Hacker News new | comments | show | ask | jobs | submit login
Man jailed in UK for refusing to give police USB stick password (bbc.co.uk)
73 points by wrboyce 1260 days ago | hide | past | web | 108 comments | favorite

It looks like he refused to reveal the password because he knew it would have incriminated him for something unrelated to the original case. Once they got wind of his other activities, he realised the gig was up and disclosed the password.

From a legal perspective, this is a troubling side-effect of a poorly-crafted law. His lawyer should have had the power to negotiate immunity from prosecution for unrelated charges that might have spurred from disclosure during the original process.

That's the least troubling side of this law. The most troubling thing is that you can now be thrown in prison on no more evidence than the presence of a blob of random data on your computer that the police can just claim is encrypted data that you're refusing to give up.

How is that more troubling than:

"you can now be thrown in prison on no more evidence than the presence of a few pieces of paper in a filing cabinet that the police can just claim is evidence that you're refusing to give up"


Because with a pendrive you can't even prove that the paper is there. It could literally be random data, and the police could be insisting that you give them a password.

If you did a full wipe of a pendrive with random data,and didn't create a filesystem, you would now have a device that could be used to incriminate you, even thought it really, really isn't encrypted. But you can't prove that.

So I guess that if I were to use your analogy, the police would look through your cabinet, find a few pieces of paper,and then demand that you tell them how to read that invisible ink that you used on the paper. What ink? - you might ask. But it's irrelevant, you can still go to jail for not telling, even though there really is no ink.

Has anything ever actually gone to jail for refusing to decrypt data that wasn't actually real data?

This is why we have judges. In order for a warrant to be issued and enforced there has to be evidence that there is something there to search for.

Planting evidence is a practice as old as law enforcement though...

You don't need the random blob to get in trouble.

Please, they can just ask for the algorithm and passord for all that data you inserted in your photos through stenography.

How interesting that they report an irrelevant hyper-detail (the password itself) but not the specifics of what "sophisticated encryption technology" that "GCHQ ... were unable to crack."

Also interesting that a password based on word-and-number games, an approach that has been criticized lately as vulnerable to new attacks using common password fragments, seems to have flummoxed the pros in this case anyway.

Here's one point that I think should be referenced more prominently, maybe in the headline somehow:

Police accessed the memory stick [as part of a counter-terrorism operation] and found it contained ... nothing relating to terrorism or national security.

That is: We convicted this guy of a crime for obstructing a terror investigation, even though he wasn't actually doing that. We used our special emergency terrorism powers to push someone around and make demands that were potentially impossible, but it turned out to be just another false alarm. Of course, the guy we pushed around is a certified scumbag and he doesn't look like the sort of white-bread upstanding citizen that most readers of the article imagine themselves to be, so we can count on you to not get too worked up about the whole thing.

> Also interesting that a password based on word-and-number games, an approach that has been criticized lately as vulnerable to new attacks using common password fragments, seems to have flummoxed the pros in this case anyway.

If you're talking about the Ars Technica article that showed that crackers are using common passages from books and movies, it's worth nothing that it's not some kind of issue with passphrases, just the construction of them.

It is not a bad thing to use a passphrase (the Ars article implied that by saying "your long password isn't safe either," or something to that effect.) It is a bad thing to use a passphrase that is not randomly constructed. It's just the same for passwords, and, indeed, cryptographic keys.

It's a numbers game. If it's not random, there's a pattern/bias. If there's a bias, an attacker can exploit that. If there's no bias--i.e. the words of a passphrase were truly randomly selected--then there is no method to crack it more effective than brute force.

This was not a special emergency power, this is simply a case of failing to comply with a court order the same as refusing to comply with a search warrant.

There is long-established precedent for compelling the provision of testimony and/or physical evidence within our legal system. Do people seriously think that USB sticks have some special privilege?

True, but in this case the prosecution didn't know whether or not the drive contained anything relevant to the terrorism case.

It does not matter. It's the same as refusing to allow police to search your home when they have a warrant. You can be held in contempt and be throw in jail for it. This is not different, it's been the law for a very long time.

You don't have to testify against yourself. Giving away password is exactly this.

