UK Ruling Says Authorities Can Force You To Hand Over Your Encryption Key

from the self-incrimination-means-different-things-across-the-pond dept

A year ago, there was a legal ruling in the US that said an individual could not be forced to hand over their encryption key to encrypted data on a computer, since it violates the 5th amendment against self-incrimination. Over in the UK, they apparently also have protections against self-incrimination, but apparently it doesn't cover handing over your encryption key (thanks to JJ for sending over the link). Basically, the ruling is pretty close to the opposite of the US ruling. Basically, it found that an encryption key isn't speech but an independent "thing" that can be required to be turned over to authorities.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Oct 16th, 2008 @ 5:17pm

    Easy solution, simply 'forget' your key. also fallow proper password procedures; at least 18 characters in length using a combination of letters, numbers, and special characters changed every 90 days. Never write it down, never tell anyone and never reuse old passwords.

    If you hold to all of that your defense need not even be a lie.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Chris Charabaruk (profile), Oct 16th, 2008 @ 5:22pm

    Re:

    Even if you've legitimately forgotten it, I doubt those closet fascists in Britain would care. They'd throw you in the lock and toss away the key.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Oct 16th, 2008 @ 5:24pm

    Re: Re:

    Or just use TrueCrypt's plausible deniability feature. This is basically what it was designed for.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    NeoConBushSupporter, Oct 16th, 2008 @ 5:27pm

    LOOK OUT (it's commin' this way)

    If Hussein Obama gets the oval office, he plans to copy the socialist, "big government" agenda we are seeing forced on the citizens of these "leftist" european countries. Don't let Hussein Obama and his terrorists cronies turn the United States into France!

    VOTE McCain 2008 - He wont steal Joe the plumbers dream.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    angelwolf71885, Oct 16th, 2008 @ 5:40pm

    Re:

    or you could image your HD just before you leave upload it to an online storage site

    and NEVER put that url in your history but just rember the name of the company..

    and like you said use DONT ASK DONT TELL

    and then format your comp before your trip
    and image it when you git to where you are going or when you git back...

    boom issue solved :D

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Joe, Oct 16th, 2008 @ 5:55pm

    Add a self-destruct key.

    The trick is to include a self-destruct password that will erase the disks encryption keys, so that even the real password becomes useless.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    Scott Gardner (profile), Oct 16th, 2008 @ 6:01pm

    Re: Re:

    I can't imagine uploading an entire hard drive to an online service. Never mind the per-gigabyte transfer and storage costs, there's the little issue of time. Even with a steady 16 Mbps internet connection, you're looking at over eight minutes per gigabyte.

    I can see doing what you're talking about with a few sensitive folders/directories, though - send them to the online service, delete them from your hard drive, and use any of the "wipe free space" utilities on your hard drive. Then when you get where you're going, download the files from the service if you need them.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    The Historian, Oct 16th, 2008 @ 6:07pm

    Re: LOOK OUT (it's commin' this way)

    I've lost more civil rights under Bush than any President in history. We have the worst economy since the Great Depression. We should be afraid of Obama? Have you noticed how "big" our gov has gotten under your idiot neocons. Lay of the kool aid. France couldn't be worse.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Klaus, Oct 16th, 2008 @ 6:19pm

    Re: Re: LOOK OUT (it's commin' this way)

    You do realize this is talking about the UK right? Bush is not the prime minister.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    angelwolf71885, Oct 16th, 2008 @ 6:22pm

    Re: Re: Re:

    yah thats true....

    actuly you could have a home NAS converted to use FTP
    and just access your backups like ppl should already be doing..


    but like you said the cost per gig if you are on a meaterd connection would be the constraint

    pluss if you have your own FTP server then you dont have to pay for online storage :D

    the good thing is thair are solushions to the issue :D

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    angelwolf71885, Oct 16th, 2008 @ 6:26pm

    Re: Re: LOOK OUT (it's commin' this way)

    alls i have to say to you is rev right acorn aires..

    Obama has horrable judgement...
    and will cost 50 billion more then McCaine


    im voteing nader BTW i caint stand McBush or the Retard Obama
    ide prefer not to vote but aglest if i vote nader i can say
    the resulting mess wasent my fault...

