Forgot your password?
typodupeerror

UK Government Wants Private Encryption Keys 822

Posted by Zonk
from the my-keys-not-yours dept.
An anonymous reader writes "Businesses and individuals in Britain may soon have to give their encryption keys to the police or face imprisonment. The UK government has said it will bring in the new powers to address a rise in the use of encryption by criminals and terrorists." From the article: "Some security experts are concerned that the plan could criminalise innocent people and drive businesses out of the UK. But the Home Office, which has just launched a consultation process, says the powers contained in Part 3 are needed to combat an increased use of encryption by criminals, paedophiles, and terrorists. 'The use of encryption is... proliferating,' Liam Byrne, Home Office minister of state told Parliament last week. 'Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of Part 3 of RIPA... which is not presently in force.'"
This discussion has been archived. No new comments can be posted.

UK Government Wants Private Encryption Keys

Comments Filter:
  • My God (Score:5, Insightful)

    by voice_of_all_reason (926702) on Thursday May 18, 2006 @12:19PM (#15358140)
    I believe we are in need of a new Slashdot section: Horrifying
    • Re:My God (Score:3, Insightful)

      Yeah..."Big Brother is Watching You" has become "Big Brother Knows All Your Secrets"
    • Re:My God (Score:5, Insightful)

      by h4rm0ny (722443) on Thursday May 18, 2006 @12:33PM (#15358291) Journal

      Or how about a new /. heading: Wake Up !

      This is nasty. You can always tell when there are no reasons that would fly with the public when they have to invoke the paedophiles. US government has War on Terror, the UK has paedophiles.

      E-mail was a god-send for the intelligence services. Automated scanning and copies of everything to look back on if they ever chose. Encryption means the free party is coming to an end. GPG is turning off the stereo and saying "GO HOME!"

      They managed without it before. They can manage without it again. And if that means the Government can't achieve omniscience over the population... good!
    • Re:My God (Score:4, Informative)

      by TubeSteak (669689) on Thursday May 18, 2006 @12:35PM (#15358314) Journal
      Well you have to put this in context.

      IIRC, the Brits wanted to extend the length 'terrorists' could be arrested & held without charge (from 14 to 90 days) so that the police could have more time to try and break encrypted data.

      Here's the previous /. article about that
      http://yro.slashdot.org/article.pl?sid=05/11/04/13 48200 [slashdot.org]

      I'm pretty sure that idea died a Horrifying death
      • Re:My God (Score:5, Insightful)

        by jez9999 (618189) on Thursday May 18, 2006 @03:18PM (#15359934) Homepage Journal
        I'm pretty sure that idea died a Horrifying death

        Wishful thinking, they extended it to 28 days without trial/evidence instead. Blair was still spouting on that the country's security had been compromised. Because police and security services had some power removed, right? ...

        One of Blair's favourite lines went something like this,

        "I don't understand why people seem to think that the rights of terrorist suspects should be more important than those of innocent people."
    • by C10H14N2 (640033) on Thursday May 18, 2006 @12:39PM (#15358352)
      Just an example of astoundingly ignorant politicians who don't realize they're effectively criminalizing the use of cellular phones, the constantly changing keys of which would amass petabytes of data within a year, in just the UK--and that's just the keys, not the data they encrypted...and that's just the cellphones.

      What absolute morons.
      • by Tony Hoyle (11698) <tmh@nodomain.org> on Thursday May 18, 2006 @12:47PM (#15358438) Homepage
        ..and you ipsec keys, which change every few minutes, your ssh key, which is per session, your kerberos key, etc.

        Most people don't even realize how many keys they use. They could default on a law like this without even knowing it.
        • Most people don't even realize how many keys they use. They could default on a law like this without even knowing it.

          Excellent! Everyone's a criminal. Now just make sure you toe the party line, otherwise we could, you know, check up on you.

          • by mrchaotica (681592) * on Thursday May 18, 2006 @01:33PM (#15358949)
            "There's no way to rule innocent men. The only power government has is the power to crack down on criminals. When there aren't enough criminals, one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws." -- Ayn Rand
        • by minuszero (922125) on Thursday May 18, 2006 @02:01PM (#15359267)
          erm.
          RTFA

          Despite the poorly worded title, the UK govt. isn't about to ask you to submit every single key you ever generate.
          It just wants the ability to 'force' you to hand over the keys if and when it asks for them.

          Granted, this causes problems of it's own. I mean, I don't keep a list of every key i've used...
        • by ajs (35943) <ajs@ a j s . com> on Thursday May 18, 2006 @02:26PM (#15359484) Homepage Journal
          You're misunderstanding the technology or the law (I'm not sure which).

          They're talking about private keys (as in the private half of the public/private key pair in public key cryptography), not private keys (as in the only key in private key cryptography).