If the information was in his head and not on a thumb drive then yes, but it was on a piece of physical evidence, therefore the password is the same as a key to a storage locker or the combo of a safe. Refusal to provide either will result in a charge of contempt, exactly what happened in this case.

Nope. This is my knowledge and my words. You can have any number of "metaphor" you want, but direct, literally, word by word, meaning of legislature trumps all metaphors.

Information - the password, is in his head.

This was in the UK. They don't have Miranda warnings or protection against self-incrimination.

Most of the democracies in the world have those same rights. But not the warnings, that's a US idea, and they universal, not conditional on a cop giving them to you.

The UK legal system can be characteristically illiberal in many ways. This is one of them, yes.

In what country can an accused not be compelled to furnish physical evidence?

In the US you have the right not to answer questions (yes, occasionally you don't, but in most cases you do). The police is free to take possession of everything you have, sure, but you can't be forced to answer questions about it, at least in principle. I believe this applies to other legal systems. No such luck in the UK, and not just about passwords.

In the U.S. you can, under the threat of contempt of court, be forced to hand over keys to storage lockers, access to financial accounts, and things of that nature. Passwords are an unsettled issue in the U.S. On one hand, it's like furnishing the keys to a lockbox, which the police can compel you to do. On the other hand, it arguably involves testimonial actions, which the police cannot compel you to do.

Yes, but (afaik & ianal) this sort of compelling power refers to stuff that authorities already know you have, and there are clear limits to what can be asked for which type of investigation. An encrypted drive could contain documents of completely unrelated nature, but this is not contemplated by this UK law: it's all or nothing. This is what tripped this particular case here, and tbh I think it also wasted time for anti-terrorism authorities, who spent weeks trying to crack a useless USB stick. Had the defendant got a chance to negotiate immunity for unrelated charges arisen by disclosure, he'd have fessed up straight away and saved everyone some precious time.

I'd be interested in someone knowledgable writing a comparison of the UK & US systems.

For example, do judges need to issue the paper work or can a senior police officer do it?

In the U.S., it would have to be a judge.

Judge still can order you to disclose password or put you in jail for contempt of court.

In Brazil the accused can't be compelled to aid prosecution. For decades drunk drivers walked away alleging they were "forced" to blow a breathalyzer, until specific legislation was passed a couple years ago. You still can't be forced to use a breathalyzer, but now you are presumed guilty.

Not that you are likely to get any jail-time if you kill someone while drunk-driving here...

What if he had really forgotten the password? There can not be any way of proving the opposite. Such laws should not exist.

Then he wouldn't have gotten this additional sentence. This sentence was added only after it was revealed that he was, in fact, able to produce the password. It's perhaps not written as well as it could be in the article, but if you read carefully, it's clear this sentence was not given when he claimed to forget, but later when he reveal the password after having claimed to forget.

I think its perfectly reasonable for someone to later remember a password. Its happened to me a lot. I realise they probably had some reasonable suspicion into him previously, but on the surface it reads like they are just throwing the book at him rather than legitimately investigating terrorists.

If he hadn't've already been convicted of being part of a terrorist cell planning on attacking the nation's infrastructure, I might've cared.

Given that he doesn't share my ideals, or indeed, much like anything i might be open to considering, he can go fuck himself, if you'll excuse my language.

There are two problems with that:

If someone is accused of terrorism (however flimsy the accusation), that's now enough to damn them in your eyes and strip them of their civil rights, that's quite dangerous and open to abuse.

You can now be jailed for withholding a password, without evidence that any crime was committed.

You must have missed this part of the story:

"He was already in jail for being part of a cell that considered attacking a Territorial Army base in the town."

or this part of the story:

"Hussain and three other men were jailed in 2012 after admitting discussing attacking the town's TA headquarters by placing a homemade bomb on to a remote controlled toy car."

Not exactly a flimsy accusation. They had ample reason to believe the USB stick may contain additional plans for other attacks. Without knowing if there were others involved, I'd say they were right justified in what they did.

In this case, I agree they are justified. Though if it really was a serious terrorist investigation, and they suspected plans for other attacks, I would hope that they could crack the password if they wanted to. My concern is the underlying precedent. What does it mean for me and you?

