Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

UK Decryption Law Pushed Through

CmdrTaco posted more than 14 years ago | from the you-gotta-be-kidding dept.

Encryption 312

Joel Rowbottom writes, "After all the lobbying and protests from the 'Net community over the past year, the UK government has still published The Regulation of Investigatory Powers Bill. If this becomes law then you could be sent to prison if your data is encrypted and you refuse to either supply the key, or the plaintext versions. If you're in the UK and you haven't done so yet, write to your MP and let them know your feelings on the subject! "

Sorry! There are no comments related to the filter you selected.

FIRST BABY! (0)

Anonymous Coward | more than 14 years ago | (#1288586)

FIRST BABY!

One answer (1)

Reinoud (33024) | more than 14 years ago | (#1288587)

Stenographic cryptography.

Can I... (1)

kwsNI (133721) | more than 14 years ago | (#1288588)

Could I encrypt the encryption key before supplying it to them?

kwsNI

So what? (1)

urgle (136543) | more than 14 years ago | (#1288589)

Just keep a standard boilerplate business text around and whenever they want a "key or the plain text", just give them the standard boilerplate text and say that you have lost the key.

STAND (1)

Percible (39773) | more than 14 years ago | (#1288590)

STAND [stand.org.uk] has been campaigning against this for a while now.

Everything to hide. (2)

cruise (111380) | more than 14 years ago | (#1288591)

I think that once this gets to the types of folks who have everything to hide (IE, the people who would sign this into law) it would be killed.

Not that you shouldnt go right now and complain to someone about this. You should!


They are a threat to free speech and must be silenced! - Andrea Chen

How's this work? (2)

Cuthalion (65550) | more than 14 years ago | (#1288592)

If this becomes law then you could be sent to prison if your data is encrypted and you refuse to either supply the key, or the plaintext versions.

I guess if I knew a lot about encryption, I'd know the answer to this, but is there any way to verify that the plaintext version you supplied matches what's been encrypted? Certainly if this law were algorithm agnostic, then there would be no way to verify this.. (just say "I used a one-time pad, which I will not supply. Instead I will provide you with a plaintext version of it.") That seems to me to remove all of the teeth from this otherwise god-awful law.. am I mistaken?

Stego! (2)

Sloppy (14984) | more than 14 years ago | (#1288593)

Now is the time for everyone in U.K. to brush up on Steganography.
---

Legality (1)

mystik (38627) | more than 14 years ago | (#1288594)

I'm a US citizen, (and unaware of UK laws) but if a warrant is issued, isn't it normally standard procedure that if the person refuses to be searched, they'll be jailed? I'm not supporting people unlawfully rummaging through my data, but isn't this just an extention of an already existing law?

It's been a sad few months... (1)

gfxguy (98788) | more than 14 years ago | (#1288595)

Very little on the upside of these issues lately, it's really depressing. What's worse is that the mainstream folks don't really care because they think it doesn't affect them.

Let's add this to our list of sad things:

  • RIAA/MP3 circus
  • DVDCSS/DeCSS/MPAA circus
  • D.O.S. attacks
  • Internet filtering software
I'm very sad.
----------

Re:OPEN SOURCE CRYPTOGRAPHY (1)

Hekman (145075) | more than 14 years ago | (#1288596)

Haha that's great...How much time did you spend writing that?

Re:How's this work? (2)

dattaway (3088) | more than 14 years ago | (#1288597)

That's an interesting idea. Have two passwords. One that will decrypt the real data and the next will decrypt random preselected harmless junk. When the papers are served, watch them not able to find those family secret cooking recepies.

A few tips when writing to your MP (1)

lohen (122373) | more than 14 years ago | (#1288598)

First off, don't use a computer. Politicians get piles and piles of mass-produced letters and a hand-written letter, which cannot be mass-produced in this way, is litterally worth hundreds of print-outs. So blow the dust off your pen, and get scrawling as neatly as you can (unless you've forgotten how).

Secondly, be forceful. State specifically that you are 'very seriously concerned' or words to that effect. The people who vet what the MP actually reads generally throw the more wishy-washy fare straight in the bin.

Thirdly, write a reasonable amount - not too long, or it will be judged as a waste of time, but not too short or they won't take you seriously.

Fourthly, focus on one specific area. Don't above all express a general grievance with the MP's or his party's policy, just make it absolutely clear what you're trying to say.

Fifth, if you know of any good references on the subject (preferably not net-based) stick them in - the MP is unlikely to look them up, but they will make you sound like you know what you're talking about.

I know this seems really obvious, but you wouldn't believe how many people just print off half-thought out letters which could never, ever, get through the system.

Dear Sir, (0)

Anonymous Coward | more than 14 years ago | (#1288599)

I object strongly to the obvious cryptographical turn this article has already taken. Why do we never hear about the good things in Britain, like Mary Bignall's wonderful jump in 1964?

Yours etc.,
Ken Voyeur

Reasonable? (0)

Anonymous Coward | more than 14 years ago | (#1288600)

For the UK government to request you hand them over decrypted data it means you are suspected to have done something wrong, correct? It is not exactly as if the police would come knocking at your door and asking for codes if you have done nothing wrong now is it?

The police are entitled to have access to other things to, such as locked safes. I imagine if you forgot the combination you would go to jail for that too. Why aren't you guys bitching about privacy as regards your so-called confidental locked up documents?

There are two sides to every story

Government of double standards? (1)

reality-bytes (119275) | more than 14 years ago | (#1288601)

I wouln't wan't to suggest that this Labour government is of double standards but does anybody remember their fully disclosure policy; the one that said we could find out *anything* we wanted to about the government. That didn't last long, "You can see everything and anything....er....except for that"

But now, lo and behold! We can now go to jail for keeping our own confidentiallity.

WELL, HERES A WAY AROUND THIS NEW LAW

Simply claim when you are quizzed about an 'encrypted' file, that the file is in its native data format and has no other format: as far as I can see that should stand up all the way in court and would make quite a nice test case.

BTW what is the official European view on encryption (does anyone know?)

Steganography ... well, not. (1)

Ecyrd (51952) | more than 14 years ago | (#1288602)

If steganography gains too much public knowledge, what will happen is as follows:

A nice, friendly policeman comes over to your house, points at any image you have on your hard drive, and say that you should give the encryption keys to decode the steganographic information in that file.

If you don't have any steganographic data in your random data file, then you'll basically be screwed, and thrown to jail for not providing the decrypting keys. Hooray.

In the end, moving over to steganography will not - in the long run - help the situation. However, the above scenario might well be used as a weapon against the law itself. I don't think anybody wants to give the power to throw anybody who owns a computer to jail at a whim over to your government...

Dear Sir, (0)

Anonymous Coward | more than 14 years ago | (#1288603)

I object strongly to the obvious athletic turn this comment has now taken. Why can't we hear more about the human body? There is nothing embarrassing or nasty about the human body except for the intestines and bits of the bottom.

