|
ivi


Registered: 01/30/03
Posts: 9,089
|
So, in the UK they can put you in jail if you refuse to decrypt your encrypted files
#7481855 - 10/03/07 05:34 PM (16 years, 3 months ago) |
|
|
UK can now demand data decryption on penalty of jail time By Ken Fisher
New laws going into effect today in the United Kingdom make it a crime to refuse to decrypt almost any encrypted data requested by authorities as part of a criminal or terror investigation. Individuals who are believed to have the cryptographic keys necessary for such decryption will face up to 5 years in prison for failing to comply with police or military orders to hand over either the cryptographic keys, or the data in a decrypted form.
Part 3, Section 49 of the Regulation of Investigatory Powers Act (RIPA) includes provisions for the decryption requirements, which are applied differently based on the kind of investigation underway. As we reported last year, the five-year imprisonment penalty is reserved for cases involving anti-terrorism efforts. All other failures to comply can be met with a maximum two-year sentence.
The law can only be applied to data residing in the UK, hosted on UK servers, or stored on devices located within the UK. The law does not authorize the UK government to intercept encrypted materials in transit on the Internet via the UK and to attempt to have them decrypted under the auspices of the jail time penalty.
The keys to the (United) Kingdom
The law has been criticized for the power its gives investigators, which is seen as dangerously broad. Authorities tracking the movement of terrorist funds could demand the encryption keys used by a financial institution, for instance, thereby laying bare that bank's files on everything from financial transactions to user data.
Cambridge University security expert Richard Clayton said in May of 2006 that such laws would only encourage businesses to house their cryptography operations out of the reach of UK investigators, potentially harming the country's economy. "The controversy here [lies in] seizing keys, not in forcing people to decrypt. The power to seize encryption keys is spooking big business," Clayton said.
"The notion that international bankers would be wary of bringing master keys into UK if they could be seized as part of legitimate police operations, or by a corrupt chief constable, has quite a lot of traction," he added. "With the appropriate paperwork, keys can be seized. If you're an international banker you'll plonk your headquarters in Zurich."
The law also allows authorities to compel individuals targeted in such investigation to keep silent about their role in decrypting data. Though this will be handled on a case-by-case basis, it's another worrisome facet of a law that has been widely criticized for years. While RIPA was originally passed in 2000, the provisions detailing the handover of cryptographic keys and/or the force decryption of protected content has not been tapped by the UK Home Office—the division of the British government which oversees national security, the justice system, immigration, and the police forces of England and Wales. As we reported last year, the Home Office was slowly building its case to activate Part 3, Section 49.
The Home Office has steadfastly proclaimed that the law is aimed at catching terrorists, pedophiles, and hardened criminals—all parties which the UK government contends are rather adept at using encryption to cover up their activities.
Yet the law, in a strange way, almost gives criminals an "out," in that those caught potentially committing serious crimes may opt to refuse to decrypt incriminating data. A pedophile with a 2GB collection of encrypted kiddie porn may find it easier to do two years in the slammer than expose what he's been up to.
http://arstechnica.com/news.ars/post/20071001-uk-can-now-demand-data-decryption-on-penalty-of-jail-time.html
--------------------
|
Crystal G



Registered: 06/05/07
Posts: 19,584
Loc: outer space
Last seen: 8 months, 5 days
|
Re: So, in the UK they can put you in jail if you refuse to decrypt your encrypted files [Re: ivi]
#7481866 - 10/03/07 05:36 PM (16 years, 3 months ago) |
|
|
goddamn dude, big brother is totally all up on your ass in the UK
|
fastfred
Old Hand



Registered: 05/17/04
Posts: 6,899
Loc: Dark side of the moon
|
Re: So, in the UK they can put you in jail if you refuse to decrypt your encrypted files [Re: Crystal G]
#7482291 - 10/03/07 07:22 PM (16 years, 3 months ago) |
|
|
I think they can probably do the same thing in the US. If the court subpoenas data and/or documents and you refuse to supply them they can charge you with contempt of court.
Then again it's probably hard to subpoena documents when you're not sure of their contents or if they even exist since they're encrypted.
I've never heard of anything that gives them the power to force you to decrypt your data, but if they knew that you had some business document or some such supeonable document that was encrypted they could probably jail you for not producing it.
So I guess the lesson is to never admit that you have the key or the capability to decrypt.
-FF
|
Seuss
Error: divide byzero



Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 2 months, 20 days
|
Re: So, in the UK they can put you in jail if you refuse to decrypt your encrypted files [Re: fastfred]
#7483739 - 10/04/07 04:31 AM (16 years, 3 months ago) |
|
|
I use encryption that I can compile myself. I've added code that detects a panic password, or too many wrong password attempts, and corrupts all data. Now, if only I had something worth encrypting....
-------------------- Just another spore in the wind.
|
Lana
Head Banana


