authorisation by a sheriff - although that may have changed in the last 21 months, I'm not up to date. (stratchclyde police were agitating for power to search without authorisation at the Aviemore SPF conference in 2012).
In England and Wales a police inspector (or any higher rank constable) can authorise a search in some circumstances (for example to find evidence which is at risk of being destroyed if the search is delayed)
A magistrate is still required to authorise the warrant - but that authorisation may be retrospective.
I'm not sure what happens should the magistrate refuse to authorise said warrant - I'd have to look it up. I doubt it happens.
Vic.
> At the moment a bloke in a pub with a warrant card can [authorise a section 49 notice to reveal a password].
AFAICT (and IANAL) in this context the section 49 notice would require authorisation under the Police Act 1977 part 3 which means a police commissioner or chief constable (or deputies) so not quite as open to abuse as you suggest though far from judicial oversight (which is available as an alternative authorisation for a section 49 notice)
"AFAICT (and IANAL) in this context the section 49 notice would require authorisation under the Police Act 1977 part 3 which means a police commissioner or chief constable (or deputies) so not quite as open to abuse as you suggest though far from judicial oversight (which is available as an alternative authorisation for a section 49 notice)"
The person who ordered me to give up my password did it so at the moment he discovered the hard drive and no judge or other appointed person was consulted. I was informed of act and section and told I had to comply. This was however at an airport and different laws apply once security has been passed or prior to egress beyond security.
When I gave him the password to the hardware encryption side of things I did so in the knowledge that the PGP'd data was all that was on there. This example of the her majesty's finest was very miffed when I gave him the password and damn near apoplectic when I started calling him a lid ;)
> "AFAICT (and IANAL) in this context the section 49 notice would require authorisation under the Police Act 1977 part 3 which means a police commissioner or chief constable (or deputies) so not quite as open to abuse as you suggest though far from judicial oversight (which is available as an alternative authorisation for a section 49 notice)"
Judicial authorisation is (or was in the 2000 act) only available when the material for which plain text or a key is required was obtained through an action undertaken with judicial authorisation. The Chief or Assistant rule only applies when the material was obtained under section 3 of the police act 1997 (which I imagine is the act you intended to reference), which also has a or section 44 of the terrorism act 2000. As a decryption key was needed in this case, the ability to deputise to lower levels would not apply (if provision of the plain text had been acceptable, someone could do it with delegated authority - and chiefs can designate a rank any of whose holders count as delegated in the event that the main authorities are unavailable; in the police that rank could be as low as superintendant, and usually was superintendant back in the days when the original code of practise was in force - but I imagine that it has changed a bit in the last 13 years.
You should hope that one day the police don't raid your house and find a 10 year old USB drive with an old truecrypt test container on it for which you can't remember the password.
If this ever happens you will go to prison with all the other 'terrorists'.
"You should hope that one day the police don't raid your house and find a 10 year old USB drive with an old truecrypt test container on it for which you can't remember the password.
If this ever happens you will go to prison with all the other 'terrorists'."
The "You should hope it never happens to you" is a typical response to someone who supports this kind of law. Wrong. BongoJoe simply stated why the guy was done; he didn't state support for it and it seems quite clear to me he doesn't.
You should hope that one day the police don't raid your house and find a 10 year old USB drive with an old truecrypt test container on it for which you can't remember the password.
If this ever happens you will go to prison with all the other 'terrorists'.
Only if the cops suspect you are concealing credible plans about mass murder etc. Simply having a TC container is not evidence of this.
Actually no, the equivalent would be, "you must tell us where you hid the evidence." What this lets them do is to jail you whether they have evidence or not, simply because you refused to tell them where you hid the evidence, but more importantly, it lets them jail you whether or not any evidence actually exists. This not only saves them the bother of finding evidence, it also saves them the bother of finding criminals, since everybody can be presumed guilty simply by asking the question.
What is wrong with this law is that if you happen to have an encrypted file which you genuinely can't remember or never knew the password of, you can be sent to jail. This is completely against the presumption of innocence.
The reason why you should see something wrong with this is that YOU have a number of files where that is the case on your computer right now.
I've got lots of files on all my computers that are NOT encrypted but are pure binary and for which I potentially have no idea what program other than a hex editor can read them. Some of them might be ( they are not BTW ) encrypted files that have been obfuscated by various means and would just look like pure binary until de-obfuscated.
Much of the scientific software I use generates (HUGE) pure text files as output but some does indeed generate (HUGE) binary files without any headers to indicate what they are if the filename is changed.
It has been possible to deliberately erase memories for some time. See for example
http://www.wired.com/magazine/2012/02/ff_forgettingpill/
excerpt:
If new proteins couldn’t be created during the act of remembering, then the original memory ceased to exist. The erasure was also exceedingly specific. The rats could still learn new associations, and they remained scared of other sounds associated with a shock but that hadn’t been played during the protein block. They forgot only what they’d been forced to remember while under the influence of the protein inhibitor.
"What is wrong with this law is that if you happen to have an encrypted file which you genuinely can't remember or never knew the password of, you can be sent to jail....." IF you are arrested in conjunction with a very narrow list of crimes, so Joe Public losing his password has nothing to fear. Just paedophiles, drug dealers, people smugglers and terrorists. Oh, and sheeple.
Taking what you said into account what if you said you forgot the key? Then it cant count as you stopping the gathering of evidence? If you dont know it you dont know it. Same as if you don't remember what someone looked like at the scene of a crime. Its impossible to prove you don't know the key.
Legal is easy, you pass a law saying so, provided you don't have some higher framework law that prohibits said law. Fairness is a whole other issue.
That being said, even in places where you have those protections prior to conviction, once you've been convicted you tend to lose most of those rights. In the US which does have a higher thresholds against a number of these invasions, a paroled prisoner is subject to search by any law enforcement officer without the requirement that a warrant by issued. Similarly free movement is also restricted as is free association (hangout with other previously convicted felons will earn you a quick trip back to the pen).
Given the terror conviction, it seems reasonable that he lost the right to protect the data on the drive.