Link with more info (1)

jcupitt65 (68879) | more than 14 years ago | (#1288604)

If you've not seen it, check out stand.org.uk [stand.org.uk] , they have a whole site on this issue, with the arguments very clearly explained.

Dear Sir, (0)

Anonymous Coward | more than 14 years ago | (#1288605)

I object strongly to the letters on your thread. They are clearly not written by the general public and are merely included for a cheap laugh.

Yours sincerely etc.,
William Knickers

Re:Reasonable? (2)

larien (5608) | more than 14 years ago | (#1288606)

Combination safes can be blown open, sawed through or otherwise broken into. Strong encryption takes a lot of compute power which quite simply isn't available.

In any case, the problem is more that it is a crime to hold encrypted data and not handing over the decryption key even if you never had the key!. That is why the bill is ill thought out.
--

Re:Legality (1)

EasyTarget (43516) | more than 14 years ago | (#1288607)

I know jack about UK laws too, despite being born and living there until I got wise and got to the Netherlands.

But in my personal experience if you refuse to be searched you are arrested, taken to a station and forcibly searched, then they dont find anything, and you're told to piss off and not given an apology. At which point I finally stopped polightly saying 'No' and told the policemen what I though of them. At which point I was officially cautioned for 'offensive behaviour'! I did make them aware of their double standards in this respect.

Not that I'm bitter or anything.


EZ
-'Press Ctrl-Alt-Del to log in..'

Why is cryptography so terribly important? (2)

slashdot-terminal (83882) | more than 14 years ago | (#1288608)

/* Disclaimer anything said in the below post is something that I personally believe and as such may offend persons who have vested interests in the concept of cryptography. If this offends you realize that it is indeed a valid opinion */

I would think that in fact the average person has no use for cryptography in their daily lives. I don't mostly because I really don't know anyone and have never had the need to use communications media to interact with individuals in a private way. Generally I think that if I have a choice between using cryptography or going to prison I will choice to not use it.

The ultimate question is why would anyone really care about you so much that you need encrypted data anyway? If you are being monitered that closely you should run far, far away and never return.

Cryptography is only useful if you happen to be a spy or have an actual internet connection (ie the use of pgp to sign, encrypt, or both messages with it). Most data that you have is not really that interesting.

Re:Stego! (2)

PigleT (28894) | more than 14 years ago | (#1288609)

Time to doubly-encrypt things, I think. Then the real message underneath... is also meaningless! Seriously, the threats to e-commerce in the UK are extremely high; if I can't trust someone's web server because the government will require them to decrypt stuff, it's just as bad as everything having a hidden backdoor key in it too. Everyone in the UK should sign up with Stand [stand.org.uk] and send a letter to their MP immediately, IMNSHO.

human rights (1)

Anonymous Coward | more than 14 years ago | (#1288610)

Is not it against human rights [un.org] ?
Article 12. No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation Everyone has the right to the protection of the law against such interference or attacks.

Human rights? (2)

CormacJ (64984) | more than 14 years ago | (#1288611)

Doesn't this conflict with the Human Rights? I would treat my encrypted data the same as the right not to answer questions (although looking at thier anti-terrorist laws that didn't stop them removing the right to silence and juryed trials.)

Maybe, Maybe not (1)

DonGenaro (119442) | more than 14 years ago | (#1288612)

This issue could get tricky. If the authorities have a warrant to search your premises I dont believe you have an obligation to "assit" as in give them a tour of your computer files and such. If the police are searching your home and ask where such and such is. You dont have to tell them. They can just ignore it and the police have to go about looking for it (of course now you have pissed off the police and they'll make the search/seizure all the more unpleasant for you).

You also might have 5th amendment issues here. You can not be forced to incriminate yourself.

I wouldnt be suprised if congress tried and passed a law like this in the US. But I would think that the ACLU would have not to hard of a time taking this to the supreme court and challening it. Anyway it sounds like a minefield for the lawyers and legislators to traverse. No doubt some will get their legs blown off in the process.

How is this different... (1)

GangstaLean (102189) | more than 14 years ago | (#1288613)

How is this different from any legislation, for example, currently in the U.S. which mandates individuals are required to provide information to the court on demand?

If you're a journalist who refuses to give up the name of your source in a critical case, you can also be thrown in jail for contempt of court. Whether the secret is a name in your head or an encrypted piece of information, it's still information the court is requesting in order to determine a verdict.

I like the idea of using encryption to protect my privacy as much as anyone else, but at some point we have to expect that our own legal system should force the provision of information.

From what I understand, the real problem with this law is the safeguard, that the burden of proof of not having the decryption key remains on the defendant. That's a problem clearly because an individual is presumed guilty until proven innocent. How many times have our leaders said that they couldn't remember key information? It is up to the courts, again, to prove whether or not an individual is withholding information necessary to the legal process.

Re:Can I... (1)

QuMa (19440) | more than 14 years ago | (#1288614)

Of course. But you'd have to give them the decryption key for the encryption key...

Against the grain (1)

stephend (1735) | more than 14 years ago | (#1288615)

I realise that we're all supposed to hate this and rally against it, but I'm not going to. I *do* have reservations, but it's not a bad balance.

Against is that the powers could be abused, but then you can abuse just about any law that involves raiding peoples property or possessions. It does happen, but not very often. (Or at least you don't hear about it very often. That's another story.)

In its favour, it doesn't try to outlaw the technology, the legitimate use or development of it. And it's not escrow. If it's implemented like a warrant, the police already need some evidence against you before they're allowed to go ahead.

It sounds like a reasonable compromise to me.

Overridden by EU Law? (3)

Ralph Bearpark (2819) | more than 14 years ago | (#1288616)

Heard on the news yesterday the the Scottish courts have rendered the law on speed cameras obsolete (in Scotland anyhow).

AFAIR the argument went as follows: If your car gets caught on a speed camera the UK law requires the owner to identify the driver at the time so that the fine/license points can be levied at the appropriate person. If you refuse then the owner gets the punishment.

However, the Scottish courts (which are independent of the rest of the UK legal system) have noticed that the European laws say that no-one is obliged to incriminate themselves - it's the responsibility of the accusers to gather enough evidence to find them guilty.

Thus, in Scotland at least, if you get snapped by a speed camera, then the right defence is to not to deny you were the driver but simply to refuse to incriminate yourself. Then under Euro law they have no right to fine you.

Now this has to also apply to this data encryption business doesn't it? Just tell you refuse to incriminate yourself (by giving them the key) then they'll have to try and crack it themselves, not just punish you anyhow.

(I guess this is equivalent of "pleading the 5th" in US?)

Regards, Ralph.

Here's an interesting scenario... (1)

Anonymous Coward | more than 14 years ago | (#1288617)

How about this... Mr X has files on his PC which are really just corrupted junk, maybe left over from a filesystem recovery, but that the police are convinced are encrypted illegal pictures. He can't hand over the key - there isn't one. He then gets found guilty of whatever the police suspect the file to be. It's like some bad Orwellian parody, only for real...

floorten.com

Store your data on DVDs (2)

arivanov (12034) | more than 14 years ago | (#1288618)

Store your data on DVD's. Encrypted with the MPA keys. And lose them regularly.

