
Man convicted after preventing counter-terrorism police search - danso
http://news.met.police.uk/news/man-convicted-after-preventing-counter-terrorism-police-search-262829
======
confounded
The Guardian have more context: [https://www.theguardian.com/uk-
news/2017/sep/25/campaign-gro...](https://www.theguardian.com/uk-
news/2017/sep/25/campaign-group-director-in-court-for-refusing-to-divulge-
passwords)

This was very clearly politically motivated to hamper the efforts of CAGE; a
UK based group which lobbies of behalf of young Muslim men who have been
detained without charge it gitmo, harassed by the security services etc.

Regardless of whether readers like CAGE's politics (which are considered
inflammatory by the government), this raises a worrying precedent.

It's also worth noting that given the UK's recent authoritarian laws, he got
off lightly --- this could easily have been spun to possessing encrypted data
(while being unwilling or unable to decrypt upon command), which carries a two
year sentence, IIRC five if the magic word "terrorism" is conjured.

~~~
mfoy_
>possessing encrypted data (while being unwilling or unable to decrypt

How does this work with things like DRM? What if you have media on your phone
from something like Spotify or Netflix that's presumably encrypted or
protected in some way, that you cannot decrypt if your subscription expires...

~~~
dingaling
Back when the Regulation of Investigatory Powers Bill was being circulated, to
much outcry from technical folk, someone encrypted a file with a provocative
name and sent it to the Home Secretary for exactly that reason, as a form of
demonstation-cum-protest.

Suddenly the Minister[0] possessed a file which he couldn't decrypt on demand.
Would he consider amending the Bill to remove penalties for such
eventualities? Of course not, nothing was changed.

If you possess the bytes you'll do the time. Delete everything that is
unnecessary as soon as its usefulness has expired - big corps learned that
lesson, for other reasons, in the early 2000s.

[0] well one of his staff

~~~
dmix
> Suddenly the Minister[0] possessed a file which he couldn't decrypt on
> demand.

While I entirely sympathise with this idea abstractly, so much of law depends
on the context of actions where it's easy to dismiss this stunt. Merely having
encrypted data in your possession is technically not within the scope of the
law if the context is "as part of a counterterrorism investigation" and if the
person could reasonably be expected to decrypt it (which would imply they were
both the person to encrypt in the first place AND with the means to decrypt it
- as this politician clearly wasn't).

Wrongful convictions and dragnet searches are the serious consequence of these
laws, yes, but the real test comes when it's hateable/despicable people at
risk. The problem with these laws isn't that it's fundamentally or potentially
arbitrary, it's that it's wrong even when it's not arbitrary. And the mere
fact of a police investigation or allegation is not sufficient to cross that
line.

People should have the right to encrypt anything they want without being
coerced into decrypting it. There are more than enough means for police in our
modern technological era to convict terrorists/criminals and prevent
conspiracies without having total access to all data. And the costs of
removing that right is much higher than the rewards of a few extra
convictions.

~~~
confounded
> _Merely having encrypted data in your possession is technically not within
> the scope of the law if the context is "as part of a counter-terrorism
> investigation"_

Not quite; the bar is _not_ as high as an existing 'terrorism' investigation.
To quote RIPA (2000)[0], if anyone authorized has the _belief_ (upon
reasonable grounds), that

    
    
        (3) A disclosure requirement in respect of any protected information is necessary on grounds falling within this subsection if it is necessary—
            (a) in the interests of national security;
            (b) for the purpose of preventing or detecting crime; or
            (c) in the interests of the economic well-being of the United Kingdom.
    

It is very very easy to imagine how this could be abused. Saying that you'd
like to slap POTUS or May on Twitter could conceivably meet grounds for (2),
and (3) is so broad that it's possible to imagine it could be triggered by
something like being Alexandra Elbakyan of SciHub, or Sundae of The Pirate
Bay. Depending on the mood of the press and the 'authorized persons', why not
any old person caught using BitTorrent, or cracking DRM?

