UK Ruling Says Authorities Can Force You To Hand Over Your Encryption Key
from the self-incrimination-means-different-things-across-the-pond dept
A year ago, there was a legal ruling in the US that said an individual could not be forced to hand over their encryption key to encrypted data on a computer, since it violates the 5th amendment against self-incrimination. Over in the UK, they apparently also have protections against self-incrimination, but apparently it doesn’t cover handing over your encryption key (thanks to JJ for sending over the link). Basically, the ruling is pretty close to the opposite of the US ruling. Basically, it found that an encryption key isn’t speech but an independent “thing” that can be required to be turned over to authorities.
Filed Under: encryption, free speech, self-incrimination, uk, us
Comments on “UK Ruling Says Authorities Can Force You To Hand Over Your Encryption Key”
Easy solution, simply ‘forget’ your key. also fallow proper password procedures; at least 18 characters in length using a combination of letters, numbers, and special characters changed every 90 days. Never write it down, never tell anyone and never reuse old passwords.
If you hold to all of that your defense need not even be a lie.
Re: Re:
Even if you’ve legitimately forgotten it, I doubt those closet fascists in Britain would care. They’d throw you in the lock and toss away the key.
Re: Re: Re:
Or just use TrueCrypt’s plausible deniability feature. This is basically what it was designed for.
Re: Re:
or you could image your HD just before you leave upload it to an online storage site
and NEVER put that url in your history but just rember the name of the company..
and like you said use DONT ASK DONT TELL
and then format your comp before your trip
and image it when you git to where you are going or when you git back…
boom issue solved 😀
Re: Re: Re:
I can’t imagine uploading an entire hard drive to an online service. Never mind the per-gigabyte transfer and storage costs, there’s the little issue of time. Even with a steady 16 Mbps internet connection, you’re looking at over eight minutes per gigabyte.
I can see doing what you’re talking about with a few sensitive folders/directories, though – send them to the online service, delete them from your hard drive, and use any of the “wipe free space” utilities on your hard drive. Then when you get where you’re going, download the files from the service if you need them.
Re: Re: Re: Re:
yah thats true….
actuly you could have a home NAS converted to use FTP
and just access your backups like ppl should already be doing..
but like you said the cost per gig if you are on a meaterd connection would be the constraint
pluss if you have your own FTP server then you dont have to pay for online storage 😀
the good thing is thair are solushions to the issue 😀
Re: Re: Re:2 Re:
actuly you could have a home NAS converted to use FTP
and just access your backups like ppl should already be doing..
no, no, no, ftp is a plain text protocol. why go to all the trouble of wiping your hard drive just to pass your data thru the internet in the clear?
even if you encrypt the data prior to transmission, the clear text protocol will reveal it as an encrypted file.
use only encrypted protocols like SFTP or SCP. on the wire they look just like ssh sessions, since that it really what they are, FTP tunneled via ssh.
LOOK OUT (it's commin' this way)
If Hussein Obama gets the oval office, he plans to copy the socialist, “big government” agenda we are seeing forced on the citizens of these “leftist” european countries. Don’t let Hussein Obama and his terrorists cronies turn the United States into France!
VOTE McCain 2008 – He wont steal Joe the plumbers dream.
Re: LOOK OUT (it's commin' this way)
I’ve lost more civil rights under Bush than any President in history. We have the worst economy since the Great Depression. We should be afraid of Obama? Have you noticed how “big” our gov has gotten under your idiot neocons. Lay of the kool aid. France couldn’t be worse.
Re: Re: LOOK OUT (it's commin' this way)
You do realize this is talking about the UK right? Bush is not the prime minister.
Re: Re: Re: LOOK OUT (it's commin' this way)
You do realize this is talking about the UK right?
You do realize that NeoConBushSupporter is a satirical troll, right?
Re: Re: LOOK OUT (it's commin' this way)
alls i have to say to you is rev right acorn aires..
Obama has horrable judgement…
and will cost 50 billion more then McCaine
im voteing nader BTW i caint stand McBush or the Retard Obama
ide prefer not to vote but aglest if i vote nader i can say
the resulting mess wasent my fault…
Mccaine isent much bedder with his your own your own and im gunna tax your healthcare attatude…
thay are both jackasses whu are gunna screw us of our rights and our money…
Re: Re: Re: LOOK OUT (it's commin' this way)
At least McCain isn’t as bad as Obama.
Re: Re: Re: LOOK OUT (it's commin' this way)
You’re calling who a retard? I wasn’t even aware of a McCaine running for President. You are one reason Obama wants to better the educational system in the US. Please pick up a book or at the very least use a spell check in the future. They may take your rights and money, but at least you apparently got a top notch ejukation 🙂
Re: Re: Re: LOOK OUT (it's commin' this way)
If you’re going to call people retards, the least you can do is learn little things like spelling, capitalization and basic grammar first.
Re: Re: LOOK OUT (it's commin' this way)
The economy under Carter was worse then it is now. In 1980 interest rates were 14% to 18%, unemployment was 10% inflation was 10% or so. My number are not 100% correct but they are close. Check for your self. So this is not the worse economy. The great depression still holds the title.
Re: LOOK OUT (it's commin' this way)
STFU! you know nothing.
Add a self-destruct key.