You forgot... (1)

spiralx (97066) | more than 14 years ago | (#1288619)

... the UCITA bill being pushed through in s state near you!

Hmmm... (1)

CodeShark (17400) | more than 14 years ago | (#1288620)

--Smart A$$ mode on--

Okay, Mr. UK policeperson, I'd like to give you the keys to this information which I have conveniently burned onto this here handy dandy DVD and which I conveniently encoded using the same codes which allow it to play only on my licensed DVD player. But I can't because the MPAA has this thing that says that if I turn over the key, I'll be sued. And since I'm a US citizen, I'd be in violation of the DCMA if we used the DeCSS source code to let you look at it.

Sigh...

--Smart A$$ mode off--

Re:How's this work? (2)

348 (124012) | more than 14 years ago | (#1288621)

Actually you are really on to something there. Sort of like a sig, have a couple of paragraphs or however much you want appended under a "second key" to everything you encript. I can see it now.

Govt Rep.:Mr. L33t H4x0r decrypt these files or you will go to prison!
L33t H4x0r: OK

Mr. L33t H4x0r runs key number two and out pours the text to the last opensource man and natalie portman saga.

Re:Why is cryptography so terribly important? (1)

markbthomas (123470) | more than 14 years ago | (#1288622)

What is more concerning is that data that other companies hold about you, and keep encrypted for your own privacy (and under the Data Protection Act) would be in effect forced to disclose your personal information to the authorities.

I'm concerned over the implications and contradictions with the DPA. Could anyone with more knowledge of British law throw any light on the subject.

Writing MP Won't Do Any Good (1)

Aaron M. Renn (539) | more than 14 years ago | (#1288623)

Writing your MP is not like writing your US Congressman. In the US, Congressmen are indepdenent entities who can vote their conscience. In the UK, MP's are facless minions of their party, who would probably get themselves expelled from it and ostracized if they voted against their party leader. In a parliamentary country like the UK, control of the government is totally dependent on maintaining a majority in parliament, thus party discipline tends to be very strong.

Who's a naughty boy then? (1)

trintragula (119106) | more than 14 years ago | (#1288624)

this is an illegal item of information and has been used to plan and commit a range of crimes:

-----BEGIN PGP MESSAGE-----
Version: PGPfreeware 6.0.2i

qANQR1DBwU4DPy7LL9KP0KEQCACdkb1OXbizR+pJ9frwI9Z7 cNjIgG2OpDtOBDZn
eMG/uNIJQe+C0By+WNSqBHnMnTCD0aFgZQR6UMo/qzF+EtHj Flq8LxwzCCblHTs1
Vu9bFlg5usmPFh2v409hiFwxJNDTVEw5AjMj/gnNSi+Rt5uy f1lKshnva7und+Az
WfePdqcqVlGANn7EjnpEzGKAr2cW58IBFTEJQOusu88MYIuB jLBsGZ7sqz7rY6Ib
BxoRHIpD255CTNK0jWGZ9Lx0O6dWv0qDs04SnUkUoFjMED2N FzcsSbzEocdTI6hp
nCGviqTQ3n3RHMqZbtaYdP0hAs04h+rfaokDGGoESGYLMM2U CADg05wgyiY2jOxZ
WKN+4smT0Yp2W5z01BeXPfWPKGQi56FaskcWXcJQeFeST5y9 h0oviJuDcsFT3q3W
3h3kT648MLUE9qbhOYTTsHMcYIpQivItQkz/YQ5Hy2gcxNG7 DbhKPu6hiNHhbCu4
YSWaeYkn8J6aY16k75jICZ6vbaFT9a5Y8zzdZZE5sDyDGudo +sS0AaspPWYTF2qw
EmZmhAqmLMIMhuD1BAK+ZD1IvGhpB1LLC7ABmX6U+3PATvOZ VKj3SJd//tCHqVIU
cro2MUnhipXmLuP0Lf40uyQR2gKl1Zz/cOos/k26dxTJb4y9 zlSgsVSVdH4xZSEN
Q1kaKsgLycAHHwD2cM/dmadx2hmbxlQV6dcZJsmvM2jK0ikN WyBa6Vh6Y6GhQBT9
wZi+U5I/DSIwNLCcKjnXAfHKRfyXsF7KswtkZ3UH/0/murBi 5qCkpoqKd4iABNbl
/rOWSiiGYilGnyzqIiA0VjNLI7Atbj+1xSw/Cug9S9yTo2I7 grnm4nIHBOJ4gtIx
m2oaOgVrwajLR2X0K14lSAmcMyE9GWNisUFI4aJ5Cs4HrTHU IwdZr/mGFH/bQHMf
kLpUHsBpGoJFPcqvH10J6g==
=bJG/
-----END PGP MESSAGE-----

On a more serious note, this is highly annoying and opens the way for law enforcement authorities to make up evidence. If you don't want to give them a key then you give them free reign to make up a XOR key of their choice.

Coupled with the recent changes in the right to jury trial, I almost begin to wish I lived in a country where I had an inalienable right to be shot by all and sundry.

On a random historical note though, Mary Queen of Scots was caught and sucessfully tried for treason by Queen Elizabeth I after one of her advisors was able to break the simple substitution cypher she was using to communicate with her coconspirators on the continent. This sort of thing is clearly not new, but now moves into a different sphere of influence, you and me (or just me, if you live in an enlightened country).

Re:Why is cryptography so terribly important? (2)

Plasmic (26063) | more than 14 years ago | (#1288625)

Your question (and opinions) have been responded to on approximately 4,392 occassions here on Slashdot. You should search the archives where you will find a plethora of intelligent responses that rationally explain why you are wrong. That's not to say that I don't understand where you're coming from or from where your doubts stem as I much felt the same way as you did until I took the initiative to educate myself (rather than waiting for people to educate me).

I will simply point you to the recent story, Northwest Searches Employees' Home Computers [slashdot.org] and see if you can extrapolate why this particular case might be relevant even though it only points out one specific utility for encryption among average folks.

Re:Legality (1)

sallen (143567) | more than 14 years ago | (#1288626)

Also a US citizen type, so know my comment doesn't apply to UK which doesn't have a Constitution with 4th and 5th amendments. And also a non-lawyer, so take that comment as you will.

The UK proposal seems so totally screwed. What happens if someone sends a person (like an MP?) encrypted mail that he's NEVER had a key to decrypt. Does that mean unless he can PROVE he never had a key to decrypt email, he can go to jail if he fails to turn over something he never had and has no way of proving? How in hell is one suppossed to prove THAT?

Re:Government of double standards? (1)

Vanders (110092) | more than 14 years ago | (#1288627)

Simply claim when you are quizzed about an 'encrypted' file, that the file is in its native data format and has no other format:

Good point. Stick a JPEG or ELF header at the top, and hey, that may look like a PGP header buried in the code, but it's just a coincedence. After all, encrypted data and unencrypted data all look the same in hex.