[0]:
[http://www.legislation.gov.uk/ukpga/2000/23/pdfs/ukpga_20000...](http://www.legislation.gov.uk/ukpga/2000/23/pdfs/ukpga_20000023_en.pdf)

------
jaclaz
To me it makes little sense.

For Police work, time is "relative", as an example the cop that is held in the
US for contempt of the Court for not revealing the password to his drives is
suspected of possessing child pornography, whether he is kept in jail because
he won't reveal them or because as the sheer moment he reveals them he will be
proved guilty doesn't change things much (there is anyway other evidence
against him).

Here it is not a "Police" case, but rather a "counter-intelligence" one, in
these cases time is everything, a delay of hours, or at the most days in
gathering the information is vital.

AFAIK Mr.Rabani NEVER revealed the password(s), he refused revealing it/them
on 20/Nov/2016, now, almost one year later, he is found guilty of obstructing
the search, still there is no evidence that he is or was - even tangentially -
connected with terrorism.

So, £620+12 months' conditional discharge seem to me a lot of time/a very
severe punishment if he was in good faith attempting to protect some sensitive
data for his non-governement organization, and _nothing_ if he was in bad
faith or however protecting terrorism related info.

In any case, whatever the Police expected to find on the device(s) they didn't
access it/them, and much worse than that they didn't access it/them in a
timely fashion (and no charges of terrorism or connections to it were made
against Mr.Rabani in almost one year) so - besides seeming more a petty
vengeance than anything else - it is not like it helped in ANY way the
counter-terrorism.

~~~
tryingagainbro
_> > To me it makes little sense._

It isn't supposed to make sense. it's suppose to reinforce the "you do
whatever the police ask you or face the consequences." Apparently the law
backs them....

~~~
jaclaz
>It isn't supposed to make sense. it's suppose to reinforce the "you do
whatever the police ask you or face the consequences." Apparently the law
backs them...

I meant "make sense" as a deterrent for next occasion AND useful for counter-
terrorism.

If you are "innocent" and refuse to give away your passwords, you now know
that you have serious chances to be punished in a non-trivial way.(losing your
electronic device + fine + 12 months conditional)

If you are "guilty" (of terrorism or contiguity with it) you now know that you
can refuse to give away your password, effectively preventing the police to
read your data and maybe in one year time you will get a slap on the wrist
(when compared to the punishments for actual being part of a terrorist plot).

So, "real" terrorists will surely continue not giving away their passwords to
the Police, whilst most innocent people will be giving them - fearing the
punishment[1].

The net effect will be that Police will have not access to relevant terrorism
related material but it will lose a lot of time on analyzing gigabytes of -
say - lolcat videos.

[1] a few innocent people will anyway refuse to give away the passwords for
this or that principle, so among the "non-answering" will be both innocent and
possibly guilty people, so it doesn't even work as a "screening" method.

~~~
tryingagainbro
_> >If you are "guilty" (of terrorism or contiguity with it) you now know that
you can refuse to give away your password, effectively preventing the police
to read your data and maybe in one year time you will get a slap on the wrist_

Actually I think is why the law was passed, so the cops can keep harassing the
people on a likely terrorist cell hoping they slip. Time and time again. Slap
on a wrist? Not if it's one after the other. It's not like London doesn't have
the police manpower

------
grey-area
This slanted, misleading title from the police is a perfect example of how
important the language we use to describe events is. Like the David Miranda
case this had nothing to do with terrorism, but laws put in place ostensibly
to fight terrorism were instead used to harass people the security services
find troublesome. Just reading the title would give you a different
impression.

In fact this man was arrested without cause and convicted only of refusing to
give up the passwords and data of his devices. This law renders our spies and
police above the law and able to intercept the communications of anyone they
choose without a warrant.

For a more informative take on the arrest see this intercept article

[https://theintercept.com/2017/09/25/muhammad-rabbani-
guilty-...](https://theintercept.com/2017/09/25/muhammad-rabbani-guilty-of-
terror-offense-for-not-giving-passwords-to-uk-police/)

------
gscott
There isn't an equivalent to the first amendment in Britain.

In Britain people have been sent to jail for tweeting or posting facebook
statuses.

[http://www.thedailybeast.com/can-a-tweet-put-you-in-
prison-i...](http://www.thedailybeast.com/can-a-tweet-put-you-in-prison-it-
certainly-will-in-the-uk)