          This is a huge difference. Private key cryptography is used as the underlying scheme for protocols like SSH, SSL, etc, but public key cryptography is used to ensure the secure exchange of that key. of the private half of the key pair is known, that initial exchange is not secure, and thus there is no need to be TOLD the private key cryptosystem's key: it is handed to any listener who knows the private key that goes with the public key used to initiate the session.

          Oh, and the cell phone companies almost certainly already hand over the key pairs for the phones (or are issued them).
      • by MartinJW (961693) on Thursday May 18, 2006 @12:54PM (#15358525)
        "... they're effectively criminalizing the use of cellular phones" Hmmm, I'm beginning to warm to the idea.
      • Just wait. (Score:5, Funny)

        by doublem (118724) on Thursday May 18, 2006 @01:05PM (#15358640) Homepage Journal
        Just wait until they finish decrypting all the data files on my PC.

        "You mean we spent four days decrypting Gigs upon Gigs of vacation photos??"

        "Well, they have an 8 Megapixel camera, lots of memory cards and use RAW format..."

        "But that's all you found? There aren't even any racy photos in the bunch?"

        "Should we start decrypting the second RAID array?"

        "The one labeled 'Project Gutenberg text to speech files in WAV format'?'

        "Yes, that one."

        "Go for it. I don't know what this 'Project Gutenberg' is, but it's got to be seditious. Plebeians don;t label anything a 'Project' unless they have delusions of being all 'Cloak and Dagger.'"
      • They don't need the encryption keys for mobile phones.
        1) Information is only encrypted between the phone and the base station, so they can just tap the base station
        2) Some of the encryption algorithms are known to be broken, others are secret and probably backdoored
      • by RexRhino (769423) on Thursday May 18, 2006 @01:16PM (#15358774)
        The real question is not why you think these encryption laws are idiotic... of course they are idiotic. The real question is why you think the laws on education, civil planning, economy, enviornment, health care, or anything else are more reasonable that these laws on encryption.

        You are probably an expert on computers/encryption, being a part of the Slashdot crowd, that you can understand how messed up these rules are. But if you were a doctor, you would probably think these rules are reasonable, and instead would think that the laws on health care are messed up. You are critical of these laws, because you have the knowledge to understand what is wrong with them... and you are probably don't really question the laws on subjects which you might not understand.

        So you must understand, the vast majority of the population who doesn't understand encryption, will think these laws are reasonable and nessicary, the same way you probably think the laws on education, or enviornment, or whatever are reasonable and nessicary. The average person is not going to take you any more seriously complaining about this, than you take the complaints from factory owners about enviornmental laws.

        At some point you are going to have to realize it isn't "idiotic" leaders who are making "idiotic" policies that are the problem... that our leaders are very very smart and competent... but that it is the idiotic concept that a handful of experts and technocrats can manage virtually every aspect of a huge diverse society. It is the concept that society can be centrally planned / regulated / and managed by lawmakers that is the problem, not with the specific "central planning".
        • Actually... (Score:5, Funny)

          by C10H14N2 (640033) on Thursday May 18, 2006 @01:45PM (#15359098)
          I'm a political scientist by education.

          Where does that put me in your example?

          • Re:Actually... (Score:5, Interesting)

            by RexRhino (769423) on Thursday May 18, 2006 @02:54PM (#15359731)
            I'm a political scientist by education. Where does that put me in your example?

            It means that you have been fully indoctrinated to accept the political and social assumptions of your society, and you now indoctrinate others into those assumptions... in such a way that it perpetuates the current political system. You are to the modern state what a priest is in Catholisism.

            An example of a political assumption in a society would be something like the debate over government's role in health care in Europe. There are those who argue that equality of care (everyone is entitled to equal care) is why health care should be provided and controled by the government... and those that disagree. There are those who argue that no-one should be without health care, and therefore the state should provide it to everyone... and there are those that disagree. BUT, no one questions the idea that the government can or will provide truly equal care, or that the government can or will provide the care to everyone. The political assumption is that government never fails to provide people with services, and that government always provides those services in a manner that is equal to everyone. Even the people who are against the state's intervention into health care don't question that government will provide health care, and they don't question that the government will do it with absolute equality.

            In a reasonable debate, you would hear people argue that states have engaged in terrible acts of inequality... in fact the worst acts of inequality, such as mass genocide, have been commited by the state. In a reasonable debate one would argue that states have often commited horrible failures in providing services to it's citizens, in some cases resulting in millions of deaths. Yet, in modern mainstream political debate, it is unheard of and inconceivable that someone could support universal and equal health care for everyone, and also not support state control of health care. In mainstream politics, if you support equal and universal health care, YOU MUST SUPPORT STATE RUN HEALTHCARE. Through political "scientists" such as yourself, and many years of indoctrination and government controlled education, you have been able to control people's thoughs as such that THE STATE = EQUALITY, and THE STATE = PROVIDING FOR THE NEEDS OF SOCIETY... and to be against the state is to be against equality and providing for the needs of everyone. As a "scientist", you should be able to step out of your views for a second and see that is a very powerful form of brainwashing!