A thought (1)

ucblockhead (63650) | more than 14 years ago | (#1288628)

Create a program that appends 10k of completely random data to a file. Run that program on as many files in your system as you can. (Can this be done on an executable? I don't know enough about the ELF and a.out formats to know. I'd imagine this wouldn't make a difference.)

Any encrypted data can then be appended in 10k chunks to a file or two of your choice.

Retain the program that appends the random data. If anyone demands you decrypt some of the encrypted information appended to these files, just say "there is no encrypted data. I appended random info to these files to annoy people like you". (Which, AFAIK, is not illegal.)

Wouldn't they then have to prove that you actually had encrypted data? ("Innocent until proven guilty", at least in the states.)

Re:How's this work? (1)

Farq Fenderson (135583) | more than 14 years ago | (#1288629)

just say "I used a one-time pad, which I will not supply. Instead I will provide you with a plaintext version of it.") That seems to me to remove all of the teeth from this otherwise god-awful law.. am I mistaken?

That might work, but somehow I doubt that practice would be trusted for long. It would be obvious that people would practice this, and of course it would be illegal too.

The idea I have is two-fold: one, popularize the use of encryption such that everyone's using it. At this point, if enough people refused to comply, then the authorities would have a promlem on their hands. The second portion is more insidious: if a great number of people had possession of encrypted data that belonged to other people (and thus have no keys), had a lot of data that was just garbage (and looks like it could be encrypted), and also kept great amounts of encrypted garbage (i.e. cat /dev/urandom | xor 19q8 > /someplace/file) then there would be no way of verifying whether any data was real or not.

The problem with this is that it all requires mass-participation, which can be difficult to orchestrate with the majority -- those who need it the most. Sigh.
---

Goodbye freedom (0)

Anonymous Coward | more than 14 years ago | (#1288630)

As far as plain text / keys are concerned they can demand either. It can be a normal policeman, and does not require any written approval from higher authorities, and said policeman needs only a suspicion that you may have a key to decrypt.

With the exception of your lawyer, you are not allowed to tell ANYBODY that they have asked you for the key. If you do then you face 5 years in jail. If you do not have the key (or refuse to hand it over for reasons of security - ie it's a key your company uses) then you are tried infront of a judge to whom you cannot give any evidence nor have anybody stand in your defence.

The police on the other hand may submit evidence about you, yet you will not be allowed access to the evidence against you and are effectively guilty until you can prove your innocence.

Write to your MP and lobby newspapers to cover the story ASAP. The issue here is that the government intend to restrict your rights (and use the same police powers they would have if you were a suspected terrorist) before most of the general public are aware of the issues involved.

Re:How's this work? (0)

Anonymous Coward | more than 14 years ago | (#1288631)

You can even provide them the one time pad: Simply XOR you harmless plaintext with the cipher text they want the key for. That way you can provide them with the plaintext, the key AND the algorithm. If this would convince a judge that you really used the one time pad method? Dunno...

Re:Reasonable? (1)

pvcf (150815) | more than 14 years ago | (#1288632)

In principle I agree. If you are doing nothing wrong, then you shouldn't have anything to worry about. It is necessary for the authorities to have access to certain things when investigating crimes.

However, I too wish to maintain my privacy and feel any law like this has to be carefully considered. The original article mentions the case of paedophiles. It would be very easy for them to disguise what they are doing using encryption. Without material evidence, someone like this could get off. That would be unfortunate.

I would prefer to see this law enacted with very strict rules about how it is applied. i.e. There has to be enough evidence to support getting a warrant to supply the encryption key (or plain text versions) of documents in the first place. Also, the nature of the evidence or data being requested should be specified beforehand. i.e. If a warrant is issued because of suspected illegal activity of a certain nature, then documents which may be incriminating for other charges become in-admissable.

My documents plead the fifth on the grounds that they may incriminate me!

....Paul
/uni0/milw/sol01/pl03 7340032 6774917 529948 93% /Earth

Heh. (1)

ColonelNorth (71286) | more than 14 years ago | (#1288633)

Wonderful. Now, instead of being tortured by British police until you give them the key, they simply send you to prison. I'm glad to see the progress in the Fascist, Draconian government that now makes up the British Empire. It's like taking Clinton, and mixing in Hitler's tactics. Quite ammusing, if you don't have to live there...

Re:Why is cryptography so terribly important? (2)

Ralph Bearpark (2819) | more than 14 years ago | (#1288634)

I would think that in fact the average person has no use for cryptography in their daily lives.

Well, my wife and I have to routinely refer to "McDonalds" as "M.C.D.s" to avoid over-exciting our 3yr old.

More seriously, I wouldn't like to do any online shopping if there wasn't at least a rudimentary form of cryptography going on.

Basically, you don't have to be a spy to need encrypted data.

Regards, Ralph.

Re: Legality (1)

dannyspanner (135912) | more than 14 years ago | (#1288635)

One of the main, and most scary, problems is that Part III of the bill says that YOU have to prove that you don't have the key or the original plain text, otherwise they can imprison you for up to two years.

As is correctly pointed out on the STAND web site (links in previous comments) this is in direct breech of the European Human Rights Act that the UK will sign to in October. In particular, this is a reversal of the burden of proof, i.e. you are no longer guilty until proven innocent. Not only that, but you cannot logically prove your innocence, and you are forced to self-incriminate. So much for the right to silence. Oh, I forgot, we lost that in the UK a few years ago.

However, just because this law won't stand up in court does not mean we should not complain to our MPs right now. I'm going to dust off my pen and paper like another poster suggested. Then maybe one day the establishment will stop trying to pass such rediculous legislation.

Or even better... (2)

guran (98325) | more than 14 years ago | (#1288636)

Or even better (if you really have something to hide, that is):
One password that will decrypt the real data and one that will decrypt harmless cooking recipies AND destroy the original.

Obviously this would only be intresting for the real criminal, that stand more to lose from his files being decrypted than from losing them altogether.

Yes, I'm sure that the really ugly guys(tm) won't get caught by this law, only innocent geeks refusing to decrypt as a matter of principle and the clueless criminals.

Perhaps starting rumours about how a few MP's have suspicious material on their computers wouldn't be too bad. ;-)

GOOD GOD Not again? If YOU DON'T care... why do u (1)

Rares Marian (83629) | more than 14 years ago | (#1288637)

CARE THAT I CARE? I'm getting tired of you paranoid oversensitive couch potatoes moaning and groaning that someone ruined the peacefulness of what might have been an otherwise serene slashdot front page.

Cryptography is only useful if you happen to be a spy or have an actual internet connection (ie the use of pgp to sign, encrypt, or both messages with it).

Good God, you're full of X-Files hype. Agents good. People civilized. Criminals encrypt. Two words. Blow me.

Re:Legality (1)

BasilGrant (140007) | more than 14 years ago | (#1288638)

> isn't it normally standard procedure that if the person refuses to be searched, they'll be jailed?

