Now It Is A Criminal Offence To Want Privacy From The Police
Netcu Watch | 11.11.2007 20:07 | Animal Liberation | Repression | Technology
From October 1st 2007 it has now been made an offence (punishable by up to 2 years in prison) not to hand over your pgp password to the police if they request it. An example below is from an animal rights activist who recently had her computer nabbed in a recent raid who now has been given 12 days to hand over the pgp password 'or else'. Many other AR activists have recieved the same demand/threat recently after recent raids. Who next?
Anonymous writes
I got back from a SPEAK demo on Saturday 3rd November 2007. Waiting for me was a shiny guaranteed next day delivery package. ”Goodness, how exciting!” thought I as I opened the package and saw it was from a bloke called Alistair from Hampshire CPS.
Now apparently they have found some encrypted files on my computer (which was stolen by police thugs in May this year) which they think they have “reasonable suspicion” to pry into using the excuse of “preventing or detecting a crime”.
Now I have been “invited” (how nice, will there be tea and biccies?) to reveal my keys to the police so they can look at these files. If I do not comply and tell them to keep their great big hooters out of my private affairs I could be charged under RIPA (sounds like some great big Nazi thug who wants to bash everyone doesn’t it?) and then spend 2 years in prison if convicted.
Funny thing is pgp and I never got on together I confess that I am far too dense for such a complex (well to me anyway) programme. Therefore in a so-called democracy I am being threatened with prison simply because I cannot access encrypted files on my computer .
Even if I could the police are my enemy, I know that they have given information about me to Huntingdon Life Sciences (as well as hospitalising me) would I really want them to see and then pass around private communications with my solicitors which could be used against me at a later date in the civil courts, medical records, embarrassing poetry which was never meant to be read by anyone else, soppy love letters or indeed personal financial transactions.
We are no longer entitled to privacy according to Alistair and his draconian chums in NETCU but methinks he is telling fibs and trying to create a climate of fear. They clearly do not want people to use pgp.
Of course we all have a duty to tell Alistair, Steve and co to stick RIPA where the sun does not shine and where none dare light a match.
RIPA is also being used retrospectively as it came into force on 1st October 2007.
My computer was seized on 1st May 2007.
This is a very important infringement of our liberty and must be challenged.
More on RIPA soon... but Alistair helpfully (bless him) gave me this web address
http://security.homeoffice.gov.uk/ripa for those who wish to see this odious piece of legislation in all its horror. The relevant page on the above mentioned website is http://security.homeoffice.gov.uk/ripa/publication-search/ripa-cop/electronic-information
Take care out there!
I got back from a SPEAK demo on Saturday 3rd November 2007. Waiting for me was a shiny guaranteed next day delivery package. ”Goodness, how exciting!” thought I as I opened the package and saw it was from a bloke called Alistair from Hampshire CPS.
Now apparently they have found some encrypted files on my computer (which was stolen by police thugs in May this year) which they think they have “reasonable suspicion” to pry into using the excuse of “preventing or detecting a crime”.
Now I have been “invited” (how nice, will there be tea and biccies?) to reveal my keys to the police so they can look at these files. If I do not comply and tell them to keep their great big hooters out of my private affairs I could be charged under RIPA (sounds like some great big Nazi thug who wants to bash everyone doesn’t it?) and then spend 2 years in prison if convicted.
Funny thing is pgp and I never got on together I confess that I am far too dense for such a complex (well to me anyway) programme. Therefore in a so-called democracy I am being threatened with prison simply because I cannot access encrypted files on my computer .
Even if I could the police are my enemy, I know that they have given information about me to Huntingdon Life Sciences (as well as hospitalising me) would I really want them to see and then pass around private communications with my solicitors which could be used against me at a later date in the civil courts, medical records, embarrassing poetry which was never meant to be read by anyone else, soppy love letters or indeed personal financial transactions.
We are no longer entitled to privacy according to Alistair and his draconian chums in NETCU but methinks he is telling fibs and trying to create a climate of fear. They clearly do not want people to use pgp.
Of course we all have a duty to tell Alistair, Steve and co to stick RIPA where the sun does not shine and where none dare light a match.
