back to article RIPA III: A legislative turkey comes home to roost

The first conviction of a man under the draconian powers of RIPA Part III tragically bears out a prediction I made at the time: that these powers would do little or nothing to tackle serious crime or terror, but would create a power the police could use to harass people and undermine their right to remain silent. After all, a …

COMMENTS

This topic is closed for new posts.
  1. Subban
    Thumb Down

    A compelte travesty.

    Just about everyone without "MP" after their name forecast what would happen.

    Anyone with something serious to hide would use the containers that allow two passwords, one opens some content, but hides what you really want to keep hidden, then take the 2years max for not revealing the key than a no doubt greater sentence from revealing it..... I'm preaching to the choir here though.

    I've completely lost the password to one of my PGP keys, though I didn't use it to encrypt anything which may turn out to be lucky one day....

    1. Gordon is not a Moron

      It's even more of a travesty..

      The prison term from RIPA is more akin to Contempt of Court proceedings, where the same penalty can keep being applied until you do what the court wants.

      Judge : Hand over the encryption keys.

      Accused : No

      Judge : Send him down for 2 years.

      Rinse & repeat until either the keys are provided or the accused dies of old age. Nice to know that in a free society, you can be imprisoned for life just by remaining silent.

  2. Evil_Trev
    Megaphone

    So it begins....

    .... The Crypto / Stegno arms race, I have a few ideas....

    1. A browser extension to be called securepage that uses various techniques, some very simple, like uuencode,ROT16, compression, SSL, to obfuscate traffic and make DPI that bit more challanging. Apply it to URI's & cookies too. No need to change the server software either!

    2. encode/decode real info with some tripe, give one password you get the tripe, another you get the real payload. You hand over the tripe password and yes the file is transformed into something as per the law.

    3. Elect a government that will change this and a few other laws... might take a bit more effort.

  3. Tony S
    Black Helicopters

    All your thoughts belong to us

    A good article, if perhaps a little predictable.

    It is clear though that there was a knee jerk reaction and the law was passed without being fully analysed or debated. I think unlikely that any subsequent government will repeal it, unless there is a really pressing reason for doing so. It needs a serious set of lobbying; and too few people care sufficiently about the issue to do anything. We are sleep walking into the sort of police state that once was the preserve of Uncle Joe or one of the African dictatorships.

    BTW, like the new layout of comments - 1 thumb up.

  4. Anonymous Coward
    Anonymous Coward

    Well, that was insightful.

    This professor guy wasn't the only one by far who could see that one coming, and neither the only one to say so. The industrial and governmental flotsam on top of the great unwashed has sniffed the power of computing and is busily employing it everywhere against, not for, the people. This is but one exponent.

    ID cards, databases, but also increasingly moving to (broken, easily trackable) electronic financial systems, coupled with revenue service rules to keep the receipts, which in the Netherlands already provides the police with a handy log of who used public transport from where to where, when, anywhere in the last seven years, virtue of requiring all travelers to use an RFID card for fare payment.

    There's much more where that came from, which is going to mean that if you fall afoul of some bureaucratic machinations or "a computer glitch" somewhere you'll find yourself unable to so much as buy food in the supermarket. No cash allowed (it attracts terrorists, donchaknow), and who here has multiple chip-and-pin cards in different names from different countries? Nevermind what happens if the power goes out or the electronic payment network falls over, as it now and then does.

    We're in for a world of hurt even without this icing of utter stupidity on top. NoID so far are the only ones who make a bit of noise about it. It's not enough to merely say "told you so" to the choir, academic titles or no.

    1. Natalie Gritpants

      Cash rules in NL

      You're wrong about the Netherlands, I'm working there now and they are quite happy to take cash on the buses and taxi's, not sure about trains.

      1. Anonymous Coward
        Anonymous Coward

        Cash won't rule in NL for much longer.