Yes, but with this idiot law the police don't need a warrant, just a suspicion. Then you have to prove yourself innocent rather than them proving you guilty. With luck the European Court will throw it out, but that needs some poor guy to go through the wringer first.

What happened to Freedom of Speech? (1)

_Mustang (96904) | more than 14 years ago | (#1288639)

Since when is it acceptable for a law to be passed allowing government bodies to force handing over *any* document they desire? I can understand a situation such as bank fraud - where they may be wish access to financial documents, or even an email-threat sent by a stalker, but in general anything that they need for proof in court can be obtained by non-intrusive acceptable legal means through the *other* party involved; ie the bank or victim etc.. The very idea that a govenment can force legislation allowing them access to one's personal's on a pc is ridiculous. Encryption of data is no different from writing in one's own personal code, which by the way shorthand is an example of. Well hey- there's the solution. Invent your own form of shorthand and then encrypt that! The bastards will see nothing but gibberish and by the time they work out the meaning of the message you will have re-encypted it with a new stronger algorith..

List of UK MP's (1)

Priestess (30745) | more than 14 years ago | (#1288640)

If you're not sure who to write to then a list of all the MP's in the UK, along with Email addresses for some (though you should consider a hand written letter which is more likely to be read) can be obtained at This site [keele.ac.uk]

Perhaps, if your MP doesn't have an email address, you can consider asking how they can assume they know enough to vote on an issue involving technical issues like this when they're apparently not informed enough to register a hotmail account. Actually don't, it'll just rile them.

Pre.......

Re:How's this work? (1)

greenrd (47933) | more than 14 years ago | (#1288641)

You're onto something - this is the basic idea of Steganographic File Systems (more or less). Someone in the UK is working on one for Linux right now (just search the net) - this is just the kind of thing we need to defend ourselves against this stupid law.

Re:Why is cryptography so terribly important? (1)

TommyW (75753) | more than 14 years ago | (#1288642)

I haven't looked through the text of the bill, so I don't know whether it includes the problem that's just occurred to me. I hope it does, really, because that ought to blow it out of the water, somewhat.
Credit cards (and bank cards etc)! I use them in my daily life, and yet I have no way of (personally) finding out what data is on them.
I'll admit that the data is standardised, and that a sufficiently power organisation (such as the police) could demand that the issuing body reveal the information, but I can't access it myself.
Does that mean I'm liable for imprisonment?
--
Too stupid to live.

Re:Overridden by EU Law? (1)

dannyspanner (135912) | more than 14 years ago | (#1288643)

Now this has to also apply to this data encryption business doesn't it? Just tell you refuse to incriminate yourself (by giving them the key) then they'll have to try and crack it themselves, not just punish you anyhow

Yes, but the rest of the UK has not signed up to the European Human Rights Act yet. The good news, however, is that this should be happening in October. So no encrypting till then, OK?

Re:Reasonable? (1)

niekze (96793) | more than 14 years ago | (#1288644)

"It is not exactly as if the police would come knocking at your door and asking for codes if you have done nothing wrong now is it?" And the Nazi's had a right to search and arrest people as well.....those crazy jews, gypsy, homosexuals, invalids, mentally handicapped, and others were ALL suspicious. As well as the asians who were put in detention centers IN AMERICA during WWII. As well as people in china who get arrested and search for their heinous actions of such things like free thought and political action. As well as the former soviet union, iran, iraq, yemen, cuba, etc. Hmm it seems its fair if they have a reason. But with that mentality...What are the qualifications for those suspicions and reasons? You've already lost your right to secure encryption and well....if they want to see your encrypted documents, they must have a good reason. But you would probably reply (since you are an idiot) That things like this are not the same as those past and present activities. You can't equate this to Nazi germany... But...was Nazi germany built in one day? Did they wake up one morning and decide that the gov't/police state should have all rights over citizens in all affairs? Was it as bad in 1936 as it was in 1939? as it was in 1941? remember...Freedom is a binary type concept. You either have it or you don't. More freedom and less freedom are meaningless and incorrect terms. Freedom entails no control from the outside. If ANY control is lost, then that thing does not have FREEDOM. You could say less restrictive, but by no means FREE. Bend over...here comes the government! Bend over...here comes the corporate sector! If you have nothing to hide...load up smbd or file/sharing in 'doze and give read access to all for all your data. You have nothing to hide right? It shouldn't be a problem.

Re:Why is cryptography so terribly important? (1)

evilpete (26941) | more than 14 years ago | (#1288645)

Because you might want to order stuff on-line? People (especially those in card companies) really care about credit card fraud. Encrypting your card number before you send it is the most pragmatic way to prevent financial loss and the hassles of cancelling your card etc.

Besides, most people now assume that an actual internet connection is soon going to be as ubiquitous as electricity or water supply is today. Cryptography will be useful for everyone and should therefore be available and adequately strong.
+++++

Theres a Flaw in the Law (1)

Jor (58607) | more than 14 years ago | (#1288646)

I can see a big flaw in this law (;-)

If you can get away with supplying a plain-text version of your
encrypted message, you could give them any plain text.

Provided you used a sophisticated encryption algorithm with long
keys, even a known-plaintext attack would be too hard for
the officials to do on everyone who happily supplies a plain-text.

To me, this looks as if whoever proposed and accepted this
law does not know anything about cryptology.

If they insist on the keys however, you are severly screwed...

This would be a good reason to leave the island for good.
(its only Rain and BSE anyway... ;-)


--

Re:Human rights? (1)

Mindwarp (15738) | more than 14 years ago | (#1288647)

As was mentioned in the BBC article, this almost certainly contravenes Human Rights laws. I expect the European Courts to battle this one vigorously (luckily for everyone currently living in the U.K.)

Quite honestly, I find it a complete disgrace that the government could push a bill that basically says 'you are guilty unless you prove otherwise'. I will DEFINITELY be writing to my M.P. about this, and I urge everyone else in the U.K. to do likewise.

We live in a democracy folks. Use it!

--

Re:How is this different... (0)

Anonymous Coward | more than 14 years ago | (#1288648)

In the U.S. we have a little thing called the Fifth Amendment, which prevents a person from being forced to provide evidence in court which might incriminate them. If the police wanted to search my hard drive, and found an encrypted file, then I would invoke my Fifth Amendment rights. Of course, if the police showed up on my doorstep, I would make them wait on the porch until I got a lawyer over here to make sure all of my rights were actually protected. There are a lot of little ways for the police to "work around" some legalities and not get caught.

Only a matter of time... (1)

The Other Nate (137833) | more than 14 years ago | (#1288649)

It seems to me that with all this legislation going on as of late about what can and can't be done with digital data is gonna come back and bite these very same instigators/supporters in the posterior.

I know... there's probably some loopholes for these guys to take in just such a circumstance, but it'd be nice to see some poetic justice... :/

Nate

Re:Steganography ... well, not. (0)

Anonymous Coward | more than 14 years ago | (#1288650)

Simple. You have multiple jpegs, some with stego under one key, some with stego under another, some with no stego. The cops know you have stego because they see your software, but they can't know or prove that you have more than one key. Give em the one you want.

