Careless talk costs wives
|
|
|
UK coppers empowered to demand your encryption keys
FROM today it is a crime to refuse to decrypt data for coppers investigating a crime.
Under part three, Section 49 of the Regulation of Investigatory Powers Act (RIPA) if Inspector Knacker of the Yard knocks on your door and wants to have a snuffle on your hard drive and finds a blob of encrypted code he can make you decode it.
If you refuse, and the copper is investigating acts of terrorism, you could be eating five years of porridge at her Majesty's Pleasure. If it just happens to be an ordinary crime that the copper is investigating you could be up for two years jailtime.
There are a few loopholes. The data must be stored on a UK server or a Johnny Foreigner server which happens to be in the country, perhaps soaking up a bit of sun.
If foreign data is passing down down the Interent, the coppers are not allowed to intercept it.
The main problem is not that the law forces people to decrypt stuff, but rather the coppers have the right to demand encryption keys if their investigation requires it. This could really put the wind up all the financial institutions.
International bankers would be unlikely to want to bring master keys to Blighty if they could be seized as part of legitimate police operations. One bent copper means they could lose shedloads of cash.
The Home Office claims that not only will the law help catch terrorists and criminals so hard they can bounce bullets off their chests, it will also help catch pedophiles.
However if you are a pedophile and you have shedloads of encrypted nastiness on your hard drive it would be better to do two years in chokey and be done under a computer crime rather than a sex offence. µ
Share this:
Share
I didn't know that soap dodgers had computers. Aren't peaceful-ish protestors the ones who these laws are aimed at?

Maybe they could flog those OLPC laptops to the Green Party.

The Green Party, I bet that's a wild night, round the camp fire, singing kum bye ya, using 2nd hand toilet paper....
What does this mean for users of encryption software which allows for nested encrypted partitions with multiple keys? 

Under this new law, does plausible deniability become probable culpability?
All this will do is hurt the honest law-abiding people that just want privacy, and the real criminals will get around this with TrueCrypt hidden volumes. I predict that this is going to catch exactly zero terrorists.
in all seriousness, you will only be investigated if you have done something to provoke it.

if you are not a peado or a terrorist then why would you not give them they key anyway...?

there is privay and then there is being a total fool. if the police knocked on your door and said you were involved in a murder and you know full well you didnt do it, you would let them search your house just to get you out of the equiry so why is this any different?
Jesus, why can nobody spell PAEDOPHILE? And on the matter of incorrent spelling, stop the yanks messing up elemental chemical names like sulphur...NOW!
What happens if the enryption key is protecting the colonels secret recipe? I wonder if this news will ever make it in to mainstream media in the UK, the use of foreign data storage would go nuts for those with something to hide.
One way around TrueCrypt - the idea of plausible deniability is great unless ... a smart copper takes the file you have opened up and proceeds to fill it up until it won't take any more files. If it says it's full after he puts 5 gigs in it and the computer says the files is 100 gigs in size ... well, there's certainly SOMETHING in there eh ! 

And what if you genuinely can't decode it?

I've got dozen's of old drives I have been given for disposal/reuse. I wouldn't be at all shocked if some of them had encrypted data on them. I know for sure that some of them are from linux systems I don't even have a user log on for, let alone root.

Does seem a bit daft having a new law for this. After all, isn't there already one about withholding evidence, obstructing the law etc? Surely one of those covers the situation perfectly.
"However if you are a pedophile and you have shedloads of encrypted nastiness on your hard drive it would be better to do two years in chokey and be done under a computer crime rather than a sex offence."

You don't know the Prison Population very well, Nick?
So a decade has gone by and "new" journos keep turning up the same stuff. 

FFS - this isn't news of ANY sort! If you haven't worked out your "plausible deniabililty" solution then what the hell have you been doing for the last ten years?

I can only assume that you've been hoping it'd all go away? Well it didn't and guess what? There are so many ways around this legislation (without invoking ECHR which WILL work) its amazing. Ten years and it's still a complete bag of shit - if that doesn't scare the hell out of the average (clueless) subject then it should.

RE banks and master keys - do grow up. Just one request for something like that and bye-bye tax revenues from the city plus non-exec directorships etc etc. ie NEVER EVER GOING TO HAPPEN!
Couldn't be easier now, could it? Stick a massively encrypted file on someone's machine, then get PC Plod to investigate them. When asked to decrypt the file they will say they can't because they don't know anything about it. PC Plod will laugh and say everyone says that, off you go to chokey. 

Frankly, the plods could just do it themselves, if they want to up their arrest figures.
Use Truecrypt. 

Allows for a day-to-day password and a duress password. If forced to open the encrypted volume you use your duress password. This opens and displays a set of "innocent" files. Your naughty files are kept hidden and encrypted. PC Plod can't tell which password you've used.

Yet another law to help protect me against terrorism. The only way these laws protect me against terrorists is if the government print them on a 6 ft by 4ft piece of kevlar.
TrueCrypt's hidden volumes make this law pointless. TrueCrypt can hide an encrypted volume within an outer encrypted volume in such a way that it is impossible to prove if or not the hidden volume exists.

It will be hard enough to prove that someone the key used to encrypt some data, let alone proving that someone knows the key used to encrypt data that you cannot prove exists.

http://www.truecrypt.org/hiddenvolume.php