http://www.linuxworld.com.au/index.php/id;897277082;fp;;fpid;;pf;1 UK appeals court rejects encryption key disclosure defense Defendants can't deny police an encryption key because of fears the data it unlocks will incriminate them, a British appeals court has ruled. Jeremy Kirk (IDG News Service) 15/10/2008 08:44:00 Defendants can't deny police an encryption key because of fears the data it unlocks will incriminate them, a British appeals court has ruled. The case marked an interesting challenge to the UK's Regulation of Investigatory Powers Act (RIPA), which in part compels someone served under the act to divulge an encryption key used to scramble data on a PC's hard drive. Failure to do so could mean a two-year prison sentence or up to five years if the case involves national security. The appeals court heard a case in which two suspects refused to give up encryption keys, arguing that disclosure was incompatible with the privilege against self incrimination. One of the suspects had been ordered not to move house without permission under a terrorism-prevention act. The man defied the order, and he and another man were arrested, according to the ruling from the England and Wales Court of Appeal Criminal Division. Police also seized encrypted material on a disc belonging to the first man. When the second man was arrested, police saw he had partially entered an encryption key into a computer. In its ruling, the appeals court said an encryption key is no different than a physical key and exists separately from a person's will. "The key to the computer equipment is no different to the key to a locked drawer," the court found. "The contents of the drawer exist independently of the suspect; so does the key to it. The contents may or may not be incriminating: the key is neutral." The right against self incrimination is not without bounds, as suspects also can't refuse to give a DNA sample if properly compelled. RIPA, passed in 2000 by the U.K. Parliament, is intended to give police new powers to conduct covert surveillance and wiretap operations in respect to new communication technologies. The third part of RIPA concerning the disclosure of encryption keys came into force in October 2007. It was delayed since when RIPA was approved, law enforcement wasn't seeing wide use of encryption. It was also one of the more controversial parts of RIPA, as critics said companies could be at risk if law enforcement mishandled their data. To obtain a key, a so-called "Section 49" request must first be approved by a judicial authority, chief of police, the customs and excise commissioner or a person ranking higher than a brigadier or equivalent. Authorities can also mandate that recipients of a Section 49 request not tell anyone except their lawyer that they have received it.
So 28 days' detention without charge, more CCTV cams than the rest of the planet put together, stop-and-search without probable cause and .gov.uk collection of all telephone, email and web headers hadn't scared you away already? ;o) The UK has the tightest government control of anywhere in the west, and has had for a very long time. It's just that the plutocracy has been in charge for so long (since 1649, really), and they've been fairly smart about it; control has been absorbed into the fabric of society without disrupting anyone [important] too much. There is most definitely simmering resentment amongst the populace here, but it's going to have to get a lot worse before anyone does anything about it. W 2008/10/16 Eugen Leitl <eugen@leitl.org>:
http://www.linuxworld.com.au/index.php/id;897277082;fp;;fpid;;pf;1
UK appeals court rejects encryption key disclosure defense
Defendants can't deny police an encryption key because of fears the data it unlocks will incriminate them, a British appeals court has ruled.
Jeremy Kirk (IDG News Service) 15/10/2008 08:44:00
Defendants can't deny police an encryption key because of fears the data it unlocks will incriminate them, a British appeals court has ruled.
The case marked an interesting challenge to the UK's Regulation of Investigatory Powers Act (RIPA), which in part compels someone served under the act to divulge an encryption key used to scramble data on a PC's hard drive.
Failure to do so could mean a two-year prison sentence or up to five years if the case involves national security.
The appeals court heard a case in which two suspects refused to give up encryption keys, arguing that disclosure was incompatible with the privilege against self incrimination.
One of the suspects had been ordered not to move house without permission under a terrorism-prevention act. The man defied the order, and he and another man were arrested, according to the ruling from the England and Wales Court of Appeal Criminal Division.
Police also seized encrypted material on a disc belonging to the first man. When the second man was arrested, police saw he had partially entered an encryption key into a computer.
In its ruling, the appeals court said an encryption key is no different than a physical key and exists separately from a person's will.
"The key to the computer equipment is no different to the key to a locked drawer," the court found. "The contents of the drawer exist independently of the suspect; so does the key to it. The contents may or may not be incriminating: the key is neutral."
The right against self incrimination is not without bounds, as suspects also can't refuse to give a DNA sample if properly compelled.
