Forgot your password?

Comment: Re: Seems appropriate (Score 1) 347

by Kijori (#47437525) Attached to: UK Computing Student Jailed After Failing To Hand Over Crypto Keys

How do you square the fact that you say in relation to the password question it would be impossible to prove, but when considering the other examples you are happy to draw inferences if there is sufficient surrounding evidence. Why can't you draw inferences from surrounding evidence when considering the question of whether someone remembers a password?

Comment: Re: Seems appropriate (Score 1) 347

by Kijori (#47437333) Attached to: UK Computing Student Jailed After Failing To Hand Over Crypto Keys

I would make two points in response.

First, your factors that might make someone not remember a password are all real, but the judge can take them into account. The judge can weigh up the different possibilities - that's what they are employed and trained to do - and decide whether it's plausible that the defendant cannot recall the password. Often they will probably conclude that the prosecution hasn't proved that the defendant could remember the password; sometimes, though, there will be enough evidence. Unless you are arguing that there is no amount of evidence that can prove this beyond reasonable doubt - in which case, see my second point, which is that this is not restricted to this situation - I don't think your factors prevent the law working (although obviously they must be borne in mind).

Second, your example of the seemingly pre-meditated murder is at the extreme end of the evidence available, but there are lots of situations that are much more difficult. For example:
i. A person gives incorrect financial information to an investor and profits as a result. If they knew it was incorrect they may be guilty of fraud. Did they know it was incorrect at the time?
ii. A person is a passenger in a stolen car. If they knew it to be stolen at the time they may be guilty of an offence. Did they know it was stolen when they got in (assume they weren't involved in the theft)?
iii. An accountant receives money from his client, which unknown to him was stolen. If he suspected at the time that the client might be engaged in criminal conduct, he may be guilty of a money laundering offence. Did he suspect?

You could find hundreds more examples - those are just three that occurred to me off the top of my head, and probably aren't the most troublesome. The point is that proving whether a defendant actually knew a particular fact, or actually had a particular thought, is a common issue in criminal prosecutions. It can be difficult to prove, but it's not impossible and the courts are used to dealing with these types of case.

Comment: Re: Seems appropriate (Score 1) 347

by Kijori (#47429887) Attached to: UK Computing Student Jailed After Failing To Hand Over Crypto Keys

I would agree with you if we had to answer the question "does he remember the password" in a vacuum, but we don't.

The court can look at factors that make it more or less likely that he forgot it: did he use it regularly? Does he have a good memory? Is he accustomed to using long passwords? Did he use it shortly before his arrest?

It can also look at factors that bear on his credibility: did he immediately say that he had forgotten the password, or was this the last in a line of excuses that had been proved untrue? Has he been generally truthful and cooperative? Did he seem honest in the witness box, or was he evasive and defensive?

If (in theory - I don't know the facts of the actual case) the defendant had used the password five minutes before his arrest, had an unusually good memory, repeatedly lied to the police after being arrested and only claimed to have forgotten when his previous claims were proved untrue, I think it would be perfectly legitimate for the court to apply something like Bayes' theorem to infer that it was sufficiently likely that he remembered the password to be proved beyond reasonable doubt. I don't see why it is different in principle to other situations where the court looks at all the evidence to decide whether someone is lying.

Comment: Re:Seems appropriate (Score 1) 347

by Kijori (#47427515) Attached to: UK Computing Student Jailed After Failing To Hand Over Crypto Keys

I once had a baby rattle (when I was a baby). Why is it reasonable to presume I still have it in my possession? I can't prove that I don't since you can't prove a negative.

You wouldn't have to prove you don't have it - you just have to show enough evidence to show that the question is in issue. If in the circumstances it is reasonably likely that it isn't in your possession - such as where you have not had it in your possession for years - the question is in issue, and the prosecution will have to prove it beyond reasonable doubt.

As for 3b, he told them his best recollection of the password and it didn't unlock the drive. So there we go, where is the proff that he does correctly remember the key but chose not to tell them?

I don't think there's much point in speculating as to whether he did it. The person who saw all the evidence and who was able to listen to Wilson and assess his credibility was the judge - without any evidence I don't see how we can really question his judgement.

Frankly I think giving 50 incorrect passwords is more likely to be a sign that you were being obstructive than that you were genuinely trying to remember but couldn't, but again - I don't know, because the journalists didn't report any details.

There may be indications and reasons to suspect, but the standard for jailing someone is proof. Where memory is involved, there can never be proof. At least not with today's technology.

The standard for jailing someone is proof beyond reasonable doubt - not absolute proof. I presume that there was sufficient evidence for the judge to conclude, beyond reasonable doubt, that Wilson was lying. If not, I hope he will appeal and be vindicated - but we haven't seen any of the evidence so we don't know.

I would say that courts deal with lots of people who say they "can't remember" or "don't know" something, and have to decide whether they are telling the truth or not - whether that's people who can't remember where they were when a crime took place, or who don't know where some money went, or a million other possibilities. It's a difficult question, but it's an inevitable one for a criminal court to grapple with and they have plenty of experience doing so.

Comment: Re:Could Not Do It (Score 1) 347

by Kijori (#47427145) Attached to: UK Computing Student Jailed After Failing To Hand Over Crypto Keys

Or that he appreciated that people could forget passwords, but didn't believe the defendant in this case. We don't know on what the judge based his decision - the journalists declined to report that minor fact - but we do know that the judge had a lot more evidence on which to come to a conclusion (including, unless he chose not to appear, hearing the defendant's explanation from his own mouth) and it may be that having heard that evidence he was sure the defendant was lying.

