

Withold password, go to jail - pmikal
http://www.theregister.co.uk/2009/08/11/ripa_iii_figures/

======
snprbob86
Should have used deniable encryption...

<http://en.wikipedia.org/wiki/Deniable_encryption>

~~~
pbhjpbhj
Which will work so long as you've used a perfect system that can't be shown to
have encrypted data by the boffins of GCHQ. Not a gamble I'd take. Remember if
you've claimed there is no encrypted data and so refused to provide a key
they'll only need to show that there is encrypted data and possibly that you
own that computer (but if you've made the aforesaid denial I don't think
they'd even need to do that, logically) - perhaps on seizing the computer an
officer caught information displayed on screen on their video camera (used to
record during raids) before you hit the power switch. Perhaps there's a
snippet of something that can be extracted from a volatile memory buffer?

I don't fancy your chances. So you may as well not bother planning any terror
attacks, kthnxbye

------
tptacek
Does this surprise anyone? If you're served a warrant, you have to unlock your
doors or open your safe, too.

~~~
rdtsc
What if you forgot your password. O have a file catted from /dev/random that
looks like a it could be TrueCrypt partition, good luck trying to convince
them it is not an encrypted file. They'll just say "yeah, yeah" and you go to
jail for 5 years.

~~~
jrockway
For what crime?

Despite what you might hear from Fox News, you do actually have the right to a
fair trial.

So far the case law (in the US) with respect to crypto is unclear. The only
case involved someone showing the government child porn on their computer, and
only later not providing the key. As far as I know, having an encrypted
partition has never gotten anyone in any trouble, even if accused of a crime.

~~~
pbhjpbhj
The crime of not reading the flipping article?

Under UK anti-terror measures in a case of national security failure to
provide means to unlock encrypted files carries a 5 year prison sentence.

Those of the 15 cases (since the legislation passed in 2007) that have not
been terror related have concerned child abuse (probably pornography) or
domestic abuse (I'm thinking that possibly means "honour killings", but that's
speculation).

Personally I have no problems with coercing people to reveal details of the
children they've abused, family members they've had killed, or of their plans
to blow up my fellow countrymen.

<sarcasm>But I can see how, if it's just your porn collection that you're
hiding from your wife, that when you get collared for terrorism that having
some mathematician at GCHQ know you've got a rubber fetish is really going to
ruin your day.

------
rgrieselhuber
I've always assumed that there was a backdoor into all of the major Crypto
algorithms anyways...

~~~
sho
Nah, not on the public, peer-reviewed algorithms. Any breaks are likely to be
with implementation details of the program.

Truecrypt et al are open source, and are considered pretty good if set up by
someone who knows what they're doing.

There is of course the possibility that The Man puts considerable effort into
finding and/or encouraging subtle holes in common encryption products; even if
so, though, they would sit on that asset and only use it when seriously
important. Ie, military/national security level use, not cops. When you spend
millions developing a tiny, secret advantage you do not fritter it away so PC
Plod and Sgt Sad Sack can power trip on getting into some pleb's porn folder,
after which the hole used is discovered and patched the next day.

update: oh he was downvoted? That's harsh, it's not like there hasn't been any
precedent for such things. Search for Crypto AG. And encryption systems as
used by programs like Skype are absolutely not to be trusted; you can assume
they are backdoored wide enough to drive 10 unmarked white vans and a black
helicopter through.

~~~
pbhjpbhj
The 5 year sentence in the article is for failure to reveal keys in cases
concerning national security, ie terrorism.

------
simanyay
As far as I understand, this law was created to get very important information
from really serious criminals. But if a person has materials that may get him
into more serious troubles than 5 years jail-time it is in their interest not
to provide encryption keys.

Or do I miss something?

~~~
weavejester
Presumably they'd rather put them away for 5 years than let them go free.

------
praptak
What if I keep a thoroughly smashed memory stick in my drawer (just in case)
and testify that:

1\. My disk is encrypted with a key stored on the stick.

2\. I smashed the stick a week ago (felt paranoid, whatever).

A sort of poor man's deniable encryption.

~~~
eru
Better go with a CD-R, they are far easier to damage than memory sticks.

~~~
pbhjpbhj
You'd have had to have melted or burnt the CD, IMO. And be ready to be held
for purjory (sp?) when the brightest and best computing and mathematical minds
of the UK show that you accessed the data that day (or whatever). Or the less
bright observations of the stakeout team show you're lying.

Best option: Don't abuse children, commit domestic abuse, or plan terrorist
actions - then this law won't be applied.

------
321abc
I've been using computers since the 1980's, and have had dozens and dozens of
passwords. I honestly don't remember the vast majority of passwords I've used
in the past.

Many of the passwords I currently use have been randomly generated and are
stored in a password storage app, the database in which these passwords are
stored could be easily lost, damaged beyond recovery, or to which I could
forget the master password.

So, if legally required to produce a password for some reason, I could quite
conceivably go to jail even if I were willing to provide the password, but
just couldn't remember what it was (or if it was one of the randomly generated
passwords that I'd never memorized in the first place but no longer had access
to for some reason).

~~~
chris11
Yeah, I don't remember all of my passwords either. And I usually have the most
trouble remembering my most important passwords, since the number of times I
use a password is pretty much inversely correlated to the importance of the
data it protects. So the idea that I could be jailed for not admitting
something that I no longer had knowledge of is somewhat scary.

~~~
pbhjpbhj
How about the password for what ever is currently the most important thing in
your life? Or not even most important, do you remember your cash-card PIN?

Terrorists planning the London bombings, for example, are unlikely to have
forgotten their password. They've memorised the whole Koran (on the whole)
remembering the access code to the details of the single most important
defining action in their entire lives is unlikely.

Still possible, but I don't think your story is relevant.

~~~
321abc
Don't worry, citizen. It's only those Koran-memorizing terrorists who have
something to fear. You are quite safe. Go back to sleep.

~~~
pbhjpbhj
My comment was in response to someone saying that they had lots of old
passwords they'd forgotten - the point was that this law is not being used to
get access to your old ASCII porn collection on your 386 in the closet.

The mention of the Koran was saying that one of the disciplines muslims strive
for is reciting the whole Koran, quite a feat of memory IMO. A well motivated
person, who has probably mastered this memory task is unlikely, I contend, to
forget an encryption key (password) that is part of what will be the defining
moment of their life.

Personally I fancy my chances of being hit by a meteorite as higher than those
of being obliged to hand over my passwords under this law.