Could you blame spam? (2)

lovebyte (81275) | more than 14 years ago | (#1288651)

Why not put all your encrypted data in your mail box. You could then claim that you received these (encrypted) emails by mistake and never deleted them. Basically blame spam!

Re:Why is cryptography so terribly important? (2)

slashdot-terminal (83882) | more than 14 years ago | (#1288652)

I will simply point you to the recent story, Northwest Searches Employees' Home Computers and see if you can extrapolate why this particular case might be relevant even though it only points out one specific utility for encryption
among average folks.


Reminds me of a simpson's episode where Homer is leader of the Union at the nuclear power plant. One night he hears a knock on the door.

*Knock* *Knock* *Knock*

Homer: Who's There?
Man at door: Goons
Homer: Who?
Man at door: Hired Goons
Homer: *opens door*
Man at door: *grabs Homer*

In your own home you do not have the need to open the door to anyone unless they have a search warrant. That is how it works at least in the USA. Now if they did do such a thing I would have every reason to physically beat their brains out with a club in keeping them off my property. If I buy the computer then I have free access to it. If they want to look at the computer fine! I'll just delete very thourally (about 1,000 times for each sector of the hd that had the files). Or more exactly take the hd out of the machine completely delete it and then use some thermite on the hd. Then have another hd that I could swap back in without any data that they want. Simple problem solved.

Even with encryption if I have a directory called

C:\my_evil_secret_plans_for_Northwest
and has files like:

bomb_making_plans.doc
strikes_and_how_they_work.doc
...

etc then perhaps that is still incriminating and especially so if you have the data encrypted.

Re:Overridden by EU Law? (1)

greenrd (47933) | more than 14 years ago | (#1288653)

Indeed, the right to not be forced to self-incriminate should apply to the encryption case, but the speedtrap case is just plain silly. Speed traps are there to collect evidence - it's like saying evidence from CCTVs should be inadmissable because they allow you to "self-incriminate". Totally idiotic.

Re:Government of double standards? (0)

Anonymous Coward | more than 14 years ago | (#1288654)

Better yet strip off the pgp header.

Re:So what? (0)

Anonymous Coward | more than 14 years ago | (#1288655)

"and say that you have lost the key" Alas, this is itself a crime under the new legislation. Failure to produce the key, for any reason, is against this law.

Re:Overridden by EU Law? (1)

Yaruar (125933) | more than 14 years ago | (#1288656)

Difficult as the case in question was not precedint setting as it was based around a legal technicallity whereby the police are not allowed to 'force' you to say anythins (although non disclosure is now admissable as evidence in courts)

The case in question pertained to a woman caught drink driving who under UK law had to say whether she was the driver of the car. However under EU law you have to give the individual the right not to respond. The simple answer to the speeding question is to fine the legal owner of the vehical unless they give the name of the driver or have reported it stolen.

As for the encryption this should only apply if there is a court order for the information which is no different to the use of a search warrant.

Would you sat that unencrypted files or paper documents are covered in free speech legislation.

For example, if a heroin dealer has book with details of all his dealings then according to the free speach arguement he should be able to withold these as evidence...

Think about it...

Look on the bright Side (This Law and DeCSS) (3)

JamesSharman (91225) | more than 14 years ago | (#1288657)

This law effectively makes DeCSS legal in the UK. Since the law requires that (on demand) we hand over encryption keys to any encrypted data in our possession, they can hardly justify putting us in jail for having the key in the first place.
I quote the relevant part:

"And, as a result, the Bill proposes that the police or the security services should have the power to force someone to hand over decryption keys or the plain text of specified materials, such as e-mails, and jail those who refuse."

Re:Can I... (1)

kwsNI (133721) | more than 14 years ago | (#1288658)

Uh, I lost that.

kwsNI

Re:Human rights? (1)

dvorsd (122811) | more than 14 years ago | (#1288659)

Hmm, as I live in the US, I can't speak for British law. As I understand it (at least here) you have the right not to testify against yourself. Your physical property and belongings however, can be used as evidence against you provided that they are obtained in a legal manner (with a search warrant and whatnot). It sounds like they want to be able to seach your encrypted files in the same manner that they could obtain a warrant to get into a locked file cabnet. Mind you I don't neccessarily agree with this, just trying to think out loud and figure out what they are trying to do.

Standard disclaimer: I'm an engineer not a lawyer, yadda, yadda.

-dvorsd

Re:Why is cryptography so terribly important? (1)

greenrd (47933) | more than 14 years ago | (#1288660)

They will already do so. Have you read the privacy statement on those websites? Many of them say "We will not disclose private data ... unless required to do so by the police" - or words to that effect.

Re:Why is cryptography so terribly important? (2)

slashdot-terminal (83882) | more than 14 years ago | (#1288661)

Because you might want to order stuff on-line? People (especially those in card companies) really care about credit card fraud. Encrypting your card number before you send it is the most pragmatic way to prevent financial loss and the
hassles of cancelling your card etc.


Yeah but as an average person you don't need to build a credit card transaction system. Online processing dosn't really force the user to care about encryption except having an https url prefixed to the site.

Besides, most people now assume that an actual internet connection is soon going to be as ubiquitous as electricity or water supply is today. Cryptography will be useful for everyone and should therefore be available and adequately
strong.


Also a really, really, really, big assumption. Not everyone will be online. And ceternally not everyone will need cryptography. This still dosn't invalidate my argument.

Re:Why is cryptography so terribly important? (1)

ucblockhead (63650) | more than 14 years ago | (#1288662)

<I>Most data that you have is not really that interesting. </I>
<P>
If you are living in anything but abject poverty, there are certain people who would be very interested in things like your credit card numbers, bank account numbers, social security numbers, etc., especially in combination.
<P>
And I also have to mention that, while many FSF true believers may find this objectionable, I do have to mention that there were times when I had, on my home system, source code that sold for something like $100,000, in the course of some consulting projects. (That's what the source license cost. I wouldn't have paid a nickle for it though. It was crap.)
<P>
Perhaps not a common situation, but then, it is not uncommon for managerial types to have data on their systems that would be of great interest to their competitors.
<P>
Cryptography is not important just as a means to keep data from the government.
<P>

Welcome to the Police State of the United Kingdom (1)

belroth (103586) | more than 14 years ago | (#1288663)

Great, now I have no privacy.
I suppose I'll have to print off any sensitive email and delete any e-version.

Trouble is, I have to be able to PROVE that I have no encrypted messages.
"Evening sir, we 'ave 'eard about this 'ere setganography lark, so chummy, wot 'ave you got 'idden in your wallpaper then?"

How would you PROVE you have no hidden data in a Mpeg/DVD/BMP on your hard drive?

OH, and I can't tell you I've been forced to do this on pain of 5 years in the pokey.

