There was some surprise in the comments of yesterday’s post over the fact that the United Kingdom has effectively outlawed encryption: the UK will send its citizens to jail for up to five years if they cannot produce the key to an encrypted data set.
First of all, references – the law is here. You will be sent to jail for refusing to give up encryption keys, regardless of whether you have them or not. Five years of jail if it’s a terrorism investigation (or child porn, apparently), two years otherwise. It’s fascinating – there are four excuses that keep coming back for every single dismantling of democracy. It’s terrorism, child porn, file sharing, and organized crime. You cannot fight these by dismantling civil liberties – they’re just used as convenient excuses.
We knew that this was the next step in the cat-and-mouse game over privacy, right? It starts with the government believing they have a right to interfere into any one of your seven privacies if they want to and find it practical. The next step, of course, is that the citizens protect themselves from snooping – at which point some bureaucrat will confuse the government’s ability to snoop on citizen’s lives for a right to snoop on citizen’s lives at any time, and create harsh punishments for any citizens who try to keep a shred of their privacy. This is not a remotely dystopic scenario; as we see, it has already happened in the UK.
But it’s worse than that. Much worse. You’re not going to be sent to jail for refusal to give up encryption keys. You’re going to be sent to jail for an inability to unlock something that the police think is encrypted. Yes, this is where the hairs rise on our arms: if you have a recorded file with radio noise from the local telescope that you use for generation of random numbers, and the police ask you to produce the decryption key to show them the three documents inside the encrypted container that your radio noise looks like, you will be sent to jail for up to five years for your inability to produce the imagined documents.
falkvinge@fraka:/home$ ls -la
drwxr-xr-x 5 root root 4096 2011-12-06 01:21 .
drwxr-xr-x 22 root root 4096 2012-04-23 12:22 ..
-rw----r-- 1 root root 34359738368 2012-07-12 10:51 narrowbandnoise-32G.rawDoes the folder above contain a 32-gigabyte narrowband noise file, or encrypted data? Obviously, it can only be the latter.
But wait – it gets worse still.
The next step in the cat-and-mouse game over privacy is to use steganographic methods to hide the fact that something is encrypted at all. You can easily hide long messages in high-resolution photos today, just to take one example: they will not appear to contain an encrypted message in the first place, but will just look like a regular photo until decoded and decrypted with the proper key. But of course, the government and police are aware of steganographic methods, and know that pretty much any innocent-looking dataset can be used as a container for encrypted data.
So imagine your reaction when the police confiscate your entire collection of vacation photos, claim that your vacation photos contain hidden encrypted messages (which they don’t), and sends you off to jail for five years for being unable to supply the decryption key?
This is not some dystopic pipe dream. This law already exists in the United Kingdom – and the vacation photo scenario above, while on the far-fetched side of the scale, is possible. And the basic philosophical problem is greater than the described collateral damage: the government will send you to jail for safeguarding any confidences placed in you.
Funny thing about the RIPA act was that in 1999, when the act was first discussed, civil Liberties group Stand decided to show the problem.
They sent an email to the Home Secretary (the minister for law and justice) containing a confession (source http://www.zdnet.com/surveillance-straw-petitioned-on-commerce-bill-controversy-3002073974/ ). That confession was encrypted. Mr Straw had details to a crime in his posession, in an encypted file, and no way to decrypt it. He was, under the letter of the law, refusing to decrypt information relevent to a crime, and should therefore be charged under RIPA.
Guess who wasn’t charged?
Yes, the law doesn’t actually apply to you is you’re the Home Secretary. Who knew that those in government consider themselves above the laws they inflict on others.
This argument is ridiculous, since it’s missing the concept of intent. The Home Secretary clearly had no intent. That’s why he/she wasn’t charged.
Intent (mens rea) is not required for anything defined as a ‘strict liability’ offence under UK law.
No, the argument is valid. By letter of the law there is no criteria needed to show any form of intent. If you possess an encrypted file – or anything an officer of the law believes may be encrypted – then you are culpable for a violation of the law and can be prosecuted.
Rick is right that the UK law is hair-raising. Worst case scenario any police officer who decides to lean on you can easily threaten you with a fairly reasonable chance of being sent to jail for refusing to “decrypt” what is, in essence, nothing more than a corrupt file or white noise.
so, everyone’s guilty?
good luck, ppl ;p
Ok, I’m not familiar with UK law. But under Swedish law, intent (uppsåt) is always needed for anyone to get convicted, except for a handful of crimes like involontary manslaughter (vållande till annans död). And “intent” in this context of course means that the court thinks you had intent, whether you actually had or not.
And my point was that the Home Secretary apparently had no intent, and that this would be the reason why he wasn’t charged, rather than him being the Home Secretary.
@anders…
And WHO has discretionary power to decide that the Home Secretary has no intent, and never has intent… and anyone annoying to whatever he likes must certainly have the intent to harm what he likes?
I guess Assange is as guilty as hell, they may not know what to charge him with, other than sexual offense, but they will come up with something in due time.
If we let them get away with it because we are not the picked bad guy now… come our time…
If civil Liberties group Stand sends an unsolicited email to the Home Secretary with some hidden data in it, it should be very clear that the Home Secretary has no intent at all regarding that data. They set him up, right?
@anders
the relevant point being that had any officer of the law decided to drive a case against the home secretary, the law explicitly states that the home secretary must STILL decrypt the information.
Or be found guilty and sent to jail for up to four years.
Needless to say no officer of law will start such a case, no prosecutor with common sense would drive it…but unless the judges in UK courtrooms have far more ability to amend existing law than swedish courtroom judges then the law is very clear: Intent is not needed.
Simply because the second an officer of the law determines that there is an “encrypted” file on the computer, the actual “intent” issue becomes moot. The “crime” is the refusal of the home secretary to decrypt the white noise. And that’s where “intent” is found. Whether the secretary has the ability to is irrelevant. The law doesn’t carry any exceptions or excuses.
So we’ve come to this. Guilty till proven innocent.
Brave new world.
Irrelevant, because they can’t prove the intent of anybody else either to hide any data.
If they would claim that *I* had anything I kept secret and I didn’t actually hide anything or even try, I would by definition have no intent at all, and yet I could be thrown in jail. Just because of a suspicion.
This argument is ridiculous.
The law clearly states that you are -innocent- if it is shown that you did not have the decryption key just prior to being requested to hand it over, and most assuredly if it is shown that you never had it in the first place.