"I still don't get how it can be legal to try and force someone to talk. That's all this is really, a law that says if you don't give us evidence against you, it means you are guilty'."
There is a "right to silence" in some jurisdictions, and the "right to refuse to answer questions" in others but the right to refuse to give testimony against oneself extends only to oral testimony.
He may not be compelled to give testimony against himself but a refusal to give the password is obstruction of justice, obstruction of a police investigation, and concealment of evidence; the right to silence does not shield one from sanctions in such cases. (I don't know that these are specific charges in the UK but that's the underlying intent.) The password he was required to give is, in itself, not evidence against himself, even though that password unlocked a device that did contain evidence against him. Additionally, as he had already been convicted of a serious crime, there was probable cause to think that the USB stick held information bearing on the crime and its attendant circumstances and therefore the police and investigating authorities have a right to demand access.
As he had already been convicted of a crime, the right not to incriminate oneself becomes moot: as he is no longer capable of incriminating himself as he has been found guilty. Moreover, concealing facts and "refusing to talk" after conviction is still (as ever) frowned upon to the extent that longer sentences can be imposed by the court, or parole denied later on.
It is possible that the possession of the password becomes evidence against him after he gives it up and the device is thereupon found to contain evidence but again, concealment of evidence is taken more seriously and the right to silence does not protect the concealer.
(Somewhat analogous are court decisions in the US stating that income must be declared even if the result of criminality and a failure to declare such income renders one liable for imprisonment for income tax evasion. The specific objection that being compelled to declare income from criminal activity is self-incriminatory has been specifically rejected, see http://evans-legal.com/dan/tpfaq.html#5th although tax cases are generally civil cases.)
Your entire argument is a disaster.
"The password he was required to give is, in itself, not evidence against himself"
First of all, what if his password was "I_confess_to_the_crimes_of_xyz"? Wouldn't the requirement for him to give up his password be in direct conflict with his right not to incriminate himself? Please don't say "Well, he would be stupid to do that" because fundamental rights belong to everyone, not just the intelligent.
Secondly, other than name, date of birth, and address, ANY AND ALL information that you give to the police is potentially incriminating. The police can demand to know what your favorite color is, and you are STILL protected from having to tell them this. That's because police can, and do, twist anything you say to make you appear as guilty as possible.
That is why nobody can ever be "required" to give "innocent" information to the police.
"Additionally, as he had already been convicted of a serious crime, there was probable cause "
No. Wrong. A criminal record NEVER constitutes probable cause. If it did, the police would be entitled to search his car, search his home, etc etc, every day for the rest of his life.
"As he had already been convicted of a crime, the right not to incriminate oneself becomes moot: as he is no longer capable of incriminating himself as he has been found guilty. "
It pains me to have to explain how wrong you are on this. NO, A CRIMINAL RECORD DOES NOT REVOKE YOUR RIGHT NOT TO INCRIMINATE YOURSELF IN FUTURE CRIMES. THAT I NEED TO EXPLAIN THIS TO YOU IS DEEPLY DISTURBING.
"but again, concealment of evidence is taken more seriously and the right to silence does not protect the concealer."
You are just 100 percent dead wrong. Nobody on this planet is legally required to provide evidence that might be used against them. This is so basic it almost gives me a headache.
"(Somewhat analogous are court decisions in the US stating that income must be declared even if the result of criminality and a failure to declare such income renders one liable for imprisonment for income tax evasion."
And there's a very good argument to be made, a slam-dunk case even, that the laws in the tax code are unconstitutional. The only reason the IRS can get away with this is because filing an income tax return is officially declared a voluntary act, not compulsory. However, the law states that you MUST volunteer to submit your 100% completely non-compulsory income tax return. If you fail to volunteer, you're guilty of tax evasion.
Pointing to the Internal Revenue Service as a role model of legality is ridiculous.
"'The password he was required to give is, in itself, not evidence against himself'
First of all, what if his password was "I_confess_to_the_crimes_of_xyz"? Wouldn't the requirement for him to give up his password be in direct conflict with his right not to incriminate himself? Please don't say "Well, he would be stupid to do that" because fundamental rights belong to everyone, not just the intelligent.
Secondly, other than name, date of birth, and address, ANY AND ALL information that you give to the police is potentially incriminating. The police can demand to know what your favorite color is, and you are STILL protected from having to tell them this. That's because police can, and do, twist anything you say to make you appear as guilty as possible.That is why nobody can ever be "required" to give "innocent" information to the police."
We are talking about a person who was ordered by a court to divulge a password. It doesn't matter what the password is. If the court feels that there is sufficient reason to discover the contents of the USB stick, they permitted by law to order the (in this case) convicted defendant to do so. This is not the same as the police, on their own, asking or requiring him to do so; what information one is and is not required to give to the police is not at issue here: we are discussing court orders.
"Additionally, as he had already been convicted of a serious crime, there was probable cause "
No. Wrong. A criminal record NEVER constitutes probable cause. If it did, the police would be entitled to search his car, search his home, etc etc, every day for the rest of his life.
The USB stick was found during the course of the original investigation. There was every reason to think that the encrypted USB stick held evidence germane to the investigation - and that's what a judge decided, as per his prerogative by law. (Bear in mind that the investigating authority has the right - and the duty - to investigate all other crimes uncovered by the original investigation.) However, while his conviction might serve as a probable cause to order the decryption of the USB drive, it does not necessarily serve as probable cause for everything that any law enforcement agency might ever want to do. So your objection has nothing to do with the case at hand. (As for the right to search a someone's premises in the future because of a criminal conviction, I am pretty sure that parole officers have the authority a part of their duty to supervise parolees to search (or at least inspect) the parolee's living quarters. I'm not really sure though. It is possible that they have to agree to this as a condition of being paroled.)
"As he had already been convicted of a crime, the right not to incriminate oneself becomes moot: as he is no longer capable of incriminating himself as he has been found guilty. "
It pains me to have to explain how wrong you are on this. NO, A CRIMINAL RECORD DOES NOT REVOKE YOUR RIGHT NOT TO INCRIMINATE YOURSELF IN FUTURE CRIMES. THAT I NEED TO EXPLAIN THIS TO YOU IS DEEPLY DISTURBING.