        Sadly, no, I'm not wrong. Yes, you can still pay cash, but not everywhere: The first bank-or-credit-card only supermarket chain has been spotted. And to be sure that credit card isn't fake you need to show ID with it, too. There are several organisations with fancy names, including at least one chaired by the Dutch national bank who have "witchhunt on cash" as their mission statement and regularly manage to make the news with some made up statistic or some wild plans to end all cash payments in shops or bars or anywhere else retail. Metro in Rotterdam and soon Amsterdam has been moved over completely, no excuses, to a RFID card like the oyster, buses and trams soon to follow. Half the train ticket dispensers don't take cash at all, none take paper (like half the vending machines in Germany do, BTW, there all take coin), and soon they'll require that RFID card too. There is no plastic way to pay anonymously nor will there be, and with seven years of revenue service required paper trail even the "anonymous" RFID PT card isn't really. We're not there yet but they have made abundantly clear they want to go there regardless of what anyone else wants.

        You might need to speak, well, read Dutch to catch on, but the writing is on the wall.

      2. Anonymous Coward
        Anonymous Coward

        Cash won't rule in NL for much longer.

        Yes, you can still pay cash, but not everywhere: The first bank-or-credit-card only supermarket chain has been spotted. And to be sure that credit card isn't fake you need to show ID with it, too. There are several organisations with fancy names, including at least one chaired by the Dutch national bank who are waging a "war on cash". Metro in Rotterdam and soon Amsterdam has been moved over completely to a RFID card like the oyster, buses and trams soon to follow. If you work there you ought to've noticed the ruckus about the failures of the system. Half the train ticket dispensers don't take cash at all, none take paper (like half the vending machines in Germany do, BTW, there all take coin), and soon they'll require that RFID card too. There is no plastic way to pay anonymously nor will there be, and with seven years of revenue service required paper trail even the "anonymous" RFID PT card isn't really. We're not there yet but they have made abundantly clear they want to go there regardless of what anyone else wants.

        You might need to speak, well, read Dutch to catch on, but the writing is on the wall.

  5. Anonymous Coward
    Thumb Down

    Two major flaws.

    1. Someone will produce a virus or piece of scareware that inserts encrycted files on unnsuspecting users' PCs.

    2. What if a whole drive is encrypted in a way that looks the same as a DBan nuked disk?

    And on the question of extra hidden deniable volumes, could someone explain how they get round the problem of creating a similar file and copying the revealed data onto it and then copying identical but uncompressible data onto both until full and seeing if there's a big discrepancy between the capacity?

    1. Andrew Johnson 1

      Re Two Major Flaws

      To answer about plausable deniability :-

      You create a fixed size encrypted volume.. here is the excerpt from the documentation about why you can't tell there is a hidden volume there.

      The principle is that a TrueCrypt volume is created within another TrueCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it is impossible to prove whether there is a hidden volume within it or not*, because free space on any TrueCrypt volume is always filled with random data when the volume is created** and no part of the (dismounted) hidden volume can be distinguished from random data. Note that TrueCrypt does not modify the file system (information about free space, etc.) within the outer volume in any way.

      1. The Original Ash
        FAIL

        Not going to work.

        Truecrypt provides no way to prove there *isn't* a hidden volume. Conversation goes thusly:

        PC Plod: "Give us the key."

        Perp: "Here you go."

        PC Plod: "Ok, thanks. Nice girlfriend you have. Now, the key for the hidden volume."

        Perp: "There isn't one."

        PC Plod: "Key for the hidden volume or RIPA S.3 violation."

        Perp: "There isn't one!"

        PC Plod: "Move directly to jail."

        1. Andrew Johnson 1

          Re: Not Going to Work

          Ok, so in 'theory' in order to prosecute you under RIPA, they would have to be able to prove you ever had a key for something that may or may not exist.

          They can't prove you do have a hidden volume just as you can't prove you don't.