RIPA is also being used retrospectively as it came into force on 1st October 2007.
My computer was seized on 1st May 2007.
This is a very important infringement of our liberty and must be challenged.
More on RIPA soon... but Alistair helpfully (bless him) gave me this web address
http://security.homeoffice.gov.uk/ripa for those who wish to see this odious piece of legislation in all its horror. The relevant page on the above mentioned website is http://security.homeoffice.gov.uk/ripa/publication-search/ripa-cop/electronic-information Take care out there!
Netcu Watch
e-mail:
netcu_watch(at)xsmail.com
Homepage:
http://www.vivisection.info/netcu_watch
Additions
Some advice
12.11.2007 12:15
If someone from the CPS has sent a notice under RIPA then there is something fishy going on. That wouldn't surprise me as the whole thing is fishy.
Normally under RIPA the police should ask you to put the files into intelligible form. It should be rare that they demand keys, according to the Code of Practice which should be on the Home Office web site in the RIPA section.
As you are involved in animal rights (and thus a "terrorist") you can be imprisoned for up to five years, if memory serves me correctly.
It is a defence to show the court that you cannot remember the passphrase.
The police also give information to their allies in order to allow them to take civil actions. EDO MBM is an example outside the animal rights movement.
Normally under RIPA the police should ask you to put the files into intelligible form. It should be rare that they demand keys, according to the Code of Practice which should be on the Home Office web site in the RIPA section.
As you are involved in animal rights (and thus a "terrorist") you can be imprisoned for up to five years, if memory serves me correctly.
It is a defence to show the court that you cannot remember the passphrase.
The police also give information to their allies in order to allow them to take civil actions. EDO MBM is an example outside the animal rights movement.
Me
Is it a "Section 49 Notice"?
12.11.2007 13:16
Unfortunatley RIPA *can* be used on data acquired before RIPA came into force.
But, It may be a bluff (stuff about "invited"), unless it is a "Section 49 Notice" it has no legal effect. To get an idea of what a S.49 Notice looks like see
...but this is a DRAFT notice from seven years ago, so the real thing may look (slightly) different.
To demand the key (rather than demanding you do the decryption yourself and handover plaintext), the S.49 Notice must be authorised by a Chief Constable (or equivalent depending on how the data was seized)
See para 9.26 in http://security.homeoffice.gov.uk/ripa/publication-search/ripa-cop/electronic-information?view=Binary
The S.49 Notice must specifiy what specific data is involved - if you can figure out how to extract the session key used for those files, you have a legal right to give up those specific session keys only, rather than your passphrase.
If you cannot remember the passphrase, and there is no evidence available to the police to the contrary (like you encrypted something else recently - think - might it have been in an intercepted e-mail?), then you have a possible legal defence. Watch out for the quality of legal advice you get - virtually no lawyers understand RIPA Pt.3. Try contacting Liberty and see if they will take it on as a test case. If Liberty turn you down, make a fuss on the web...
But, It may be a bluff (stuff about "invited"), unless it is a "Section 49 Notice" it has no legal effect. To get an idea of what a S.49 Notice looks like see
...but this is a DRAFT notice from seven years ago, so the real thing may look (slightly) different.
To demand the key (rather than demanding you do the decryption yourself and handover plaintext), the S.49 Notice must be authorised by a Chief Constable (or equivalent depending on how the data was seized)
See para 9.26 in
http://security.homeoffice.gov.uk/ripa/publication-search/ripa-cop/electronic-information?view=Binary The S.49 Notice must specifiy what specific data is involved - if you can figure out how to extract the session key used for those files, you have a legal right to give up those specific session keys only, rather than your passphrase.
If you cannot remember the passphrase, and there is no evidence available to the police to the contrary (like you encrypted something else recently - think - might it have been in an intercepted e-mail?), then you have a possible legal defence. Watch out for the quality of legal advice you get - virtually no lawyers understand RIPA Pt.3. Try contacting Liberty and see if they will take it on as a test case. If Liberty turn you down, make a fuss on the web...