            Your job, as a political scientist, is to maintain a faith in the state and political process. You may question a specific government policy (but that is like questioning what type of sandwich I should eat for dinner... there is a big assumption that I should be eating dinner, and that my dinner should be a sandwich), but your job is to make sure all debate about the political sytem preserves the political system.

            Now, I will admit I am stereotyping political science people. I suppose there are few token anarchists or libertarians or classical liberals in the political science field. But I think that you would probably agree, that anarchists or libertarians or classical liberals are probably few and far between in the field of political science. You wouldn't expect a political scientists to be against the political system, any more than you would expect a carpenter to be against wood.
        • by Skjellifetti (561341) on Thursday May 18, 2006 @03:48PM (#15360188) Journal
          Hmmm...

          I'm not a food scientist, but I think labeling laws and food safety inspection regulations are very necessary. Who doesn't think that? The food industry that doesn't want me to know that their product contains transfats and which would be happy to sell me contaminated meat.

          I'm not a chemical engineer, but I support regulation of gasoline additives. Who doesn't support that? The oil companies who understand that lead is a very cheap way to increase octane levels.

          The real question is why you think the laws on education, civil planning, economy, enviornment, health care, or anything else are more reasonable that these laws on encryption.

          Because most regulations are designed to establish the bounderies of various property rights. Who owns the air -- you or the oil companies? In this case, the regs define the limits of what an individual or company can do with a common resource. Should a food company have the property right to sell unlabled food? Here, the regs are designed to put buyer and seller on more even terms -- they reduce the transaction costs of buying and selling food.

          But mandatory government access to private keys does nothing except make it easier for governments to invade personal privacy. In no way do such regs reduce the costs of transacting commerce or establish property rights boundries on common resources. These regs are fundamentally different from food, health, and environmental regulations.
    • Re:My God (Score:5, Informative)

      by xor.pt (882444) on Thursday May 18, 2006 @12:59PM (#15358576)
      If you know something about cryptography it isn't that horrifying.

      There are current encryption technologies already deployed in the market that allow for two sets of data to be encrypted with two keys into a single file. This allows a user to encrypt a sensitive file with an innocuous one, so that when required to disclose a private key the user can just give the one that decrypts the innocent data.

      Again, these new laws will only deteriorate the right to privacy of innocent people, while the real criminals will be allowed to roam free doing their dirty deeds with little more trouble then a software upgrade.
      • Re:My God (Score:3, Insightful)

        by mrchaotica (681592) *
        If you know something about cryptography it isn't that horrifying.

        <snip>

        Again, these new laws will only deteriorate the right to privacy of innocent people, while the real criminals will be allowed to roam free doing their dirty deeds with little more trouble then a software upgrade.
        Doesn't that make it more horrifying, not less?
      • Re:My God (Score:3, Insightful)

        There are current encryption technologies already deployed in the market that allow for two sets of data to be encrypted with two keys into a single file. This allows a user to encrypt a sensitive file with an innocuous one, so that when required to disclose a private key the user can just give the one that decrypts the innocent data.

        Except not: plausible deniability only works if you're innocent until proven guilty. In the U.S., and even more so in Britain, if you're using crypto, it isn't true anymore.
      • Re:My God (Score:5, Insightful)

        by RedBear (207369) <redbear@@@redbearnet...com> on Thursday May 18, 2006 @02:07PM (#15359321) Homepage
        Again, these new laws will only deteriorate the right to privacy of innocent people, while the real criminals will be allowed to roam free doing their dirty deeds with little more trouble then a software upgrade.

        v'z fher v'yy trg zbqqrq qbja sbe guvf fvapr v'z rkcerffvat n ceb-crefbany-svernezf ivrjcbvag, ohg naljnl...

        Indeed, there is a very strong parallel between this and gun control schemes. The honest people give up their guns/keys to the government, the people who are already criminals have no reason to do so. The bad guys simply get smarter at hiding what they do. Who gets screwed in the end? It's always the honest, law-abiding citizens.

        Oh yeah, dear UK government, you can pry the encryption key for this post from my cold, dead hands, along with my firearm... (Although in this particular case I think it will be more difficult to get the gun than the key.)

        Doesn't seem like Orwell and friends really accomplished much, does it? They showed us the future but we're just walking right smack into it anyway, eyes wide shut.