I hereby inform you that the police have NOT served me with a warrant demanding decodes of any possible encrypted/hidden data on my computers.
----

Re:Writing MP Won't Do Any Good (1)

dannyspanner (135912) | more than 14 years ago | (#1288664)

Writing to an opposition MP may do more good than you think. They will use ANYTHING as ammunition against the governement, so at least we stand a chance of getting the topic into the public arena. What we need to do is get the non-technical public concerned enough that it filters back through the government focus groups to the people in charge.

Not the best solution, but as has been pointed out here before, you need to work within the rules of the game if you are to have any effect. Even if you hate doing it.

Re:How is this different... (0)

Anonymous Coward | more than 14 years ago | (#1288665)

Bruce Schneier admits to losing an encryption key once every five years or so. If a top cryptographer can do that, gosh it could happen to me to.

Re:Why is cryptography so terribly important? (1)

ucblockhead (63650) | more than 14 years ago | (#1288666)

Will somone please fix the damn Extrans posting mode!

Re:FIRST SCOOBY! (0)

Anonymous Coward | more than 14 years ago | (#1288667)

Scooby-Dooby Doo, Where Are You?
We Got Some Work To Do Now.
Scooby-Dooby Doo, Where Are You?
We Need Some Help From You Now.

Come On Scooby-Doo, I See You . . .
Pretending You Got A Sliver.
But You're Not Fooling Me,
Cause I Can See
The Way You Shake And Shiver.

You Know We Got A Mystery To Solve,
So Scooby-Doo Be Ready For Your Act.
Don't Hold Back!
And Scooby-Doo If You Come Through
You're Gonna To Have Yourself A Scooby Snack!
That's A Fact!

Scooby-Dooby Doo, Here Are You.
You're Ready And You're Willing.
If We Can Count On You, Scooby-Doo,
I Know We'll Catch That Villain.

Trolling for Scooby-doo! [scoobydoo.com]

Scooby dooby doo!

More Scooby links:
ScoobyCentral [geocities.com]
Scottish Scooby site [rit.edu]
Shaggy's Groovy Pad [geocities.com]
Scoobyland links [chebucto.ns.ca]

Re:Human rights? (1)

nicky_d (92174) | more than 14 years ago | (#1288668)

As I understand it - roughly, I've no official details - the right to silence is now gone here in the UK, in as much that your silence can now be as incriminating as anything you might say. Likewise, presumably, a lack of forthcoming plain text data, when it's required.
Maybe some kind of endless encryption loop, where the details of your key are encrypted, and the details of that key are encrypted, and so on, leading back to the beginnning. Then the information has certainly been supplied, but the encrypted message remians undecipherable. It wouldn't work, but it might annoy for a while.

This is scary. (2)

jd (1658) | more than 14 years ago | (#1288669)

But not in and of itself. In itself, it's just an extension of existing laws of search, which are well-established and not terribly unreasonable.

It's when you combine it with other things, that problems arise. The European Privacy Laws, for example, dictate that you cannot export data to a country with weaker privacy protection. On that basis, the Government is entitled to export information seized from individuals to other nations, WITHOUT legal reason or basis but for commercial gain.

(This follows, as the ability to seize personal information on a computer by the Government, without due process, is tantamount to saying that the data is not protected by privacy laws. Thus, it may be exported freely.)

Then, combine it with the CCTV cameras, now filling England. These images can (and are) sold to commercial enterprises. Information from the cameras is index-linked to the national criminal databases. Imagine being able to demand of your ISP all encrypted data in and for your account (such as your password), and being able to tie all that information with everything on your harddrive and THEN everything about your movements in the country.

THAT is when it gets scary. Someone with protest e-mails who happens to be heading in the direction of a town in which the Government knows nuclear material is illegally being transported could end up being arrested under the Criminal Justice Act, or even the Terrorism Prevention Act, with the e-mails used as evidence against them, even if their sole purpose for driving there was to pick up a bar of soap.

The combination of the loop-hole in the privacy laws, the CJA, the TPA and the 24/7 surveilance lead me to believe that Britain is plunging towards being a totalitarian state. And, to be honest, I don't think it's the Government's fault.

This attitude was shared by the previous Conservative Government, just as feverently. Indeed, it was they who put all the pieces in place to allow this new law to be abused.

This leads me to believe that it's actually the Civil Service that's actually running the show. They are now in a supremely powerful position, with absolute, dictatorial powers of monitoring, searching, and arresting, with NO due process taking place. In short, the Civil Service in England would be capable of seizing total power over England, at this point, and there would be no realistic way to stop them.

Re:Why is cryptography so terribly important? (2)

slashdot-terminal (83882) | more than 14 years ago | (#1288670)

If you are living in anything but abject poverty, there are certain people who would be very interested in things like your credit card numbers, bank account numbers, social security numbers, etc., especially in combination.

That's what we have fraud protection for. Consumer protection prevents law breakers from totally wiping you out when you don't want to. If you take the ideas that many of the people here everything will be monitered and tracked. If that happens it will make law breakers especially vulnerable to capture and arrest. Cryptography will be rendered moot and the government dosn't matter in areas of commercial interest as I illustrate below.

And I also have to mention that, while many FSF true believers may find this objectionable, I do have to mention that there were times when I had, on my home system, source code that sold for something like $100,000, in the
course of some consulting projects. (That's what the source license cost. I wouldn't have paid a nickle for it though. It was crap.)


Well I don't object to charging although you admit that the code was crap and you sold it for $100,000. That's the kind of thing you keep the recipt for the refund.

Perhaps not a common situation, but then, it is not uncommon for managerial types to have data on their systems that would be of great interest to their competitors.

Unless over 50% of the people in the US are managers of something and have such data then there is no problem. Usually such data is secured on machines that are physically located within a building or in a system that is essentially secure to begin with. You would have to have a group of terrorists or militia groups to break through some buildings.

Cryptography is not important just as a means to keep data from the government.

Since the government can basically do what it wants because it makes the rules protecting your data from the government is pointless unless you want to try to escape the problem. The government dosn't want to or does not actually engage in commercial or industrial espionage because it has essentially nothing to gain.

Sounds like IRA talk to me. (0)

Anonymous Coward | more than 14 years ago | (#1288671)

Bli-me, that sounds like IRA talk to me.

Off to prison you go, there'll be no afternoon tea for you.

Re:How's this work? (2)

Chalst (57653) | more than 14 years ago | (#1288672)

No: if a message was encrypted using a public key system, and the
prosecutors knowthe public key, then obviously they can check the
message.

This is probably the kind of case the police are most concerned
about: criminals using cryptography to communicate, and not be
understood by the police. The other kind of case would use symmetric
key cryptology: eg. the accounting details of a fraud are held locally
on a hard drive, and here it wouldn't be able to verify the plain text
matches the cypher text.

Re:Why is cryptography so terribly important? (3)

r2ravens (22773) | more than 14 years ago | (#1288673)

I used to teach Introduction to the Internet classes at a community college where I also ran the open student lab. I would tell the students that they should not send anything in email that they wouldn't want to see in the headline of tomorrows newspaper. If I'm having a private email conversation with a friend about a third party, there may be information that I don't want the third party to know I said and information I don't want made public.