          The ridiculous would be a large text document where every 4th word is used to make the real document. They can't demand you produce a decypher key for every single file/document I have (ok they can demand it, but they have to prove that encryption is in place) - not that I'd trust that as my only defence you understand ;)

          I personally don't use hidden volumes, but I do use truecrypt on every USB stick and hard drive in my posession to protect my personal data in case of theft.

          1. The Original Ash

            The title

            Nope, all they have to prove is there is the possibility of something being hidden from them. It's possible that you have a hidden volume hiding the kiddy / bomb files, therefore you'd best show them that they're not there. By having a hidden volume with... More of your g/f in it!

            Only way to be sure.

      2. Anonymous Coward
        Anonymous Coward

        Thanks for the explaination.

        Does that imply that if you add files the hidden volume is destroyed?

        Would date stamps provide clues as to the absence of a hidden volume?

    2. Yatsura
      Boffin

      RE: Two major flaws

      Sure, NP.

      The idea is that you create a volume that is 2GB. This volume is a single file, which gives the encrypted drive on the non-encrypted drive room to grow. The unused part of the encrypted volume doesn't just have 00 are anything else. It _should be_ indistinguishable for the encrypted part without the key.

      Without the key it all looks encrypted. If the noise at the end is another encrypted volume then opening the first volume with the key just looks like the noise you'd get if there was not encrypted volume. It does mean that the container volume with overwrite the hidden volume because it doesn't know that it is being used. Just like the unused part of a physical drive, the file system will just see it as free unallocated space and use it up. Typing in the other password means that it will decrypt in a way shows the hidden volume, it scans until it finds a valid decryption.

      I say should they are thing like TCHunt which have vectors against this

      P

    3. Martin Milan
      Big Brother

      Truecrypt

      In the case of TrueCrypt, it is done by a large container being the default means of operation - in other words a 800mb encryption contained might well yield only 4mb of plain data - if you only put 4mb of plain data into it in the first place.

      The hidden volume is (a bit of a simplification) added into the unused space in your container, and the system only knows about it if you supply the password for the hidden volume. Since the hidden volume is well defined within the main container, the use of the hidden volume has no impact on information placed inside the rest of the main container...

      This all gets a bit cute if you only supply the password for the main encryption container - in which case TrueCrypt doesn't know about the hidden volume, and might well overwrite it. Such is life, if you have a hidden volume, it can be protected by supplying both passwords when you mount the encryption container - in which case you will be able to use the main container and your hidden volume will remain, in theory, undisturbed.

      It's clever stuff - and the TrueCrypt folks deserve a big thank you for all of us.

    4. Woodgar

      Hiding the Second Volume

      "And on the question of extra hidden deniable volumes, could someone explain how they get round the problem of creating a similar file and copying the revealed data onto it and then copying identical but uncompressible data onto both until full and seeing if there's a big discrepancy between the capacity?"

      It's my understanding that the second hidden container can be overwritten when only the first password is given and so appears as just empty space/random data when examined. In other words, your scenario will result in both the original disk and the copy filling up at the same rate.

  6. Anonymous Coward
    Anonymous Coward

    GCHQ/Rozzer illegal surveillance

    You may have missed another thing, that came in with the Counter Terrorism Bill 2008.

    http://p10.hostingprod.com/@spyblog.org.uk/blog/2008/04/counterterrorism-bill-dna-and-data-sharing-by-mi5-mi6-and-gchq.html

    What they did was add a clause, which made disclosure to the security services legal in all cases by eliminating all duties of confidentially:

    "Clause 19.. (6) A disclosure under this section does not breach-- (a) any obligation of confidence owed by the person making the disclosure, or.. (b) any other restriction on the disclosure of information (however imposed)."

    They also made it retrospective in a way:

    "20 Disclosure and the intelligence services: supplementary provisions...(4) Nothing in that section shall be read as casting doubt on the legality of anything done by any of the intelligence services before that section came into force."

    i.e., just because we're legalising it now, doesn't mean we accept it was illegal before.