    Mccaine isent much bedder with his your own your own and im gunna tax your healthcare attatude...

    thay are both jackasses whu are gunna screw us of our rights and our money...

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Oct 16th, 2008 @ 6:33pm

    Re: LOOK OUT (it's commin' this way)

    STFU! you know nothing.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    MC '08, Oct 16th, 2008 @ 6:40pm

    Re: Re: Re: LOOK OUT (it's commin' this way)

    At least McCain isn't as bad as Obama.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    zcat, Oct 16th, 2008 @ 7:15pm

    #6 "self destruct" won't work

    Normal procedure from anyone with a clue is to remove the drive and image it. They might boot the machine off a live forensic CD for a first-look, but no software on the original hard-drive will ever be run for exactly this reason.

    The best option (apart from never having anything on your drive they'd want to look at) is a hidden volume. That and not living in a country that thinks 'waterboarding' is an acceptable interrogation technique.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Jake, Oct 16th, 2008 @ 11:44pm

    Small point of clarification. European Union regulations do in fact contain a provision somewhat similar to the 5th Amendment, but I recall reading that the British government negotiated an opt-out, the rationale being that as it was originally worded the rule would make it legal to drive away from the scene of an accident.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Oct 17th, 2008 @ 12:30am

    Re: Re: Re: LOOK OUT (it's commin' this way)

    You're calling who a retard? I wasn't even aware of a McCaine running for President. You are one reason Obama wants to better the educational system in the US. Please pick up a book or at the very least use a spell check in the future. They may take your rights and money, but at least you apparently got a top notch ejukation :)

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Jess, Oct 17th, 2008 @ 1:23am

    Political Rhetoric==Bullshit

    I am getting sick and tired of political rhetoric from both of the leading candidates and their brain-washed flunkies. Obama keeps on promising change, yet, he has not authored a bill in his entire term and has followed the political mass that is the democratic party blindly and chosen a running mate that has very much resisted any change that doesn't benefit him directly.

    McCain has a political "wild" streak that seems very much calculated and has gone against his constituents wishes on several matters, which is not what I want to see in a president of mine.

    So basically we are being forced to choose between a man who blindly follows the lead of his fellow party members and a man who has lost touch with the people he represents. A man who only promises a changing of the guard or a man who will be hamstrung by his association with the current president.

    If it were just that I wouldn't vote. But, it seems that the press seems to adore Obama and hates McCain with a passion. That makes my decision easy. They call themselves the voice of the people, yet they try to silence those whose words are contrary to theirs. Screw the press. I guess I'm voting for McCain.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Oct 17th, 2008 @ 2:03am

    wow, way to hijack a UK civil liberties discussion!

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Douglas Gresham, Oct 17th, 2008 @ 3:31am

    Re:

    Quite.

    On topic, the question this raises is interesting. The police have the power to enter your home and search it for evidence if you're suspected of a crime, but they don't have the power to enter your brain and do the same. The question is, which one does your computer fall under? Is your encryption key like your front door key, or does the fact it's the only means of getting access (as opposed to breaking down the door) change that? Tough question; I can see it from both points of view.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    AJ, Oct 17th, 2008 @ 4:18am

    what are they going to do?

    They can't force you to give up a key, so this law is useless. A simple I forgot and your done. They can't prove your lying so they lock you up for a few months so what. Thats a hell of alot better than giving away your life savings because they found 100 illegal mp3's on your hard drive and notified the recording industry to sue you. Or having a copy of your banking data, that was found on your hard drive, end up on some government laptop that got stolen along with 2 million other peoples info....

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    martyburns, Oct 17th, 2008 @ 4:47am

    RE: what are they going to do?

    Another simple fix from the authorities point of view is to make not handing over your key a mandatory 40 years without parole. That would make me remember pretty quick if I was facing a 10 year child porn charge...

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Joseph Young, Oct 17th, 2008 @ 9:11am

    Flawed logic all around

    To all those who have commented that you simply say, “I’ve forgotten it”, it doesn’t work like that. You’ve failed to hand over the encryption key or plaintext equivalent of the encrypted material. That’s prima facie evidence that you have committed a crime. It is a defence to claim that you’ve forgotten the key. But, you must convince the judge and jury that you have forgotten the key. The prosecution doesn’t have to prove you have not forgotten it.

