×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

645 comments

solution (4, Informative)

User 956 (568564) | more than 6 years ago | (#21359889)

The Regulation of Investigatory Powers Act (RIPA) is being used for the first time to force an animal activist to reveal encryption keys for encrypted files she claims to have no knowledge of.

That's why you use an encrypted file system with a duress key. In the event of coercion, you give them a key that *oops* results in the destruction of the data.

Re:solution (5, Informative)

PhrostyMcByte (589271) | more than 6 years ago | (#21359953)

any forensic team with an ounce of competence will copy the original HDD and work off the copy, so that just won't work.

Re:solution (5, Funny)

Anonymous Coward | more than 6 years ago | (#21360005)

that is, of course, assuming that the police forensics team has an ounce of competence.

Re:solution (2, Interesting)

Soporific (595477) | more than 6 years ago | (#21360017)

Is there any way the key would simply just give different data and not destroy it? I realize the file size might not add up, but look at OJ.

~S

Re:solution (3, Informative)

Anonymous Coward | more than 6 years ago | (#21360051)

Yep, I'm pretty sure TrueCrypt (the only program I'm familiar with) does this.

Just dump some plausibly-incriminating stuff on it (e.g. kinky porn, ABBA songs) and they'll never realise there was anything else there to look for.

TrueCrypt is the best for Windows and Linux. (5, Informative)

Futurepower(R) (558542) | more than 6 years ago | (#21360389)

TrueCrypt [truecrypt.org] allows hidden volumes [truecrypt.org], indistinguishable from one volume. The file size is constant.

TrueCrypt works very, very well. I use it with just one volume to protect passwords and other files.

When you don't want to encrypt a volume, but just a file, Gnu Privacy Guard [gnupg.org] is best.

Re:solution (0, Redundant)

Mountaineer1024 (1024367) | more than 6 years ago | (#21359955)

If I was a cop investigating such a situation, the very first thing I would do would be to backup the entire contents of the drive onto an identical drive (if obtainable).
Byte by byte copy with dd should sort that out soon enough.
Then little accidents like this couldn't happen.
There would be other advantages to a duplicate as well, for example if a brute force password crack was to be attempted. Unlikely given the likely runtime required.

Now if I know how to do that (been using Linux daily for about 4 months), I'm pretty certain an encryption specialist would think of it too.

Re:solution (0, Redundant)

cyphercell (843398) | more than 6 years ago | (#21360131)

for brute force you'll want to just delete everything after the third failed attempt, at home a duplicate copy is an advantage, in the lab, busting out a new hard-drive every time you want to test three passwords is not sustainable (course a VM environment might be different, with a lot of work). a duress password should lead to a plausible red herring.

Re:solution (1)

Garridan (597129) | more than 6 years ago | (#21360217)

What decade are you in? A VM environment takes almost ZERO work:

Setup: dump disk to file
Iterate: make copy of file, boot VM, try passwords until success / disk wipe

Re:solution (1)

dgatwood (11270) | more than 6 years ago | (#21360369)

External drive case with the read-only line on the silicon pulled high or low or whatever. Any forensics person worth his/her weight in manure would mount the drive in a read-only fashion.... No VM necessary.

Re:solution (5, Informative)

mlts (1038732) | more than 6 years ago | (#21360023)

Having a known self destruct switch may cause a person to end up even worse trouble. This is a discussion that occurs periodically on a number of cryptography forums.

Almost all police departments will image the drive, then present the person with the image to decrypt. If the image gets stung by a self destruct Trojan, then the police will know that its not a forgotten password, and then proceed to use rubber hose decryption to obtain the contents of the drive.

Re:solution (1)

Kingrames (858416) | more than 6 years ago | (#21360307)

wow, I wasn't aware that "almost all" police departments were hundreds of times more sophisticated, competent, tech-savvy, and paranoid than Hollywood's versions.

Seriously, I doubt the police would even know how to do that.

Re:solution (1, Insightful)

Anonymous Coward | more than 6 years ago | (#21360387)

That's why you'll get busted. Underestimating your adversary is the straight path to the valley of tears.

Better solution (5, Interesting)

Whiney Mac Fanboy (963289) | more than 6 years ago | (#21360035)

A Better solution is plausible deniability [truecrypt.org].

One password gives your uber-secret-plans-for-world-conquest, the other password gives a few hundred meg of soft porn (or whatever).

That way, you appear to not be resisting their demands.

Re:Better solution (0)

Garridan (597129) | more than 6 years ago | (#21360169)

That's almost a good idea. This is a well-known technique which is vulnerable to simple filesize arithmetic. In other words, TrueCrypt won't save you unless the investigator is an idiot.