And it seems to mean that any password can now be presumed to be incriminating evidence. What happens if my company gets investigated for some financial fraud and they find a forgotten password protected usb stick in the back of a drawer. Now the prosecutors can threaten me with jail time unless I prove that I do not know the password to that usb stick. How can I begin to mount a defence to that? That presumption of guilty until proven innocent is whats wrong here.

With any investigation, I would hope there is a certain level of probable cause before authorities start threatening jail time.

You leave a lot of details out of your example. Such as, where you low level developer or a financial officer responsible for the company finances? If you were the latter, there would be ample suspicion to think a locked USB stick in your drawer would be useful evidence in the case. If you were a low level developer, probably not so much. You have to build context to determine if someone should be considered suspicious.

Don't equate the term "accused" with the term "convicted". They mean totally different things. We have no evidence that detritus has been convicted of any crime, so is not in the same situation as the subject of the article.

Obviously it isn't enough to say "I reckon he's a bad man, strip him of his rights", but once someone has been convicted, there are certain rights that they rightly lose (e.g. if they are given a custodial sentence, they no longer have liberty).

There may be arguments as to why this should be a right that even convicted criminals should retain, but that is a totally different argument to whether an accusation is sufficient to remove someone of their right to privacy.

We have no evidence that detritus has been convicted of any crime, so is not in the same situation as the subject of the article.

Under UK law (RIPA), I think he is. If he is accused of a crime, and the police want him to decode information, he has no recourse and will be sent to jail for not doing so.

Don't equate the term "accused" with the term "convicted". They mean totally different things.

What I was trying to get at was that the word terrorism has been used to scare people into judging others when in fact there is no solid proof - for example in the case of David Miranda, his rights were infringed on the basis of an accusation of association with terrorism. Sorry I didn't meant to imply that in this particular case the man was only accused, not convicted, though it was not an act of terror, only being involved (how involved?) in planning an attack.

There are degrees of evil when it comes to attacking other people, from association, through proven plans, through actually carrying out an attack (which is far worse). I think it's important to distinguish these degrees and not switch off all judgement when the word terrorism is mentioned, and I don't think that your rights should vary depending on which category of person you are - everyone should be equal under the law. The most evil criminal in our country should have the same rights as everyone else, because otherwise everyone's rights will gradually be eroded.

I don't think RIPA even requires an accusation. A complete innocent who is not under suspicion of anything can be served with a disclosure requirement if they hold the key to information that the authorities desire.

This is a sorry state of affairs, leaving us in a situation where all we can do is trust the judgement of those in power not to abuse it (not much hope there), and the judiciary to keep them in check if they try (only slightly more hope there).

I agree that there often seems to be a bit too much waving around of "terrorism" to justify government infringement of rights.

However, I still disagree with your assertion that the most evil criminal should have the same rights as the rest of us. This should certainly be true until conviction and once their conviction is spent, but as I mentioned before, a convicted criminal (in the case of a custodial sentence at least) quite rightly loses freedom of movement. Freedom of association is rightly withheld from prisoners released on licence. Convicted prisoners also lose the right to vote, which is arguable as to whether or not that is right.

There is clearly a list of rights that can rightly be withdrawn from convicts, so the question is which rights belong on that list and which ones don't? Bear in mind that poorly worded laws such as RIPA may come about because of a desire to keep that list as short as possible, constraining the rights of all of us, instead of just those who have, by their own conscious action, infringed on the rights of others.

Sure, I think we mostly agree and you're quite right on this point. Clearly someone convicted has to serve a sentence, which comes with various restrictions, but I don't think that should have bearing on any new trial, and I think their rights should not otherwise be curtailed in trials on other offences, otherwise you get something more like the three strikes laws in the states, where once convicted it is far more difficult to be redeemed.

I think RIPA came about more as a way to make the work of investigators of terrorism easier, and it was just badly written and too broad.

it has been an criminal offence to with hold a password (when the court has requested otherwise) since the Regulation of Investigatory Powers Act 2000.


note that forgetting the password is supposed to be a valid defence!