A person's testimony can not incriminate them for a crime after they have been convicted of that crime. Nor can he refuse to hand over evidence because of danger of incriminating himself in future crimes - the right against self-incrimination applies only to testimony and does not extend to concealing any other kind of evidence. And that is the issue here: the usb key and its contents are not testimony; they are evidence.
"but again, concealment of evidence is taken more seriously and the right to silence does not protect the concealer."
You are just 100 percent dead wrong. Nobody on this planet is legally required to provide evidence that might be used against them. This is so basic it almost gives me a headache.
Well this guy we're discussing was required to do so. So it's not easy to know where you get the idea that he (or other people in other jurisdictions) can't be required to do so. And see that page I cited above, http://en.wikipedia.org/wiki/Key_disclosure_law where you can learn that there are many jurisdictions where a defendant or person of interest can be compelled to surrender encryption keys (or other kinds of evidence. You do know, I hope, that, for example, concealing evidence, destroying evidence, contaminating evidence, altering evidence, refusing to produce evidence when ordered to do so, and whatever else, is the basis of charges such a perverting the course of justice, impeding an official investigation, contempt of court, and so forth.)
Although you did not feel like citing it, I said that there is a right to silence and a right to refuse to talk - neither of which is absolute, by the way. What you need to is show that the right against self-incrimination extends to refusing to provide evidence when ordered to do so by a judge, and that you are allowed to do anything other than remain silent. What you have failed to grasp is that, while all testimony is evidence, not all evidence is testimony.
And there's a very good argument to be made, a slam-dunk case even, that the laws in the tax code are unconstitutional. The only reason the IRS can get away with this is because filing an income tax return is officially declared a voluntary act, not compulsory. However, the law states that you MUST volunteer to submit your 100% completely non-compulsory income tax return. If you fail to volunteer, you're guilty of tax evasion.
Pointing to the Internal Revenue Service as a role model of legality is ridiculous.
Why? Because it's inconvenient for you? Or because your lack of knowledge of the way the law works made you susceptible to all that tax-protestor rhetoric?
The page I cited in the last section of my post is http://evans-legal.com/dan/tpfaq.html#5th and it consists almost solely of legal cases and court decisions. And they cover your misconception that income tax is somehow voluntary. We have "voluntary assessment" as opposed to "distraint". It has nothing to do with the income tax being voluntary.
Here's what Wikipedia has to say on http://en.wikipedia.org/wiki/Tax_protester_statutory_arguments#The_.22income_taxes_are_voluntary.22_argument : The quoted language from Flora refers to the Federal income tax: "Our system of taxation is based upon voluntary assessment and payment, not upon distraint." The key words are "voluntary" and "distraint." Like many legal terms, "voluntary" has more than one legal meaning. In the context of the quoted sentence, the income tax is voluntary in that the person bearing the economic burden of the tax is the one required to compute (assess) the amount of tax and file the related tax return. In this sense, a state sales tax is not a voluntary tax - i.e., the purchaser of the product does not compute the tax or file the related tax return. The store at which he or she bought the product computes the sales tax, charges the customer, collects the tax from him at the time of sale, prepares and files a monthly or quarterly sales tax return and remits the money to the taxing authority.
The real problem here is that you don't understand what the "right against self-incrimination" is, or what its limitations are.
And here is the real difference between your post and mine. This guy (and others too, in various jurisdictions around the world) was ordered to give up his key, he refused, and was tried, convicted, and sentenced for it. A person reading my post will have some understanding of why that happened. A person reading your post won't have a clue.
You claim "he refused"; the story says "he was unable to remember the password". Perhaps the court had a good reason not to believe that, but I'd like to know what that reason is. I have loads of encrypted data for which I no longer have the password. Would a court believe me? (Perhaps it would; I'm white!)
Wow talk about desperate attempts to go for a straw man. No, no, no, and no. A password is just a password not a confession.
other than name, date of birth, and address
You seem to be suffering from some perverted combination of POW and law frameworks. The rules don't work that way. The place where thugs usually fall down is that once you speak on any of it, you are required to be truthful and answer all subsequent inquiries. You may be able to temporarily suspend an investigation by pleading the 5th, but once on the stand it's the 5th or everything.
A criminal record NEVER constitutes probable cause.
No, you're the one who has this wrong. Once convicted the police, the prison warden, even the guard can search [your] car, search []your] home, etc etc, every day for the rest of [the term of your conviction].
No, you are the one who is wrong. Once you have been convicted you lose almost all civil protection until the term of your conviction is expired.
Nobody on this planet is legally required to provide evidence...
No, YOU are dead wrong. You are not required to testify against yourself. You can be compelled to produce evidence. That's the whole point of a search warrant: it forces you to produce evidence against yourself. This is so basic it actually gives me a headache.
The only reason the IRS can get away with this is because filing an income tax return is officially declared a voluntary act, not compulsory.
The code I comply with reads:
Sec. 6012. Persons required to make returns of income
TITLE 26, Subtitle F, CHAPTER 61, Subchapter A, PART II, Subpart B, Sec. 6012.
STATUTE
(a) General rule
Returns with respect to income taxes under subtitle A shall be made by the following:
(1) (A) Every individual having for the taxable year gross income which equals or exceeds the exemption amount, except that a return shall not be required of an individual -
http://www.fourmilab.ch/uscode/26usc/www/t26-F-61-A-II-B-6012.html
That sounds pretty mandatory to me.
Or perhaps you'll find this bit more convincing:
What if you fail to file?
The IRS may file what is known as a substitute return for you. However, as you well know, the IRS will not be looking to save you any money. In fact, a substitute return will not include any of the standard deductions your accountant would typically include in your return. Case in point, a substitute return only allows one exemption: single or married filing separate, so you end up with higher tax liability than if you would have just filed.
http://www.legalzoom.com/taxes/personal-taxes/what-are-penalties
You really need to stop hanging out with Truthers, Birthers, and Birchers. It rots the brain.