    ----------

    Another Jacqui Smith cancer there.

    So be clear about it, she's legalised all surveillance of everyone for any reason.

    She's has authorized it in the past, illegally, and she knows it was illegal because she specifically disclaimed the new legislation as proof of prior illegality.

  7. Anonymous Coward
    Flame

    Offshore data ?

    How does RIPA cover a person who logs into a server hosted offshore, with all their encypted data held there ?

  8. Anonymous Coward
    Anonymous Coward

    Sofa

    I would keep any encripted data on a USB stick down the back of the sofa. If anyone finds it you the claim that it is not yours and it must have droped out of your pocket. Or keep it on a webmail account outside the UK, in another name. Or, if you are an islamic terrorists, how about VM run from a server in a cave somewhere?

    Basicly this law is stupid and will only ever catch the stupid and the innocent.

  9. Anonymous Coward
    Flame

    ARGGG!!!!!

    If you had a locked box in your house and the police had a search warrant would you expect them to not demand you open the box ?

    Same with computers.

    When you can encrypt your data and have anything there you like then you need a law like this one.

    1. Anonymous Coward
      Anonymous Coward

      My locked box is none of their business

      "If you had a locked box in your house and the police had a search warrant would you expect them to not demand you open the box ?"

      If I had a locked box in your house and the police went on a fishing expedition, would you expect me to open the box? Why? Because they ask me to?

      Police kicking in doors and searches belong to the old Soviet Union, not to a free country. He has the right to privacy, that right is enshrined in law, and the rozzers have not laid charges suitable to use this anti terror power.

      Remember they've simply insinuated he is a terrorist pedo or something, but laid no charges to that effect. So you assert a search warrant rather than a fishing expedition, but what this case is is a fishing expedition backed by innuendo.

      That's the key point, this is the first time they've prosecuted without A REASON TO REQUIRE THE REMOVAL OF PRIVACY.

      It's a sad state of affairs, to see how bad the UK has become that the police can claim anyone is a terrorist and use powers given to them for anti-terror purposes against anyone at any time.

      1. This post has been deleted by its author

    2. Nimrod
      Flame

      BUT

      in repsonse to AC 12:52 in your example they would need to have probable cause to obtain a valid search warrant, in the case of encrypted data RIPA III does away with the inconvenience of the police having to bother to get a warrant, demonstrate probable cause etc.

    3. mmiied
      FAIL

      I would expect them to demand

      but they have no power to jail me if I do not open it

      but in taht case there usual ander (brute force) will do just fine for encripted files it will not

      (loving the new coment section)

      1. Anonymous Coward
        Anonymous Coward

        No, but...

        A judge could compell you to open it and you could be held in contempt of court if you didn't, you can be banged up for contempt of court. You could also be done for wasting police time and I'm fairly sure that there is an offence along the lines of resisting police in their execution of a warrant.

    4. Graham Dawson Silver badge

      @ac 12:52

      What if they don't have a warrant but just wander in one day because you had your door slightly ajar and then demand to look in the box? That's what this law amounts to. The police.security services, under this law, have the power to demand anything from you without actually having any particular reason for it. They can demand you hand over the keys to the box, so to speak, and then arrest you when you refuse to do so, and take your DNA for their database at the same time.

      But, it's been the right of the English to refuse that demand for centuries. This is just another case of the government criminalising something for the sake of making a new crime. You get a shiny new criminal record for something that IS NOT A CRIME, no matter what "the law" says. The law is simply wrong.

    5. Gilbo
      Megaphone

      @AC

      Except that if you're doing your encryption properly then the police can't prove it exists. There's no box to open.

      And to think that for all these years God has been wrapping himself in a Truecrypt volume...

  10. Charles 9

    Re: ARGGG!!!!!

    Thing is, real life has things like two identical boxes but with different keys. The one locked box the police sees and demand you open would contain minor stuff that would get you slapped on the wrist. The REAL important stuff would be hidden much more carefully. That's a real-world analogue to TrueCrypt's hidden volume encryption.