Here is the article from 2012 on the bomb attack plot: http://www.bbc.co.uk/news/uk-22200133 same guy, already jailed. Plotting an attack is a criminal offence, in most countries classified same as the actual crime.

He was convicted, not merely accused.

I tried to find where in the article it says anything that might back up "already been convicted of being part of a terrorist cell". The closest I found is where it says: "already in jail for being part of a cell that considered attacking a Territorial Army base in the town.". This sounds a bit like a thought crime to a laymen like me and the verbiage flags my weasel alarm. Also, could you clarify where you're getting the term "nation's infrastructure" because all I saw was: "discussing attacking the town's TA headquarters". If we accuse everyone who's pissed off at the town council / home association and starts talking about blowing them up of terrorism, then we'll need a much bigger prison system.

TA is the UK Territorial Army, approximately equivalent to the US Reserve Forces or National Guard.

The group were convicted of discussing the idea of driving a bomb under the base's gate attached to a remote controlled car [1]. They didn't actually do it. They also discussed obtaining weapons, but didn't do that either. They did arrange to attend terrorist training camps in Pakistan, but its not clear from the news reports whether they actually travelled there.

EDIT: According to [2] one of the group did go abroad for training.

[1] http://www.bbc.co.uk/news/uk-22178105

[2] http://www.theguardian.com/uk/2013/apr/18/four-jailed-toy-ca...

That sounds a bit disconcerting. I've discussed things like how to beat airport security, plant bombs to do the most damage, and in general ways to circumvent security measures. It's simply an intellectual curiosity, one even necessary to make things safe, and protect against those who think the same, but with intent of causing harm.

If the discussion alone is the damning part, with disregard to the intent... coupled with some prejudice, and add irrational fear.

Self censorship is what you get.

Media may have used the term "discussed" but they were convicted for plotting. By legal definition, in order to commit a crime there has to be a proved conscious intent and actions taken. Even grouping together is considered an action, I assume for 16 years they've dome more than that. There was also existing home made bomb.

Sorry this guy is a criminal and a murderer, his value to society is pretty low to considering he hasn't done anything of a value in his life, except moving to UK.

I suspect that in this case there was substantial indication of intent. There was clearly evidence of conspiracy.

Just to note, TA is the territorial army, a fully trained reserve branch of the military, so probably reasonable to count as part of the national infrastructure/defence.

I do agree that "considering attacking" does sound slightly weasely and like a thought-crime; hopefully they were seriously considering it.

Is it still terrorism if you attack the military, rather than civilians?

Yes, in most definitions or terrorism, the key part is (trying) to create terror to further your goals. It doesn't really matter whom you'd attack, be they civilians, structures, organisations, armed forces, or whatever. The difference between terrorists and freedom fighters and (national) armies becomes blurred fast, though.

"the key part is (trying) to create terror "

If people would just quit being afraid of this stuff, by definition, 'terror' wouldn't be created, would it?

Telling people the rapture will happen at 2:30pm tomorrow would in fact create terror in the minds/hearts of certain people. Are you a terrorist if you tell people that Jesus is coming back tomorrow afternoon?

Yes, terror is certainly in the eye of the beholder, although academic definitions are a bit more nuanced than those being used by the public.

The subtle difference is between using terror to reach a goal and using some action to reach a goal with a side effect that people experience terror. For example:

A group of hackers could hack into the bank accounts of the 1% to distribute their wealth among the other 99%. They don't have any intention to create terror and probably think that the 1% can easily take. Of course, the 1% will see it as an act of terror. And probably journalists, lobbyists, politicians will spin it and use it to create terror among the larger populace.

Another group of hackers is hacking into facebook accounts to make people's secrets public to try to get the public to care about privacy and not to put their trust blindly into social media. In this case, they would use terror consciously as a means to this end.

Ok so all wars are terrorism then? People getting shot or blown up or whatever is pretty terrifying IMO.

Seems to me like these guys were talking about guerrilla tactics against a military target. I don't think that's necessarily terrorism.