Re:Better solution (1)

Vermifax (3687) | more than 6 years ago | (#21360279)

Sure about that? Its a big 'empty' file with random data across it. How do you know which part decrypts and which does not.

Re:Better solution (2, Insightful)

Anonymous Coward | more than 6 years ago | (#21360335)

More along the lines of the actual question, when given only one password, the "throwaway" part of the volume appears to take up the entire file, and will corrupt any other data if you actually attempt to write to all of it.

More along the lines of "plausible deniability", the government's just going to come in and say "I see you're using truecrypt. Now, what's the other other password?"

Re:Better solution (1)

zero2k (453777) | more than 6 years ago | (#21360303)

The majority of Truecrypt partitions are pre-defined and fixed size, just like a physical harddrive. So you don't have to fill it up fully.

Re:Better solution (4, Interesting)

jd (1658) | more than 6 years ago | (#21360309)

Most are. There again, the former British Home Secretary changed the UK law to allow plausible denial when he got bombarded with encrypted files, followed by demands he turn over the decryption key. Has this been tried in the US? If not, why not? Seems like if it worked once, it should work other times. Might also try claiming that handing over the key would violate the DMCA and that you can't be ordered to commit a crime. (Not sure if that's strictly the case, but unless that event has been specifically covered, it might create enough doubt that the sentence is partially or entirely suspended, or even - unlikely as it is - the case thrown out. That's not perfect but it would be better than the pre-trial misery of Kevin Mitnick.)

Re:Better solution (1)

Maxo-Texas (864189) | more than 6 years ago | (#21360329)

Porn is a lot bigger than text.

You can't be sure of the encryption percentages.

And of course the entire law is a travesty.

The world walks towards facism.

Re:Better solution (5, Informative)

LurkerXXX (667952) | more than 6 years ago | (#21360347)

Filesize arithmetic?

You never used Truecrypt eh? It's not a zip file. It acts as a virtual hard drive partition that can be mounted as a drive.

When you create the volume it generates random bits throughout the virtual partition. You can copy whatever files you want onto the virtual partition, the rest of it is random noise. You may or may not choose to have additional hidden encrypted partitions within that noise. Adding up the size of know files tells you nothing about what may or may not lurk in the rest of the space on the virtual partition.

Re:Better solution (2, Interesting)

Mathinker (909784) | more than 6 years ago | (#21360411)

If it's implemented properly, and as far as I know in TrueCrypt it is, the last thing I would think it would be vulnerable to would be "simple filesize arithmetic", considering that in that mode of use, TrueCrypt should be encrypting entire filesystems, not single files.

AFAIK, it's still vulnerable to an attack which compares the differential history of the encrypted partition over time, but in most reasonable scenarios, in order to launch that attack you need to "own" the computer anyway, which means that the minute the user enters the passwords everything is compromised.

The only scenario where it is a possibly useful attack is when:

(1) You can gain surreptitious periodic physical access to the computer via break-in
(2) You can gain surreptitious periodic remote access to the computer via some kind of repetitive ephemeral backdoor

In both of these scenarios, most attackers would (attempt to) install keyloggers or otherwise "own" the computer anyway.

Resist openly! (1)

MikeFM (12491) | more than 6 years ago | (#21360475)

If people don't openly resist then things will only get worse. What needs to happen is for people to openly protest and for people to openly support the protesters. Never give up the key and be totally open that there is a key and that you're not going to give it up. Involve the press and make a big stink about the issue.

Re:solution (1)

plaxion (98397) | more than 6 years ago | (#21360101)

That won't help you much, as anyone with half a brain would be sure to make an image of the data in question prior to touching the file itself, so they'll still have a copy of it.

What you really want is Plausible Deniability [wikipedia.org]. Which is something [truecrypt.org] that Truecrypt [truecrypt.org] among others provides.

In the event of real coercive duress, you give them a key that *oops* results in them seeing your resume and a few other private, yet otherwise innocuous, files.

Re:solution (1)

Pozican (864054) | more than 6 years ago | (#21360251)

In the US couldn't she plead the 5th? I'm betting its arguable that she would be testifying against themselves... I mean, it's their job to produce evidence, I don't think they have a right to force her to help...

sexy (1)

gnarfel (1135055) | more than 6 years ago | (#21359893)

so is this a new era for 'i want your key because [its got your data behind it] i believe you have stolen my data' lawsuits?

Heh. (4, Interesting)

Renraku (518261) | more than 6 years ago | (#21359895)

Acquire virus.

Virus encrypts hard drive with unknown key.

Virus forwards CP to authorities.

Authorities bust you for having CP, for not revealing those encrypted files, AND for probably having more CP. Most likely will be averaged..say..15k is a picture..you have 200GB. The media will say that you were arrested with 100k+ pieces of child pornography.