That's a good point - if they already had the password (just not used it) then how can they convict him of not giving it to them?
Plotting to blow up the TA deserves jail-time, but let's make it based on something that doesn't call into question the relationship between the police and the people.
Doesn't really matter. If you've tried the phrase and it didn't work, running permutations on other phrases he's used should be at the top of your "why don't we try this" list. I might not be able to work through the myriad of ways I might mangle 'Terroristjailedforrefusing" by hand, but a code breaker certainly should, especially when I'm likely using simple substitution encryption on the phrase.
"I'm just shocked that an anti-terrorist law was actually used against an actual terrorist."
"to use a remote-control toy car to plant a homemade bomb at the TA centre"
Actual terrorist or bumbling fool that got his ideas from watching movies and
"were arrested before any preparations for an attack were put together"
hadn't actually done anything?
I would say the chances of them implementing this cunning plan were slim, the chances of it working slim again, and the chances of it doing significant harm or damage if it worked at all also slim.
Forgive me for not feeling terrorised.
The original Bletchley Park hackers were working on a simple substitution scheme a lifetime ago -in precomputer days, and cracking them. And they weren't just working on a 12 character word. The machine they were trying to crack was capable of changinging each character 26(?) x 3^n ways every time the key was used. And that was just the three wheels, not including the cross-wiring permutations nor including the 4 wheeled machines used later.
The data the codebreakers worked on was recieved over the air by young women not told what they were doing nor how important it was that what they wrote down had to be spelled correctly; writing direct radio transcripts, not recorded. And the quesrtion mark bracketed is because they were doing it in a foreign language. (and I am not sure how many letters there were to a wheel.)
It is preposterous that the Germans only used German letters. Fortunately they did (I am presuming it was possible to frame other letters in morse?) and also fortunately they only used one frequency, did not record and speed up their messages and the interceptors could identify the hand the morse was sent in and tended to send their messages at predictable times.)
Well no wonder they did not succeed... they did not try to retrieve the information from the USB stick they tried to "receiver it" (I quote: "...attempts to receiver the information the device contained....").
I may not be on top of the latest technologies but USB sticks usually don't broadcast their contents.... and you could spend a long time trying to receive anything meaningful from them :-)
He had refused to tell them, at that point the offence had been committed. You normally can't rob a bank be caught then be let off if you give the money back.
I was trying to think of an anology using as an example the thieving [very long string of extremely strong expletives] MPs who fiddled their expenses but they didn't even give anything back.
My personal opinion is that GCHQ could have cracked it but it wasn't necessary as the police probably did try the previous password and just wanted to increase their performance figures with another conviction.
That as he had already given up the same password that he should be prosecuted again.
It seems more of a case that our high tech plod are less than competent as this would be one of the first things you would try when presented with an item from the same source given how many people use the same password.
Its also a monumental waste of taxpayers money to bring this prosecution when it stems from the incompetence of the plod in the first place, after all it may have contained more critical information and no one thought to try a known password?
"Seems odd
That as he had already given up the same password that he should be prosecuted again."
The refusal itself is a new, separate crime under RIPA. Your point about trying passwords you know he used is spot on, but refusing to give a password up when demanded is automatically 5 years, if I recall correctly from when it first came out. Don't know what happens if, say, they ask you for a device's password, that you've given them some months before but lost or whatever and you genuinely have forgotten. They'd probably have you for that too.
but they didn't try him for not giving up the password until he suddenly remembered it.
the take-away from this tale is, if you ever are asked for your passwords, and you've "forgotten" them, make sure you don't ever suddenly remember what they were
easier, don't use passwords, just write everything in pig-latin. that'll fox 'em
that we have to rely on the baddies being marginally more stupid that the people tasked with catching them.
He should have used a TrueCrypt style encrypted container. Police unlock device, unaware there's a hidden file within.
As a matter of interest, since terrorists work in cells, what would the situation be if the password was broken into pieces and shared out with no single terrorist knowing the whole? If the police catch one, and he gives them *his* piece, but they can't decrypt because they haven't caught the others (or have killed them in apprehension) would he still be liable under RIPA ?
"It seems that there is a new attack against Truecrypt."
This is not a new attack, just a new tool to make it easier to find what was always there.
"Since the police had physical access to the device it would appear that this makes all such devices vulnerable."
Access to the USB device itself isn't enough. The keys and file location information is cached in memory on the computer that the USB device was plugged into. It's possible they have the computer, but if it was powered down, then the chances of recovering the keys are low.
I had an incident where a password on a hardware encrypted drive was set to "gofsckyourselfmate" . I travel frequently and was pulled up and asked the key. I told them the key and they got mighty batey and threatened me with all sorts of punishment. the matter was eventually cleared with red faces at their end. Sadly all the data on the drive was encrypted again and I had no idea what the passwords were.
Probable cause innit.
I don't get that. You just posted that. So are you not incriminated? How does a password cause incrimination, but a post not?
If it was that easy, everyone would change their name to "I did it", then would never be able to answer any question from the police. Because giving their name would be incrimination!?
>It matters only that the person charged has refused to disclose the password.
>That is how the law is framed.
Indeed. Though the absurdity shows when you claim that someone is impeding an investigation by not helping you decrypt stuff, when you don't know what the stuff is. In this case, it had nothing to do with terrorism.
No doubt it will still be chalked up under, "terrorist convictions" though.
It would be interesting to know if the "I can't remember" defense would stand up if you had 50-odd usb keys.
I'm pretty sure I have a few USB keys lying around with encrypted contents. I was playing with them for a while and don't remember what the passphrases might be. I wonder if I deleted encrypted files on a FAT drive, if I would still be liable to provide passwords.
Its a bad law. Sometimes you have to accept that people will get away with crime. It's the price of a free society.
Frankly, is this another "incite idiots to talk stupid, then arrest them under terrorist offences" kinda shit blue forces are pulling all over nowadays?
No. This looks more like an arrest of terrorists having been tracked the Security Services.
The men were arrested following a series of raids at their homes in April last year after an intelligence-led joint operation by the Metropolitan police counter-terrorism command and the security service.