Yes and no. Getting shot is terrifying to you, but the other army isn't shooting to terrify you, but to incapacitate you and your colleagues to reach some (strategical) goal. The terror is just a happy side effect. On the other hand, armies could also use acts of terror to reach some goal. For example, instead of just taking soldiers prisoner of war, you could just cut off their heads and put them on a stake at the front. Or raping all the women in the occupied territory (although that could also be a way to 'lay claim to the land and people' by creating a generation of mixed bloods, I suppose. In that case, it wouldn't be an act of terror, although everyone on the receiving end would be plenty of terrified)

Regarding the planned attack on the TA base, he plead guilty to that: http://www.bbc.co.uk/news/uk-22156243

EDIT: Though as the defence counsel for one of the four pointed out, they remained free for another 7 months after the alleged plans, so it's questionable how likely they were to have been carried out.

TA = Army Reserves, not town council / home association!

The article might make it appear they jokingly talked/thought about a bomb, but others make it clear there plans were concrete. It mentions them going to "meet the brothers" at a training camp where duties would include "helping them making the bombs". I think it becomes a crime when it goes from curious learning to definitive plans. They weren't just thinking something socially unacceptable, they were planning to cause harm.

It sounds like they only charged him for this after he gave up the keys he was previously withholding. While I disagree with the power this law gives, its less extreme if its only used when they can prove the password was both covering up a crime and not forgotten. More of a deterrent, and slightly less of a thoughtcrime.

>> This sounds a bit like a thought crime to a laymen like me and the verbiage flags my weasel alarm.

Conspiracy is a crime, though. A guy can be charged for saying something like, "Let's plan out how we're going to kill my wife. You go buy a gun..." The police don't have to wait until the guy actually kills his wife before arresting him.

It sounds like some other people in the terrorism case pleaded guilt, and there are even details of the planned attack. Technically a thought crime, but the kind of thought crime you want to stop becoming a 'reality' crime.

There's a subtle problem.

When people you don't like are prosecuted for a thought crime, or something else you won't like good guys being prosecuted for, you don't care. Bad guys may go to hell no matter what!

When people you do like are prosecuted for technically the same thing, you might start caring, but it might be a bit late then.

A bad law is a bad law, no matter if a bad guy or a bad guy becomes its victim. The law seemingly does not care about your notion of 'good / bad guys'. It's not unlike a contagious disease hitting a bad guy. Not caring about this disease is a poor policy, even if you sincerely wish that bad guy to die. The virus is not going to discriminate.

When you protest about a bad law doing a bad thing to a bad guy, you're not doing it for the benefit of the bad guy (unless you're a saint). You're doing it for the benefit of good guys that risk to be hit with the same bad law.

You should care.

If you genuinely forget the password for any data you encrypt, you are now (by precedent) committing a jailable offence.

This may extend to holding random data. Since ideal encrypted data is indistinguishable from random: prove that you are not withholding the password. Good luck.

Well it's rather inevitable that the first times this happens, the state is going to choose unsympathetic targets.

I am still bothered that I can be sent to jail for being unable to supply a password, even though I don't know or care much about Syed Hussain.

Its not the first time that this law has been used in the UK

Agreed. The guy isn't a sympathetic figure, but this is a horrible policy nonetheless. This is one of those thought crimes to me.

I suspect the point here is more what if you had such a device and really couldn't remember the password. Most people would give slightly more of a fuck going to jail for 4 months for forgetting a password.

That said, if those GCHQ bums can't hack it, put the filesystem raw online and offer 50p and a jar of pickled onions to break it, we like a challenge.

We should always care about the breaches of freedoms we consider important, no matter who they are committed against or why.

The UK has had some really troubling miscarriages of justice related to terrorism. These were so bad they resulted in reform of the law and additional safeguards for suspects being questioned by police.

Police routinely misuse anti-terrorist laws to harass photographers, and this still happens despite the Met poloce issuing guidance to their officers about not harassing photographers.

People, especially terrorists, need due process of law.

Apt username given this display of judgement and hyperbole.

Please try to remember that the law is blind and is meant to both protect people who do and don't share your ideals. What if some day this law were used against somebody who shares your ideals, what then? Or are you also part of the, "if you've nothing to hide you've got nothing to fear" brigade?

that line is there just to convince you. Anyway the law either applies to everyone or no one, independently of other things other way they will find a way to convict you just to get what they want.