Registered: 10/27/99
Posts: 3,109
Loc: www.MycoSupply.com
|
Re: So, in the UK they can put you in jail if you refuse to decrypt your encrypted files [Re: fastfred]
#7483909 - 10/04/07 07:15 AM (16 years, 3 months ago) |
|
|
The only reason I can see this not happening in the US is due to idea that (correct me if I'm wrong) but in the UK, you're guilty until proven innocent?
Also, in the US, this may be something of a double jeopardy issue. You can be tried for one thing then accuse yourself of another
But I'm sure that in either country there are some BS laws that, like usual, will impede on a citizens constitutional rights.
Lana
-------------------- Myco Supply - Distributors of Mycological Products http://www.MycoSupply.com The Premiere Source for Mushroom Growing Supplies. Visit us online or call us toll free
|
Rustifer
prestige worldwide



Registered: 04/10/05
Posts: 7,071
Loc: Central Texas
|
Re: So, in the UK they can put you in jail if you refuse to decrypt your encrypted files [Re: Lana]
#7483917 - 10/04/07 07:20 AM (16 years, 3 months ago) |
|
|
My computer got picked up by my probation officer in 2003, I had a whole deal of encrypted data on it and I told them no. Nothing happened.
|
Seuss
Error: divide byzero



Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 2 months, 20 days
|
Re: So, in the UK they can put you in jail if you refuse to decrypt your encrypted files [Re: Lana]
#7484564 - 10/04/07 11:36 AM (16 years, 3 months ago) |
|
|
> The only reason I can see this not happening in the US
In the US, I suspect they would nail you for contempt of court and let you sit in jail until you decide to hand over the password. I don't think double jeopardy would apply as a crime is composed of both a time and a location.
Heh, just read fastfred's reply... ditto.
-------------------- Just another spore in the wind.
|
Dr. uarewotueat
Peyote Farmer


Registered: 09/02/06
Posts: 16,545
Loc: Uk / Philippines
Last seen: 10 years, 6 months
|
Re: So, in the UK they can put you in jail if you refuse to decrypt your encrypted files [Re: Seuss]
#7484793 - 10/04/07 12:37 PM (16 years, 3 months ago) |
|
|
Quote:
The only reason I can see this not happening in the US is due to idea that (correct me if I'm wrong) but in the UK, you're guilty until proven innocent?

that statement made me laugh...
u are wrong.
-------------------- View My Gallery
|
fastfred
Old Hand



Registered: 05/17/04
Posts: 6,899
Loc: Dark side of the moon
|
Re: So, in the UK they can put you in jail if you refuse to decrypt your encrypted files [Re: Dr. uarewotueat]
#7487085 - 10/05/07 12:55 AM (16 years, 3 months ago) |
|
|
> Heh, just read fastfred's reply... ditto.
I was wondering if your right against self incrimination would apply in a situation like this?
Refusing to decrypt would be kind of like pleading the fifth.
-FF
|
Crystal G



Registered: 06/05/07
Posts: 19,584
Loc: outer space
Last seen: 8 months, 5 days
|
Re: So, in the UK they can put you in jail if you refuse to decrypt your encrypted files [Re: fastfred]
#7487263 - 10/05/07 02:11 AM (16 years, 3 months ago) |
|
|
I'm pretty sure all this is one big scare tactic anyway.
What's the maximum penalty they could probably slap for refusing to decrypt your files? Something like 18 months comes to mind (not exact quote so don't follow as if it were concrete)--so before revealing your encrypted info to a police officer, i would consider weighing out one consequence versus the evidence at hand, and whether it would be worth the exchange.
|
Seuss
Error: divide byzero



Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 2 months, 20 days
|
Re: So, in the UK they can put you in jail if you refuse to decrypt your encrypted files [Re: Crystal G]
#7487382 - 10/05/07 04:44 AM (16 years, 3 months ago) |
|
|
> Something like 18 months comes to mind
From wiki: Quote:
The civil sanction for contempt (which is typically incarceration in the custody of the sheriff or similar court officer) is limited in its imposition for so long as the disobedience to the court's order continues: once the party complies with the court's order, the sanction is lifted. The contemnor is said to "hold the keys" to his or her own cell, thus conventional due process is not required.
> I was wondering if your right against self incrimination would apply in a situation like this?
I don't think so. For example, you can't plead the 5th to avoid giving a DNA sample.
Quote:
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a grand jury, except in cases arising in the land or naval forces, or in the militia, when in actual service in time of war or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
You don't have to testify against yourself about the dead body, but you can't stop the police with a warrant from searching for the dead body.
-------------------- Just another spore in the wind.
|
Lana
Head Banana


Registered: 10/27/99
Posts: 3,109
Loc: www.MycoSupply.com
|
Re: So, in the UK they can put you in jail if you refuse to decrypt your encrypted files [Re: Dr. uarewotueat]
#7487651 - 10/05/07 08:24 AM (16 years, 3 months ago) |
|
|
Quote:
uarewotueat said:
Quote:
The only reason I can see this not happening in the US is due to idea that (correct me if I'm wrong) but in the UK, you're guilty until proven innocent?