  11. Anonymous Coward
    Flame

    One thing slightly overlooked in the RIPA controversy

    RIPA also kills dead any notion of lawyer-client, or doctor-patient confidentiality. This was *explicitly* intended.

    Be very careful what you tell your lawyer or doctor, as it's there for plod to use as evidence.

    Which means this poor guy has nowhere to escape from the state now ....

  12. Anonymous Coward
    Anonymous Coward

    They know it's stupid

    I was at the seminar in Ross's group back in the mid 90s when some police flunky was explaining this to us.

    We asked how mathematically we prove something isn't encrypted, whether books of random numbers would be banned and for my own research into CCD noise - was I allowed to have CCD dark frames.

    The official's not very reassuring observation was that we didn't have to worry because the law was only for use against terrorists.

    1. John G Imrie

      /dev/random

      Does this mean that /dev/random is now illegal as I cant prove its not an encrypted file?

  13. William Boyle

    crypto law sausages

    Re. The whole business brings to mind a comment attributed to Bismarck: "Laws are like sausages – it's best not to watch them being made."

    As a vegetarian, I can say without qualification that neither the making nor the eating is palatable in the case of these crypto-restriction laws.

    1. Ed Blackshaw Silver badge

      I prefer the quote from True Blood:

      "I can no longer listen to politicians, it gives me seizures.'

  14. Paul Crawford Silver badge

    TrueCrypt volumes

    They can ask for 1 key for an encrypted volume because there is very good reason to assume there is *something* in there. They cannot demand a 2nd key without such reason.

    However, with built in storage there is every chance that your OS will have recent references to drives/paths in its general detritus (swap file, 'recent documents' list, thumbnail image cache, etc) that cannot be located, which in turn could be used to suggest a 2nd volume existed.

    External storage is more tricky, as references may be for USB sticks that have not been found, etc.

  15. Anonymous Coward
    Grenade

    Cryptographic Time Travel!

    Perhaps this is a bit off-topic, but I do like the way One Time Pads can be used for cryptographic time travel.

    1. Someone presents to you some ciphertext. They tell you it's from an as yet unwritten news story from next week's El Reg.

    2. Time passes.

    3. The cryptographic time traveller presents to you the One Time Pad key for the aforementioned ciphertext, along with the address of a news article on El Reg.

    4. You decrypt the ciphertext with the key, and - lo and behold! - the plaintext is identical to the news article!

    But how did this work?!?

    1. You just generate a One Time Pad key - random data - and say it's some ciphertext. This works because the ciphertext and key are interchangeable (bitwise exclusive-or, for example, is commutative).

    2. You wait a week.

    3. You take a suitably sized news article from El Reg, something that couldn't have been known a week ago, and encrypt it using the key - the so-called ciphertext - generated earlier. You call the encrypted news article the key.

    4. The so-called key is then used to decrypt the so-called ciphertext, and the plaintext news article is recovered.

    And, as a bonus, your audience never knew that the so-called ciphertext, generated at the start of this magic trick, was actually an encrypted copy of an extreme pornographic image!

  16. Anonymous Coward
    Anonymous Coward

    I think we should fight back

    We should organise enough people (ideally without capped connections) to regularly transmit various sized chunks of completely useless random binary data. If they declare this is what they will do, and the data really is just random binary, they should have plausible deniability. At least I would hope so.

    If enough people are doing that, actual encrypted data will get lost in the noise.

  17. Noodle
    Headmaster

    Pedant alert

    The quote "Laws are like sausages — it is best not to see them being made" is often incorrectly attributed to Bismark, but is actually most likely to have been made by American poet John Saxe.

  18. JFL
    Go

    From JFL

    I'd also like to thank Rijndael (AES cipher) and Daemen & Rijmen, without which...