Five years later, turns out that it really was a virus. Sorry about that..here's your freedom again.

What if she doesn't actually know? (3, Interesting)

A Pancake (1147663) | more than 6 years ago | (#21359905)

The biggest problem I see with these kinds of "give it up or else" laws is how do you account for the situations when someone genuinely doesn't know the information you are seeking? Should someones ignorance be a jailable offense?

There is a way of finding out.. (5, Funny)

mrbluze (1034940) | more than 6 years ago | (#21359935)

Put her in a lead vest and throw her into the sea. If she drowns, it means she didn't have the keys, but if she swims, she's a wicked witch and deserves to be punished.

Re:What if she doesn't actually know? (2, Insightful)

snl2587 (1177409) | more than 6 years ago | (#21359957)

It's easy! Send her to Gitmo. Then civil rights no longer matter!

Re:What if she doesn't actually know? (0)

Anonymous Coward | more than 6 years ago | (#21360175)

Silly you. In Europe, they don't send people to Gitmo, they violate privacy rights right in the "privacy" of everybody's home. It's more convenient that way and causes less of a fuss.

Re:What if she doesn't actually know? (1)

UbuntuDupe (970646) | more than 6 years ago | (#21359985)

Well, you can already be jailed for breaking laws you didn't know existed.

As for how to comply with the law like this (i.e. avoid being in the position of having to give info you don't have)? The only way would be to auto-reject all encrypted communications, which the government may eventually resort to requiring of you.

Worst comes to worst, you can just factor the damn semiprime. (i kid, i kid)

Re:What if she doesn't actually know? (4, Insightful)

hedwards (940851) | more than 6 years ago | (#21359987)

There are a number of problems with these sorts of laws. One is if the person lost the keyfile which is required to open the file, or if the encrypted volume got corrupted or if the keyfile became corrupt the file can't be decrypted without cracking it. There just isn't any good way of knowing for sure if the person gave a bad password or if there was a genuine problem with it.

Two is that there isn't genuinely any way of knowing what has been encrypted, it could be evidence of wrong doing, or it could be just some sort of embarassing, but legal, porn.

Three is that there is a tendency of these sorts of laws to end up sending innocent people to prison for not being able to reveal the information in a virus or malware encrypted file.

It is a tough situation, increasingly people engaged in illicit activities are turning to encryption as a means of keeping evidence secret, and from a technical standpoint refusing to decrypt the information is obstruction of justice.

Re:What if she doesn't actually know? (1, Insightful)

Anonymous Coward | more than 6 years ago | (#21360129)

It is a tough situation, increasingly people engaged in illicit activities are turning to encryption as a means of keeping evidence secret, and from a technical standpoint refusing to decrypt the information is obstruction of justice.
Is it obstruction of justice? I always thought that you were under no obligation to incriminate yourself or help the police/prosecution with their investigation (of you). The right to be silent and all that liberal mumbo-jumbo... (I guess the RIPA begs to differ)
For instance, if the cops come to raid my house i don't have to give them my spare set of keys so they can get in. The difference I guess is that it's easier to break a door down than it is to decrypt something that's been encrypted properly.

Re:What if she doesn't actually know? (3, Informative)

hedwards (940851) | more than 6 years ago | (#21360409)

I believe that depends whether or not they have a court order for it. In the US the 5th amendment only applies to interrogation and testimony. Basically self incrimination, but there is no protection against lawfully granted warrants. A refusal to hand over evidence when presented with an appropriate order or the destruction of evidence in anticipation of a lawful order is obstruction of justice.

I would assume that the British have a similar set up at this point. Otherwise, criminals would just say no, I'm not going to allow you to use your valid search warrant to gain entry and so that they could find that massive stash of child porn and Vicodin that I keep around for special occasions.

But, IANAL so I may be a bit off on this.

Re:What if she doesn't actually know? (1)

Moridineas (213502) | more than 6 years ago | (#21360027)

"I don't know what happened to these files officer, they must have just fallen into the shredder! I don't know how it could have hapened, I'm completely ignorant!"

~shrug~ It's up to courts to decide situations like this. I don't see why encrypted files should be any different than hardcopy or anything else that could be seized under sub poena. It's not like these are new legal questions or problems, it's just that--for instance--on slashdot, encryption is a hot button issue.. Besides which--the woman allegedly claims police "stole" her computer, and she calls them "thugs" ... that they are "her enemy" and that (??) they are responsible for hospitalizing her.. Just from reading her quotes, she seems unstable.. Obviously I don't know the details of the case, but I don't any (or many) other commentors here know much more either! :p

It does seem however that you (a pancake) could stand to at least RTFM a little bit ... quote -- "It's unclear if the woman was given an official Section 49 notice or simply "invited" to hand over the data voluntarily as part of a bluff by the authorities."