RIPA, passed in 2000 by the U.K. Parliament, is intended to give police new powers to conduct covert surveillance and wiretap operations in respect to new communication technologies.
The third part of RIPA concerning the disclosure of encryption keys came into force in October 2007. It was delayed since when RIPA was approved, law enforcement wasn't seeing wide use of encryption. It was also one of the more controversial parts of RIPA, as critics said companies could be at risk if law enforcement mishandled their data.
To obtain a key, a so-called "Section 49" request must first be approved by a judicial authority, chief of police, the customs and excise commissioner or a person ranking higher than a brigadier or equivalent. Authorities can also mandate that recipients of a Section 49 request not tell anyone except their lawyer that they have received it.
Date: Thu, 16 Oct 2008 16:26:56 +0100 From: macavity@well.com To: eugen@leitl.org Subject: Re: no more UK for me CC: cypherpunks@al-qaeda.net
So 28 days' detention without charge, more CCTV cams than the rest of the planet put together, stop-and-search without probable cause and .gov.uk collection of all telephone, email and web headers hadn't scared you away already? ;o)
The UK has the tightest government control of anywhere in the west, and has had for a very long time. It's just that the plutocracy has been in charge for so long (since 1649, really), and they've been fairly smart about it; control has been absorbed into the fabric of society without disrupting anyone [important] too much.
There is most definitely simmering resentment amongst the populace here, but it's going to have to get a lot worse before anyone does anything about it.
W
2008/10/16 Eugen Leitl <eugen@leitl.org>:
http://www.linuxworld.com.au/index.php/id;897277082;fp;;fpid;;pf;1
UK appeals court rejects encryption key disclosure defense
Defendants can't deny police an encryption key because of fears the data it unlocks will incriminate them, a British appeals court has ruled.
Jeremy Kirk (IDG News Service) 15/10/2008 08:44:00
Defendants can't deny police an encryption key because of fears the data it unlocks will incriminate them, a British appeals court has ruled.
The case marked an interesting challenge to the UK's Regulation of Investigatory Powers Act (RIPA), which in part compels someone served under the act to divulge an encryption key used to scramble data on a PC's hard drive.
Failure to do so could mean a two-year prison sentence or up to five years if the case involves national security.
The appeals court heard a case in which two suspects refused to give up encryption keys, arguing that disclosure was incompatible with the
against self incrimination.
One of the suspects had been ordered not to move house without permission under a terrorism-prevention act. The man defied the order, and he and another man were arrested, according to the ruling from the England and Wales Court of Appeal Criminal Division.
Police also seized encrypted material on a disc belonging to the first man. When the second man was arrested, police saw he had partially entered an encryption key into a computer.
In its ruling, the appeals court said an encryption key is no different
a physical key and exists separately from a person's will.
"The key to the computer equipment is no different to the key to a locked drawer," the court found. "The contents of the drawer exist independently of the suspect; so does the key to it. The contents may or may not be incriminating: the key is neutral."
The right against self incrimination is not without bounds, as suspects also can't refuse to give a DNA sample if properly compelled.
RIPA, passed in 2000 by the U.K. Parliament, is intended to give police new powers to conduct covert surveillance and wiretap operations in respect to new communication technologies.
The third part of RIPA concerning the disclosure of encryption keys came into force in October 2007. It was delayed since when RIPA was approved, law enforcement wasn't seeing wide use of encryption. It was also one of the more controversial parts of RIPA, as critics said companies could be at risk if law enforcement mishandled their data.
To obtain a key, a so-called "Section 49" request must first be approved by a judicial authority, chief of police, the customs and excise commissioner or a person ranking higher than a brigadier or equivalent. Authorities can also mandate that recipients of a Section 49 request not tell anyone except
The difference between an encryption key and the key to a locked drawer is that the drawer may be smashed opn while the encrypted file might not be smashable at all. Again, one wonders if a truly deniable form of TOR-based encryption might be possible. If I enter key number one, message one is retrieved untraceably from the cloud. If I enter key number 2, message 2 is retrieved instead. The tough part is that there needs to be a mixed middleware service layer inside the cloud that can take the requests in an untraceable manner and go to the right place to retrieve. Or is there any easier way, given ISP records of customer activity? privilege than their
lawyer that they have received it.