  19. amanfromMars 1 Silver badge

    Hard Core IntelAIgents ..... Doing IT Softly Softly with CyberIntelAIgents

    "They also made it retrospective in a way:

    "20 Disclosure and the intelligence services: supplementary provisions...(4) Nothing in that section shall be read as casting doubt on the legality of anything done by any of the intelligence services before that section came into force."

    i.e., just because we're legalising it now, doesn't mean we accept it was illegal before." ... Anonymous Coward Posted Wednesday 25th November 2009 12:52 GMT

    A Devilishly Ingeniuos Disingenuous Genius Facility, AC. Astute Enigma Territory in Live Operational Virtual Environments with Bletchley Boffinry Communities ..... AI@ITsWork with C42 Quantum Control Systems.

    A UKN FreeLancing AIdDevelopment of Exquisite Mighty Potential. And therefore of Surely Preferred Stock National Treasure Gilt Material Value Worth. And a Crown Cloud Crowded with Crowned Crowning Assets for Progressive Monarchies.

    A Healthy Embarrassment of Riches in a Novel and Noble Environment, both Really and Virtually Imagined. When the One meets with the Other is the Scripting CodeXXXX Perfectly Enabled with Orders to Deliver Virtual Realities as Replacement Realities for Real with XSSXPerimental Higher Definition TV Programming.

    "How does RIPA cover a person who logs into a server hosted offshore, with all their encypted data held there ?" ... Anonymous Coward Posted Wednesday 25th November 2009 12:52 GMT

    With Immunity if the Data is Required and/or Desired and Important or Harmful to Authorities.

    "And, as a bonus, your audience never knew that the so-called ciphertext, generated at the start of this magic trick, was actually an encrypted copy of an extreme pornographic image!" ..... Anonymous Coward Posted Wednesday 25th November 2009 18:02 GMT

    Wow ... the Wonders of Binary Science have an Ever Growing Mountain of Raw Source Material there. And the most Lucratively Engaging of Passionately SMARTer Content Providers ...... Starring Stellar Performers, it is too.

    Porn Stars Learn a Lot XSSXXXXStreamly Quickly and have a Real Good Time Studying and Practising Sensual Arts for Sexual Pleasure. With Either One Equally Well Enabled to Driver and Lead with the Assisting Enthusiastic Compliance of the Other .....Virtually Positive Complicity.

  20. Anonymous Coward
    Grenade

    Did I infer right there....

    .. is 'forgetting' your encryption key or password or whatever a defence then to this kind of nonsense? Would forgetting stand up in court?

    After all i have forgotten all sorts of usernames, passwords for all the forums etc etc that I have been party to at one time or another.

    Also I still dont understand how this RIPA shit can work. If I was an evil genius (im just a plain genius) with a plan to blow up the earth from space with my giant 'laser' (much like The Alan Parsons Project) then why on earth would the threat of upto 2 years in prison compell me to incriminate myself and therefore possibly leading to a much, much longer jail sentence? It does not make sense.

    If criminals/terrorists/Dr Evil have such information on a laptop or whatever, the RIPA threats are worthless as the consequences of denying the plod access are far better than letting them see your plans for 'Preparation H'

    The only people caught out will be the vulnerable, or innocent who the police want to bully.

    Also, can we have a Dr Evil icon, it would get so much use!

  21. ShaggyDoggy

    Passwords

    I like evil_trev's idea #2 withe the double password. Excellent.

    3. What about if the password to my encypted files is not actually held by me e.g. a friend typed it in and I actually and genuinely don't know it (I do the same for his files)

    4. What about if the password is about 50 characters long and I only ever copy/paste so I have no recall of what it is, like who can realistically be extected to remember a 50-char password made up of mixed alpha, num, and special chars ... oh and the source I copy it from is online "somewhere" can't remember the URL which is not a "key" it's a URL - important difference - the key is located at the URL but I'm being asked for the key itself, and nothing but the key

  22. Harry Tuttle
    Big Brother

    Instant imprisonment

    The Police could find (or put) an "encrypted file" on anybody's storage devices.