Looks to me like an example of exactly what the Security Services should be doing.
Is there not a right in the UK to remain silent ..... "You do not have to say anything, but it may harm your defence if you do not mention, when questioned, something which you later rely on in court. Anything you do say may be given in evidence." ..... or is that a fiction and for real only in films and television and media?
And whereas it may be the case that others have noted that perhaps GCHQ made a strategic decision not to expose its capabilities in this area, John, others would counter and posit that probably GCHQ made a strategic decision not to expose its weaknesses in areas and arenas in which they might be presumed/assumed or assume and presume themselves to be in the lead and in charge/command and control.
"Is there not a right in the UK to remain silent ..... "You do not have to say anything, but it may harm your defence if you do not mention, when questioned, something which you later rely on in court. Anything you do say may be given in evidence." ..... or is that a fiction and for real only in films and television and media?"
It's pretty meaningless today, the jury are no longer instructed to infer nothing from a refusal to answer questions in the dock. They can make whatever assumptions they like if you refuse to answer an incriminating question.
A non-RIPA example would be closing the loophole with speed cameras - if you "can't remember" who was driving when the car got flashed then it will be assumed to be the registered keeper and they will get the fine and points. This is despite the fact the Police usually cannot provide a frontal shot of the car clearly showing the driver's face thus proving their guilt.
Curiously the password "turned out to be the same phrase from the Koran that Hussain had used before on other devices”
"Why didn't authorities try the same password on the 3rd USB device, which NTAC had found for first 2 USB devices?"
Clearly he used the same phrase, but transcribed differently (eg Sur4ht4ub4h8 instead of $ur4ht4ub4h8)
Why oh why do these morons not use a hidden volume? Just put some mildly interesting files (porn being the obvious choice, or naked pics of the wife) inside the outer volume, and all the really naughty stuff inside the inner hidden volume.
Voila, instant plausible deniability.
Do terrorist training schools have an equivalent to OFSTED? Anyone got the address of the complaints dept?
They would have to know there is a hidden volume. Hopefully for when it matters they do. However, it raises a problem if they do not (for both convicting true criminals through such evidence, and proving innocent those who don't have any hidden evidence... as you cannot prove such a negative).
This law worries me.
In the past I've had to wipe a USB stick because I couldn't remember the password I'd set. All content gone.
I don't believe I have anything to hide from the authorities, however I bet if you were to take every USB stick out my house there'd be at least one old hardly used one that I couldn't get back into. I keep backups in multiple places so I wouldn't lose anything by not being able to access an old stick, but I couldn't prove there was nothing else on it.
Some of you downvoted Patrick R's comment "he played with the Koran let him burn in hell".
What you PC chaps don't understand is that altering the Koran or disrespecting it, is punishable by burning in hell.
But this case seems totally correct that he goes to prison for not divulging the password.
He's already involved in playing with bombs - I hope he does burn in hell.
That's a very interesting question that I've wanted answering for a while.
If a file is of a format that the investigating authorities don't recognise, how do you prove to their satisfaction that it is not some new form of encryption that they don't know about?
Suspect: "Officer, I was investigating patterns in files of captured entropy data for use in random number generators"
Police: "Don't believe you, sonny. Tell us how to decrypt it, or go to jail!"
We asked this when the police computer guy gave a talk to our high energy physics group.
How can we prove that background noise in the LHC data isn't an encrypted message?
Do we have to keep the data in Switzerland, if we access it remotely does that come under UK law ?
We were told not to worry because the laws were only for terrorists - so that's a relief then !
This is what is totally fucked up about this sort of law, it may only be used against terrorists now, but while it remains on the statute books there is no reason it can't be used against someone who is rocking the establishment's boat. If you get a worse version of the current Home Secretary then that could easily happen without any change of government or indeed law.
in reality, there is no practical difference between encoding and encrypting. Encrypting just has a more complex encoding method.
If you think about it in a lexical manner, en-coding means applying a code to a data set, and at a fundamental level, a code and a crypt (as in encrypt, not that room under a church) are different names for the same thing.
Now sit back and wait for someone to offer a reason why a code and a crypt are different.
I believe that was just an example.
An encrypted file may not sound like white noise. The encryption method may introduce patterns, and may not generate a white noise type distribution. I'm sure I could come up with some (admittedly poor, but I only spent 10 seconds on it) method of using integer encoding of an exponential of the bytes in a data stream to generate significantly non-random files.
And how do you 'play' a data file? All audio data has to be encoded in some form or other, even it is successive 8-bit sampled voltage values from a microphone.
Have you ever played around with SoX, and got the encoding wrong. Sometimes not even music sounds like music. Try playing an MP3 as a raw WAV.
The assumption in this sub-thread is that you can recognise that some file or device is actually encrypted. In reality, a file of seemingly jumbled data without a recognisable format could be anything. There does not have to be any implicit recognisable format in a data file. Some files contain headers or some fingerprint that point to the format file the file for convenience, but that is by convention, not any fundamental property of the data.
As long as you know how to process the data (be it background noise from the LHC, some new audio or video encoding, or a valuable secret), there is no need to put hints into the file to help other people. All that is needed is that you and anybody else using the data knows how to process it. It then becomes a matter of inspired guess work with some maths and statistics for anybody else to access the data.
For some background in arbitrary pre-shared secret codes, look back at this previous story. Follow up stories suggested that the message was read only when the pre-shared secret was identified.
Kali just included this by default
http://lxer.com/module/newswire/view/103692/index.html
Wipe your keys. Then you are free to hand out your password to all and sundry.
Keep your keys backed up in a USB in a tree.
Bad luck if the day you want to read it "they" are at your door and can grab the backed up keys though ;)
suppose a company devises a circuit which can't be read without the correct key being loaded into a register somewhere. Loading the wrong key causes the device to short and destroy the contents.
Police seize device. Ask for key. Suspect accidentally (!) gets a digit wrong. Police try key, and device bricks itself, and is completely unreadable.
Since the device no longer contains encrypted data (in fact it contains no data) what's the score under RIPA ?