I also don't know exactly how these issues operate in British law.. any inputs on how this fits into current frameworks?

As they say ignorance of the law is no excuse...

Re:What if she doesn't actually know? (4, Insightful)

0123456 (636235) | more than 6 years ago | (#21360091)

"I don't see why encrypted files should be any different than hardcopy or anything else that could be seized under sub poena."

The police already _have_ the files. They're free to try to crack the encryption on those files.

While I intensely dislike the animal rights nutters, this is a stupid and oppressive law which should never have been passed. And I can quite believe that the police she was raided by are 'thugs'; ask that guy they shot eight times in the head a while back if that's a good description... oops, you can't, he's dead.

Re:What if she doesn't actually know? (1)

timmarhy (659436) | more than 6 years ago | (#21360315)

what the fuck does that case have to do with this ? completely different set of circumstances.

Oh i understand, you one of these moronic cop haters, who will cry like a bitch for the cops he despises to come save him at the first sign of danger.

Re:What if she doesn't actually know? (1)

Torvaun (1040898) | more than 6 years ago | (#21360391)

Suppose I have a safe, in which I keep all my secret papers. The police cannot force me to open that safe. The best they can do is seize my safe, and try to crack it themselves. If I care for the integrity of my safe, and it's worth more than the papers, then I'm going to open it for them. If I care more for keeping my papers secret, I'm going to let them try to open it, in the hopes that they won't get it open. I will also not mention that the safe is filled with helium, and letting oxygen in will destroy the contents.

Re:What if she doesn't actually know? (1)

mlts (1038732) | more than 6 years ago | (#21360067)

Laws like RIPA are on the books in every country because of the fear of a ticking time bomb scenario. No nation wants to be forced to release someone even though they know that on an encrypted hard disk is information on an imminent attack, or after an attack has taken place, have physical possession of something that can tell them of the connections between terrorist cells... and can't do anything with the info.

I have a strong feeling that there are more details on the situation than the article states. In the US, most DAs would be very hesitant to test a law like this on something less than a major terrorist case, for fear that a judge would strike the law down as unconstitutional.

Re:What if she doesn't actually know? (1)

1lus10n (586635) | more than 6 years ago | (#21360259)

If that is indeed the case then perhaps it would be wise to make the law only apply to terrorist investigations.

Or perhaps requiring more than a fucking officers assumption (or minimal evidence) to get access to financial data, personal communications etc. (and no this isnt limited to computer files IMHO)

Like it or not its a power play via invasion of privacy and the fucking terrorist shit doesnt fly. (no pun intended)

So lemme get this straight (5, Interesting)

definate (876684) | more than 6 years ago | (#21359911)

Are you telling me, that I could output /dev/random to a file, place it on my friends hard drive, say it contains valuable information pertaining to a case and he could go to jail or be fined for not revealing the password/key?

This gives me an idea!

Either way, if you need to you can get around this with TrueCrypt by taking some precautions such as:

1) Not naming it with the default extension (.tc)
2) Put it somewhere inconspicuous and name it appropriately
3) Making sure that it's a hidden encrypted volume
4) Open it through TrueCrypt and don't save the history, or passwords, or as automount, or similar

Shit, that was a typo, I meant to type FIRST POST!!!

Re:So lemme get this straight (0)

Anonymous Coward | more than 6 years ago | (#21359965)

Well, I have a lot of files which contain copious quantities of data sourced from /dev/urandom. These files are indistinguishable from encrypted files. No matter how hard you try, you won't get plaintext from those files.

Re:So lemme get this straight (0)

Anonymous Coward | more than 6 years ago | (#21360143)

What? Those files clearly contain encrypted copies of Shakespeare's greatest works! You're a dirty copyright breaker and you're gonna be sent to federal "pound in the ass prison"!

Re:So lemme get this straight (0)

Anonymous Coward | more than 6 years ago | (#21359977)

> Shit, that was a typo, I meant to type FIRST POST!!!

Well it's a good thing you didn't say that after all because YOU FAIL IT.

Re:So lemme get this straight (1)

Propaganda13 (312548) | more than 6 years ago | (#21359993)

Round 1
Real criminals with the "I know nuthin'" excuse vs. people who really don't know anything.

Round 2
Government who wants backdoors in encryption vs. people who want the full security of encrypted data.

Round 3
People with encrypted data who can't remember their passphrase vs. themselves

Re:So lemme get this straight (1)

Slack3r78 (596506) | more than 6 years ago | (#21359997)

You're making that way more complicated and less secure than it needs to be.

TrueCrypt natively supports hidden volumes [truecrypt.org] for a reason.