~~~
jdavis703
This has nothing to do with free speech (that's the 1st Amendment). This is a
problem of illegal search and seizure (at least in the U.S.). Illegal search
is covered under the 4th Amendment.

~~~
sp527
That's no longer true. The Patriot Act enables government behavior that's
functionally equivalent to this incident in the U.K.

~~~
gknoy
As does the fact that we now consider "the border" to include anything within
100 miles of the border.

~~~
KGIII
You may wish to read the third paragraph on this site:

[https://en.m.wikipedia.org/wiki/Border_search_exception](https://en.m.wikipedia.org/wiki/Border_search_exception)

~~~
ceejayoz
So, I read that paragraph, and the section I think you're highlighting is
this:

> the Supreme Court has clearly and repeatedly confirmed that the border
> search exception applies only at international borders and their functional
> equivalent (such as international airports)

but that line cites [https://en.wikipedia.org/wiki/United_States_v._Martinez-
Fuer...](https://en.wikipedia.org/wiki/United_States_v._Martinez-Fuerte),
which is weird because it says the _opposite_.

~~~
KGIII
That was at a permanent checkpoint. That would be a functional equivalent, in
the eyes of the court - or so I understand.

For example, I live on the border - pretty much. I'm just a short drive to
Canada. Border Patrol can't actually stop me and search my car, search my
house, or anything like that - unless I'm going through the border.

If I'm not going through the border, they need a warrant. There are no
checkpoints other than at the border, but those would be functionally
equivalent (in the eyes of the court). I believe temporary checkpoints also
count as functional equivalents but that's a guess - I'm not sure if that's
been tested in court yet.

Other than those checkpoints and the border, you retain your rights as you
would elsewhere. Or so precedent and SCOTUS say - except I speculate that they
include temporary checkpoints along with permanent checkpoints.

~~~
shkkmo
> Border Patrol can't actually stop me and search my car, search my house, or
> anything like that - unless I'm going through the border.

The ACLU disagrees and says all the CPB needs is probable cause.

>8 U.S.C. § 1357(a)(3) addresses CBP officials’authority to stop and conduct
searches on vessels, trains, aircraft, or other vehicles anywhere within “a
reasonable distance from any external boundary of the United States.” Without
further statutory guidance, regulations alone expansively define this
“reasonable distance” as 100 air miles from any external boundary of the U.S.,
including coastal boundaries, unless an agency official sets a shorter
distance.1CBP agentscan also even enter private property without a warrant
(excepting dwellings) within 25 miles of any border. In this 100-mile zone,
CBP has claimed certain extra-constitutional powers. For instance, Border
Patrol claims the authority tooperate immigration checkpoints. Agents,
nevertheless, cannot pull anyone over without "reasonable suspicion" of an
immigration violation or crime (more than just a "hunch"). Similarly, courts
have determined that outside of Ports of Entry Border Patrol cannot search
vehicles in the 100-mile zone without a warrant or "probable cause" (a
reasonable belief, based on the circumstances, that an immigration violation
or crime has occurred). In practice, Border Patrol agents routinely ignore or
misunderstand the limits of their legal authority, violating the
constitutional rights of innocent people. Although the 100-mile border zone is
not literally "Constitution-free," CBP frequently acts like it is.

[https://www.aclu.org/other/aclu-factsheet-customs-and-
border...](https://www.aclu.org/other/aclu-factsheet-customs-and-border-
protections-100-mile-zone)

------
jpster
I found this article to be a bit more informative than the one submitted here.