The trick is to include a self-destruct password that will erase the disks encryption keys, so that even the real password becomes useless.
Re: Add a self-destruct key.
Great idea 🙂
#6 "self destruct" won't work
Normal procedure from anyone with a clue is to remove the drive and image it. They might boot the machine off a live forensic CD for a first-look, but no software on the original hard-drive will ever be run for exactly this reason.
The best option (apart from never having anything on your drive they’d want to look at) is a hidden volume. That and not living in a country that thinks ‘waterboarding’ is an acceptable interrogation technique.
Small point of clarification. European Union regulations do in fact contain a provision somewhat similar to the 5th Amendment, but I recall reading that the British government negotiated an opt-out, the rationale being that as it was originally worded the rule would make it legal to drive away from the scene of an accident.
Political Rhetoric==Bullshit
I am getting sick and tired of political rhetoric from both of the leading candidates and their brain-washed flunkies. Obama keeps on promising change, yet, he has not authored a bill in his entire term and has followed the political mass that is the democratic party blindly and chosen a running mate that has very much resisted any change that doesn’t benefit him directly.
McCain has a political “wild” streak that seems very much calculated and has gone against his constituents wishes on several matters, which is not what I want to see in a president of mine.
So basically we are being forced to choose between a man who blindly follows the lead of his fellow party members and a man who has lost touch with the people he represents. A man who only promises a changing of the guard or a man who will be hamstrung by his association with the current president.
If it were just that I wouldn’t vote. But, it seems that the press seems to adore Obama and hates McCain with a passion. That makes my decision easy. They call themselves the voice of the people, yet they try to silence those whose words are contrary to theirs. Screw the press. I guess I’m voting for McCain.
wow, way to hijack a UK civil liberties discussion!
Re: Re:
Quite.
On topic, the question this raises is interesting. The police have the power to enter your home and search it for evidence if you’re suspected of a crime, but they don’t have the power to enter your brain and do the same. The question is, which one does your computer fall under? Is your encryption key like your front door key, or does the fact it’s the only means of getting access (as opposed to breaking down the door) change that? Tough question; I can see it from both points of view.
what are they going to do?
They can’t force you to give up a key, so this law is useless. A simple I forgot and your done. They can’t prove your lying so they lock you up for a few months so what. Thats a hell of alot better than giving away your life savings because they found 100 illegal mp3’s on your hard drive and notified the recording industry to sue you. Or having a copy of your banking data, that was found on your hard drive, end up on some government laptop that got stolen along with 2 million other peoples info….
Re: Flawed logic all around
To all those who have commented that you simply say, “I’ve forgotten it”, it doesn’t work like that. You’ve failed to hand over the encryption key or plaintext equivalent of the encrypted material. That’s prima facie evidence that you have committed a crime. It is a defence to claim that you’ve forgotten the key. But, you must convince the judge and jury that you have forgotten the key. The prosecution doesn’t have to prove you have not forgotten it.
The Appeal Court judgement is like the plot from a bad spy movie. The baddie, upon capturing our hero, demands the secret codeword necessary for world domination. A codeword written down nowhere and known only to our hero. The baddie then tells our hero that, if he doesn’t divulged the codeword, he’ll kill him, thus guaranteeing the failure of his world-domination plans by his own hand.
As killing the defendant isn’t an option, as that would just show that the encryption key is very much dependant on the defendant’s existence, I’m surprised that the Appeal Court didn’t suggest torture. This seems like the perfect use for torture. The problem with the Guantanamo style of torture is that the defendants will say anything, truth or falsehood, to make the torture stop, and you have no way of verifying the truthfulness of what’s been said. As the state already has the ciphertext, if your tortured defendant lies about the encryption algorithm or key, the state will know and can carry on the torture. If the defendant truly doesn’t know the key, the torturing will eventually kill them. Once they are dead, you will know they were innocent.
Re: Re: Flawed logic all around
> To all those who have commented that you simply say, “I’ve
> forgotten it”, it doesn’t work like that. You’ve failed to hand
> over the encryption key or plaintext equivalent of the
> encrypted material. That’s prima facie evidence that you
> have committed a crime. The prosecution doesn’t have to
> prove you have not forgotten it.
Perhaps in the UK that’s true but in America, the Constitution sets the burden of proof on the government and no law or court ruling can trump that.
If a similar law passes here, it will still be the government’s burden to prove you’re lying about forgetting the password, not the other way around.
RE: what are they going to do?
Another simple fix from the authorities point of view is to make not handing over your key a mandatory 40 years without parole. That would make me remember pretty quick if I was facing a 10 year child porn charge…
So you say you forgot the encryption key, will they then confiscate the laptop like the US customs does?
The guilty won't care...
If I knew my computer had stuff on it that could convict me of a serious crime, I’d rather do the year in jail for criminal contempt for refusing to hand over the password rather than hand it over and do ten years in prison for porn or terrorism or whatever the stuff on my computer would convict me of.
Encryption
Do not use a hard drive.
Use a live linux CD.
Puppy linux
Slax
Knoppix Many distros out there with plenty of utilities and a nice firefox browser built right in and runs right from the CD/DVD
Encrypt your stuff them mail it to your self.
Great detailed information, I ll be visiting you more frequently, here is very interesting information.
Scholarship