Re:So lemme get this straight (1)

LurkerXXX (667952) | more than 6 years ago | (#21360397)

He seemed to be referring to the hidden volumes just fine. "3) Making sure that it's a hidden encrypted volume"

And his way is more secure because no one knows it's a Truecrypt volume in the first place, so they don't know he has a file that needs a password (which may then of course have a hidden file within it which needs another password. But if you are using Truecrypt, this is then a very well known possibility). If they don't know you have a encrypted file, they won't be asking you for the password for it.

Re:So lemme get this straight (4, Insightful)

Twanfox (185252) | more than 6 years ago | (#21360467)

Of course, this makes me wonder something from a 'thought police' perspective. With the file in question being a common TrueCrypt encrypted volume that doesn't really contain anything incriminating:

TP: Give us the passphrase!
Suspect: It's HotSmokinBabes
TP: Now give us the hidden volume passphrase!
Suspect: It doesn't have a hidden volume.
TP: LIAR, give us the passphrase!

Just because the possibility exists, the authority in question might ask for something he cannot prove isn't there. If you have nothing to give, this leads to the problem of lying to authorities to give them what they think they want, when you've already given them what they asked for and it proves you innocent. Aren't these going to be fun times to live in.

Re:So lemme get this straight (1, Redundant)

heinousjay (683506) | more than 6 years ago | (#21359999)

Name one time government did any good.

Highways. What do I win?

Re:So lemme get this straight (0)

Anonymous Coward | more than 6 years ago | (#21360141)

As a short term transportation solution, yes. But once it's prohibitively expensive to drive gas-powered automobiles, we'll be wishing some of the billions of dollars in highway funding was spent on practical mass transit solutions instead. I'm just a pessimistic asshole like that, though.

Re:So lemme get this straight (1)

Iftekhar25 (802052) | more than 6 years ago | (#21360167)

Shit, that was a typo, I meant to type FIRST POST!!!

The keys are like right next to each other!

huh (5, Insightful)

Anonymous Coward | more than 6 years ago | (#21359919)

how can you be put in jail for not knowing something?

They could totally nail me (2, Interesting)

Anonymous Coward | more than 6 years ago | (#21359971)

How many times have I created an account so I could download something or other. Can I remember what my user name for those accounts is? Can I remember what my password is? No bleeping way.

If there's some password for some WordPerfect file I created in 1997, I'm sorry but I couldn't remember it if I tried really hard. I guess that in GB, that would send me to jail for a couple of years.

My gut reaction to this law is really really rude and I won't slime you with it. If I call the authorities facist pigs, you can fill in the blanks.

My ancestors gave their lives to protect me from what my political masters are doing to me now. Let's just say that I deeply resent it.

I often find that the captcha is strangely appropriate for my posts. In this case it is 'queasy' ...

I guess torture is will be next... oh wait... (5, Interesting)

GoatRavisher (779902) | more than 6 years ago | (#21359981)

Historically, the legal protection against self-incrimination is directly related to the question of torture for extracting information and confessions.[citation needed] The legal shift from widespread use of torture and forced confession dates to turmoil of the late 16th and early 17th centuries in England. Anyone refusing to take the oath ex-officio (confessions or swearing of innocence, usually before hearing any charges) was taken for guilty. Suspected Puritans were pressed to take the oath and then reveal names of other Puritans. Coercion and torture were commonly employed to compel "cooperation." Puritans, who were at the time fleeing to the New World, began a practice of refusing to cooperate with interrogations. In the most famous case, John Lilburne refused, in 1637, to take the oath. His case and his call for "freeborn rights" were rallying points for reforms against forced oaths, forced self-incrimination, and other kinds of coercion. Oliver Cromwell's revolution overturned the practice and incorporated protections, in response to a popular group of English citizens known as the Levellers. The Levellers presented The Humble Petition of Many Thousands to Parliament in 1647 with thirteen demands, of which, the right against self-incrimination (in criminal cases only), was listed at number three. These protections were brought to the American shores by Puritans, and were later incorporated into the United States Constitution through its Bill of Rights.
http://en.wikipedia.org/wiki/Fifth_Amendment_to_the_United_States_Constitution [wikipedia.org]

Mod parent up (0)

Anonymous Coward | more than 6 years ago | (#21360171)

Those who don't learn from history are doomed to repeat it.

Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety. http://en.wikiquote.org/wiki/Benjamin_Franklin [wikiquote.org]

The constitution made America great. It didn't spring from nothing. It was a reaction to tyranny. By gutting the constitution, we are making way for another tyranny.

no one has ever thought toture was useful. (4, Insightful)

twitter (104583) | more than 6 years ago | (#21360487)

These protections were brought to the American shores by Puritans, and were later incorporated into the United States Constitution through its Bill of Rights.