How can you prove you DIDN’T have something? Prove to me that you’ve never owned an illegal firearm. Prove to me that you’ve never downloaded child pornography.
If she floats, she’s a witch, so burn her. If she sinks, she drowns, so problem’s solved from our end…
Here we enter problem number two of this sordid law: You are in essence requested to prove a negative. This is not even logically possible.
In short the burden of proof is on you.
Needless to say no police officer will willingly drive such a case against the home secretary. But if one actually did, it’s pretty clear that if the law is obeyed the secretary goes to jail.
Weird, I often read the news about people being arrested for resisting arrest.
It seems police officers are well versed in cases that manage to pull itself up by its own shoelaces.
Sorry, Scary Devil, proving a negative is NOT logically impossible.
See for instance Georg Cantor’s famous proof that the set of all set doesn’t exist (is self contradictory). Cantor himself was so baffled by his proof that he feared he had demonstrated that God can’t exist and ended his life in an asylum.
It is even possible to prove that an assertion cannot be proved (is undecidable) — see Paul Cohen’s proof that the continuum hypothesis is undecidable. Cohen’s proof was so mind blowing that he spent the next 40 years of his life trying to tackle Hilbert’s eight problem … in vain
OK, that’s for the ‘logic’ background of the debate. Yet, from a practical standpoint, I concede that it’s much more difficult to prove that something doesn’t exist than to prove it does and find this UK law very much worrying indeed.
I just read both the article and this comment and both have tickled me fiercely! Have you even read the statutue?
He couldn’t decrypt the message because he never had the key, despite the claims that the key was in his name.
S. 52(2) states that In proceedings against any person for an offence under this section, if it is shown that that person was in possession of a key to any protected information at any time before the time of the giving of the section 49 notice, that person shall be taken for the purposes of those proceedings to have continued to be in possession of that key at all subsequent times, unless it is shown that the key was not in his possession after the giving of the notice and before the time by which he was required to disclose it.
How would Stand show that he had the key?
This is also the arguement to be presented to all those claiming the burden of proof to be a violation of Article 6 ECHR – the burden is on the prosecution to show that the defendant has the key and the law then lays out the ways in which the defendant can show he is not in possesion of the key, if it is assumed under S.53(2) that he is still in possession of that key. This is not switching the burden of proof.
Have you even read the relevant parts of RIPA? Mainly sections 49 – 56. S.49 lays down the circumstances under which a notice will be given. If you read it you’ll see that a S.49 notice would never have been issued in relation to this stunt and therefore S.53 proceedings could not have been instigated.
However. in relation your comments about why he wasn’t charged, the simplest answer is that the Act was not in force at the time.
EDIT: Paragraph 3 is supposed to refer to S.53(2) (typo)
Include a link with the emailed file with the key, and make sure that link only works once (but is valid for months if not yet unused).
Of course the server would be out of their jurisdiction, and there would be no way to tell afterwards if it just expired or the key had been fetched.
So you can show that he likely had the key, and that he recieved the encrypted message.
Well the police should not be allowed to just declare something as encrypted without proof. They have to prove first that something is encrypted before asking for a key otherwise that is a legal flaw.
“You’re going to be sent to jail for an inability to unlock something that the police think is encrypted.”
As bad as this law is, it’s not quite as bad as you make out. While the police can lock you up if they can persuade a judge [s49(2)] to grant an order under this law (which requires the judge to have reasonable belief), that’s only pre-trial detention (so usual laws about bail, Article 6 ECHR etc. come into play – although these are pretty ludicrous in the UK anyway).
Eventually they have to put you on trial, and then they need to prove beyond reasonable doubt that you have a key in your possession that can unlock the information [s53(3)]. At no point does it really matter what the police think. In theory.
Of course, this doesn’t make the law sensible and reasonable, just not quite as ridiculous as it is made out to be – it’s useful to get facts correct when criticising something; makes it harder for the opposition to counter it.
Well, fair enough. But do you really think this is going to matter in practice, once the police find things that look – look – like encrypted data on your drives?
The police (and prosecutor) will argue that X is obviously encrypted data, and so, you must be in possession of the key.
Also, the key problem with the philosophy behind the law remains, collateral damage be damned: you have no right to encrypt your own data in the UK.
Doesn’t the “if it is shown that that person was in possession of a key to any protected information at any time before the time of the giving of the section 49 notice” part protect people against empty accusations? It states the prosecution has to demonstrate the defendant actually encrypted the data set (and has the decription key – if I encrypt something with your public key, only *you* can decrypt it and I never had the required key).
“at any time before notice”??? Really? Oh dear…
If I had a penny for each password/key I’ve ever forgotten…
Funnily enough, the two important keys I’ve forgotten are: the passphrase allowing syncing of passwords in Chrome; and the key I’d used to encrypt a file of private keys for a public-key system.
You cant have it both ways Rick. One the one hand you exaggerate the RIPA problem, and then say, “well fair enough” when you are caught out, instead of admitting that you over did it. Then on the other hand, you refuse to denounce the State, which is the source of these insane laws that you keep complaining about post after post while taking a salary from the very people you claim to think are insane and wrong. A casual observer could be forgiven for thinking that you are making a career out of complaining about the State, and if it were to be made to disappear, you would be out of a job, in both senses; nothing to complain about and no one to pay your salary.
The only proper response here is to condemn absolutely the idea that there should be a State with a monopoly on policing, creating money and everything else the State does. You cannot cherry pick the things that you like that the State does, and expect everyone to simply go along with you, consigning all others to de-facto criminals.
Your position is untenable. You must come clean and accept that your Statism is inherently immoral and illegitimate, otherwise all of the complaining you do about these absurd laws rings very hollow.
I think you’re simply trolling for an emotional response out of Rick.
This is not about probability of something happening, it’s about possibility! I’m just a humble sysadmin but when we design systems we go by a very simple principle. Anything that can go wrong, will go wrong!
Politicians drafting laws clearly either ignore this principle, or expect to exploit it in the future. Why else would they approve laws where citizens can be jailed for having nonsensical files on their hard drives?
This is the fallacy of people who believe in absolutism. Where as this logic makes sense within the world of mathematics it dosent even hold true within physics much less human society. The cahin of thought that looks collapse all arguments into black white truths is a pathway to facism. The idea that the state is inherentley evil prevents any further discourse and is therefore only down to who has the physical power to exert their will on the matter. The humanist viewpoint is that any construct has inherent failings and that we can mediate them by the use of common sense, regulation, functioning social counterbalances and equally weighted sources of social power (free press, independent judicary, democractic parliament, legally enshrined regulatory frameworks).