    • Re:My God (Score:3, Insightful)

      Seems stupid to me. Criminals are STILL going to encrypt their data anyways (what's one more law broken). All this ensures is that some corrupt government employees will make millions selling encryption keys on the black market. And YES there are at EVERY level of every government and private organisation corrupt and criminal elements. You only need one such person to compromise EVERYONE's encryption keys. What's more, I'm willing to bet that the government will store these keys in unencrypted harddriv
    • Re:My God (Score:3, Insightful)

      by mishmash (585101)

      This is already enacted, it just needs a ministerial order to bring it into effect. The debate was over five years ago. It came to prominance again in November last year, when the UK was debating how long it was reasonable to keep people in jail without trial [slashdot.org], with a key point of the Government's argument being that they needed three months to decrypt data - the opposition pointed out that with holding encryption keys was already an offence in its self so that argument was nonsense.

      This law scares me, beca

  • by Kenja (541830) on Thursday May 18, 2006 @12:20PM (#15358145)
    Just stick a computer in the corner churning out encryption keys and mailing them to the UK government all day every day untill you break their database.
    • Re:Simple solution. (Score:5, Interesting)

      by dgatwood (11270) on Thursday May 18, 2006 @12:27PM (#15358224) Journal
      You do know that with the way SSL/SSH works, that's EXACTLY what you would be forced to do to comply with this law, right?

      Methinks the UK government doesn't know that what it wants is technologically infeasible....

      • by Anonymous Coward
        I had the same thought. Most encryption is transparent to the user, and session based.
        All I ever see is a little icon that tells me the connection is encrypted when I go to my banks web page...so, am I responsible for reporting the keys or is the bank? Or both? And does it matter that they are useless as soon as I log out?
      • On the other hand (Score:3, Insightful)

        by DragonWriter (970822)
        Maybe they do, and this serves as a way to indirectly outlaw a whole host of encryption technologies (at least when used by private individuals, rather than the government).

        Of course, its quite likely that if the UK is like every other country, the law would be selectively enforced. They wouldn't go after everyone using technology that made the mandatory reporting impractical, but if law enforcement got in in their mind that you were guilty of something else (whether another crime or just doing something no
        • Re:On the other hand (Score:3, Interesting)

          by dgatwood (11270)

          But the thing about ephemeral keys is that they are ephemeral, i.e. they can't be "produced" on cue. All it takes is a permanent VPN connection to make this useless.

          Even better, I could see a fairly trivial encryption mechanism that would make this absolutely insanely fun for the UK government. Modify the crypto so that:

          • Each ephemeral key is encrypted using the previous one. (I think this is already the case.)
          • Each ephemeral key is written temporarily to disk in such a way that the previous one is o
      • Re:Simple solution. (Score:5, Informative)

        by Rary (566291) on Thursday May 18, 2006 @02:13PM (#15359369)

        "Methinks the UK government doesn't know that what it wants is technologically infeasible...."

        Methinks you didn't RTFA.

        They are not asking that all keys be submitted. They are simply asking to give the police the power to force you to submit keys on request. In other words, after they've already confiscated your computer and discovered that there are encrypted files, they demand that you hand over the key, and if you don't, then they can throw you in jail.

        I'm not saying I agree with it, just trying to clarify the misconception that everyone in this thread seems to be having about this.

    • Re:Simple solution. (Score:3, Interesting)

      by nizo (81281) *
      Two words: deniable encryption [wikipedia.org].
  • by yagu (721525) * <yayagu@gmai l . com> on Thursday May 18, 2006 @12:21PM (#15358149) Journal

    Encryption keys don't kill people, people kill people.

    If owning (not divulging) encryption keys is criminalized, only criminals will own encryption keys.

    These "rules" will only push the envelope of how and what criminals (or terrorists, etc.) use to hide their activities. And at the same time, they will add one more burden to the general population to manage and ensure the government is informed of their encryption infrastructure. Nuts.

    The most effective infiltration into terrorist infrastructure is still social engineering. I'd rather the money spent creating and managing something like this spent training and hiring translators, covert agents, etc.

    A convincing point about the futility of this proposed rule comes from the article:

    Clayton, on the other hand, argues that terrorist cells do not use master keys in the same way as governments and businesses. "Terrorist cells use master keys on a one-to-one basis, rather than using them to generate pass keys for a series of communications. With a one-to-one key, you may as well just force the terrorist suspect to decrypt that communication, or use other methods of decryption," said Clayton.
    • by pete6677 (681676) on Thursday May 18, 2006 @12:31PM (#15358271)
      Just as all criminals turned in their guns when they were outlawed, I'm sure they'll all turn over their encryption keys and keep using them to communicate so law enforcement can observe. Right. What would someone have to be smoking in order to think this is a good idea? Its nothing more than a blatant power grab that will ONLY affect law abiding people and have no effect whatsoever on "terrorists" or whatever other boogeyman will be used to justify more overreaching laws.
    • Another purely pragmatic fear is that this would be nothing but a waste of time and money, and a distraction. This law effectively requires that law enforcement must put a respectable amount of effort into collecting and cataloguing what could be billions of encryption keys. (I couldn't even count the number of keys that I use offhand, not even counting SSL, which I assume they don't care about.) All of these keys have to be associated with their owners and users, what they're being used for, and what dat
  • odd request (Score:3, Insightful)