Thomas Jefferson was not a Puritian.

People throughout history have realized that torture is like a mirror. Under duress, people will say whatever the person in control wants to hear. Tacitus wrote as much in the second century AD. Only the ignorant, thoughtless or cruel believe torture is useful for investigation. People who practice tortue know the results better than anyone else but they too are pawns. Those who advocate torture do not seek information, they seek control through terror. Nothing is more terrifying than a crowd of cruel halfwits who are so self righteous they demand torture. Their hatefilled faces are echoed by the agony of their victims, but all of it is a reflection of their leader's twisted souls.

It is a tool of tyrants, religious fanatics and other evil people who think of themselves as better than you. It is always a crime.

FOOLPROOF SOLUTION (4, Interesting)

Anonymous Coward | more than 6 years ago | (#21359991)

1) Generate a file with whatever you like in it (anything believable and non-incriminating). Make sure the file's lenght matches the encrypted file.
2) Reverse-engineer a one-time pad using this file and the encrypted file.
3) Supply the one-time pad to authorities with instructions on how to use it.

Ta dah!

Re:FOOLPROOF SOLUTION (0)

Anonymous Coward | more than 6 years ago | (#21360123)

Brilliant!

I've got it officer... (1)

ravenspear (756059) | more than 6 years ago | (#21360019)

Detective: I just found the key on her hard drive!

Sherrif: Excellent work Smith, send it over to me so I can unlock this file.

opening...mysecretkey.pem

Contents:
------BEGIN PRIVATE KEY------
HAHA! Tricked you, you fat donut stuffing pig.

You actually think you're getting my data if I don't fucking want you to?!
------END PRIVATE KEY------

Detective: Um...sir, I think I may have accidentally deleted the key.

Reasonable Search & Seizure (4, Interesting)

Garridan (597129) | more than 6 years ago | (#21360021)

1) IANAL.
2) I am not familiar with the details of this case.


That said, I believe that there *is* a time and place where this sort of activity counts as reasonable search & seizure. Say the cops get a warrant to search your house, and you have a safe, and you say, "gee, officer, I have *no* idea how that safe got mounted behind that picture," nobody will believe you and you'll get subpoena'd for the combo. Encryption keys shouldn't be treated any differently from a combination to a safe. If there's a reasonable suspicion for evidence to be hidden somewhere, the cops have a duty to search it.

Re:Reasonable Search & Seizure (3, Interesting)

tftp (111690) | more than 6 years ago | (#21360223)

The problem here is that the court has no proof that the information is in fact in possession of the accused. How would you like if you, or any other random person, are grabbed off the street and tortured (or jailed) until you correctly tell where Osama is hiding - which nobody knows, as it seems. Modern PCs have millions of files in them - some of your own, and some coming from random sources, like the Web, friends, guests - who knows. You can not be expected to know everything about every file, even if this is your computer - not any more than you can be held responsible for every minute scrap of paper on your property. If someone prints a PGP message on a piece of paper, makes an airplane out of it and sends it flying over your fence you probably shouldn't be jailed if you have no idea where is the key.

information is different (2, Interesting)

m2943 (1140797) | more than 6 years ago | (#21360233)

The difference is that with a physical object, all these things are pretty clear-cut: either there is a safe or there isn't, either it contains drugs or counterfeit money or it doesn't. And if you insist that you forgot the combo to the safe, no big deal, they will simply force it open, and that will settle the matter.

With encryption, you can't even tell whether there is a safe there. I might well keep big files of random numbers on my machine, and just because a UK cop with a two digit IQ is incapable of figuring out why and suspects some nefarious purpose, that shouldn't be illegal. Furthermore, with encryption, the government simply cannot force the issue: in general, they just can't decrypt the data.

Re:information is different (1)

Garridan (597129) | more than 6 years ago | (#21360443)

You keep big files of random numbers on your machine, and you're calling the *cop* stupid?

Re:Reasonable Search & Seizure (2, Informative)

BradMajors (995624) | more than 6 years ago | (#21360337)

Another difference in this case is that the cops do not have a warrant.

enryption keys = keys? (3, Interesting)

MobyDisk (75490) | more than 6 years ago | (#21360031)

Can't a court order someone to provide a physical key as part of a subpoena or a warrant? Why does law treat encryption keys differently?

Re:enryption keys = keys? (0)

Anonymous Coward | more than 6 years ago | (#21360183)

I've just sent you an email with an encrypted attachment containing details of a terrorist plot of a nuclear "dirty" bomb planted in Washington. The covering text says that I'm concerned that this is a serious threat to the welfare of the president, and I'm trying to "do the right thing". Of course, I sent it from an internet cafe in Moscow, and faked the originating address for good measure.