    Then this person magically disappear for 2 - 5 years when they can't provide the keys for it.

    How convenient for the authorities eh? Instant imprisonment of anyone who steps out of line.

  23. Rob Crawford
    WTF?

    Slight hole in this whole thing

    If I lad something considered illegal encrypted on my PC what would I do ?

    Would I ?

    a: reveal the key and hand them the evidence, and get a suitable criminal & CRB record

    or

    b. Refuse to divulge the key and have a criminal record which would do less damage to my future.

    Thats a hard one.

    So it won't stop the people they claim to be after from getting away with a lesser charge, yet the innocents (or those who do not wish to divulge commercial, private or contact details) will receive something which will mess up their future employment prospects.

    Hmmmm

  24. Michael Brown
    FAIL

    Hidden volumes and plausible deniability

    OK, so Truecrypt really does give you proper plausible deniability, but even without having to go to those lengths, surely you can only be compelled to hand over keys for encrypted files if the authorities can *prove* the file is encrypted? And, without decrypting the file, this is clearly impossible.

    Also, what if you have genuinely forgotten the password? Even if you haven't forgotten, but claim to have, there's no way anyone can prove this. So now being forgetful is a crime??

  25. Anonymous Coward
    Grenade

    Al Gore

    Now there's a man who needs to be struck by a golf club right between the goolies.

  26. Spleen

    Sausages

    "Laws are like sausages – it's best not to watch them being made."

    Bad analogy, the sausage comparison only works for something that is valuable as a finished article.

    Laws (by which I mean polits' laws such as RIPA III, not natural laws like "do not murder") are more like excrement - it's disgusting to watch them being made, it's just as disgusting to look at them once they've been made, and it's even worse to have them flung in your face, as happened to this poor sod.

  27. Jason Bloomberg Silver badge
    Big Brother

    Bad Law

    There's an increasing move towards forced self-incrimination and presumed guilty until proven innocent which is very bad for civil liberties and justice.

    Our courts can quite easily deal with criminals who aid or hinder justice - admission of guilt usually gets a lighter sentence while stubbornly saying nothing invites the full force of punishment.

    The key point of judicial principle in this country has been that the prosecution have to prove their case. Now it frequently seems they can prove their case by a defendant's refusal to prove themselves innocent.

    This country has gone down the drain.

  28. Jonathan 17

    Lets have a laugh...

    This December, when we are all filled with the giving spirit of Christmas, lets all buy cheapo £5 memory sticks, and fill them with random data. Download the police website and use that 500 times if you have to. Then, encrypt it, encrypt it again, and send it - anonymously - to the plod.

    If you like, you can think of a puzzle for them to solve, to get their reward. Let the plod work for it.

    Imagine if they suddenly received 1000s of encrypted flash drives, with no idea if any of them contained anything worth decrypting. And think about this - they would have to do some actual work, you know, investigation, to come up with a crime to charge you with so that they can use RIPA Part III on you.

  29. Scott 19

    Finally

    A law that can be used on innocent people to lock them up, its been a long time coming. This is better than 42 days and has the added advantage of being useless against major criminals and terrorists.

    Was that a mouse farting or the last breath of freedom i just heard?

  30. Anonymous Coward
    Anonymous Coward

    actually

    I don't think they could compel you to open the locked box. But I'm not sure. They could of course get someone else to open it.

  31. Anonymous Coward
    Anonymous Coward

    Freenet? Joint Enterprise?

    I think Freenet would be an example of what you're thinking of.

    However, I've always had the concern that the police, et al, would probably one day paint it as a massive conspiracy to hide paedophile rings, terrorist groups, etc, in a giant, conspiratorial super-ring of criminality.

    Just Google up "joint enterprise" to see how reasonable my paranoia is.

    1. Anonymous Coward
      Badgers

      This was supposed to be a reply to another comment.