Assume I am a psychiatrist consulting with a colleague in another place about a client. I wouldn't want anyone but the intended recipient to see the information about the patients condition.

Just these facts are enough to make encryption worthwhile for me.

And what about business plans? If I was working on developing a new product, the exposure of that information could give someone else (with more money - like M/$) the idea to develop before I could get all my ducks in a row.

Other than that, is just simply the fact that I have a right to be secure in my possessions and particulary, my information. That was the whole point to forming this country (USA). For my government to force me to give them the encryption key to data is the same as demanding that I incriminate myself (also prohibited by the US Constitution.)

I realize the article is about the law in the UK, but the encryption issue is truly international.

Governments are chipping away at our rights to privacy (at whatever level) in many countries around the world. If we don't stop it now, nothing about our private lives will be beyond the reach of Government, and then corporations as they further lobby the Government (become the Government?)

Why is cryptography so terribly important?

Those reasons are enough for me.

Russ

EU law (and the old address book gag) (1)

johnjones (14274) | more than 14 years ago | (#1288674)

err this violates the EU laws that I thought protect

Freedom of speech

And the right to silence

Here's the argument if you had an address book (paper one) and wrote in code then you can not be made to tell anyone the code so how is this different?

You can't say access is fast because most things that get encrypted that the police want are very small

unlawfull and house of lords or any judge will tell you so there are to many precedents

regards

john


a poor student @ bournemouth uni in the UK (a deltic so please dont moan about spelling but the content)

United Kingdom MP email addresses and web pages. (1)

Colin Smith (2679) | more than 14 years ago | (#1288675)

For those of us who wish to have a quick word with their MP perhaps prior to writing to them:

Parliament:
http://www.parliament.uk/

Those MPs with email addresses and web pages:
http://www.parliament.uk/commons/lib/almsad.htm

You could also try:
[surname][initials]@parliament.uk

Or Richar Kimber at Keele University has a good page:
http://www.psr.keele.ac.uk/area/uk/mps.htm

Re:Or even better... (1)

Chalst (57653) | more than 14 years ago | (#1288676)

How is this meant to work? Presumably the police are smart enough to keep multiple copies of the cypher text...

Re:Overridden by EU Law? (1)

Ralph Bearpark (2819) | more than 14 years ago | (#1288677)

it's like saying evidence from CCTVs should be inadmissable

Well, not really. The CCTV will identify a person, whereas the speed camera identifies the vehicle alone (unless they snap you through the front windscreen).

Regards, Ralph.

Re:Legality (1)

fmackay (23605) | more than 14 years ago | (#1288678)

The UK proposal seems so totally screwed. What happens if someone sends a person (like an MP?) encrypted mail that he's NEVER had a key to decrypt. Does that mean unless he can PROVE he never had a key to decrypt email, he can go to jail if he fails to turn over something he never had and has no way of proving? How in hell is one suppossed to prove THAT?

The STAND [stand.org.uk] folks did exactly this; sent an encrypted copy of a criminal confession to Jack Straw (UK Home Secretary). See their website for details.

Re:Why is cryptography so terribly important? (1)

Dusty (10872) | more than 14 years ago | (#1288679)

>I would think that in fact the average person has no use for cryptography in their daily lives. I
>don't mostly because I really don't know anyone and have never had the need to use
>communications media to interact with individuals in a private way. Generally I think that if I
>have a choice between using cryptography or going to prison I will choice to not use it.

A quick bit of background for you:-

The credit card laws for fraud in the UK are slightly different than in the US. In as much as you can be liable for all of the bill before you cancelled the card. Particularly if the purchases were made abroad.

While giving your credit card number over the internet is no more risky than giving it over the phone. It is easier to setup a scanner on tcp/ip than on voice traffic. Although I hear the NSA are working on this. Couple that with e-commerce servers getting cracked and the whole un-encypted e-commerce side of things looks somewhat risky.

Ultimately this law is about the Police and more likely GCHQ are worried they are going to lose a very convienent way of spying on people, and that they are going to have to go back to old fashioned leg work.

David

So give it to them (2)

Jeffrey Baker (6191) | more than 14 years ago | (#1288680)

Yeah, give them the plaintext of anything they ask for. The govt might wonder why you have so many copies of the GNOME README file, but they'll get over it eventually.

-jwb

Re:This is scary. (0)

Anonymous Coward | more than 14 years ago | (#1288681)

The combination of the loop-hole in the privacy laws, the CJA, the TPA and the 24/7 surveilance lead me to believe that Britain is plunging towards being a totalitarian state.

Hmm... Britain becoming a totalitarian state, under the stated goal of combatting crime and terrorism.

Well, as long as they don't take away my Ludwig Von...

-Hypr Geeque

I'm siiiinging in the rain...

Re:Human rights? (2)

Chalst (57653) | more than 14 years ago | (#1288682)

No the encrypted data is evidence. Refusing to decrypt it is like refusing a properly authorised search of your premises.

Re:Human rights? (1)

Mart (19570) | more than 14 years ago | (#1288683)

Doesn't this conflict with the Human Rights?

It's certainly an erosion of civil rights. But it's just the latest example in a long line. There was an article [newsunlimited.co.uk] in yesterday's Guardian by Madsen Pirie, president of the Adam Smith institute, on how successive governments have eroded civil rights in Britain by passing laws aimed at particular groups of offenders. Depressing stuff.

Re:Why is cryptography so terribly important? (2)

SEWilco (27983) | more than 14 years ago | (#1288684)

I see that the first letter of each line of your message on my browser is "DHIRPUTACE", which in Portuguese is an insult. Who were you sending this message to? Talk! TALK!

How to get someone thrown in jail (3)

jbrw (520) | more than 14 years ago | (#1288685)

Look at http://www.stand.org.uk/ [stand.org.uk] - this is an important site.

They show how to get Jack Straw (important government chap in the UK) guilty of committing a crime. That is, they encrypted a confession to an actual (undisclosed) crime, destroyed the key, and sent him the encrypted data. Jack Straw is now in possession of some information that would pressumably be of interest to the police, but he is unable to provide the decryption key (because he never had it in the first place), but, ofcourse, as many people are pointing out, how do you prove you don't have the key...

While the example of the above site is, considering the circumstances, a fairly light-heated example, consider this: lots of politicans/business people (or anyone, really) are accussed, and investigated, of serious crimes regularly. How easy will it become to provide encrypted data to the person under investigation, without their knowledge, and then inform the police that that person is in possession of encrypted data that may (or may not? who can tell?) be of interest to their investigations. Police find data, ask for key, person is flung in jail.

Ooops.

I really hope Mark Thomas [channel4.com] can squeeze a show in about this before the current season ends - I believe the shows are still being taped. (Mark Thomas is similar to Michael Moore, for you US people - only much, much better at what he does.)

...j
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?