    The Appeal Court judgement is like the plot from a bad spy movie. The baddie, upon capturing our hero, demands the secret codeword necessary for world domination. A codeword written down nowhere and known only to our hero. The baddie then tells our hero that, if he doesn’t divulged the codeword, he’ll kill him, thus guaranteeing the failure of his world-domination plans by his own hand.

    As killing the defendant isn’t an option, as that would just show that the encryption key is very much dependant on the defendant’s existence, I’m surprised that the Appeal Court didn’t suggest torture. This seems like the perfect use for torture. The problem with the Guantanamo style of torture is that the defendants will say anything, truth or falsehood, to make the torture stop, and you have no way of verifying the truthfulness of what’s been said. As the state already has the ciphertext, if your tortured defendant lies about the encryption algorithm or key, the state will know and can carry on the torture. If the defendant truly doesn’t know the key, the torturing will eventually kill them. Once they are dead, you will know they were innocent.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Oct 17th, 2008 @ 9:27am

    Re: Re: Re: LOOK OUT (it's commin' this way)

    You do realize this is talking about the UK right?
    You do realize that NeoConBushSupporter is a satirical troll, right?

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    ulle, Oct 17th, 2008 @ 10:26am

    So you say you forgot the encryption key, will they then confiscate the laptop like the US customs does?

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Jim, Oct 17th, 2008 @ 4:46pm

    Re: Re: Re: LOOK OUT (it's commin' this way)

    If you're going to call people retards, the least you can do is learn little things like spelling, capitalization and basic grammar first.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    BTR1701, Oct 17th, 2008 @ 10:46pm

    The guilty won't care...

    If I knew my computer had stuff on it that could convict me of a serious crime, I'd rather do the year in jail for criminal contempt for refusing to hand over the password rather than hand it over and do ten years in prison for porn or terrorism or whatever the stuff on my computer would convict me of.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Anonymous Coward, Oct 17th, 2008 @ 10:50pm

    Re: Flawed logic all around

    > To all those who have commented that you simply say, “I’ve
    > forgotten it”, it doesn’t work like that. You’ve failed to hand
    > over the encryption key or plaintext equivalent of the
    > encrypted material. That’s prima facie evidence that you
    > have committed a crime. The prosecution doesn’t have to
    > prove you have not forgotten it.

    Perhaps in the UK that's true but in America, the Constitution sets the burden of proof on the government and no law or court ruling can trump that.

    If a similar law passes here, it will still be the government's burden to prove you're lying about forgetting the password, not the other way around.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Steve the worker, Oct 19th, 2008 @ 9:31am

    Re: Re: LOOK OUT (it's commin' this way)

    The economy under Carter was worse then it is now. In 1980 interest rates were 14% to 18%, unemployment was 10% inflation was 10% or so. My number are not 100% correct but they are close. Check for your self. So this is not the worse economy. The great depression still holds the title.

     

    reply to this | link to this | view in thread ]

  29.  
    icon
    chris (profile), Oct 20th, 2008 @ 6:20am

    Re: Re: Re: Re:

    actuly you could have a home NAS converted to use FTP
    and just access your backups like ppl should already be doing..


    no, no, no, ftp is a plain text protocol. why go to all the trouble of wiping your hard drive just to pass your data thru the internet in the clear?

    even if you encrypt the data prior to transmission, the clear text protocol will reveal it as an encrypted file.

    use only encrypted protocols like SFTP or SCP. on the wire they look just like ssh sessions, since that it really what they are, FTP tunneled via ssh.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Anonymous, Jan 1st, 2009 @ 7:59am

    Encryption

    Do not use a hard drive.
    Use a live linux CD.


    Puppy linux
    Slax
    Knoppix Many distros out there with plenty of utilities and a nice firefox browser built right in and runs right from the CD/DVD

    Encrypt your stuff them mail it to your self.

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Shawn, Jan 9th, 2009 @ 3:41am

    Re: Add a self-destruct key.

    Great idea :-)

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Bad Credit Mortgage, Jun 17th, 2010 @ 6:47am

    Great detailed information, I ll be visiting you more frequently, here is very interesting information.

    Scholarship

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This