      This was supposed to be a reply to this comment: http://forums.theregister.co.uk/post/634492

      But it's ended up on a different page, out of context.

  32. Alan Braggins 1

    Anne Campbell

    IIRC correctly rumour at the time was that she had an assistant print out her emails, wrote a paper reply, and had the assistant retype it as an answer.

    Which might explain why I got an answer along the lines of "someone else asked very roughly the same question as you, so here's a dismissive answer which depends on details that weren't actually in your question".

  33. Will Godfrey Silver badge

    Utterly useless

    This will 'catch' lots of completely innocent people, along with a handful of fools. Anyone with real secrets to hide will have long ago worked out a whole range of alternatives.

    I dimly remember a SciFi story set in an oppressive society (rather like ours has become) where the rulers couldn't work out how the 'subversives' were communicating.

    The answer was by walking dogs. The message was the number and colour of the dogs.

  34. Ted Treen
    Big Brother

    Hmmm...

    Wasn't it usual in the old Soviet Union (and Eastern Bloc) to "deal with" individuals by incarcerating them in mental hospitals?

    Or has the term "Terrorist" now been defined by ACPO as "Anyone who doesn't immediately do what we tell 'em to"?

  35. TrishaD
    Grenade

    Freedom

    I saw this article fresh from reading the BBCs latest update on the unfair bank charges case. Thrown out by the Supreme Court.

    So - what version of Freedom do our Masters believe in? Freedom of the Individual? Self-evidently not. Freedom of the Police to do what they like? Freedom of the greed-driven scum that run our financial services to continue to do the same?

    The role of the individual in this society is to act cannon-fodder. Pay more tax and receive less service. Work until you drop because any savings you might have can be stripped of their value at the whim of some Banker, snuffling for his next big bonus. Have zero expectation of justice. The Innocent have nothing to fear - pity we're all Guilty unless proven otherwise. Send your children to be slaughtered in some foreign war because your Masters' Masters in America require it of them

    Handgrenade - Because there'll come a time when people wont take it anymore.

  36. Anonymous Coward
    Thumb Down

    Locked box???

    Well I bet if you didn't open it they would just break it open, which they are free to do in this case. They can brute force it, might take a while but it can be done.

    The problem I see here is not that the police have the right to look into your personal stuff, it's the fact that they can arrest you for having an encrypted file for which you don't know the password to. If you simply forgot the password to the file, even if there was just pictures of cats in it how could you prove there are pictures of cats in there without the key?

    What about encrypted files from external sources such as game downloads? or even DRMed video. Where does it stop?

  37. Anonymous Coward
    Anonymous Coward

    Recursively Hidden Volumes?

    Plod: You have TrueCrypt. Hand over the keys.

    Citizen: Here you go.

    Plod: We know TrueCrypt is used for its hidden volumes. It's the whole point of using TrueCrypt. Everyone knows that - even us! So hand over the keys for the hidden volumes.

    Citizen: I just did. They're included in the keys I just gave you.

    Plod: We'll see...

    Time passes.

    Plod: Okay, all checks out. You're free to go.

    And so it is the citizen gets away with possessing extreme pornographic images (zombie porn), safely hidden away in a hidden volume nested within one of the disclosed hidden volumes.

    (I'm assuming here that TrueCrypt somehow supports the recursive nesting of hidden volumes.)

    Even if the police are smart enough to consider the question of whether or not there are multiple levels of hidden volumes, and the suspect keeps disclosing keys until claiming that all the keys and hidden volumes have been disclosed and revealed, how will the police know that there isn't still one more, still undisclosed, hidden volume?

  38. red hal

    Hidden Volume Password

    @Paul Crawford,

    A good point there about the O/S having details of recent activity. However, suppose you decide that for your hidden password you are going to use a URL?

    Main Password: lions, tigers, oh my!

    Hidden password: http://www.theregister.co.uk

This topic is closed for new posts.