He chose his passwords well it seemed: $ur4ht4ub4h8 It's not entirely impossible to forget that is it? How are you tp prove you did in fact not forget it?

Given the password is relatively simple - remember this is supposed to be one of the premier encryption cracking organizations in the world, GCHQ, here - I think there is a distinct lack of skill (or absence) by GCHQ. He's perhaps being jailed for showing them up.

Alternatively (and more likely I suspect), these is some gamesmanship being played to get shiny new additional super-snooping laws passed because it's needed to cope with all this uncrackable terrorist encryption. See, here's the proof it exists ! [edit: sorry, this did not make it clear I'm suggesting it was cracked but found to be irrelevant to the terrorism case. I've expanded in a reply below.]

The UK already has laws making it an offence to have 'have information' 'which may be of use to anyone planning a terrorist offence'. This is so broadly defined that railway enthusiast pictures of trains could fall into it (and have been questioned under it - http://www.telegraph.co.uk/news/uknews/road-and-rail-transpo...)

The UK's unwritten constitution is not worth the paper it's written on. Unfortunately the US written one seems to be about as useful in protecting peoples rights these days as the UK one. (See previous HN stories of your choice)

GCHQ giving the password is problematic when the case goes to court.

GCHQ have considerable computing power. That probably has weird costings. Thus the cost of 48 hours to run this task is possibly costed at some huge amount that police forces cannot afford unless they know it is a significant target with a spectacular result.

Standard Operating Procedure is to say it was handed to the Metropolitan specialist computer crimes unit who cracked it. Someone turns up in court saying they are a Met officer from the unit and they worked really really hard. It's never been a problem.

Remember this was originally a terrorist case; there would have been plenty of resources made available - there always are for these.

A likely scenario is it was cracked and found to be irrelevant so the option of going for a political angle for more powers was much more preferable than letting some low-level frauster know his encryption had been cracked (and hence letting lots of people know the USB encryption was worthless and risking real terrorist cases where suspects used the same approach).

It's a 12 characters passowd, for most crypto algorithms, it's slightly bigger than what one can crack with his GPU in a sane amount of time. They didn't spend that much.

Perhaps GCHQ had cracked it, got any info they could (in this case, nothing terrorist related), and then returned it feigning they couldn't crack it. That's what I'd do.

It's more likely that they spent a couple of hours, figured it was not worthy of more time (hey, lots of crypto to crack, these days they scan the whole internet after all!) and returned it to Plod. There was enough proof to incriminate him already.

> 'have information' 'which may be of use to anyone planning a terrorist offence'

Just wow! Does that include engineering books?

In Australia, even if you have forgotten it, they'll just jail you for contempt anyway.

How are you tp prove you did in fact not forget it?

Under the Regulation of Investigatory Powers Act 2000[1] it doesn't matter whether you forgot a password or not. Failure to provide it is against the law.

This Act has proved highly controversial for a number of reasons. The potential for fitting someone up by claiming that they aren't disclosing a password that in reality they can't disclose was one of the civil liberties concerns expressed even before the Act was passed.

[1] https://en.wikipedia.org/wiki/Regulation_of_Investigatory_Po...

In my country(NOT UK) one is considered innocent unless proven guilty.

This seems reasonable to me.

It seems like there was a reasonable reason to suspect that the drive might contain actual information that was needed for a serious crime, and a proper procedure was followed to get a court order to get at it.

It's like searching your house. The police should not have the ability to simply decide they want to. But if you were already in prison for terrorist related crimes it hardly seems unreasonable to give them the right to do so.

This wasn't some random abuse.

In many ways this is actually good news: GCHQ couldn't crack the drive. As Snowden said, cryptography still works: trust the math. As long as you can bear the consequences (i.e. up to 2 years in jail if the Police thinks you're up to no good), you can safely save data that nobody else will ever read.

Can anyone shed any light if deniable encryption (http://en.wikipedia.org/wiki/Deniable_encryption) would have been useful here?

I doubt there are many UK lawyers specialising in this niche area of law stalking the HN forums right now. But you never know :)

I wonder if a big part of the reason for his jailing is that he actually did give them the password in the end - making it less likely that he had forgotten it, and that he was deliberately trying to pervert the course of justice.

