
In the UK, You Will Go to Jail Not Just for Encryption, but for Noise, Too - svenfaw
http://falkvinge.net/2012/07/12/in-the-uk-you-will-go-to-jail-not-just-for-encryption-but-for-astronomical-noise-too/
======
SEMW
> Yes, this is where the hairs rise on our arms: if you have a recorded file
> with radio noise from the local telescope that you use for generation of
> random numbers, and the police ask you to produce the decryption key to show
> them the three documents inside the encrypted container that your radio
> noise looks like, you will be sent to jail for up to five years for your
> inability to produce the imagined documents.

Alarmist and inaccurate. If you read the statute that Mr. Falkvinge links[0],
it turns out that if there's a serious question about whether you have the key
to some piece of supposedly encrypted data, the burden of proof is on the
prosecution to prove you do have the key to it (and therefore that it is
encrypted data) beyond reasonable doubt, just as you'd expect. s.53(3).

[0]
[http://www.legislation.gov.uk/ukpga/2000/23/section/53](http://www.legislation.gov.uk/ukpga/2000/23/section/53)

~~~
tynpeddler
What counts as proof? Will a jury understand what doesn't count as proof? If a
very official and nice looking prosecutor stands up and makes an argument that
is slightly too complicated for the average juror to understand, claiming that
Mr. Smith's "random" file is actually an encrypted information, is the Jury
going to believe him?

It is not uncommon for juries to accept flimsy and circumstantial arguments no
matter how hard the defense tries to explain that the Prosecutor is spewing
nonsense. The scenario the author lays out is not certain, but it is
plausible.

~~~
SEMW
> What counts as proof? Will a jury understand what doesn't count as proof?
> ... It is not uncommon for juries to accept flimsy and circumstantial
> arguments no matter how hard the defense tries to explain that the
> Prosecutor is spewing nonsense.

You're right, those are problems. But they're not problems with this law,
they're problems with jury-based criminal justice systems. And the system's
had 900 years to evolve solutions -- judges summing up, "No case to answer" /
directed verdicts, etc.

There's room for disagreement about how effective those solutions are. Point
is, as the main objection to this law, that complaint 'proves too much' \--
since essentially the same objections apply to all but the most trivial
criminal offences, the solution then becomes scrap juries and go for a
Germany-style professional/inquisitorial justice system. (And maybe we should,
I don't know).

(btw, this is very, very far from being the most complicated law or subject
matter that juries have to face, compared to e.g. complex fraud trials)

(To be clear, I think this is a terrible law! But just because I agree with
TFA's conclusions doesn't justify his fearmongering, IMO)

------
madamelic
Wait. So if I am suspected of being a terrorist or a pedophile, I can refuse
to give my encryption key, go away for 5 years then get out without charges?

How is this not a valid defense?

~~~
gambiting
The onus of providing evidence is,and always should be, on the accuser - so if
the police is suspecting you of being a terrorist/pedophile, they should
produce evidence that you are. In ideal world, you should be able to refuse to
hand over your encryption key and go home without any charges, not a stupid 5
year sentence for not giving out a key to data which might/might not be
encrypted.

It's not a valid defense, because usually, if the police is investigating you,
they probably already have some evidence on you. Finding out some random data
on your drive usually comes later.

~~~
hughw
I haven't read the statute, but I got the impression from the link that the
law reads like the laws in the US compelling you to give a breath or blood
test when suspected of DUI. If you refuse, you receive punishment whether or
not you were actually guilty.

------
trizic
"Looks like we found some encrypted data at /dev/urandom, hand over the keys!"

~~~
elcct
"Just let me drill through my skull, sir"

------
hughw
Why should encryption even matter? The principle is, you may not keep any
secrets. If the government suspect you know the time and place of a planned
terror bombing, then logically, they should argue you be punished if you don't
tell them some plans, even if they don't claim you ever committed encrypted
plans to paper or bits.

------
lordnacho
So, how do you know if something is encrypted or just random?

You could imagine someone being thrown in jail for not being able to decrypt a
random block of characters.

------
Cozumel
2012\. Still very relevant though.

~~~
Namrog84
I wonder what has come of this though?

~~~
confounded
The process has a few stages. NTAC (GCHQ) approves the issue of a Section 49
Notice ( _" decrypt or jail"_); a Section 49 Notice is issued; and it's then
either complied with or not.

Eight Section 49 Notices had been issued up to April 2008. Since then the rate
has increased steadily; 37 were issued in 2014/15 (latest year of data).

Eighty-eight were approved to be issued.

[https://wiki.openrightsgroup.org/wiki/Regulation_of_Investig...](https://wiki.openrightsgroup.org/wiki/Regulation_of_Investigatory_Powers_Act_2000/Part_III#Cases)

------
harry8
This is the assange/guardian/greenwald law.

So they can jail journalists as terrorists and hunt their sources.

~~~
pmyteh
This significantly pre-dates the Assange/Guardian/Greenwald stuff. The purpose
of the law was to stop being able to get off child pornography and terrorism
charges by refusing to provide an encryption key.

Now, I think the law is misguided in principle and potentially malicious in
practice, but it was never about prosecuting journalists.

------
jlebrech
so what if there was a encryption method that had two keys, one to decrypt
innocuous data and the second to decrypt sensitive data?

~~~
grkvlt
This is exactly what TrueCrypt does, with its 'hidden' [1] volumes!

    
    
        1. http://forensicswiki.org/wiki/TrueCrypt#Hidden_volumes

~~~
XaYdEk
Call it VeraCrypt, because TrueCrypt is dead now.

------
jackjeff
Write your key into 2 pieces of paper. Mark one as part 1 out of 2, the other
as part 2 of 2. Make you write something like "please note that if I am not
served with the appropriate RIPA key disclosure when this equipment is seized
I will destroy the other part of the key and this piece of paper proves beyond
reasonable doubt that I am not in possession of said key"

Keep one piece with you at all times and be ready to destroy it. Write a post
on Hacker News explaining what you would do.

Now you don't go to jail. And you can live like Jason Bourne.

PS. Or move to a real democratic country... ?

~~~
gpderetta
Can you then be incriminated for destruction of evidence?

~~~
Grangar
I don't suppose, if you're not aware of any investigation against you. Besides
that you don't have to testify against yourself (in a functioning democracy
that is)

Edit: obligatory IANAL :)

