Lauri Love backdoor forced-decryption case goes to court in UK Alleged hacktivist Lauri Love appeared in a London court on Tuesday in a case that could establish new powers for UK police to compel criminal suspects into handing over encryption keys. Love, 31, faces potential extradition to the US over his alleged involvement in #OpLastResort – the online protests that followed the …
But US legal rulings have been clear for years - trying to compel passwords is like trying to compel the combination to a lock, and that has been considered a violation of the 5th Amendment of the US Constitution for more than a century.
How fortunate for the NCA that Mr. Love is being tried in Blighty and not the colonies.
The question, should they succeed, will be whether any evidence found can then be used by the US court if he is extradited for trial over here.
Given this is a civil case I can't imagine any reason why he should be compelled to hand over a password to his property. It's a bit like they impounded his car and in order for him to get it back he has to give them the keys so they can go on a joy ride first.
> "...trying to compel passwords is like trying to compel the combination to a lock, and that has been considered a violation of the 5th Amendment of the US Constitution for more than a century."
A physical lock may be simply and quickly broken open, so it costs government and the courts nothing to protect combinations to said locks. Not so with encryption, where the government has no physical recourse to obtaining entry.
In the UK there's a law that can send you to prison for not revealing your passwords when compelled to do so. I seem to recall it being used in an animal liberation thingy a few years back?
That's the bit that confuses me a bit - what you're talking about is in criminal law, but for some reason this is a civil process where such does not apply.
This seems to be the NCA response to Love's civil action to get his computers returned. This may or may not be anything to do with the extradition request .. which would presumably be a criminal case.
The NCA have already returned some of Love's equipment. They didn't return other items on the grounds that they contained encrypted files. It looks to me that Love can either give up the key, and presumably once files are examined get the equipment back, or not allowing the NCA to keep the equipment.
The statement “There is a concern that the NCA is seeking in this application to access Mr Love's data by the back door rather than by the route sanctioned by parliament in Ripa,” by Love's brief is probably an attempt to conflate this case with the extradition request.
They are not conflating it with the extradition request. This is an attempt by the UK government to expand it's ability to infringe on the privacy and right of it's citizen beyond even the overly generous boundaries provided by RIPA. Whether or not any evidence gained is admissible in the US is irrelevant.
Irrelevant. The issue is that in the US, the courts cannot compel you to give evidence against yourself. That is the crux of the 5th Amendment to the US Constitution. They are completely entitled to try to get the evidence another way.
“17. Azl Jan 26, 2012 4:34 PM CST” at the American Bar Association said it best:
http://www.abajournal.com/news/article/judge_orders_mortgage_fraud_defendant_to_reveal_encrypted_contents_of_lapto/
“Unlike files in a safe, the contents of an encrypted drive are entirely visible, just not understandable. A seized hard drive can have its contents examined right down the 1’s and 0’s of each bit, regardless of encryption.
Thus, turning over the password does not hand them new information, like papers out of safe. Instead, it interprets the data they already have, but do not understand.
It is precisely testifying against one’s self. It is the act of taking data the prosecution already has but does not understand and interpreting it for them so that they may use it against you.
A better analogy would be a diary written in code. The government, which already HAS the diary, can see its contents clearly, but without your cooperation, cannot understand it.
They are free to try and crack the diary code on their own [as they are free to try and brute-force your encryption] but to compel you to interpret it for them - to supply the meaning - is precisely the act of testifying against yourself. ”
"A physical lock may be simply and quickly broken open, so it costs government and the courts nothing to protect combinations to said locks. Not so with encryption, where the government has no physical recourse to obtaining entry."
So it's fine for people to have rights, just as long as it doesn't incovenience the authorities?
"The NCA claimed officers saw evidence of hacking on Love’s computer screen at the time of his original arrest."
So they've got all the evidence they need then? Unless, of course, this eye-witness evidence turns out to be less-than-concrete under cross examination in court.
Sounds like the on screen "evidence" is just an excuse for getting access to the computers in the hope of finding actual evidence of a crime; but because the UK doesn't have a "fruit of the poisoned tree" law for illegally obtained evidence, they can use any old "honest guv', I saw him do XYZ" to justify fishing trips like this.
So unless the plod doing the raid had the prerequite skills and knowledge to quickly understand what they were looking at this seems very dodgy.
RIPA is fairly simple if they can see they need a password they can compel it.
I suspect they got confused with a Matrix screensaver
Well, I don't think he is actually accused of a crime in the UK, it's the US that's doing the prosecution.
The US knows it can't compel the passwords out of him, and the UK has been asked to do it for them -but the UK doesn't have a legal way to do it, so they are trying to bully him into giving the passwords over.
I might be wrong, but it sounds about right :)
Unfortunately that's not how RIPA2000 works. You'd need to prove that you've forgotten. You'd need to prove that you do not have something that does not exist in a physical form.
The nearest I can find in the Act section 49 is this:
"2)If any person with the appropriate permission under Schedule 2 believes, on reasonable grounds—
(a)that a key to the protected information is in the possession of any person,"
I.E. if the rozzers think you can remember it you'd need to prove in court that you didn't. Good luck with that.
"believes, on reasonable grounds"
This phrase has a very specific legal meaning. For it to apply there must be a logically consistent reasoning leading to a high probability that the information is in the person's posession.
It can be challenged on that basis. See Court of Appeal decision from 2013.
Any half decent hacker will probably have their system setup with two accounts.
One that is ok and the other that does an auto hard erase of everything on the computer (or triggers a self destruct explosion like Mission Impossible)
so he uses the second one and bingo, there is no data to see.
*Simples then.... give him the PC back. If he logs into it, they own him. If he doesn't, than he probably did forget it.*
After it has had whatever they've secretly done to them done? Plug it in, get password wrong a few times, then go smash them with a hammer. Then burn them.
(Maybe scan with a microscope and publish photos of very subtle electronic tampering before you do?)
From TFA:
Earlier attempts to obtain data from computers seized by using section 49 of the Regulation of Investigatory Powers Act to compel Love to hand over encryption keys and passwords had failed after Love refused and the NCA seemingly backed off. The section 49 order expired without further consequences to Love.
They demanded his passwords under the law. He refused the hand them over. The government did nothing, even though presumably they could have prosecuted him.
So to prove you're not a criminal, you'd be happy with 24/7 camera surveillance in your home/car/office? After all, if you've nothing to hide...
But aside from that, they want to find something to incriminate him, or at least cast the shadow of suspicion.
So no matter how innocent it is, if they can find something to cast doubt, they will.
Cardinal Richelieu - If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