Of course, it doesn't help that he did seem to have plenty to hide, and he wasn't in a great position anyway.

It really annoys me with articles like this when the chronology is unclear. If we was given 4 extra months after he gave them the password, then that's quite different than if he was given 4 extra months before.

This guy had been arrested as part of internal terrorism investigations, i.e. the stick was handled by GCHQ. I bet that they can spot a TrueCrypt or similar scheme in a heartbeat (if anything because it's been a refrain in most pseudo-security fora ever since this law was passed). So no, I don't think it would have helped. That sort of deniability is only good for lighter situations.

Most drives encrypted with TrueCrypt don't have a hidden volume, and there's no way of directly determining that a hidden volume exists.

If the normal encrypted volume looked particularly empty or unused, and the police knew the suspect used the drive regularly, they might be able to make a good case that a hidden drive must exist. But it's very dependent on the circumstances.

For all we know, it was.

It would be a bit crazy to use incriminating information as your innocuous message after going through all the trouble of using plausible deniability though?

Eh, depends on what you mean by "incriminating information".

In this case? Yes. A bit crazy.

But in general? If I was using a hidden volume for something "deep" I'd put stuff that was technically borderline illegal (or at least frowned upon / embarrassing) on the "visible" encrypted volume. ISOs of games I own with stripped DRM, (legitimate) ebook copies of adultish graphic novels, chat logs, that sort of thing. It would make it much more deniable that I had a hidden volume.

Nothing that could get me sent to jail for too long, and (probably) nothing that would ruin things long-term, but things that would be relatively embarrassing if they got out.

Actually that makes perfect sense. You couldn't very easily plausibly deny that you provided the correct decryption key if all they found was photos of kittens, right?

Better to let them find something, as opposed to detailed plans about your terrorists plans or confederates.

So now am I supposed to give my passwords for my encrypted bitcoin wallets, and all my banking access codes? And be happy and relaxed when the police tells me that they will not steal anything?

They already have access to your banking data, they won't need your codes. They would probably be entitled to asking for your wallet password, yes.

Of course they can steal your stuff; it happens with physical evidence (fairly routinely, in many areas - do you really think all that sequestered ganja gets destroyed?), so it can happen with digital stuff too. There are laws and rules about this, but no physical impediment afaik.

They would probably be entitled to asking for your wallet password, yes.

No, they shouldn't be entitled.

In America, wouldn't the 5th ammendant protect you in this case?

Not when you are associated with Terrorism. But in a way, yes. As long as you are not associated with terrorism, then you can not be compelled to testify against yourself. I am not a lawyer, but I do remember reading about a case where a judge said the defendant had to give up his password. So in this case, a deniable encryption scheme would probably suffice. Again, not a lawyer.

court still has right and can force you to reveal password

I wish the article would have stated what encryption he used for his data. Apparently not even GCHQ could crack (or so they say...).

This is horrible.

Except he eventually gave them the password, which means he didn't just 'innocently' forget his password. However, it looks like he was trying to cover up for fraud rather than terrorism, so maybe he decided that guilty fraudster was better than suspected terrorist.

It's not impossible that he truly did forget the password for a period of time, especially at the beginning while he was still under a great deal of stress.

Or the fraud was to provide funds for terrorism as has been the case in a number of UK terrorist trials. Other UK based terrorists (PIRA and the UDA) are known to engage in criminal activities to fund themselves.

He gave them the password after he had been jail 4 mounths for not remembering, if i got the article correct.

You did not. He was in jail because he admitted to planning a bomb attack. He was not charged for failing to provide the password until he later made it clear that he either lied when he said he forgot or remembered later and failed to comply at the point when he remembered.

So he was already sentenced for plotting an attack to kill innocent people: http://www.bbc.co.uk/news/uk-22200133 He was responsible for another home made bomb and he is now a convicted thief and fraudster. There was a suspicion another attack is planned, what's horrible about police taking precautions. That's why we have laws - to protect us, and sure in some situations people may be wrongly accused and detained if society's interest is above and suspicion or crime exists but blame criminals who commit the crimes not the law.

Can you say unibrow?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact