I got back from a SPEAK demo on Saturday 3rd November 2007. Waiting for me was a shiny guaranteed next day delivery package. ”Goodness, how exciting!” thought I as I opened the package and saw it was from a bloke called Alistair from Hampshire CPS.
Now apparently they have found some encrypted files on my computer (which was stolen by police thugs in May this year) which they think they have “reasonable suspicion” to pry into using the excuse of “preventing or detecting a crime”.
Now I have been “invited” (how nice, will there be tea and biccies?) to reveal my keys to the police so they can look at these files. If I do not comply and tell them to keep their great big hooters out of my private affairs I could be charged under RIPA (sounds like some great big Nazi thug who wants to bash everyone doesn’t it?) and then spend 2 years in prison if convicted.
Funny thing is pgp and I never got on together I confess that I am far too dense for such a complex (well to me anyway) programme. Therefore in a so-called democracy I am being threatened with prison simply because I cannot access encrypted files on my computer .
Even if I could the police are my enemy, I know that they have given information about me to Huntingdon Life Sciences (as well as hospitalising me) would I really want them to see and then pass around private communications with my solicitors which could be used against me at a later date in the civil courts, medical records, embarrassing poetry which was never meant to be read by anyone else, soppy love letters or indeed personal financial transactions.
We are no longer entitled to privacy according to Alistair and his draconian chums in NETCU but methinks he is telling fibs and trying to create a climate of fear. They clearly do not want people to use pgp.
Of course we all have a duty to tell Alistair, Steve and co to stick RIPA where the sun does not shine and where none dare light a match.
RIPA is also being used retrospectively as it came into force on 1st October 2007.
My computer was seized on 1st May 2007.
This is a very important infringement of our liberty and must be challenged.
More on RIPA soon... but Alistair helpfully (bless him) gave me this web address http://security.homeoffice.gov.uk/ripa for those who wish to see this odious piece of legislation in all its horror. The relevant page on the above mentioned website is http://security.homeoffice.gov.uk/ripa/publication-search/ripa-cop/electronic-information
Take care out there!
Normally under RIPA the police should ask you to put the files into intelligible form. It should be rare that they demand keys, according to the Code of Practice which should be on the Home Office web site in the RIPA section.
As you are involved in animal rights (and thus a "terrorist") you can be imprisoned for up to five years, if memory serves me correctly.
It is a defence to show the court that you cannot remember the passphrase.
The police also give information to their allies in order to allow them to take civil actions. EDO MBM is an example outside the animal rights movement.
But, It may be a bluff (stuff about "invited"), unless it is a "Section 49 Notice" it has no legal effect. To get an idea of what a S.49 Notice looks like see
...but this is a DRAFT notice from seven years ago, so the real thing may look (slightly) different.
To demand the key (rather than demanding you do the decryption yourself and handover plaintext), the S.49 Notice must be authorised by a Chief Constable (or equivalent depending on how the data was seized)
See para 9.26 in http://security.homeoffice.gov.uk/ripa/publication-search/ripa-cop/electronic-information?view=Binary
The S.49 Notice must specifiy what specific data is involved - if you can figure out how to extract the session key used for those files, you have a legal right to give up those specific session keys only, rather than your passphrase.
If you cannot remember the passphrase, and there is no evidence available to the police to the contrary (like you encrypted something else recently - think - might it have been in an intercepted e-mail?), then you have a possible legal defence. Watch out for the quality of legal advice you get - virtually no lawyers understand RIPA Pt.3. Try contacting Liberty and see if they will take it on as a test case. If Liberty turn you down, make a fuss on the web...
and the rest of the thread on that mailing list -- which has been discussing issues surrounding encryption and the UK Law for more than a decade.
In short, anyone can help. Create a few encrypted files on your PC that contain nonsense data with keys typed randomly. Do this at each PC you ever use. Just now, they can arrest anyone using this charge, but they can't imprison everyone.
If you do have keyed encrypted files you want to keep secret, rename them with a common machine code extension like .bin, .exe or .com. Better still, still them on a rewritable CD /DVD or memory stick that is easily broken. Arranage in advance keywords that you can use in converstion to let the people you email encrypted stuff to that the key has
With basic precautions anyone can hide their communications from standard police examination. With sensible mass countermeasures - the basics of which are listed in the Register comments - this law can be rendered useless. Breaking a law isn't just failing to adhere to that law. Breaking the law means rendering it meaningless and unusable. This is an opportunity. Any geeks who have read this and thought about it should know what to do. As long as the law lasts it is a two-edged sword that can be used offensively. If you agree to pass over your key, delay for weeks. You don't want to stoop to their level you should still be aware of the risks so that you can avoid to you. If everyone had taken two hours to learn PGP and to use it everyday then we wouldn't be having this problem now.