    by arakis (315989) on Thursday May 18, 2006 @12:21PM (#15358154)
    How will they know that they have the correct private keys without "testing" them on the owners' encrypted communications every so often? Oh well, it is England after all. Living on an island can do odd things to living things.
    • Re:odd request (Score:3, Insightful)

      by gurutc (613652)
      And you could just add a false layer to the encryption. So the keys the govt have decrypt the data into something that's recognizable and looks real, but is just a facade for another still encrypted layer.
      • Re:odd request (Score:5, Informative)

        by TCM (130219) on Thursday May 18, 2006 @12:33PM (#15358287)
        Enter TrueCrypt and hidden volumes made for exactly that reason: http://www.truecrypt.org/hiddenvolume.php [truecrypt.org]
  • by courtarro (786894) on Thursday May 18, 2006 @12:22PM (#15358157) Homepage
    It's a good thing that, as an American citizen, I don't have to worry about these violations of my privacy.
  • Spaceballs: (Score:5, Funny)

    by norminator (784674) on Thursday May 18, 2006 @12:22PM (#15358163)
    My encryption key is:

    1.....2.....3.....4.....5
  • by Anonymous Coward on Thursday May 18, 2006 @12:23PM (#15358166)
    Damn facist Americans! I am so glad that I live in Europe where such things never happen!

  • by Nijika (525558) on Thursday May 18, 2006 @12:23PM (#15358168) Homepage Journal
    So is it that they want the criminals to hand over their passwords before they commit a crime? This should go well with the anti bank-robbery legislation requiring all would-be robbers to call in a schedule before they pull off a heist.
  • by a_greer2005 (863926) on Thursday May 18, 2006 @12:23PM (#15358172)
    I assume that the there is a simmaler rule for safes/lockbox combinations.
  • by casings (257363) on Thursday May 18, 2006 @12:23PM (#15358173)
    Britain's use of anti-privacy situational crime prevention measures are a means of targeting petty crimes and the innocent while displacing more professional and semi-professional crime into other areas. These techniques do not stop the criminal, as he is already committing a crime, what would he care if you added "refused to give up private key" to his list of crimes?

    The UK needs to wake up and realize that these forms of crime control only waste money and create more crime, than stop crime from happening.
  • Warning (Score:5, Insightful)

    by Nerdfest (867930) on Thursday May 18, 2006 @12:24PM (#15358180)
    If this goes into effect it would make it a very dangerous thing to have files of random characters .... you'd have a lot of trouble explaining them.
    • Could be swap, could be unformatted forgotten junk etc. The government would have to prove it was real data in an encrypted format. That's easy if it's a file on a filesystem, not easy if it's "forgotten" space on an apparently unformatted part of a disk. That's why this kind of legislation is so bloody stupid. What can I say, we're talking about politicians here, always trying to treat the symptoms rather than the cause.

       
  • by voice_of_all_reason (926702) on Thursday May 18, 2006 @12:24PM (#15358183)
    Most major companies have offices all around the world, presumably. So now they'll have to have a separate (pretty much disposable) encryption method just for the UK?

    What about communication between offices on the internet? A japanese analyst creates some research, but due to technical problems the only Compliance office up is in Europe. So every program or service that can comminicate with Britain has to check if a request is going to/through the UK before applying the "approved" encryption.

    To quote, "this is madness"
  • by idontgno (624372) on Thursday May 18, 2006 @12:25PM (#15358185) Journal
    It's like some sick competition between the US administration and the UK one.

    "Oh, yeah, you think that telephone call database is slick, check this sh*t out. We're gonna make our subjects give up their crypto keys or go to jail"
    "Oooh, good one!" (high five)

  • Steganography (Score:5, Insightful)

    by MarkByers (770551) on Thursday May 18, 2006 @12:25PM (#15358194) Homepage Journal
    Time for steganographic file systems where your private data can be hidden inside innocent looking files. They can't force you to disclose your key if they don't know and/or can't prove that you have one.

    http://en.wikipedia.org/wiki/Steganography [wikipedia.org]
  • In other news... (Score:5, Insightful)

    by GillBates0 (664202) on Thursday May 18, 2006 @12:25PM (#15358200) Homepage Journal
    increased use of encryption by criminals, paedophiles, and terrorists.

    ...it has been found that:

    - cameras are used by criminals, paedophiles, and terrorists - we need access to your negatives/memory disks.
    - houses are used by criminals, paedophiles, and terrorists - we need access to your house keys.
    - cars are used by criminals, paedophiles, and terrorists - we need copies of your car keys.
    - ATM machines are used by criminals, paedophiles, and terrorists - we need to know your PINs.
    - Online email services are used by criminals, paedophiles, and terrorists - we need to know your username/passwords.
    - Computers are used by criminals, paedophiles, and terrorists - we need to install a backdoor on your computer.