We are all hypocritical, we are all morally challenged. So are governments, so are markets, so are anarchist committees, so are priests. Therefore we seek a counter balance of competeing power with overarching tenets of core self-evident personal freedoms.
I put my trust in that struggle not the zealotry of the absolutists whether taliban, banker, conservative or socialist.
@Mat
Yor text is the most sensible post I have read on this blog.
@matt
I agree with Sten its probably the most well balanced and unbiased response ive seen
What will happens if I will go to Egypt (unusual country for my vacations), and in airport accidentally ask a way from person who is marked as terrorist in UK. After my return they will ask my to show everything I have on my phone, computer etc., after I show I have nothing they don’t belief and suggest my to better show true content or I will go jail for supporting terrorism. Isn’t this real world scenario?
Hey, where is the application of the law to the “if we think something is encrypted” part? Is this in precedent (which I don’t know how that works in the UK) or is it something stated in Parliamentary debates or something?
That’s a basic function of encryption that lawmakers didn’t get when writing this – there is no way to tell an encrypted container from a file with radio noise.
Nor is there indeed a way to tell steganographically hidden messages in photos from ordinary photos, which is the point of steganography in the first place.
You would not even need to go to lengths to record radio noise – a simple command like dd if=/dev/random of=/tmp/this_is_not_an_encrypted_file bs=1M count=32 in Linux will create something just as suspicious.
So what if everyone creates a file or two on their computer that looks like an encrypted file? That way the authorities would have no way of knowing which were real and the law would be unenforceable.
Dave, you’re trying to “think” your way out of your prison. The law is enforceable against anyone the law wants intimidated or detained. It was designed to be selectively applied.
Thanks. I just wasn’t sure how we arrived at that conclusion. Makes sense now.
Doesn’t this follow the same sort of reasoning that the Swedish police had with the sat phone tapping? I think it was the Swedes. You had mentioned a Scandinavian police force that used to be able to listen in on all conversations merely by positioning sat dishes next to the telecomms’. They subsequently expanded the idea to being given a back door into all digital communication.
Well, it seems to me that the police have gotten used to reading your digital information without effort and are throwing a hissyfit that some people aren’t ‘playing fair’ anymore and have taken action to make sure their upper-hand continues.
Quite similar, yes. I wrote about that in another article – Sweden, Paradise Lost (part 1): General Wiretapping.
However. more often than not encrypted data will be placed inside a container with some sort of a header that will disclose it is encrypted data. For example, LUKS (full disc encryption scheme used in linux) has a special header that identifies encryption parameters for the encrypted drive, GPG (private key encryptiuon suite for linux) has a header which references key IDs the data can be decrypted with and so forth.
So while technically encrypted blobs may be indisguishable from noise , in practice it should be should be straightforward to distinguish between the two in almost all cases – unless the ambiguity is intentional.
Having said that, IMO we should approach to this issue as to being required to testify or disclose information to the police/courts. Is it required to disclose all information you have if the police/court asks you for it in the UK?
If you use Truecrypt, it has an option for plausibly deniable hidden partitions. (Usually used together with full-disk encryption.)
In other words, you can hide a partition and claim you aren’t hiding anything – but they can also claim you are hiding something even if you actually aren’t.
I still wonder if that law is in accordance with Art. 6 ECHR – https://en.wikipedia.org/wiki/Article_6_of_the_European_Convention_on_Human_Rights
Well, the Nazis finally beat you. Took 70 years, but they’ve won. You contemptible country, once the greatest on Earth, now a sick parody of Russia and the USA. Politicians deserve to lose WAY more than their seats over this travesty of a law.
agree with you there. who would have thought that a country that once believed so strongly in justice, fair play, innocence etc could turn into one such as this, one that is worse in some ways than places like China and Iran and so scared of it’s own shadow that it now has laws like this in place (that nowhere else has) and more still to come!
They seem to love Orwell, don’t they?
A brave new world since 1984
When was England the greatest country in the world? When they were trying to make the rest of the world England? Or when they waged wars against France in another peoples land? Or when they slaughtered primitive africans with rifles and cannons over their land?
Wake up man.
“The West won the world not by the superiority of its ideas or values or religion, but rather by its superiority in applying organized violence. Westerners often forget this fact – non-Westerners never do.”
— Samuel P. Huntington
Yes because England is the only country with a bloody past.
Wake up man.
Exactly. Why are Europeans and ONLY Europeans expected to be in a permanent state of atoning for historical crimes? Why are the English (“British”) blamed for everything that’s wrong with s-S-Africa when Muslims had already been brutally colonising it since the 7th century, and Chinese are colonising Africa TODAY???? I call racism, in particular Anglophobia.
And why are we called racists when we want acknowledgement for crimes against us, such as the Moorish invasions? Did you know one million French and Spanish girls were kidnapped, enslaved and taken to North Africa 300-400 years ago? Do you ever hear French or Spanish people demanding reparations or blaming slavery for everything?
Of course blaming every single living African and Muslim for the slavery, rape and imperialism we Europeans suffered would be racist, but to blame all European people for crimes committed centuries ago by a few rich people is not. Go figure.
By the way, the economic system at the time was lassiez faire – only rich people benefitted. Especially bankers, who happen to be Ashkenazim Jews – native to the North Caucaus and therefore not English. But heaven forbid you blame all Jews for the Rothschilds owning the East India Trading company (therefore being responsible for the colonisation of the Indian sub-continent), or blame all Jews for the Sephardim owning the slave ships that transported Africans across the Atlantic.
Sick of double standards and racism against Europeans, especially Anglophobia.
“On examination of suspect’s PC, an encrypted file called /dev/random was found. Suspect refused to supply decryption key, claiming file was some kind of ‘random number generator. Suspect could not satisfactorily explain where these ‘random numbers’ came from. Currently checking all recent contacts, looking for accomplice who is supplying them.”
Beat me to it.
What if a few thousand people wrote confessions (anything could do, like stealing apples, downloading copyrighted material) and encrypted it and hid with steganograpy in a photo (photos of kittens, V-masks, whatever that isn’t too offensive) and double-post it to a public archive where offensive images can be flagged, the rest then delivered to politicians etc. Statistically, if enough people get involved and submitting the images are easy enough, thene there might be a gruesome crime confession hidden in there, and I guess a judge would be forced to act, or admit that resistance to crypto is futile, and go back to focusing on preventing crimes with actual victims.
To run such an action: javascript for crypto. Steganography either locally (PNG seems easy: http://antimatter15.com/misc/steganography.html ) or serverside. (But what if you don’t actually possess the encrypted material? Just steganography it and put online on a public imageboard?)
Seems to me, that politicians in the UK read Orwell’s 1984, but mistook it for some sort of manual of effective governing.
Rather, a manual of stable governing – that is, to stabilize their position of power.
lets just hope they don’t also read Animal Farm
[…] Izvor: http://falkvinge.net/2012/07/12/in-the-uk-you-will-go-to-jail-not-just-for-encryption-but-for-astron… […]
Interesting…
I tend to shred retired HDD’s and put them aside for occasional later use. Someone might think the garbled content of tens of disks is crypted data.
Way to got officials! You’d like to put me behind bars, wouldn’t you?
The solution is simple: do a dozen passes of zeroes after the several dozens passes with random numbers.
I think that unless someone is going to spend money opening the hard drive up and examining the platters directly using expensive equipment, one pass of zeroes should be fine.
This is not very nice at all. What I once have done is I “optimized” my hard disk to a state where everything was half-optimized and half-crypted == bricked. It is not difficult at all to create documents that appear crypted or have enormous amounts of information. Just wrong configurations with Adobe Acrobat (or almost any program with compression) and you can make very large files with very little sensible content.
According to this law any system containing encrypted passwords (like, say, every UNIX-like OS) could land you in jail, since it’s often simply not possible to decrypt them.
Well, perhaps not – However, you would have to explain the difference between a hash function (a one way, irreversable transformation of input , used for passwords) and encryption (a reversable transformation of the input data).
Of course, though, there is no way to distinguish a hash value from an ecrypted blob of data …
Assuming prosecutors are smart and educated enough to understand such concepts.
How can you create a one-way, irreversible transformation of input? That sounds impossible… but so did electromagnets at first .
take any number X>100.. Let Y be the remainder of the division of X by 50.
So, if you picked 274, the remainder would be 24. However, if you picked 224, or 374, the result would be the same. That’s the most trivial example of a irreversible transformation, hash functions are much more complex in order to have certain mathematical properties.
Saying that hashing is an irreversible transformation is quite sloppy. f(x) = 1 is irreversible. Hashes are not, otherwise they would hardly fulfill their role of determining whether someone possesses the original data compared with most fakes or corrupted versions.
This allows for brute force attacks, which have gotten much better these days. Irreversible is quite a silly way of putting such a situation.
To say, as the other commenter did, that several inputs are indistinguishable from each other and thus equally likely and so that you can’t recover the original both misses the point that any alternatives work to fool a password system and misses what assists cryptographers in analyzing encrypted text: valid plaintexts are probably going to be written in a human language with considerable statistical regularities.
It’s not exactly an insurmountable mystery to figure out which of “Password” and “F1581^MDRmWmRqAoQecjThARlu5lJ&” was the original.
Also a radom noise file used in ‘one-time-cypher’ looks like encrypted data but is actually the key.
I wonder how they feel about /dev/urandom, which is clearly streaming terrorist radio.
I seriously need to find a “comment upvote” plugin for WordPress…
This is so funny! Nice one!
We need to somehow introduce this to someone in charge.
With a bit of dumb luck, they go public with this and make an ass of themselves…
*sigh*
How about DVD movies? If you’re unable to disclosure CSS decryption keys of your DVD collection to the police, they can send you off to jail. Right?
I think the police can decrypt those, so probably not.
Ugh. RIPA does NOT make encryption illegal. It makes the refusal to surrender encryption keys to a court when compelled to by a judge.
To be prosecuted for failure to disclose keys, the Police need to prove beyond reasonable doubt that you have encrypted information that can be used as evidence.
This isn’t new either, RIPA is ancient.
Of course. The OP either hasn’t actually read the Act he referred to or, more likely, knows perfectly well he’s talking bollocks but let’s nothing get in the way of a good story.
I’m more surprised that Lauren Weinstein thought to post a link to this misinformation in alt.risks.
You’re completely missing the point, that when encryption is done right, there is absolutely no way that the police (or anyone) can “prove beyond reasonable doubt that you have encrypted information.”
So laws like these can either not be enforced at all, or they can only be selectively enforced against political enemies.
Then there’s the problem that all the encryption out there (just about) is done wrong. It’s not very difficult to determine whether a ZIP file is encrypted or not, even though the encryption might otherwise perform its task of protecting privacy quite well.
I don’t think that that’s a suitable definition of “done right”.
Truecrypt
In fact, all they can ever do is to make the baseless assertion that you’re hiding
certain information, but they can never prove this in any way, shape or form.
[…] second thing that changed my mind was a new law in the UK that makes it illegal to not hand over encryption keys if the police want to encrypt your data. The penalty is two to five years in prison for simply […]
[…] In The UK, You Will Go To Jail Not Just For Encryption, But For Astronomical Noise, Too – Falkving… – In England plausible deniability faults you. […]
I’m proud to live in England, they tell us it’s a free Country, unfortunately, free actually means, we are only “free” to do as we are told!
Unfortunately that does seem to be increasingly the case -.-
A friend is currently applying for a job as CCTV operator, wonder if they’ll call them little brothers….
How did the article not have a single mention of Rubberhose?
It gives you more than one key to decrypt a single encrypted file with each key giving a different text. One key could have the actual text and the other key could be used by you to give some convincing harmless text. The existence of any other text can only be verified using the appropriate cryptographic key.
It was originally designed for use by human rights groups working in third world dictatorships.
Using deniable encryption may actually worsen your problem because using such a system also makes it impossible to prove you are not hiding anything. Combine this with suspicious governments quite willing to torture people into submission and you could have a real problem with rubber hoses.
Such a system only works when the thugs arresting you are unaware of theses possibilities. Something that cannot be guaranteed with western governments.
I fail to see the advantage. Given a sufficiently paranoid prosecutor, your collection of holiday photos may land you in jail. Using Rubberhose *will*. Because you can’t prove there isn’t another container hidden inside.
They would have to PROVE that the file is encrypted in court. This could be difficult I think you are overstating the issue. Move along.
Most encrypted files make this quite obvious.
Hm, apparently my comment didn’t make it… or perhaps it did and will now appear twice – sorry if that happens. So here it comes again:
Nice little law 🙂 I’m gonna install some more encryption software on all my machines just out of spite, so they really have something valid when they come knocking.
Btw, Rick, I remember your article here a couple weeks ago, lot of nice strong words about democracy, and how US is already lost beyond hope but Europe can still be saved peacefully through activism and politics… Still holding on to that tought? 😉
What if, I say the harddrive is encrypted with randomly generated data, and I cannot recover it once I reboot?? It’s an option in Debian install CD
You go to jail – haven’t You read the article?
[…] http://falkvinge.net/2012/07/12/in-the-uk-you-will-go-to-jail-not-just-for-encryption-but-for-astron… […]
This is a textbook example of fascism. I thought being bombed by Hitler would have taught those fools something, but apparently not.
It’s ironically quite the opposite. Those who lived under an oppressive government within the last lifetime or so understand these issues (especially Germany and East Europe). Those who have not first-handedly experienced oppressive government simply don’t understand just how bad it could get… Sweden is another such country which hasn’t had a dictator / oppressive government for a while – very few people over here understand the risks and issues with increased surveillance…
[…] In The UK, You Will Go To Jail Not Just For Encryption, But For Astronomical Noise, Too – Falk… […]
somewhere along the line people started to believe that voting every so many years beats the rule of law. Democracy does not equal exemption from scrutiny.
Voting zealotry is worse than religious zealotry. The idea that having the right to vote means that what happens is right is insane. The concept that voting will change something…ridiculous. There are hundred of laws on the books that no person would ever vote for, but they passed. Voting was created to further incapacitate the masses. “well, we voted against it..that’s the best we could do.” That’s barf. And the internet, created to gauge and regulate the behavior and responses of the masses.
http://en.wikipedia.org/wiki/Key_disclosure_law
Apart from the issue of self-incrimination, how does this differ from the law in Finland, Belgium, Netherlands, France etc?
As John says, the court would have to prove ‘beyond reasonable doubt’ (the standard of criminal proof) that the material was encrypted material.
This law certainly does suck, but the argument that anyone can be prosecuted for possessing a random string of bits is a straw man; there would be far easier laws to oppress someone with.
But this makes it worse surely, since terrorists and the like would go to the trouble of making encrypted files (or winzip files?) ambiguous. Whereas ordinary people sending private emails – love letters etc – wouldn’t.
In other words, the law is only good for spying on people.
Ie. the clock’s chiming 13…
Let me just tell you…just because there are (or aren’t laws) doesn’t make anything impossible. You think that they need an encryption law to make your life hell? They don’t. You think that they need any law? Basically, the fact that you educate yourself about laws is what they want. That way you’ll be sure to be more careful about your activities and perhaps not do a lot of things that you might. If you feel you can’t use encryption, then you might not encrypt simple messages that you might otherwise, thereby giving any of the information gathering machinery a much easier time of gauging who you really are.
The British state has been getting more illiberal for a long time.
They introduced a new police caution ” you do not have to say anything( the right to silence) but if you fail to mention something you later rely on in court…..”
So when questioned you have to think, in the present, what you may nee to say in the future even though you have not been charged so don’t know about any court. Illogical and stupid.
[…] not news for those in the UK, but it's news to me! In the UK, You will go to Jail not just for encryption, but for Astronomical Noise, too […]
Does this mean that everyone who has owns a DVD could be in trouble? I cannot decrypt DVDs, only my DVD player can. I don’t know what else is on those disk I bought or had bought for me.
No, don’t worry about that. Such a reasoning would require a shred of technical understanding in the judicial system.
P2P is fought by the police, because music and video filesharing is anti-semitism in action. Jewish investors make movies, own Hollywood, own the big music studio labels and the goyim (non-jewish people, literally soil people) then their produce it for free and point the middle finger at jews, in the general direction of Auschwitz.
It cannot continue that goyim deprive jewish enterprises of the means of revenue. The active antisemites must be trampled underfoot. Governments know fully well that trade, banking, science and industry could not work without the super high IQ of jewish people, therefore they appease jews by properly persecuting the P2P antisemite. Stop downloading unlicensed movies and musics, repent and start praising the Father of Abraham, whose name is the holiest!
Wow, you really can use anything for anti-Semitism when that’s the only thing that really matters to you.
Why would anyone want to share or buy anything from anyone who considers them “soil people”?
[…] In The UK, You Will Go To Jail Not Just For Encryption, But For Astronomical Noise, Too – Falk…, via Stefano […]
[…] damage: the government will send you to jail for safeguarding any confidences placed in you.Source Share this:EmailPrintDiggLinkedInRedditStumbleUponTumblrPinterestTwitterFacebookLike this:LikeBe […]
[…] Australia plans total Internet surveillance a la NSA, and perhaps imprisoning people that don’t hand over encryption keys (as in the UK). Falkvinge suggets that the UK could imprison you for having photos or astronomical data, if the state chooses to claim they contain steganographic messages and demand you provide the key to extract them. […]
[…] In The UK, You Will Go To Jail Not Just For Encryption, But For Astronomical Noise, Too – Falk… If the police THINK you have encrypted data, you can be sent to jail for not handing over encryption keys. even if you don’t have them. So — according to the law — they could accuse you of having encrypted data hidden in your files, and send you to jail for refusing to hand over a non-existant key. […]
Technichaly they human brain is an encrypted data set that each concious person alone has the key for.
[…] top of this it seems that we are required by law to hand over encryption keys or face imprisonment if the police believe […]
Im just wondering if anyone thought about the fact that you don’t have to give the police any information which may incriminate you when they made up this BS law.
another thought that occurred to me was that this law would not have passed if we had less private schooled lawyers and more scientists / academics in parliament. There is no technological representation in the house of commons and very little in the lords. The idiots in power can do little more that read latin or order fois grais. They therefore allow things like this and the censoring of TPB to go ahead, laughably believing that they are enforceable.
Don’t underestimate those idiots. They have you thinking that they are idiots, yet the whole system bows at their feet. So, not such idiots afterall.
[…] also refers to encryption laws passed in the United Kingdom that allows authorities to demand an individual’s encryption […]
[…] also refers to encryption laws passed in the United Kingdom that allows authorities to demand an individual’s encryption keys. […]
[…] also refers to encryption laws passed in the United Kingdom that allows authorities to demand an individual’s encryption […]
[…] also refers to encryption laws passed in the United Kingdom that allows authorities to demand an individual’s encryption […]
[…] also refers to encryption laws passed in the United Kingdom that allows authorities to demand an individual’s encryption […]
[…] also refers to encryption laws passed in the United Kingdom that allows authorities to demand an individual’s encryption […]
[…] also refers to encryption laws passed in the United Kingdom that allows authorities to demand an individual’s encryption […]
[…] also refers to encryption laws passed in the United Kingdom that allows authorities to demand an individual’s encryption […]
[…] also refers to encryption laws passed in the United Kingdom that allows authorities to demand an individual’s encryption keys. […]
[…] also refers to encryption laws passed in the United Kingdom that allows authorities to demand an individual’s encryption […]
[…] also refers to encryption laws passed in the United Kingdom that allows authorities to demand an individual’s encryption keys. […]
[…] also refers to encryption laws passed in the United Kingdom that allows authorities to demand an individual’s encryption […]
Dear Politicians,
I fart in your general direction.
I trust you will analyze the emission and find it full of prosecutable randomness, Since I’m unable and unwilling to produce the key to the data most surely encapsulated in the uniquely fingerprinted malodor by the rectum of yours truly, my incarceration is a fait accompli.
Excuse me, but the thought of that makes my stomach rumble again – ready your analyzers!
There are things that just lack humor…this is one. Because you say something like this doesn’t mean that oppression doesn’t happen. Grow up.
BRRRRRFFFFT
Aah… there you go. Have at it!
[…] also refers to encryption laws passed in the United Kingdom that allows authorities to demand an individual’s encryption […]
[…] also refers to encryption laws passed in the United Kingdom that allows authorities to demand an individual’s encryption keys. […]
[…] also refers to encryption laws passed in the United Kingdom that allows authorities to demand an individual’s encryption […]
[…] In The UK, You Will Go To Jail Not Just For Encryption, But For Astronomical Noise, Too There was some surprise in the comments of yesterday’s post over the fact that the United Kingdom has effectively outlawed encryption: the UK will send its citizens to jail for up to five years if they cannot produce the key to an encrypted data set. Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages. […]
[…] also refers to encryption laws passed in the United Kingdom that allows authorities to demand an individual’s encryption keys. […]
[…] also refers to encryption laws passed in the United Kingdom that allows authorities to demand an individual’s encryption […]
Jurisdiction. Jurisdiction. Jurisdiction. Did I mention the importance of jurisdiction? First thing you get taught in a law degree.
Contrary to what almost every poster here mistakenly believes, there is no such thing as UK law. The United Kingdom of Great Britain and Northern Ireland consists of three completely separate civil and criminal jurisdictions: England and Wales; Scotland; Northern Ireland.
In this instance, it is the criminal law of England and Wales that applies to any legal person permanently or temporarily resident in England and Wales at the time of the alleged offense.
Here, a legal person includes a natural person, ie a living human, and an unnatural person, for example a company incorporated under the law of England and Wales and registered at Company House.
Read the statutory law carefully. Then research the relevant case law. Then comment when you know what you’re talking about.
[…] http://falkvinge.net/2012/07/12/in-the-uk-you-will-go-to-jail-not-just-for-encryption-but-for-astron… […]
[…] In The UK, You Will Go To Jail Not Just For Encryption, But For Astronomical Noise, Too – Falk… There was some surprise in the comments of yesterday's post over the fact that the United Kingdom has effectively outlawed encryption: the UK will send its citizens to jail for up to five years if the… […]
[…] In The UK, You Will Go To Jail Not Just For Encryption, But For Astronomical Noise, Too – Falk… There was some surprise in the comments of yesterday’s post over the fact that the United Kingdom has effectively outlawed encryption: the UK will send its citizens to jail for up to five years if the… […]
[…] развернулась горячая дискуссия вокруг переводной заметки одного из британских лидеров пиратства Рика […]
The only fail-safe against government overreach is to arm yourself.
That’s a very, very sad and depressing statement, but unfortunately also very true.
Why is that depressing?
Because in history we have fought and died over such things many many times, and we still have to do it again because of unique fellow humans who crave power and seek it relentlessly.
[…] не знают. Например, один эксперт несколько дней назад опубликовал статью с разъяснением, что в Великобритании действительно действует […]
[…] Earlier this month, a U.K. blogger, Rick Falkvinge, brought attention to the possibility that, should law enforcement decide that a random number generator, for example, was actually an encrypted file, one could be jailed for refusing to provide the nonexistent key. […]
[…] system provides users with “plausible deniability” but that might not be good enough based on new laws in the U.K.. And legal issues aside, most people have an ethical issue with hosting child pornography, […]
[…] system provides users with “plausible deniability” but that might not be good enough based on new laws in the U.K.. And legal issues aside, most people have an ethical issue with hosting child pornography, […]
[…] system provides users with “plausible deniability” but that might not be good enough based on new laws in the U.K.. And legal issues aside, most people have an ethical issue with hosting child pornography, […]
[…] system provides users with “plausible deniability” but that might not be good enough based on new laws in the U.K.. And legal issues aside, most people have an ethical issue with hosting child pornography, […]
[…] of the system provides users with “plausible deniability” but that might not be good enough based on new laws in the U.K.. And legal issues aside, most people have an ethical issue with hosting child pornography, […]
[…] system provides users with “plausible deniability” but that might not be good enough based on new laws in the U.K.. And legal issues aside, most people have an ethical issue with hosting child pornography, […]
[…] system provides users with “plausible deniability” but that might not be good enough based on new laws in the U.K.. And legal issues aside, most people have an ethical issue with hosting child pornography, […]
[…] system provides users with “plausible deniability” but that might not be good enough based on new laws in the U.K.. And legal issues aside, most people have an ethical issue with hosting child pornography, […]
[…] system provides users with “plausible deniability” but that might not be good enough based on new laws in the U.K.. And legal issues aside, most people have an ethical issue with hosting child pornography, […]
[…] system provides users with “plausible deniability” but that might not be good enough based on new laws in the U.K.. And legal issues aside, most people have an ethical issue with hosting child pornography, […]
[…] of the system provides users with “plausible deniability” but that might not be good enough based on new laws in the U.K.. And legal issues aside, most people have an ethical issue with hosting child pornography, […]
[…] system provides users with “plausible deniability” but that might not be good enough based on new laws in the U.K.. And legal issues aside, most people have an ethical issue with hosting child pornography, […]
[…] of the system provides users with “plausible deniability” but that might not be good enough based on new laws in the U.K.. And legal issues aside, most people have an ethical issue with hosting child pornography, […]
[…] of the system provides users with “plausible deniability” but that might not be good enough based on new laws in the U.K.. And legal issues aside, most people have an ethical issue with hosting child pornography, […]
[…] system provides users with “plausible deniability” but that might not be good enough based on new laws in the U.K.. And legal issues aside, most people have an ethical issue with hosting child pornography, […]
[…] system provides users with “plausible deniability” but that might not be good enough based on new laws in the U.K.. And legal issues aside, most people have an ethical issue with hosting child pornography, […]
[…] system provides users with “plausible deniability” but that might not be good enough based on new laws in the U.K.. And legal issues aside, most people have an ethical issue with hosting child pornography, […]
[…] system provides users with “plausible deniability” but that might not be good enough based on new laws in the U.K.. And legal issues aside, most people have an ethical issue with hosting child pornography, […]
[…] system provides users with “plausible deniability” but that might not be good enough based on new laws in the U.K.. And legal issues aside, most people have an ethical issue with hosting child pornography, […]
[…] of the system provides users with “plausible deniability” but that might not be good enough based on new laws in the U.K.. And legal issues aside, most people have an ethical issue with hosting child pornography, […]
[…] system provides users with “plausible deniability” but that might not be good enough based on new laws in the U.K.. And legal issues aside, most people have an ethical issue with hosting child pornography, […]
I am trying to find a reference somewhere in the link to UK law where they mention that owning a device that the police believe is encrypted would mean that you have to disclosure the password or go to jail, and I really can’t see it anywhere.
If I own an encrypted USB thumbdrive and the police says it is encrypted and I say it isn’t, unless the police can prove it is encrypted because they have evidence showing their claims I can’t see anywhere in the law that would send me to jail. I could be wrong but that is how I see it right now.
It would be very nice if the OP could post a link or quote the law in question.
[…] http://falkvinge.net/2012/07/12/in-the-uk-you-will-go-to-jail-not-just-for-encryption-but-for-astron…: But it’s worse than that. Much worse. You’re not going to be sent to jail for refusal to give […]
I’m no solicitor so I could be wrong but I can’t see this being remotely enforceable it just has to many loop holes and any solicitor worth his/her salt would pick that apart in 10 seconds for a start it contravenes your civil liberties aka your right to privacy, your right to remain silent, and your right not to incriminate your self.
then there is the thorny issue of the cops needing sufficient evidence of wrong doing on your part to get a warrant to compel you to hand over decryption keys which no judge with half a brain is going to issue unless the cops actually have probable cause and can prove beyond reasonable doubt that you have been up to no good and that your encrypted files might contain further evidence, and if the cops have sufficient evidence to get a court order to compel you to hand over decryption keys is there really any need since they probably already have enough evidence to lock you up anyway why waste there time and tax payers money about the only reason I can think of is if they where investigating someone who was working for a cartel and the evidence obtained could lead to further arrests of people higher up in the network
then there is the whole burden of proof issue assuming the cops get a warrant to compel you to hand over decryption keys all you need to do is tell them you lost the keys and can’t hand them over and then they have to prove you are lying and that said keys exist and that you are in possession of said keys and are refusing to hand them over therefore failing to comply with a court order therefore braking the law which is exceedingly difficult if not impossible to do.
then there is the issue of evidence being obtained vie methods such as a court order compelling you to hand over keys not being usable against you for the crime for which you are under investigation granted this doesn’t apply to every case depends what you are accused of doing but assuming that its one of the cases in which evidence obtained can’t be used again you for the crime for which you are being investigated it renders the whole issue moot as the cops don’t need to be looking at your encrypted files unless you are talking about something like child pornography/human trafficking or theft in which case the cops would need that info so they can help victims or recover stolen property
then there is the whole practicality issue jail space is already at a premium and it’s expensive and should therefore be reserved for persons that have actually committed serious crimes so are they really going to clutter jails with people who have effectively done nothing wrong ? some how I doubt it
“Better a hundred guilty men go free than an innocent man hang.” John Jenswold
what would be far more likely is that you would be put under house arrest as failure to hand over decryption keys is at best a misdemeanour aka civil disobedience unless you are under investigation for something really serious like terrorism.
then there is the whole privacy debate no one likes being spied on and everyone hates the big brother state even more so powers like that need to be heavily restricted so they can’t be abused to spy on people when ever they like it’s why things like phone tapping can only be done with a warrant which is only granted when there is sufficient evidence of wrong doing
not that it stops the government mind you these people are even more evil than some of the villains they go after because they pretend to be all nice and then behind everyone’s back they routinely ignore the law conducting a black bag operation all over the world every day although they would never admit to it every one knows politics is a dirty business and politicians are some of the biggest criminals on the planet who are complicit in some of the more horrendous crimes imaginable not that we usualy get to hear about these things mind you unless a whistleblower exposes there treachery, black market arms smuggling, mass spying programs like Carnivore or ECHELON or equivalents to name but a few of there better known shady operations which may or may not be illegal
You’re making the assumption that a government which repeatedly demonstrated that they give jack squat about civil rights will respect them when using this law. I’d find this assumption way too risky to bet my freedom on.
I don’t think they’ll start raiding homes wily-nilly and put everyone in jail who owns a computer (with plausible deniability and steganography on the table, they could) – that would not be smart, sane, cost-efficient or useful for any purpose. But they could easily use this to intimidate anyone they don’t like but can’t hang a crime on (those pesky journalists that actually do their job, for example). And they don’t even need to put everyone in jail. Like Mao said: Punish one, educate thousands.
That’s right. Nothing has ever been enforceable.
What about combining crypto 1 – crypto 2 – stego?
http://arstechnica.com/science/2012/08/bases-for-bits-a-book-is-written-as-dna/
“Bases for bits, a book is written as DNA”
Digitize a text – even a book, encrypt it (crypto 1) and do this encrypted text into a DNA (crypto 2) and u can perfectly imagine where to put the DNA to hide (stego).
Following Britains law ervery person can be jailed:”We know you have encrypted DNA, get us the key.”
this is hugely bad!
let’s start the church of random. The practice of this religion involves speaking prayers of random data… via any medium… to other believers (or non-believers).
that way, we always have plausible denyability.
Something like this has actually happened in the UK in 2009 as part of the RIP Act, or RIPA.
More information here.
http://www.theregister.co.uk/2009/11/24/ripa_jfl/
http://www.guardian.co.uk/world/2000/oct/24/qanda
[…] dados criptografados é ilegal, caso você não forneça a chave para a polícia. Richard Falkvinge afirma em um artigo que é possível que alguém acabe indo para a prisão por qualquer cadeia longa de dados […]
So who will be the first to sue GCHQ for not being able to decode that WOII pigeon message?
http://www.gchq.gov.uk/Press/Pages/Pigeon-takes-secret-message-to-the-grave.aspx
There are viruses that download child porn to peoples hard drives. I read about a court case in the US where the victim had a very hard time proving his own innocence. It is only a matter of time before we get malware that creates and hides various suspicious looking encrypted files on peoples hard drives and then deletes itself.
[…] Falkvinge reference: http://falkvinge.net/2012/07/12/in-the-uk-you-will-go-to-jail-not-just-for-encryption-but-for-astron… […]
[…] o questionamento se o governo deve interferir, como no caso extremo do Reino Unido, que proibiu arquivos criptografados. Na ânsia de evitar crimes, o Estado pode acabar interferindo na liberdade civil dos usuários. […]
Regardless of whether Rick was a little “over the top” with his wording/explanation; the fact still stands that the United Kingdom Government (Our Government) can “and will” use the Regulation of Investigatory Powers Act 2000 should they feel the need “or feel threatened” by any individual or organization.
The only way that they “the police, judge, jury, etc” will convict you is if they really want to.
Evidence can be planted on computer systems these days, it would pretty easy to “plant” an encrypted file on your computing device “which you will not have the key required for it’s decryption”.
Therefore, essentially Rick is right in what he is saying, along with the many people whose comments I have read.
Kind Regards,
Michael James Swan
[…] http://falkvinge.net/2012/07/12/in-the-uk-you-will-go-to-jail-not-just-for-encryption-but-for-astron… […]
[…] dados criptografados é ilegal, caso você não forneça a chave para a polícia. Richard Falkvinge afirma em um artigo que é possível que alguém acabe indo para a prisão por qualquer cadeia longa de dados […]
[…] already track your phone calls, RIPA makes it a criminal offence to refuse to decrypt data (or what they believe is encrypted data) on the government’s request, and with plans to re-introduce universal internet surveillance […]
We stumbled over here from a different page and thought I may as
well check things out. I like what I see so i am just following you.
Look forward to looking at your web page yet again.
Yes I stumbled here to. You know there is a simple way round this. Give them exactly what they want.
But it needs lots to participate. Encrypting and decrypting information takes time. Ask the police to setup an encryption key themselves so that you can send them your private key safely. A perfectly reasonable request. Then you, for safety sake change your key on a fairly regular basis, sending it off each time you change it. Of course you will need to change your passphrase as well on a regular basis and also send that off to them as well. Then there is the the case where they don’t want to setup something for you to email your key to. So then print your key and your passphrase and send them off to them via snailmail, and for security sake in separate envelopes.
Then there is the added problem of how do the police get to decrypt messages that are sent to a person who lives in another country and that you only hold the public key. Of cause you are quite happy to give the police any of the emails you send and so are the other 27 million other people that also send to that email address. Not allowing for the ones you may have deleted of cause.
In short the answer to Orwellian policy is the Huxley approach (Brave New World)
Pretty! This has been an extremely wonderful article.
Thank you for supplying this information.
this country’s citizens freedoms are being erroded on an almost daily basis, whilst we talk of going to war to protect freedoms in other countries! we must put a stop to it now!
This dont surprise me in the slightest, tory gits have been after doing this for years. I knew it was tip of the iceburg when the nazis blocked Pirate Bay…we let them get away with that, now they are going to take this MUCH further
Thank you a lot for sharing this with all people.
Hi there! This is kind of off topic but I need some guidance from
an established blog. Is it very difficult to set up your own blog?
I’m not very techincal but I can figure things out
pretty quick. I’m thinking about creating my own but I’m not sure where to begin.
Do you have any ideas or suggestions? Thank
you
Panopticon
It works you know
[…] acceptable excuses from “terrorism” to “organized crime”, laws are now appearing that outlaw people from even trying to protect their secrets against […]
use bulambod file encryption, bulambod.wordpress.com visit my site and download freeware software, donate your excess fortune for the future development of my security software, protect our privacy at all cost.
Most Facebook users are teenagers who do not have
a lot of money to spend. It’s just for craftaholic women and
outfit-hungry fashionistas, right. For example, if your
food business is dedicated to gourmet party appetizers your bio might be as simple
as “Gourmet appetizers delivered right to your door.
testing ignore
f… police, f… law, f… prison, I rebel! 😛
f… should be nice 4-letter word in each case.
Admiring the hard work you put into your blog and
in depth information you present. It’s good
to come across a blog every once in a while that isn’t
the same old rehashed material. Wonderful read!
I’ve saved your site and I’m adding your RSS feeds to my Google
account.
http://ars.userfriendly.org/cartoons/?id=20000806
The solution is simple, to ensure that every noise file or ‘encryption container’ can produce ‘secret’ data on request. Ones which contain actual secret data should appear heavily padded with random data (that contains actual information)
If you want to encrypt files on your computer, simply encrypt them with two keys. One key will give you the information, and the other key (which you use if the police want to search your computer) reveals some mundane, false information. I’m not from the UK, and I don’t know if this would work, but you do technically give them the encryption key, so they probably couldn’t arrest you.
I had this exact discussion a while back re. whether creating a disk filled with random numbers for the purposes of testing its entropy (a legitimate use) then sending it would violate RIPA.
Turns out that you can easily measure entropy using a very simple program built into Windows/iOS/Linux called Winzip.
If the suspect file compresses by more than 5% then it is likely not encrypted data and probably harmless, even JPEGs will do this. Some ISPs now apply this test to certain files ie software updates
to check that they aren’t harmful before allowing them through on E-mail.
my advice is to perma pen mark on the hard drive “cleaned” and if they do try to rally up the ripa BS then let them see your secret cute dancing cat porn :p