in the UK, you will go to jail not just for encryption, but for astronomical noise, too

[Eugen Leitl]

http://falkvinge.net/2012/07/12/in-the-uk-you-will-go-to-jail-not-just-for-encryption-but-for-astronomical-noise-too/

There was some surprise in the comments of yesterdaybs post over the fact
that the United Kingdom has effectively outlawed encryption: the UK will send
its citizens to jail for up to five years if they cannot produce the key to
an encrypted data set.

First of all, references b the law is here. You will be sent to jail for
refusing to give up encryption keys, regardless of whether you have them or
not. Five years of jail if itbs a terrorism investigation (or child porn,
apparently), two years otherwise. Itbs fascinating b there are four excuses
that keep coming back for every single dismantling of democracy. Itbs
terrorism, child porn, file sharing, and organized crime. You cannot fight
these by dismantling civil liberties b theybre just used as convenient
excuses.

We knew that this was the next step in the cat-and-mouse game over privacy,
right? It starts with the government believing they have a right to interfere
into any one of your seven privacies if they want to and find it practical.
The next step, of course, is that the citizens protect themselves from
snooping b at which point some bureaucrat will confuse the governmentbs
ability to snoop on citizenbs lives for a right to snoop on citizenbs lives
at any time, and create harsh punishments for any citizens who try to keep a
shred of their privacy. This is not a remotely dystopic scenario; as we see,
it has already happened in the UK.

But itbs worse than that. Much worse. Youbre not going to be sent to jail for
refusal to give up encryption keys. Youbre going to be sent to jail for an
inability to unlock something that the police think is encrypted. Yes, this
is where the hairs rise on our arms: if you have a recorded file with radio
noise from the local telescope that you use for generation of random numbers,
and the police asks you to produce the decryption key to show them the three
documents inside the encrypted container that your radio noise looks like,
you will be sent to jail for up to five years for your inability to produce
the imagined documents.

falkvinge at fraka:/home$ ls -la

drwxr-xr-x  5 root root        4096 2011-12-06 01:21 .
drwxr-xr-x 22 root root        4096 2012-04-23 12:22 ..
-rw----r--  1 root root 34359738368 2012-07-12 10:51 narrowbandnoise-32.raw

A 32-gigabyte noise file, or encrypted data? Can only be the latter.

But wait b it gets worse still.

The next step in the cat-and-mouse game over privacy is to use steganographic
methods to hide the fact that something is encrypted at all. You can easily
hide long messages in high-resolution photos today, just to take one example:
they will not appear to contain an encrypted message in the first place, but
will just look like a regular photo until decoded and decrypted with the
proper key. But of course, the government and police are aware of
steganographic methods, and know that pretty much any innocent-looking
dataset can be used as a container for encrypted data.

So imagine your reaction when the police confiscate your entire collection of
vacation photos, claim that your vacation photos contain hidden encrypted
messages (which they donbt), and sends you off to jail for five years for
being unable to supply the decryption key?

This is not some dystopic pipe dream. This law already exists in the United
Kingdom b and the vacation photo scenario above, while on the far-fetched
side of the scale, is possible. And the basic philosophical problem is
greater than the described collateral damage: the government will send you to
jail for safeguarding any confidences placed in you.