  • England Prevails (Score:5, Interesting)

    by zariok (470553) on Thursday May 18, 2006 @12:26PM (#15358211)
    "England Prevails"

    Parliment better watch out... hear there's a train heading there loaded with fireworks and other things that go boom.
  • by mustafap (452510) on Thursday May 18, 2006 @12:27PM (#15358216) Homepage
    So, do I need to send my wifi keys too? And bluetooth? What about the encryption used by GSM?

    And my car remote lock fob, that too?

    Is it April the 1st?
  • by Guysmiley777 (880063) on Thursday May 18, 2006 @12:28PM (#15358231)
    Simple solution: You have a new encryption scheme where there are 2 private keys. The first one allows decryption, the second wipes the drive. Guess which one you give to the police?
  • by Fapestniegd (34586) <james&jameswhite,org> on Thursday May 18, 2006 @12:30PM (#15358258) Homepage
    There was no crime, because the secret police would carry you off and shoot you in the head if you were even suspected of a crime. Wiretaps were the norm and the government could do whatever it wanted. Privacy didn't exist. And they were safer from criminals for it. Well, safer if we define criminals as ones that weren't in the KGB.

    Yeah, no "In Soviet Russia" Joke here.

    This is frightening. It's like we're becoming the very thing we fought in the cold war. A totalitarian government.

    But at least we have 37 types of cereal.
  • by dada21 (163177) <adam.dada@gmail.com> on Thursday May 18, 2006 @12:31PM (#15358275) Homepage Journal
    A criminal that rapes someone may have talked during the rape -- it is the rape that was evil.

    A criminal that shoots someone in the head used a gun -- it is the shooting that is evil. He could have used a baseball bat.

    A criminal that blows up a building might use a cell phone -- it is the building exploding that is evil. He could have used e-mail or writing a big X on a tree.

    We have to stop government from criminalizing actions that are part of our right to speech. This right is not something Constitutional or created out of any government document -- it is a natural right that all humans share, no matter what the laws say.

    I'll continue to encrypt, and I'll dare the government to try to restrict me. If I have to, I'll encrypt by using an encryption program that hides my real text to make it look like readable language. Let them try to stop that. Or I'll use my own spoken code. Will they find a way to criminalize it?

    Don't criminalize tools, criminalize criminal actions.
  • A solution (Score:3, Interesting)

    by ratboy666 (104074) <fred_weigel@@@hotmail...com> on Thursday May 18, 2006 @12:33PM (#15358294) Homepage Journal
    Presuming that current crypto is secure, public key cryptography provides a solution.

    Specifically, the public key is published, but private keys are pretty much unknown. The only thing you really know about your private key is the passphrase needed to use it (note that the computer using an entropy source generated the key in the first place).

    The key itself? Should be stored on a flash memory card. Or another easily destroyed medium. If broken, you have NO way of supplying the key to the government.

    The issue is key management. If the key doesn't exist, no amount of threatening or torture can cough it up. Sure, the passphrase (at the drop of a hat), but the key?

    Ratboy
  • by igb (28052) on Thursday May 18, 2006 @12:34PM (#15358300)
    I'm as opposed to section 3 of RIPA as the next man, but I have the benefit of having read it in detail. What is proposed is that, following a lawful search with a warrant issued by a judge, the police or judiciary can demand the keys to any encrypted material that is seized. Refusal to produce keys can be treated as a crime in its own right. Since in America your government, it would appear, doesn't bother with the ``lawful search with a warrant'' part, I think we can safely tone down the ``UK sucks'' tone.

    The basic argument is that the purpose of a search warrant is defeated by encryption. Now I think that's wrong, or at least part wrong, and I think an alternative would be to make material held by the defendant which he does not choose to decrypt something that the jury can take account of, just as refusal to testify is now, under limited circumstances, something the judge can point to during summing up. And the alternative of forcing decryption isn't offered (although quite how someone would demonstrate that plain text they offered really _was_ the decryption is a whole other question).

    The is bad, illiberal law, and those of us involved in campaigning against it have been in correspondance with our MPs for some years. But it's not just Britain that is tearing up its freedoms in the face of minor terrorism: the USA collectively shat its pants and ripped up a century of jurisprudence on the 12th of September. It makes far more sense for people with a desire for freedom to work together, rather than to assume that we're a bunch of proto-fascists while Bush Jr defends your constituional rights.

    ian

  • Implementation (Score:5, Insightful)

    by WhiteWolf666 (145211) <{sherwin} {at} {amiran.us}> on Thursday May 18, 2006 @12:35PM (#15358307) Homepage Journal
    People; don't say "This can't be done."

    This is referred to as a "catch-all" type of law. Beware the wonders of selective enforcement.

    The idea here is that if you find a suspected terrorist, and they use encryption, you don't even need to bust them for terrorism OR for not providing their encryption keys when demanded. You can just go to step A, look up their name in the government encryption key database, find out that no, they did not provide their encryption key to , and take them directly to jail.