that statement made me laugh...
u are wrong.
Haha, okay, so I was thinking "technically"
What a world we live in 
Lana
-------------------- Myco Supply - Distributors of Mycological Products http://www.MycoSupply.com The Premiere Source for Mushroom Growing Supplies. Visit us online or call us toll free
|
funkyjunky
Sigh Low Sippin'




Registered: 12/08/03
Posts: 420
Loc: brick city
Last seen: 10 years, 8 months
|
Re: So, in the UK they can put you in jail if you refuse to decrypt your encrypted files [Re: ivi]
#7492466 - 10/06/07 07:49 PM (16 years, 3 months ago) |
|
|
I had several hundreds of pictures stored on my laptop. The dea took it, removed the hard drive and mailed it off *somewhere*. When I got the laptop back (hard drive separately), I found most of my pictures in a temporary file. I don't know if I unknowingly left them there, or if the individual(s) handling my data had left them there. All pictures were originally encrypted with the highest level of "PGP" encryption. The lesson to learn here, is know about the encryption you're using (including possible extraneous data) and its strengths/weaknesses.
-------------------- Long Live the Shroomery Peace
|
fastfred
Old Hand



Registered: 05/17/04
Posts: 6,899
Loc: Dark side of the moon
|
Re: So, in the UK they can put you in jail if you refuse to decrypt your encrypted files [Re: funkyjunky]
#7492561 - 10/06/07 08:28 PM (16 years, 3 months ago) |
|
|
The lesson to learn is not to bother encrypting stuff that is cached in temp files unless you're going to clear your temp directory on occasion.
In computer forensics they always image the drive and work from that. They never change data on the source drive. That would weaken their case substantially if they did find something.
-FF
|
Mezcal
Registered: 08/11/05
Posts: 1,980
|
Re: So, in the UK they can put you in jail if you refuse to decrypt your encrypted files [Re: ivi]
#7492693 - 10/06/07 09:21 PM (16 years, 3 months ago) |
|
|
Anybody have any idea how this would effect users of the TrueCrypt system?
You can create "hidden" volumes that are actually stored within an outer "ringer" volume that you can store stuff like porn or credit card info or something on. You can reveal the ringer password and it appears that that's the only encrypted volume present.
|
fastfred
Old Hand



Registered: 05/17/04
Posts: 6,899
Loc: Dark side of the moon
|
Re: So, in the UK they can put you in jail if you refuse to decrypt your encrypted files [Re: Mezcal]
#7493194 - 10/07/07 12:21 AM (16 years, 3 months ago) |
|
|
Any decent computer forensics investigator would most likely find those hidden volumes easily. There's just no way to hide any sizable amount of data like that. Even the most cursory of searches will turn up large hidden files like that.
Why would you be hiding your porn anyway? You're not another one of those pedophiles are you?
|
Mezcal
Registered: 08/11/05
Posts: 1,980
|
Re: So, in the UK they can put you in jail if you refuse to decrypt your encrypted files [Re: fastfred]
#7493201 - 10/07/07 12:23 AM (16 years, 3 months ago) |
|
|
Easy:
"I was encrypting my pornography so the kids/wife didn't find it."
|
kidaihuan
First Growery Ban



Registered: 07/25/07
Posts: 3,173
Loc: Shanghai, China
Last seen: 13 years, 3 months
|
Re: So, in the UK they can put you in jail if you refuse to decrypt your encrypted files [Re: Mezcal]
#7493564 - 10/07/07 04:07 AM (16 years, 3 months ago) |
|
|
Can't you just hide your shit really well?
I mean, encrypt a file, change the extension, rename it as a useless system file, replace the useless system file with your file.
It's what I do... but maybe it's useless? (PS, I skip the encrypt part)
|
Seuss
Error: divide byzero



Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 2 months, 20 days
|
Re: So, in the UK they can put you in jail if you refuse to decrypt your encrypted files [Re: kidaihuan]
#7500488 - 10/09/07 05:15 AM (16 years, 3 months ago) |
|
|
> Can't you just hide your shit really well?
There is no such thing as security through obscurity.
-------------------- Just another spore in the wind.
|
Quake3
Total Carbohydrate




Registered: 08/31/06
Posts: 924
Loc: Relatively New York
Last seen: 12 years, 8 months
|
Re: So, in the UK they can put you in jail if you refuse to decrypt your encrypted files [Re: Seuss]
#7561427 - 10/26/07 12:09 AM (16 years, 3 months ago) |
|
|
The lesson is that you should encrypt your entire HD or at least a partition.
One innovation that became popular after this was being discussed in Europe years back is the ability to have multiple passwords for the encrypted data. You use your personal password to access your files, and give the cops an alternate password that decrypts innocent data.
|
|