As a rule, if changes in technology can cause a law to become invalid, then the law was probably a bad one to start with.
The thing is, most things usable as storage are pretty standardized today, so dismantling the box before even trying a password then disconnecting / desoldering / etc. and imaging the known data storage components of it would be pretty trivial; if you mess up, restore the image and try again. To avoid this sort of thing, you'd need your own custom integrated ASIC, or a device potted into a solid block, or at least a tamper switch on the box - then strong faith that whoever you're up against will not be able to defeat the switch or dissolve your potting compound, or indeed de-coat your chip and put it under an electron microscope...
Really decent tamper-proof hardware has several measures in it to prevent physical intrusion, often just cutting a single conductor in a wire net surrounding the storage elements within a potted assembly causes the inbuilt battery to be inverted to several kV and this is then applied backwards across the storage device power rails until they are no longer able to recall their own names.
"If they have any sense they never do any work on the 'evidence'. For forensic purposes storage is always cloned at the bit level before trying to read data from the clone."
All work is done on the image as required by PACE guidelines. Imaging is normally done on a device that makes a true clone and does not adjust time stamps etc. Once you have the image you can play away in Encase to your hearts desire and pass subsequent data to plod, linguists or anybody lurking around Vauxhall station that wears a suit.
Interesting story:
I used to hang out with ne'er do wells from around there and their favourite watering hole was the Queen Anne pub / knocking shop. The owner of the Queen Anne went on a holiday a few years back and was slotted. I wonder if it was to do with her clientel?
"perhaps GCHQ made a strategic decision not to expose its capabilities in this area"
Certainly that's possible, but that reminds me of the story about the Coventry bombing that took a while to refute: the Enigma wasn't needed to give orders to pilots on the ground in France, and they got through that time because of problems with the radar instead.
Police: "we've found a number of encrypted files on your usb pen, what is the key?"
"All the files are encrypted with different keys"
Police: "So what are the keys?"
"The key to decrypt data1.txt is in data2.txt, the key to decrypt data2.txt is in data3.txt and so on.."
"You will need to start from data9001.txt and work down. Although it's a waste of time I can tell you what's in data1.txt, it's file called trollolololol.wav and a cat video. But I understand if you can't take my word for it."
(of course jokes on me when they give me the laptop and tell me to do it myself..)
Although you could not contest the law in a normal court here, you could take it to the high court, fully knowing you intend to take it the European Court of Human rights as being forced to reveal your password (when you may not know it) is a contravention of your rights, seeing as you may not know the password, probably under cruel and unusual punishment.
> Although you could not contest the law in a normal court here, you could take it to the high court, fully knowing you intend to take it the European Court of Human rights as being forced to reveal your password (when you may not know it) is a contravention of your rights, seeing as you may not know the password, probably under cruel and unusual punishment.
Unfortunately for this line of argument, not knowing the password is a valid defense; in theory the prosecution have to prove beyond rasonable doubt that you are lying when you say you don't know it. Of course it's up to the jury to decide what is reasonable, but I suspect that in a case like this one the jury would believe the prosecution case, not you.
> Although you could not contest the law in a normal court here, you could take it to the high court, fully knowing you intend to take it the European Court of Human rights as being forced to reveal your password (when you may not know it) is a contravention of your rights, seeing as you may not know the password, probably under cruel and unusual punishment.
Unfortunately for this line of argument, not knowing the password is a valid defense; in theory the prosecution have to prove beyond rasonable doubt that you are lying when you say you don't know it. Of course it's up to the jury to decide what is reasonable, but I suspect that in a case like this one the jury would believe the prosecution case, not you.
I'm all for jailing perps who refuse to supply their password even if in most cases it can be cracked given enough time and resources. There is no reason why authorities should need to invest those resources when the perp can supply the password. MUCH longer prison sentences for digital crimes need to be implemented to get through to these social degenerates.
And, AC, it doesn't work work for me. There are few crimes that are so heinous that there should be a specific compulsion on the accused to make an investigation easier. It is the job of the police etc to *find* the evidence, not the job of the accused to *give* the evidence. No evidence, no proof, no crime - that is the way it has been for several hundred years, and there has been no compelling (pun intended) reason to change it.
Why the hell are you so afraid of people that can barely hurt you? Are you same "perp" user as always trolls copyright threads - you have the same casual hostility towards due process.
This post has been deleted by its author
So in the UK you can be forced to hand over your encryption passwords or you're presumed guilty? Let me guess. Someone said that if you're innocent you have nothing to fear, right? Terrorist or not I think that's a violation of human rights as currently recognized by international law.
Also....why did they not try the password they already knew he had used in multiple other places? Seriously, that cannot be asked enough. What kind of 'expert' misses such an obvious password?
my all time classic password
"I am not telling you".... and demand lie detector tests/truth drugs , 5 hrs of waterboarding and all the other tricks the authorities use with RIPA to find people who let their dogs shit on the pavement .. sorry locate evil peodos and terrorists.
Guess with posting this, I'll be accused of giving out info to help terrorists and get a 3am knock at the door followed by a black bag over me head and a trip to a 'secure location'....
I have signed agreements to not disclose login / encryption passwords to anyone!
If the police were to ask, would I have to disclose them, therefore defeating my NDAs?
If this is the case, then I'd be in trouble from multiple agencies all in one hit!
Anon just in case;)
"I have signed agreements to not disclose login / encryption passwords to anyone!"
<snip>
I have as well and other acts that bind me to keep quiet even about extra legal actions.
Hmm perhaps:
I am sorry officer but I have no knowledge of such a password and or key chain and should such a a password and or key chain exist I would be unable to divulge or otherwise discuss it due to the constraints of the official secrets act, an act which supersedes and takes precedence over your authority you little lid twat.
I would also put it to you officer that I intend to take a personal interest in your positive vetting and career path from this day hence.
That should do it and I am sure they would give you a nice cell overlooking the courtyard, potential revocation of security clearances and a life time's free membership of the James Saville chapter of the sex offenders register.
"I have signed agreements to not disclose login / encryption passwords to anyone!"