_________________________________________________________________ Store, manage and share up to 5GB with Windows Live SkyDrive. http://skydrive.live.com/welcome.aspx?provision=1?ocid=TXT_TAGLM_WL_skydrive... 102008
Date: Thu, 16 Oct 2008 16:26:56 +0100 From: <macavity@well.com>macavity@well.com To: <eugen@leitl.org>eugen@leitl.org Subject: Re: no more UK for me CC: <cypherpunks@al-qaeda.net>cypherpunks@al-qaeda.net
So 28 days' detention without charge, more CCTV cams than the rest of the planet put together, stop-and-search without probable cause and .gov.uk collection of all telephone, email and web headers hadn't scared you away already? ;o)
The UK has the tightest government control of anywhere in the west, and has had for a very long time. It's just that the plutocracy has been in charge for so long (since 1649, really), and they've been fairly smart about it; control has been absorbed into the fabric of society without disrupting anyone [important] too much.
There is most definitely simmering resentment amongst the populace here, but it's going to have to get a lot worse before anyone does anything about it.
W
2008/10/16 Eugen Leitl <eugen@leitl.org>:
<http://www.linuxworld.com.au/index.php/id;897277082;fp;;fpid;;pf;1> http://www.linuxworld.com.au/index.php/id;897277082;fp;;fpid;;pf;1
UK appeals court rejects encryption key disclosure defense
Defendants can't deny police an encryption key because of fears the data it unlocks will incriminate them, a British appeals court has ruled.
Jeremy Kirk (IDG News Service) 15/10/2008 08:44:00
Defendants can't deny police an encryption key because of fears the data it unlocks will incriminate them, a British appeals court has ruled.
The case marked an interesting challenge to the UK's Regulation of Investigatory Powers Act (RIPA), which in part compels someone served under the act to divulge an encryption key used to scramble data on a PC's hard drive.
Failure to do so could mean a two-year prison sentence or up to five years if the case involves national security.
The appeals court heard a case in which two suspects refused to give up encryption keys, arguing that disclosure was incompatible with the
against self incrimination.
One of the suspects had been ordered not to move house without
under a terrorism-prevention act. The man defied the order, and he and another man were arrested, according to the ruling from the England and Wales Court of Appeal Criminal Division.
Police also seized encrypted material on a disc belonging to the first man. When the second man was arrested, police saw he had partially entered an encryption key into a computer.
In its ruling, the appeals court said an encryption key is no different
a physical key and exists separately from a person's will.
"The key to the computer equipment is no different to the key to a locked drawer," the court found. "The contents of the drawer exist independently of the suspect; so does the key to it. The contents may or may not be incriminating: the key is neutral."
The right against self incrimination is not without bounds, as suspects also can't refuse to give a DNA sample if properly compelled.
RIPA, passed in 2000 by the U.K. Parliament, is intended to give police new powers to conduct covert surveillance and wiretap operations in respect to new communication technologies.
The third part of RIPA concerning the disclosure of encryption keys came into force in October 2007. It was delayed since when RIPA was approved, law enforcement wasn't seeing wide use of encryption. It was also one of the more controversial parts of RIPA, as critics said companies could be at risk if law enforcement mishandled their data.
To obtain a key, a so-called "Section 49" request must first be approved by a judicial authority, chief of police, the customs and excise commissioner or a person ranking higher than a brigadier or equivalent. Authorities can also mandate that recipients of a Section 49 request not tell anyone except
Tor moves your data through the cloud untraceably, but you have to store it somewhere. If you're storing small amounts of data (encryption keys maybe?) you could use a dht, and there are a few good open source ones. If you're talking about storing more than a few K, then you run into the problem of who pays the disk space for me to store my 500GB art film collection? :-) W On 17 Oct 2008, at 22:34, Tyler Durden <camera_lumina@hotmail.com> wrote: The difference between an encryption key and the key to a locked drawer is that the drawer may be smashed opn while the encrypted file might not be smashable at all. Again, one wonders if a truly deniable form of TOR-based encryption might be possible. If I enter key number one, message one is retrieved untraceably from the cloud. If I enter key number 2, message 2 is retrieved instead. The tough part is that there needs to be a mixed middleware service layer inside the cloud that can take the requests in an untraceable manner and go to the right place to retrieve. Or is there any easier way, given ISP records of customer activity? privilege permission than their
lawyer that they have received it.
------------------------------ Store, manage and share up to 5GB with Windows Live SkyDrive. Start uploading now<http://skydrive.live.com/welcome.aspx?provision=1?ocid=TXT_TAGLM_WL_skydrive_102008>
participants (3)
-
Eugen Leitl
-
Tyler Durden
-
Will Morton