Rhubarb
e-mail:
rhubarb@custard.com
now being discussed on the ukcrypto mailing list
12.11.2007 17:05
See:
http://www.chiark.greenend.org.uk/pipermail/ukcrypto/2007-November/082429.html
and the rest of the thread on that mailing list -- which has been discussing issues surrounding encryption and the UK Law for more than a decade.
http://www.chiark.greenend.org.uk/pipermail/ukcrypto/2007-November/082429.html and the rest of the thread on that mailing list -- which has been discussing issues surrounding encryption and the UK Law for more than a decade.
Richard Clayton
Nerd News
15.11.2007 00:44
Today's 'Register' covers this story with IM quoted. The comments can be very right wing as their readers are a mix of free software advocates mixed in equal measure with corporate suits. I think it is worth posting a link here though simply because some of the comments have technical tips that can help avoid a criminal charge, create a criminal charge, and so perhaps help end the law.
http://www.theregister.co.uk/2007/11/14/ripa_encryption_key_notice/comments/#c_96237
In short, anyone can help. Create a few encrypted files on your PC that contain nonsense data with keys typed randomly. Do this at each PC you ever use. Just now, they can arrest anyone using this charge, but they can't imprison everyone.
If you do have keyed encrypted files you want to keep secret, rename them with a common machine code extension like .bin, .exe or .com. Better still, still them on a rewritable CD /DVD or memory stick that is easily broken. Arranage in advance keywords that you can use in converstion to let the people you email encrypted stuff to that the key has
With basic precautions anyone can hide their communications from standard police examination. With sensible mass countermeasures - the basics of which are listed in the Register comments - this law can be rendered useless. Breaking a law isn't just failing to adhere to that law. Breaking the law means rendering it meaningless and unusable. This is an opportunity. Any geeks who have read this and thought about it should know what to do. As long as the law lasts it is a two-edged sword that can be used offensively. If you agree to pass over your key, delay for weeks. You don't want to stoop to their level you should still be aware of the risks so that you can avoid to you. If everyone had taken two hours to learn PGP and to use it everyday then we wouldn't be having this problem now.
http://www.theregister.co.uk/2007/11/14/ripa_encryption_key_notice/comments/#c_96237 In short, anyone can help. Create a few encrypted files on your PC that contain nonsense data with keys typed randomly. Do this at each PC you ever use. Just now, they can arrest anyone using this charge, but they can't imprison everyone.
If you do have keyed encrypted files you want to keep secret, rename them with a common machine code extension like .bin, .exe or .com. Better still, still them on a rewritable CD /DVD or memory stick that is easily broken. Arranage in advance keywords that you can use in converstion to let the people you email encrypted stuff to that the key has
With basic precautions anyone can hide their communications from standard police examination. With sensible mass countermeasures - the basics of which are listed in the Register comments - this law can be rendered useless. Breaking a law isn't just failing to adhere to that law. Breaking the law means rendering it meaningless and unusable. This is an opportunity. Any geeks who have read this and thought about it should know what to do. As long as the law lasts it is a two-edged sword that can be used offensively. If you agree to pass over your key, delay for weeks. You don't want to stoop to their level you should still be aware of the risks so that you can avoid to you. If everyone had taken two hours to learn PGP and to use it everyday then we wouldn't be having this problem now.
Supertramp
Comments
Hide the following 32 comments
you
11.11.2007 20:59
the defence
and you...
11.11.2007 22:59
Bye Bye Loser/s.
Sherlock (on behalf of NW)
oi Sherlock
11.11.2007 23:41
gift horse
OI !
12.11.2007 00:04
Answers on a postcard to
NETCU
PO Box 525
Huntingdon
Cambridgeshire
PE29 9AL
United Kingdom
Ask for Steven
crypt cracker
with this post
12.11.2007 00:26
Do we really need to use PGP? or a personal computer? or a mobile phone?
Thinking differently may hold the key to the future.
Maybe go retro.