[https://theintercept.com/2017/09/23/police-schedule-7-uk-
rab...](https://theintercept.com/2017/09/23/police-schedule-7-uk-rabbani-gchq-
passwords/)

------
andyjohnson0
> Met Police Counter Terrorism Command officers stopped Muhammad Rabbani, 36
> (03.03.81) from east London at Heathrow Airport

Giving his age kind of adds context, but I don't understand the reason for
publishing his date of birth. Odd.

~~~
lozenge
Perhaps so that somebody with the same name and age can prove it isn't him?

------
dsr_
“The Met has retained Rabbani’s phone and laptop and is continuing its efforts
to examine the contents.”

I'm guessing that means that it's encrypted and, since he still hasn't given
them the password, they are stuck.

The fine, the cost of a laptop and phone... altogether, I can't see this
stopping terrorists, just making people's lives worse.

~~~
komali2
As always when this comes up, I wonder about the legality or "legality" of a
remote wipe. I have the option using cerberus, and if I did so I'd have a hard
time imagining how someone could prove I did it.

~~~
ue_
How would you trigger a remote wipe?

~~~
amiga-workbench
Dead man switch

~~~
rtkwe
That's unlikely to work. Police forensics usually work with a drive image
instead of with the device itself as much as possible to avoid damaging
evidence either through allowing active measures like a dead mans switch or
mishandling by investigators.

Beyond that simply removing the dive and putting it in another computer would
bypass any switch except one in the drive firmware itself. Are there any
software out there designed to do that?

~~~
amiga-workbench
What do they do with devices that have soldered in storage?

Hilariously enough, an Intel Management Engine-esque system could come in
handy here for nuking data.

~~~
rtkwe
Not sure. Last time I read about these things soldered in storage wasn't
really a thing. For some things where it's still largely a separate board they
could probably just desolder it and attach it to another device via pogo pins
or something. For monolithic boards you could attach wires directly to the
chip given enough resources.

IME could maybe be useful for this but it's hard to prevent the take the drive
out and attach it to another machine without having firmware or a ME-like chip
on the drive to make it wipe if it's connected to a different machine.

~~~
subroutine
Doesnt every new Macbook Pro have a soldered-in SSD?

~~~
rtkwe
Yes though in this [0] teardown there's a comment at the bottom that makes it
sound like there's an easy connector where the SSD CPU connection can be
accessed which would probably allow non-destructive imaging without involving
the CPU so no userland software could protect against imaging.

> The funny connector to nowhere is the connector to tap into the SSD. When
> the Apple connector is mounted (as supplied) it connects the CPU to the SSD.
> When removed the signals for the SSD can be accessed.

[0]
[https://www.ifixit.com/Teardown/MacBook+Pro+13-Inch+Touch+Ba...](https://www.ifixit.com/Teardown/MacBook+Pro+13-Inch+Touch+Bar+2017+Teardown/92171)

------
akvadrako
This paragraph really gives me a better idea what we are facing:

 _PC Tariq Chowdhury, the officer who stopped him, said that he had never come
across anyone refusing to give the passwords. Some people resisted initially
but eventually complied with the order, he added._

~~~
subroutine
terrorist /ˈterərəst’/ noun

A person who doesnt willfully provide passwords for their electronic devices.

/s

------
bsimpson
I find this wording especially creepy, given the source is police PR:

> argued incorrectly that this gave him the privilege of not sharing
> information with police

~~~
komali2
Yea I did a double take on the URL after seeing that. So it is a police PR
site or what's the story?

~~~
marceldegraaf
It's the police's own news site. So yeah, the contents are coloured at best
:-)

------
raintrees
An individual's free speech and privacy rights are very dangerous to governing
bodies. Hence, they require significant effort to protect.

~~~
onli
And that's also why authoritarian regimes always undermine them. Anti-terror
laws such as that are an attack on human rights and our freedom. A justice
system enforcing them is not acting in accordance with what is good and what
is right. The law itself in unlawful, and if the system were healthy it would
resist. It is not.

~~~
pmoriarty
Do you think the censorship of Mein Kampf, the anti-hate speech laws, and the
illegality of Holocaust denial in some parts of Europe have authoritarian
motives?

~~~
KGIII
Yes, it is authoritarian but it is authoritarianism that some people have
justified and like.