    Regardless of whether or not the are a terrorist, regardless of whether or not they are willing to turn over their encryption keys when asked, you can find them guilty.

    This is not about collecting everyone's encryption keys (at least not at first). Initially, this will be used as a blunt stick to smack anyone the government doesn't like. Think of the way seat belt laws are enforced; cops won't stop you for not wearing your seat belt, but they'll sure as hell issue a ticket for it even if you aren't speed, have all your paperwork in order, and have done nothing else wrong. It's a sort of standby crime they can get you on.
  • by chiph (523845) on Thursday May 18, 2006 @12:41PM (#15358371)
    How would they know that the use of encryption is increasing, unless they were already monitoring their portion of the internet?
  • what will this do? (Score:3, Interesting)

    by joe 155 (937621) on Thursday May 18, 2006 @12:41PM (#15358382) Journal
    To say, as they did, that this will stop terrorists is stupid. The thing that terrorists have the liberty of doing is sitting back and saying "no" whilst waiting for the rest of their cell to carry out the act; they were going to die anyway, what does it matter. The sentence has to be for a fixed length of time (well it doesn't have to be - in contept of court you could just be held forever untill you are willing to say your name/stop swearing at them etc.) - you can't have crazily long sentences because someone might just forget the key and not be doing anything wrong - so if you say 6 months then they will be out in 3 - which is not enough to stop someone from being a terrorist (if you could even have a sentence which would) and it is far less than peado's get - so it's still the sensible option. Also when you are in prison you can say "I'm in for telling the government to fuck off"... which will make you infinately more popular than "I like watch little kids getting abused" (which will get you beaten till you bleed out your ears)... so I can see a lot of convictions coming
  • by erroneus (253617) on Thursday May 18, 2006 @12:46PM (#15358436) Homepage
    ...I know that's like asking to be lied to, but I would like to know how often criminal investigations are hampered or even prevented because communications or information had been encrypted.

    Like so many others, I see this as nothing more than an attack on privacy and not as an aid to criminal investigations. Criminals are not going to turn over their keys. People who turn over their keys aren't likely engaged in criminal acts. "honest" people who believe in the right to privacy will become criminals, however.

    I'm not sure "police state" is the right word, but we're certainly talking about criminalizing the general population to the point that only people "in office" can have the right to privacy under the guise of "national security." And a funny thing happens to your rights when you become "a criminal." You lose them along with your ability to run for public office and all manner of other things.
  • by hacker (14635) <hacker@gnu-designs.com> on Thursday May 18, 2006 @12:51PM (#15358485)
    "The use of encryption is... proliferating..."

    The use of illegal government spying on innocent citizens is proliferating.

    Your move now.

    ...(and no, you may not have my encryption keys [gnu-designs.com]).

  • Bad Legislation (Score:4, Interesting)

    by Ilex (261136) on Thursday May 18, 2006 @12:52PM (#15358491)
    This is an example of the government passing bad laws which have no real effect on terrorism, it's just posturing. It'll be impossible to prove that a person really knows the encryption key or if the key that was coerced from them is the real key.

    These days encryption software like truecrypt have multiple levels of "plausible deniability" so even if a key was coerced out of someone you don't know if the data that is decrypted is the real deal or just another decoy.

    These so called government security advisers really don't know anything about security. The UK Government can't even remember to deport foreign criminals after they server their sentence. The country will be a lot safer if the Government fixed their own incompetence rather than pass TROLL laws which deprive the real law abiding citizens of their liberties whilst allowing the terrorists to carry on business as usual.
  • I'm out of here... (Score:3, Insightful)

    by crossmr (957846) on Thursday May 18, 2006 @12:56PM (#15358543) Journal
    Is anyone else getting the feeling that its not safe on either side of the water and its about time to find an uninhabited unclaimed island and start your own country?
  • by israfil_kamana (262477) <christianedwardgruber.gmail@com> on Thursday May 18, 2006 @01:06PM (#15358657) Homepage
    I think this will increase the proliferation of encryption technologies which provide a certain level of plausible deniability. Things like TrueCrypt (http://truecrypt.org/) provide an encrypted container which has a basic access and a secondary access. The container cannot be detected as being an encrypted anything - it is just a bunch of random data. If you use the basic access mechanism, you get your data. If you use the secondary access, you get an alternate contents, which can be seemingly important, but relatively benign data you put there to look like soemone got something important. However, you cannot tell which one is which, or even that the alternate access isn't the primary one.

    TrueCrypt lets you mount the container as a filesystem, which is a convenient way to go. This sort of thing allows you to:

    a) Deny that there is anything encrypted for which you have not proffered a key. "Oh yeah, show me what I have encrypted and I'll show you the key."

    b) If that's not enough, proffer the false key that gives them the alternative access. "Ok, here you go. Let me know if you find anything incriminating. (tee hee)"

    Lastly, if you use things like encrypted swap on a unix device, you can plausably say that what is there is just an encrypted swap file, and you don't have a key because the key is never saved to the disk. Why isn't it mounted now? You only set it up temporarily and forgot to delete the file when it was done. (for 1Gb files or larger...) If you have a 20Gb file, you're probably going to have to explain it... and go for option (b) above.

    Of course, if your 20Gb file is not a file, but is just an "empty" partition... well there you go.

    Please note - I'm not advocating breaking any law here - just outlining what this will drive people who care enough to do.
    • TrueCrypt lets you mount the container as a filesystem, which is a convenient way to go. This sort of thing allows you to:

      a) Deny that there is anything encrypted for which you have not proffered a key. "Oh yeah, show me what I have encrypted and I'll show you the key."

      b) If that's not enough, proffer the false key that gives them the alternative access. "Ok, here you go. Let me know if you find anything incriminating. (tee hee)"


      The problem I can see with "rubberhose" systems like this is that governments w
  • Unenforcable Law (Score:3, Interesting)

    by EllisDees (268037) on Thursday May 18, 2006 @01:07PM (#15358668)
    Go to http://www.truecrypt.org/ [truecrypt.org] and check out their product. It allows you to store and encrypted drive inside another encrypted drive in such a way that it's impossible to tell that the first one even exists. They can't force you to give them the keys to something that they don't know is there.
    • But they can "force" (if you don't want to go to prison or pay some fine, probably torture in the future?) you to hand over the key to the first container. Opening it (Usually they'll have the legal "right" to do so by the time they come asking for the first key, because otherwise they probably would'nt even know about that one in the first place) and finding the second container, thus getting to know it's existance... ad infinitum. Plausible deniablity only works as long as "they" can't get their hands on
  • by UpnAtom (551727) on Thursday May 18, 2006 @01:08PM (#15358680) Homepage

    Or the human cattle ID cards Act [no2id.net], which creates by far the world's most intrusive Big Brother database on citizens by linking up 5+ previously unconnected databases...

    The Dictatorship Bill, also called the Abolition of Parliament Bill [timesonline.co.uk], Totalitarianism Bill [impactnottingham.com] or (by the Govt) the Legislative and Regulatory Reform Bill is nothing less than a naked grab for power. After being amended 3x, the Bill was passed in the form described here [thebusinessonline.com].

    LRRB [parliament.uk] enables ministers to rewrite our constitution with only rudimentary scrutiny. Consider the extraordinary mass surveillance / coersion [bristol-no2id.org.uk] implications of the ID Cards Act. Even the well-organised opposition [no2id.net] could not stop this legislation.

    What chance then of:
    1. Spotting obscure but deeply damaging clauses hidden in the boring legislation?
    2. Motivating the Tories, LibDems and enough New Labour drones to subsequently block it?

    LRRB is then carte blanche for Blair to do what he will with this country. What can we deduce of his plans?

    New Labour already rejected [libertycentral.org.uk] an amendment to stop LRRB re-writing our most important constitutional laws. They then promised to introduce new amendments fulfilling the same thing. Our skepticism was once again justified [spy.org.uk]. This is more than enough evidence that Blair wants dictatorial powers.

    LRRB is obviously a precursor to passing laws which Parliament wouldn't otherwise pass.

    Considering the deeply scary laws he's got through Parliament, the likelihood is that he wants something so badly, and so unpalatable that he won't even risk presenting it for proper Parliamentary scrutiny.

    - He does not need Parliamentary approval to invade Iran
    - He already has Hitler's Enabling Act [blogspot.com].
    - He has already passed RIPA [magnacartaplus.org] and the ID Cards Act for more Big Brother snooping than anything China or North Korea have.
    - He already has locked up people for 3 years without trial or even being questioned - although he has been twice been 'told off' for breaching the Human Rights Act in this way.

    I did not believe that he needs LRRB to repeal the HRA - indeed one welcome amendment [spy.org.uk] was to exclude the HRA from being amended. When every other explanation has been ruled out, whatever remains, however unlikely, must be considered. I think something much worse is coming although I dread to think what.

  • In related news... (Score:3, Interesting)

    by user24 (854467) on Thursday May 18, 2006 @01:16PM (#15358762) Homepage
    In related news, the UK police say they will shortly be making home visits to every house in britain, requiring copies of front and back door keys for businesses, homes, apartments and garages..
  • by segfault_0 (181690) on Thursday May 18, 2006 @04:26PM (#15360513)
    The criminals using encryption are already breaking the law and obviously wont turn in their keys to the police. The only people who will be caught up in this legislation are the good people who follow laws. Whomever thought this up should be sacked for pure stupidity.

"The trouble with doing something right the first time is that nobody appreciates how difficult it was." -- Walt West

Working...