Dreaming Digger
if thats what
12.11.2007 01:02
the defence
riddle me this
12.11.2007 07:29
The second thing is, as already noted: time to go lo-tech, retro, whatever. The old spy books had some good ideas. Or use OSS (*BSD/Linux) and get to learn how to remove traces. Or set up multiple redundancies on external hard-drives, stashed away from the mainframe.
Time to be creative. The pigs plod whilst we must be fleet of foot and sharp in mind. Be the fox when required, and a wolf pack to strike.
Kandee with a 'K'
Bloody hell - so dumb I doubt thatb this will help
12.11.2007 08:49
Now if you have used PGP then you have an issue - why not just forget your passphrase?
In future try the plausible deniability aspect of TRUCRYPT.
Techie
Out fox them.
12.11.2007 11:13
Mobiles are a menace, they can be triangulated very easily and accurately. Public payphones are best but again, watch for CCTV.
Geek
bad memory
12.11.2007 11:57
biggs
Clearly....
12.11.2007 13:10
Dave H
e-mail:
DRH_Signup@gmx.net
Just a thought
12.11.2007 16:15
Then I would draw people's attention to this piece of paper, by posting far and wide.
There is a lot of hidden opposition to this and I would suspect that this would draw some good advice, especially as this looks like a fishing expedition by the CPS if what is said in the original article is correct.
Tweetie Pie
TrueCrypt thrawts RIPA III
12.11.2007 18:31
The UK government is going to deprive honest an law-abiding citizens of their liberties while criminals can carry on theirs businesses as usual, with just a little software upgrade.
Free software like TrueCrypt
In case the Police forces you to reveal your password, TrueCrypt provides and supports two kinds of "plausible deniability":
1. Hidden volumes. The principle is that a TrueCrypt volume is created within another TrueCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it is impossible to prove whether there is a hidden volume within it or not, because free space on any TrueCrypt volume is always filled with random data when the volume is created* and no part of the (dismounted) hidden volume can be distinguished from random data. Note that TrueCrypt does not modify the file system (information about free space, etc.) within the outer volume in any way.
2. It is impossible to identify a TrueCrypt volume. Until decrypted, a TrueCrypt volume appears to consist of nothing more than random data (it does not contain any kind of "signature"). Therefore, it is impossible to prove that a file, a partition or a device is a TrueCrypt volume or that it has been encrypted.
FreeOTFE
Off-the-Record (OTR) Messaging,
Mr Tor
Homepage:
http://www.truecrypt.org/
rueCrypt's "aleatory" defence against RIPA
12.11.2007 18:32
TrueCrypt
Mr Tor
Homepage:
http://www.truecrypt.org/
Off-the-Record Messaging & deniable encryption
12.11.2007 18:33
Off-the-Record Messaging,
1. Perfect forward secrecy: Messages are only encrypted with temporary per-message AES keys, negotiated using the Diffie-Hellman key exchange protocol. The compromise of any long-lived cryptographic keys does not compromise any previous conversations, even if an attacker is in possession of ciphertexts.
2. Deniable authentication: Messages in a conversation do not have digital signatures, and after a conversation is complete, anyone is able to forge a message to appear to have come from one of the participants in the conversation, assuring that it is impossible to prove that a specific message came from a specific person.
Mr Tor
Homepage:
http://www.cypherpunks.ca/otr/
Human Rights Act?
12.11.2007 19:17
More importantly, I cannot see how it is inline with Human Rights for someone to languish in prison because they have forgotten their encryption key. Would they have to prove that you knew the key?
Any lawyers in the building?
Also, with regards to plausible deniability which creates a volume which looks like random data, although they might be able to question how the file was produced, I doubt anyone would be committing a crime if their defence was that they did not know. And if it was, then there are plenty of programs available which "shred" spare space on a hard drive, which would effectively produce random data. Presuming that such a program shredded all file meta data too, a person could argue that they had wiped spare space on their hard drive (which as far as I ,know is not illegal - yet).
A
Plausible deniability is your friend
14.11.2007 09:38
Basically you can use two keys rather than one. If you use both keys you get one set of files. If you only use one you get another set of files.