Compliance with the law is your paramount and over-riding obligation. No private contracts or agreements will ever give you a basis for refusing to comply with the law (and contractual provisions at odds with the law are not enforceable.) And if in real life you were to refuse to comply with legal orders and demands citing private contractual obligations, the courts will be more than happy to sentence you to prison and you will be able to think about your, uh, conscientiousness to your heart's content.
To those who have suggested that the US protections against self-incrimination are somehow a magic bullet against this sort of intrusion, the reality is not so clear cut.
US courts (up to and including the Supreme Court) have regularly ruled that e.g. you do not have the right to prevent a search pursuant to a warrant just because that search might/will incriminate you. And in 1988's Doe vs United States (487 U.S. 201) the Supremes held that could compel a defendant to sign a document authorizing foreign banks to disclose information on any accounts owned or controlled by the defendant, even though IF the banks did provide any data, THEN it would be prima facie evidence of a criminal offsense (in that case, failing to respond to a lawful subpoena to disclose all banking records).
So the argument by the defendant boiled down to "if I unlock the door of the safe, then you'll open it and find stuff which will land me in trouble", whereas the government argued that unlocking the door to the safe is not in itself an act that could incriminate you (although the contents could). The government won.
A similar situation exists with destruction of evidence: if your husband burns the letter you wrote that instructed someone to tap the phone of the the prime minister (to be topical), your husband is likely to find himself on trial for obstruction of justice charges. So if you destroy (or cause to be destroyed) evidence by triggering anti-tamper devices, you're still in hot water (although the charge may be different).
But aren't laws about destruction of evidence normally targeted at third parties? If a burgular carefully wipes his fingerprints after breaking into a house he isn't charged with destroying evidence. It's accepted that criminals try to avoid getting caught and don't have a specific obligation to help the Police catch them (if only because such an obligation would always be ignored by actual criminals).
A search warrant means you can't prevent the Police from searching but you don't have to help them. You don't even have to open the door, you can let them smash it down if you prefer.
Chris 201: you're quite right about destruction of evidence, etc. But the point is that IF you act in such a way as to prevent The Authorities from rampaging through your files, THEN you can be done for the offense of Preventing Authorities Rampaging aka obstruction of justice. Likewise, if they can't prove the suspect actually did the burgling, but can prove he wiped the door handles knowing that so doing would impede the investigation, that's obstruction.
And the point of the Doe case was that the government COULD compel Mr. Doe to authorize the banks to release information; they couldn't magically force him to sign the document, but they could hold in contempt of court (in jail) until he did... and they could continue to hold him indefinitely.
I don't get some of the comments here. Taking the story at face value[1], this guy had history trying to blow us up and we jailed him for not providing a password which may have stopped some of his nutter mates from also trying to blow us up. Forget laws for a minute, seems like a perfectly reasonable way to deal with the situation.
[1] yeah
That you are viewing the law from an incredibly narrow perspective.
Given how inept our police are what happens if Constable Savage decides that your screenname "nuked" suggests you might be a dodgy bomb wielding terrorist and he raids your house and takes all your IT kit and lots of USB keys.
Included in this is a USB memory stick that isn't yours that a friend must have dropped, its encrypted and you don't have the password.
But the USB stick was recovered in a search of your home and therefore its your responsibility and thanks to RIPA you get some jail time for failing to provide the key.
Welcome to our brave new UK police state world.
"That you are viewing the law from an incredibly narrow perspective....." Reallly? I suspect you want us to see it from your incredibly brain-dead, paranoid-induced perpsective, yes?
".....Given how inept our police are what happens if Constable Savage decides that your screenname "nuked" suggests you might be a dodgy bomb wielding terrorist and he raids your house and takes all your IT kit and lots of USB keys. Included in this is a USB memory stick that isn't yours that a friend must have dropped, its encrypted and you don't have the password. But the USB stick was recovered in a search of your home and therefore its your responsibility and thanks to RIPA you get some jail time for failing to provide the key....." And this has happened when? Surely, by your insistance this must be happening five times a day in every town in the land, right? Except it is not, outside of your fevered imagintaion. Please grow up.
"......Welcome to our brave new UK police state world." Sorry, but that just came across as "baaaah, baaaah, baaaah."
At face value the authorities(?) didn't already know what was on the drive?
How stupid do you want us to be?
Homer Simpson stupid?
Or Arab Terrrst stupid?
None of us like terrorism but when the police state is the terrorist it is too late to do much about it.
If you really want to go back to the core, then you must give the Palestinians their country back, unkill all the innocent men women and children whose families want revenge and then sort out the US of A and the damned, perfidious British.
I'm pretty sure that if you could just give back Palestine and beat George Dumarse to a pulp then hang him on a strangefruit tree, things would settle down.
"None of us like terrorism but when the police state is the terrorist it is too late to do much about it."
As has often been pointed out, states are the original and by far the dominant terrorist organizations. Compared to, say, Al Qaeda (assuming such an entity really exists at all) the US federal government is like a T Rex next to a shrew. (The UK government would be intermediate; something like those nasty little chicken-sized dinosaurs that ganged up on Richard Attenborough in "Jurassic Park").
Looks like a version of amanfrommars, but better, and specializing in politics.
But dude, seriously ? You botted 8 posts in one article ? We don't mind an occasional visit but don't take the Michael. Or likely the vultures will have you. Unless it is an El Reg plot...
He's been convicted for not divulging his password. The inference must be that he's sentenced on the assumption that there's something incriminating and criminal on that stick, and the only evidence to support that assumption is that he refuses to prove that there isn't.
Which means that the UK has both reversed burden of proof and dispensed with the assumption of innocence.
I really hope he sues the UK in EU court.
There's no "inference". He's been convicted of non-compliance with the law. It doesn't matter what's on the drive and if it's incriminating or not. He's required to give up the key and he didn't. The law provides sanctions for such behavior. Case closed.
"Burden of proof" is for actual trials - and nothing else. Investigations are based on probable cause. Search warrants and key disclosure orders are issued because it's considered reasonable to assume that they will yield results pertinent to on-going investigations.