Good luck in Gitmo. Waterboarding apparently isn't torture (who knew ?) So I'm sure you'll be fine.

[note for when the automated CIA robots flag this for human attention - the above is quite clearly not true. I'm making the point that digital keys don't require there be locks they fit, whereas a quick search of anyone's premises will reveal the presence/absence of any physical key-receptacle. There is no possible proof of innocence when the correct answer is a negative one]

Re:enryption keys = keys? (3, Informative)

ucblockhead (63650) | more than 6 years ago | (#21360265)

It doesn't. The courts have decided that an encryption key is analogous to a physical key. That's why the fifth amendment doesn't apply to encryption keys.

Re:enryption keys = keys? (1)

m2943 (1140797) | more than 6 years ago | (#21360267)

Can't a court order someone to provide a physical key as part of a subpoena or a warrant?

Yes. And if you say "sorry, I don't have it", they just break it open. Afterwards, the issue is resolved. No big deal.

Why does law treat encryption keys differently?

They try to treat it the same, and that's the problem. If you lose your encryption keys, there really is no practical way to force it and resolve the question. And if you say "that's not encrypted data" or "that's not my encrypted data", there is no way for you to prove your innocence. It seems that under RIPA, if the police merely suspect that some bits on your disk are encrypted data, you're subject to punishment, with no way of even proving your innocence.

Re:enryption keys = keys? (1)

ucblockhead (63650) | more than 6 years ago | (#21360319)

In the US at least, they'd have to convince a jury "beyond a reasonable doubt" that you actually had the key for you to be convicted for refusing to hand it over.

Re:enryption keys = keys? (0)

Anonymous Coward | more than 6 years ago | (#21360289)

That's because encryption keys are something you know, versus house keys which are something you have. That makes it fall under different regulatory regimes. In the US, the 5th Amendment (can not be compelled to self-incriminate) makes a similar law much less likely to pass judicial muster. The UK doesn't have such protections.

That said, if you taped the pass-phrase to your key-ring to the underside of your laser-jet, that's physical and can be seized. Similarly, if you made your pass-phrase too long and habitually entered it in clear-text in a blank email to copy-and-paste into the ***** field, it got saved to Drafts and thus left disk artifacts for the CP's forensics people to extract. That's also physical, and can be seized. Or if the police snuck a key-logger onto your PC, that's also physical and can be seized.

However, if you were a good cryptomonkey and managed to not leave any physical traces of your passphrase, they have to ask you politely. Or in the case of the UK, not so politely.

Re:enryption keys = keys? (0)

Anonymous Coward | more than 6 years ago | (#21360341)

Because with a physical lock it's obvious that a key actually exists.

With supposed encrypted information it may actually just be nonsense random data for which no key exists.

Re:enryption keys = keys? (0)

Anonymous Coward | more than 6 years ago | (#21360413)

the difference is they can bust in a physical door / lock...good luck with this lock

Announcement from the Ministry of Truth (0)

Anonymous Coward | more than 6 years ago | (#21360045)

This is double-plus good!

New Act (5, Funny)

Soporific (595477) | more than 6 years ago | (#21360049)

Why don't they just sign the "We'll Do Whatever The Fuck We Want Anytime We Want Act" and just get it over with already?

~S

Re:New Act (1)

xPsi (851544) | more than 6 years ago | (#21360249)

Why don't they just sign the "We'll Do Whatever The Fuck We Want Anytime We Want Act" and just get it over with already?
Hell, calling it RIPA is starting to evoke that very image -- like "RIPA new goatse-like orifice" [boingboing.net]

Re:New Act (1)

dkrussian (1152191) | more than 6 years ago | (#21360457)

BUT, in keeping with congressional tradition of naming-things-for-the-opposite-of-what-they-do, it'll be called the Do No Evil(tm) act. (Sponsored by lobbying from google) Would YOU dare vote against the Do No Evil(tm) act?

Shame for UK, but Unconstitutional in USA (1)

tjstork (137384) | more than 6 years ago | (#21360055)

Seriously, does any one in the United Kingdom want to have a law on the books which would have a European Country admit that its citizens do not have the same basic freedoms as George Bush's United States of America.

In the United States, you could never be compelled to turn over an encryption key as that is a violation of the 5th amendment, and probably the 4th, for that matter.

I think she should apply for asylum in the USA?

MOD Down as Troll (0, Flamebait)

Anonymous Coward | more than 6 years ago | (#21360095)

He points out that this isn't in the USA but in the UK.
Quick Mod him down as a troll before someone figures out this isn't the work of The Jew Puppet George Bu$Hitler Chimpy McHaliburtin.

But I bet his poodle bitch passed this at The Jew Puppet George Bu$Hitler Chimpy McHaliburtin's orders.