Now here's the interesting bit. Plod can't tell if you used one or two keys. So you tell him you used one and here's all your secret files. He has no way to prove that a second key exists and that there may be other files. You real secret files remain secure
Jimbo
Plenty of time to forget a password - check the stats
14.11.2007 18:28
In any case, six month is plenty of time to forget a password you do not use every day: Perhaps your best bet is to get some information about how many people forgot their credit/debit card PIN number in the last six month (I know I did), how many people forget their login and password at work when they're back from holidays, etc.
It is a standard practice to choose anti-mnemonic passwords so that there's just now way they can't be guessed, obviously those tend to be forgotten.
jb
It came to me in a ...
15.11.2007 01:15
Now I'm towing your line.
Thanks guys really..
Loving you,
Sherls
no shit sherlock
Register readers arn't right wing suits
15.11.2007 02:31
Right wing. Definatly not. Read some of the comments about finger printing kids at school or ID cards or even this law and you will see most belive in civil liberties ect.
However the responce to this artical took me, and juding by the later comments others, by supprise. Apparently a group of people who advocate civil liberties for suspected terrorists are less likely to avdocate them for animal rights activists. Hmmm perhaps the animal rights activists should look at their tactics if there pissing off that many people.
This law is definatly very very bad and impractical. A really good sugestion is to say. "That encripted document is confidential documents I have backed up from work. Talk to their lawers." In my case a very large company would then give me legal backing and perhaps a slap on the wrist. They couldn't do more as they know what info I have access to.
Reg_Reader
Stand on principle
15.11.2007 09:05
My advice is to stand on principle though. Challenge them on your right to privacy, your right to defend the privacy of those who trusted you, etc. Get the EFF and other privacy-/digital-rights -related organisations on-side. This law is ridiculous, and couldn't possibly be upheld, if enough attention and the right backing is brought to your side.
Lee
e-mail:
lee.b@peacejournals.org
ARA gets a taste of her own medicine
15.11.2007 10:14
You know threats against people vital to the animal testing industry like erm News Agents, Cleaners and Nurseries. ( both of which were targeted by ARAs in the last few years)
This sounds like someone has been caught with compromising stuff on their PC and they are now bricking themselves over it. Sure its a civil liberties mine field but someone my bleeding heart has to put a bit of what this person has told us in check.
The police are her enemy and have stitched her up... please everyone come and help. Yeah I'm sure she is as white as the driven ( over) snow.
If ARAs operated in a peaceful manner would they have so much to fear from the plod?
( clue arson, explosives and beating up people with baseball bats are not considered peaceful)
Bets on how long it takes for Indy Media to show its normal color ( yellow) and censor this?
full of sympathy
PGP, Session keys, and we should be using encryption more anyway!
15.11.2007 13:06
One problem though. The police have her computer. If she was using encryption then is she able to do the session key stuff without that computer? If they let her borrow it back to do it how can she trust either the software or hardware on the machine not to have been tampered with to log her passphrase? If you're going to use this approach you need a copy of your password protected secret key and the software in a place the police don't have it so you can run it on a computer that you trust they have not tampered with.
I don't believe it should be expected that the police can ask for your secret key. This is the key to all messages you send and all signatures. The police can impersonate you. If digital signing becomes more important in society then this allows an unscrupulous police person the opportunity for identity theft. These session keys are a reluctant possibility as long as you can safely get them. I don't believe the police should have any right to ask for any more.
Some comments here, and comments elsewhere in the media suggest that people using encryption should be thought of as guilty. Only the guilty have something to hide. If we all used encryption routinely, all understood digital signatures, just how much better would the world be? Phishing would be a lot harder if messages from your bank were encrypted and signed. Do we send all messages on postcards or do we use opaque envelopes to wrap our mail? Why should encryption be seen as any worse?
Richard Corfield
e-mail:
Richard dot Corfield at gmail dot com
Implausible denial
16.11.2007 01:02
Fergeddit
what did you do ..