"....y willfully incriminating himself for the credit card fraud investigation; his next batch with 25 to 50+ years of consecutive sentences will be reduced by, maybe, four months?" IMHO, hopefully they'll sentence him to a long enough sentence the four months will be about ten years after he dies.
This guy, and anyone in a similar position, would have done well simply to memorize whatever dark secrets he had. Throughout history, after all, poets and others have memorized the equivalent of whole libraries.
Even more important, no technology yet exists to determine what information a person has memorized.
As Bernard in "Yes, Minister" quotes Francis Bacon: "He that would keep a secret, must keep it secret that he has a secret to keep". That is probably the biggest single blunder made by those who wish to keep secrets. Once the secret's existence is known, it's only a matter of time - whether the technique involves decryption, thumbscrews, or drugs.
"A rubber hose works wonders as does sodium thiopental allegedly."
Sodium thiopental can be fatal if the dose is wrong. Furthermore, it's more difficult to use with a very driven or determined subject (it makes the subject more prone to persuasion).
As for the rubber hose, suppose they find he's the kinky type that responds to the rubber hose with, "Harder!"
Can't you ask the prosecution to prove that the data is encrypted and not just junk? This is mathematically impossible without the key. Therefore the concept of innocent before proven guilty would hold, unless they could brute force the key.
This law is very dodgy on two counts - the above and also it requires a defendant to incriminate themselves.
AC because I want to live!
What about being able to prove you don't know the pwd?
Ie - Bruce Schneier's Trick* in The Cryptonomicon where the Key is the sequence of cards in a shuffled deck.
When the front Door gets busted down - Drop the cards & the pwd disappears.
You can then prove to the court that the pwd is non-recoverable.
Or is it possible to be Charged with Contempt retrospectively?
Any Terrorists out there willing to try this out?
*Bruce did say not to use cards as spooks/secret police are often known to read books on Crypto...
I agree, however be sure that this means "convicted in a fair, OPEN court with an actual jury" and not some family wishy washy "court" that are doing the rounds in the tabloids at the moment.
Personally, I'd like to see the lawyers in court on contempt charges, because they clearly have the capability to decode a simple 12 digit password so failing to do so means they are incompetent, or lying, or both.
Anyone with a brain would see that using about £10K worth of graphics card based server could crack such a simple password in about a week.
AC
"What you have failed to grasp is that, while all testimony is evidence, not all evidence is testimony"
OK - imagine following:
I decide to type up a letter explaining how I committed a bank robbery. A confession.
I save it on to an encrypted drive.
The police come knocking on my door, cause someone has suggested I was involved.
Now if I gave the police the password to the encrypted drive, am I not incriminating myself (right to silence?).
I am assuming testimony is not just oral?
btw, note it doesn't matter whether I committed the crime or not. I might have, I might not have. I might have just been typing the letter for someone else. I might have a fetish for typing these letters.... Yet, when this letter is taken with any other circumstantial evidence...
First, look the Wikipedia page about it (http://en.wikipedia.org/wiki/Self-incrimination):
Self-incrimination is the act of exposing oneself (generally, by making a statement) "to an accusation or charge of crime; to involve oneself or another [person] in a criminal prosecution or the danger thereof." Self-incrimination can occur either directly or indirectly: directly, by means of interrogation where information of a self-incriminatory nature is disclosed; indirectly, when information of a self-incriminatory nature is disclosed voluntarily without pressure from another person.
In many legal systems, accused criminals cannot be compelled to incriminate themselves—they may choose to speak to police or other authorities, but they cannot be punished for refusing to do so. The precise details of this right of the accused vary between different countries, and some countries do not recognize such a right at all.
There are people who have decided to obfuscate the matter by positing some sort of "right against self-incrimination" instead of a "right to refuse to answer questions" or a "right to silence". This kind of obfuscation only serves to help misunderstand the matter. There is no right against self-incrimination; there is (in most but evidently not all jurisdictions) a right to refuse to answer questions or a right to silence but nothing more..
I am sure that there are no jurisdictions anywhere in the world where a suspect is allowed to conceal evidence, no matter what the charges or how damning that evidence is. Quite the contrary, in fact: as previously mentioned, there is no "right" anywhere in the world by which the law will condone concealing evidence, destroying evidence, contaminating evidence, altering evidence, refusing to produce evidence when ordered to do so, and whatever else; such actions will be considered perverting the course of justice, impeding an official investigation, contempt of court, and so forth.)
Interestingly, although, in US criminal procedure, a jury is not allowed to draw any inferences from a defendant's refusal to answer questions (i.e. when they "take the 5th") in a civil procedure, a jury may assume that a witness who refuses to answer questions is hiding information that would be prejudicial to the matter at issue and the jury can use that assumption in their deliberations.
If in the case you draw, you give the password to an encrypted USB drive with a confession on it, you are indeed "incriminating" yourself but if you voluntary give them the password, there is nothing to discuss about legalities, right? After all, no matter how broad a "right to silence" extends, you voluntarily gave them the password. You are not required to remain silent.
If they demand the password and you refuse, you can continue to refuse until you are presented with an order from the relevant authorities, which would seem to be, in most jurisdictions, a magistrate. Once the magistrate has decided that the investigators' demand to see the contents of the encrypted drive is reasonable in that there is probable cause to consider that it might hold information relevant to the investigation, the order is issued, and you are required to give them access.
Courts have decided that digital documents are evidence, and not testimony that can be concealed under the umbrella of a right to silence. You can consider key disclosure orders to be a form of search warrant.
Of course, you don't have to take any of this at face value. If you prefer, you can listen to and believe someone like "intrigid" - the kind of self-assured guy whose profound lack of knowledge could nevertheless turn a routine traffic stop into a long stretch in the penitentiary.
I've been thinking...
What's stopping say, some disgruntled wife creating an empty TrueCrypt file on her husbands computer called "child_abuse.truecrypt" or whatever, then calling the police?
Or what's stopping the Police from doing the same thing before they clone the hard drives, just because it gives them an excuse to jail someone for failing to divulge the password. (Esp. more so if they have it in for them.)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