~~~
zo1
"Some" being the key-word there. I wonder how it'll go if it were put down to
a referendum on that one, singular issue. Without politics, parties, and
candidates to muddy the water.

~~~
KGIII
A recent poll had 40% of "millenniums" that didn't think that the 1st
Amendment covered "hate speech."

Though, I'm not really sure you can remove politics from the question and I
doubt candidates and parties would not be involved, even if they have to force
their way into the issue.

------
TillE
Seems increasingly clear that you should never cross a border carrying
sensitive data. Encrypt and transfer it separately.

~~~
ChuckMcM
Actually it makes having a Chromebook and two Google accounts seem more and
more realistic. Now with Google's cooperation you could have a 'duress'
password, and log into your account for them and have Google supply an
alternate reality.

~~~
jacquesm
I would not bet against the fact that those two accounts are linked being
known to border patrol / law enforcement.

~~~
ChuckMcM
Probably, it comes down in the US case to probable cause. Random border
searches are probably not going to pick you up by your ID, and having a cover
would not be detected. If they were specifically targeting your identity then
they might dig deeper. If Google (for instance) would not disclose your
'other' account without a court order, then they wouldn't have access to that
information unless they previously got the order.

There is another twist here in that there isn't a precedent for them to ask
for access to your network presence, they can ask you to 'unlock' hardware in
their possession but it does them no good when there is nothing on it.

So it pushes them back to having to do things more traditionally (with a
warrant).

In general it saddens me that we've come to this.

~~~
jacquesm
> In general it saddens me that we've come to this.

No kidding. It's a pretty sad state of affairs all around. The reason I
mentioned this is that _if_ the border patrol / the police / the feds / some
random official are already aware of your linked accounts and you lie about it
that you are in much hotter water than before.

~~~
ChuckMcM
True, but it isn't a 'lie' to type in a password and unlock a device, if the
device is completely unlocked. But on such technicalities interesting case law
can be built.

~~~
jacquesm
If there is one thing I could influence it would be never to be the subject of
interesting new case law. Life is pretty short.

------
mtgx
They used the same "counter-terrorism" law to confiscate David Miranda's
laptop and other possessions, as well as detain him for 9 hours.

[https://www.theguardian.com/world/2013/aug/19/david-
miranda-...](https://www.theguardian.com/world/2013/aug/19/david-miranda-
interview-detention-heathrow)

It's a shame UK doesn't have a real constitution. It would probably help
prevent some of this bullshit. Maybe it's time the British people start asking
for one.

~~~
r00fus
The US constitution doesn't seem to be preventing almost every modern
administration and congress from ignoring it.

What protects the constitution from those sworn from upholding it?

~~~
gruez
nothing, but at least you can try to fight it in court

~~~
r00fus
Right now, one political party has majority over all three branches of
government (including both houses of congress).

About the only reason changes aren't being made into law quicker is that this
party in control is pushing some very polarizing/unpopular legislation/edicts.

------
KirinDave
Increasingly "real" security not only requires that data be encrypted in a way
that frustrates those with greater resources, but does so while maintaining
the _appearance_ of compliance.

People have known this for awhile, but it seems like actual products
suggesting security have been slow to adopt it.

~~~
genieyclo
Any good examples of products that do this? TrueCrypt?

~~~
KirinDave
TrueCrypt is long dead and uh, like may never have actually done what it said
it did and was probably stolen technology to begin with.

Let's not mention it again.

~~~
mlnj
Veracrypt continues TrueCrypt lineage and goes ahead to improve on it. It was
audited last year and also published the results to the public. Unless we
start believing it's all a big conspiracy, I would say that's pretty good.

------
orbitingpluto
I don't know why anyone would cross a border with electronics of any sort in
this day and age.

But not having electronics is also grounds for suspicion.

------
rtkwe
So it's a 12 month probation, not sure exactly what conditional discharge
means in the UK but it sounds a lot like probation from a quick search, and a
fine for what seems to amount to a contempt of court charge? Not sure why this
is particularly remarkable.