16.11.2007 12:02
Doug
Not a privacy issue, a criminal issue
16.11.2007 16:45
I'm afraid that I have very little sympathy for either this woman, the unbalanced people she hangs around with or her cause, I hope karma pays her back with lots of interest for the misery she has doled out to her fellow human beings and that she gets the maximum sentence. You can be ideologically opposed to something without being harassing and violent. Its a pity they no longer put people in stocks in this country and let other people pelt them with rotten vegetables! It would solve so many social ills...Either that or withold all the medical treatment from them which was developed from animal testing. I suspect that they wouldn't live very long. Why would the police be interested in your lousy poetry? They want to find evidence of your criminal activities so you can be prosecuted and found guilty. That's their job. The only reason for you not to give them the encryption key is because what you're hiding would increase your jail term, if found guilty, to higher than 2 years anyways...
james mitchell
Mr Mitchell
18.11.2007 00:29
Decades of useless research using the animal model to try and find a cure for cancer in human beings have proven futile and pointless in the battle against this disease.
One day I hope these so-called "researchers" (blind fools that waste lives, not save them) finally put two and two together and see that a mouse is not a human being. It really can't be that difficult to come to that obvious conclusion.
Paul Stokes
Without animal testing I would be dead
18.11.2007 23:17
Obviously well researched and educated people like Paul Stokes know that the mouse is one of the closest, non primate, animal to humans when it comes to DNA and physiology. The pig is closer which is why we can have pig hearts transplanted to us. (yes the pig dies and we have to have lots of drugs). The mouse is used in genetic testing due to the rate of reproduction.
I can understand objections to cosmetic testing and the like but seriously how can you put the lives of animals before humans? Where does it end?
If humans suddenly stopped using animals for food it would be the death of billions of cows/ sheep, chickens ect. And if we became vegans all of a sudden the amount of animals that would have to die so the resources could be funnelled into cereals production would be staggering.
But the weirdest thing about ARP/ vegans/ vegetarians ect is that they are for the rights of animals but deny that they are an omnivore and so it is natural for the human animal to eat meat. We, as a society, eat more than we should but we need some.
Anon
PS I didn’t put why animal testing saved my life because I’ve noticed on this site that the facts don’t get in the way of a good argument. So I see no point in adding something that personal.
Andrew Nonomus
Sent the data abroad
17.06.2008 16:04
Chris b
e-mail:
chrisb@csr.net
Animal research saves human lives
16.10.2008 09:56
You really have no idea do you.
Lets try an example which affects someone I care about.
Duchenne Muscular Dystrophy.
They can do very very useful research using mice which have had the human dystrophin gene spliced in, the research has probably added years to my nephews life already.
I look at my nephew and then I look at a fucking mouse.
Which do you think I care more about?
Then I look at you.
You who wants to remove any slim hope of coming up with a cure before his illness kills him. The worst part is that he'll probably die just a few years before some of the most promising treatments come through trials, can you think of anything that certain organisations could have done, possibly to do with animal trials which could have slowed research into genetics by a few years?
This is why I hate you. I hate your organisation. You sentence innocent people to death for the sake of the fucking cute little rabbits and mice. You are responsible. Don't be a coward and pretend you have no responsibility for the consequences of your actions. but you will anyway. You will want to believe that it's not your fault because you only wanted to help the fucking little bunnies.
You make retarded sugestions like "only test on humans", well kids with Duchennes die before their 18th birthday, should we test on them? Shall we inject "test sample 33" into children to see if it has a useful effect rather than causing a heart attack or some such. Shall we disect the children rather than the mice to find out what effects potential treatments have had on heart muscle tissue?
Your organisation is evil and so are you.Rot in hell.
Animal research saves human lives
e-mail:
iftreescouldscream@gmail.com
US Computer Scientist Sentenced to 13months
02.11.2009 21:48
JFL
Homepage:
http://Coming soon...
The Register Publishes Article on my Story
24.11.2009 23:16
UK Jails Schizophrenic for Refusal to Decrypt Files:
Terror Squad Arrest Over Model Rocket
PS The hack also writes for the Sunday Times where he had planned a multi-page human interest story. After weeks of preparation the editor refused to print on a person staying anonymous.
PPS My book on my experience entitled 'Bit' is due for publication in 2010.
JFL
Homepage:
http://RightToBeSilent.org