Re:Shame for UK, but Unconstitutional in USA (0)

Anonymous Coward | more than 6 years ago | (#21360321)

...would have a European Country admit that its citizens do not have the same basic freedoms as George Bush's United States of America.
You haven't kept up on the news over the last few years, have you?

don't be so quick (3, Informative)

m2943 (1140797) | more than 6 years ago | (#21360371)

In the United States, you could never be compelled to turn over an encryption key as that is a violation of the 5th amendment

I wouldn't be so sure. The 5th amendment only protects against self-incrimination, but the search may be for evidence against a third party, in which case you may be compelled to comply.

It's also not clear that giving up your encryption keys would be considered "testimonial", so it might not be protected under the 5th amendment according to US courts. See here (somewhat outdated in other aspects, but an accurate reflection of US policy on the legal hair splitting):

http://www.cybercrime.gov/cryptfaq.htm [cybercrime.gov]

witch hunt (0, Redundant)

adamruck (638131) | more than 6 years ago | (#21360089)

So a law intended for terrorists is being used against animal rights activists, wow.

It is like a modern day version of

http://www.youtube.com/watch?v=_bs515rZOdk [youtube.com]

Re:witch hunt (1, Troll)

redalien (711170) | more than 6 years ago | (#21360211)

Animal rights activists are terrorists.

http://news.bbc.co.uk/1/hi/england/staffordshire/4762481.stm [bbc.co.uk]

The article at http://education.guardian.co.uk/businessofresearch/story/0,9860,1555288,00.html [guardian.co.uk] has such quotes as:

The Conservative MP Michael Fabricant, whose constituency includes the farm, described the protesters as "animal rights terrorists".
and

Evan Harris, the Liberal Democrat science spokesman, called the news "a victory for terrorism and extremism".

My house 3 years ago had a big sign in the entrance warning people to be careful when opening packages after attacks from animal rights activists. They are widely considered to be terrorists in the UK.

Its a technology problem (0)

Anonymous Coward | more than 6 years ago | (#21360111)

What if you were legally responsible for making sure the data you encrypted is not made avaliable to anyone for any reason?

All encryption systems should have duress features which make it impossible for someone to know if the real password was handed over. There would always be a 2x storage overhead to prevent to prevent file size from giving away the existance of a duress segment.

Fortunately in the US... (4, Insightful)

paulthomas (685756) | more than 6 years ago | (#21360117)

If such a law were enacted in the US, we would be protected, ostensibly, by the 5th amendment to the Constitution. I say ostensibly because apparently the Constitution is "just a piece of paper" now, and we (some of us) have forgotten about the rule of law.

So, this could happen here. Easily. We need to find some way to restore the rule of law here lest we become like that other large country just across the Bering Strait from us.

Hmmm...

Re:Fortunately in the US... (3, Interesting)

Anonymous Coward | more than 6 years ago | (#21360423)

The DOJ has taken the position that giving up your encryption keys is not testimony, so it isn't protected by the 5th amendment. The issue hasn't even been resolved for forcing people to hand over paper-based personal notes (cf the Packwood case).

So, I wouldn't be so sure that the 5th amendment protects you.

5th? (1)

racer-x.net (52119) | more than 6 years ago | (#21360195)

Can't you just plead the 5th when they ask for the key? you do have the right to remain silent. how is asking you for a key and demanding an answer different from asking for where you hid the body and demanding the same?

Warrants (1)

jmdc (1152611) | more than 6 years ago | (#21360291)

If the police have to get a warrant, I don't see what's wrong with this. If the police search your house (with a warrant of course) they can search the contents of a safe in your house too (maybe they need an extra warrant for that - IANAL - but the point is, locking something up doesn't make it illegal to search it). If you had a safe that, while theoretically could be broken into, in practice could only be broken into after months or years of effort, shouldn't the police be able to force you to open it up? Again, this is assuming they have a real reason to do so, and a court agrees.

Now, maybe this law doesn't require any warrants. But the woman in the article apparently had her computer seized in May. The police certainly can't do that without a warrant. She describes it as thugs stealing from her. My guess is they had a warrant, or else her lawyers would make dog food of the prosecution. Using hysterical language certainly doesn't her case though.

this blows (4, Insightful)

rice_burners_suck (243660) | more than 6 years ago | (#21360471)

This is an outrage. Here, we have a case where a person claims she does not know something, but the government is demanding of her to comply. But let's suppose, for a moment, that she is telling the truth and she has no knowledge of these encryption keys. How could she prove it? There is no way to prove a negative. It is impossible to prove that you DON'T have something; you can prove that you DO have it by producing it. There, you see, I have it. But if you don't have it, there's no way to prove it. They should let her go.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...