Comment: Re:National security (Score 1) 347

by Kijori (#47426887) Attached to: UK Computing Student Jailed After Failing To Hand Over Crypto Keys

It's regrettable that the journalists present chose not to report the judge's actual explanation of the orders he was making instead of just a few quotes taken out of context - which makes it impossible to know whether the finding was reasonable or not. (In England, while almost all higher court judgments are transcribed at public expense and put online, Crown Court hearings are not.)

Comment: Re:What if he forgot it? (Score 1) 347

by Kijori (#47426717) Attached to: UK Computing Student Jailed After Failing To Hand Over Crypto Keys

It doesn't matter. In the UK, you face jail time for not turning over passwords... even if you can prove you never had them. If the cops think that a photo has steganographically hidden data, you must produce the decryption key, or face jail time. If some anonymous so and so sends you a floppy disk, or USB stick, you must produce the decryption keys to any files on it.

This is completely false. I have set out an overview of the process of proving that someone has the decryption key here.

Comment: Re:Seems appropriate (Score 1) 347

by Kijori (#47426653) Attached to: UK Computing Student Jailed After Failing To Hand Over Crypto Keys

Real question...what happens if somebody legitimately forgets their password? If they're paranoid (or realistic) enough to use AES to begin with, they're likely going to have a good strong password. That's a lot of entropy for a human to remember for a number of years, especially if they don't decrypt it very often.

Then you should not be found guilty - I've set out the process that is followed in another comment. (In reality, if it is plausible in the circumstances that you have simply forgotten the password, it is unlikely that it would actually get anywhere near court to begin with.)

We don't know the facts of this case - unfortunately the journalists chose to give us a few selected quotes out of context, rather than a transcript of the judge's entire remarks - but it sounds like the judge may have thought that the claim to have forgotten the password was just the latest in a series of lies that the defendant has told to try to avoid giving up the data. If that is the case, and the defendant has genuinely forgotten his password, that is very unfortunate (although no different to any other trial, in that if you squander your credibility you may find that your truthful remarks are not believed).

Comment: Re:Seems appropriate (Score 1) 347

by Kijori (#47426611) Attached to: UK Computing Student Jailed After Failing To Hand Over Crypto Keys

The problem with demanding the key and jailing him for not doing so is that they haven't (as far as I know) proven he actually remembers the key at all. Have they done anything to prove that he didn't genuinely believe the passwords he told them would decrypt the data? People do forget things all the time, even very important things. Throw in some duress and mental anguish over being jailed plus autism and it's a wonder if he gets his middle name right.

Assuming that the judge followed the requirements of the legislation - and there doesn't seem to be any reason to think that they didn't - that question will have been answered in the following way:

1. By default, the prosecution would have to prove beyond reasonable doubt that the defendant has possession of the key (in this case, by knowing the password).
2. However, where it has been proved that they had the key, there is a presumption that they still have it. I expect that applied here, since they could probably show that he had accessed the encrypted data.
3a. If the defendant does not bring any evidence, then the presumption will stand and they will be found guilty.
3b. If the defendant disputes it, they do not have to prove that they do not have the key. They only need to show enough evidence to "raise an issue" - i.e. for there to be reasonable doubt as to whether they have it. At that point the prosecution must prove beyond reasonable doubt that they do.

I don't know the specific details here - it would have been helpful if the journalists present had transcribed the judge's entire remarks, rather than just presenting one or two quotes out of context. However, I could imagine a situation where a suspect was known to have used the password regularly up until the date of his arrest, at which point he claimed suddenly to have forgotten it, and where that simply wasn't believable - particularly if he had lied to the police or the court about other matters, and had been generally obstructive*. I would also point out that the judge will (unless he chose not to take the stand) have heard whatever Wilson's explanation was from his own mouth, and will have therefore been in a better position than any of us to judge whether he was telling the truth.

*Which you are, of course, free to do, but which is unlikely to improve your credibility.

Comment: Re:Seems appropriate (Score 1) 347

by Kijori (#47426411) Attached to: UK Computing Student Jailed After Failing To Hand Over Crypto Keys

Statutes like PACE lack one essential attribute of a constitution: they are not entrenched, so Parliament could remove the protections by a simple majority. If you don't include that as a requirement of a constitution, it is difficult to see what the word "constitution" means.

There have been suggestions that there is an English constitution (it's difficult to speak of a UK constitution, since the UK does not have a single legal system - PACE, for example, is part of the law of England and Wales, with some application in Scotland). The House of Lords, for example, suggested that an attempt to abolish the right to trial, or to extend the length of Parliament, would simply not be effective and would be ignored by the Courts. In practice, if those were attempted the result would be constitutional crisis and much would depend on the practical question of who forces like the police listened to.

I'd also point out that the idea that England has an unwritten constitution is fairly old and often repeated - but there are a lot of contemporary legal scholars who think the extent of any unwritten constitution that does exist is so small, and so toothless, that it's a bit disingenuous to say that it exists at all.

Comment: Re:Who is actually influenced by ads?? (Score 1) 254

by Kijori (#47306627) Attached to: The Bursting Social Media Advertising Bubble

You may be right that you are completely unaffected by advertising. However, there are two things that should give you pause:
1. The vast majority of people are regularly influenced by advertisements.
2. The majority of people think that they are not influenced by advertisements.

In other words, there are lots of people who think, like you, that advertising doesn't influence their decisions - and mostly they are wrong.

Comment: Re:ugh (Score 1) 146

by Kijori (#47170933) Attached to: Local Police Increasingly Rely On Secret Surveillance

How is this even a question?

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

That's not even remotely vague. It's clear as day. You need a warrant and that warrant should be public. Period. Any Judge that didn't see this as a violation of the 4th amendment should be strung up without a trial, since they don't feel the constitution is important.

I'm not sure that it's as crystal-clear as you say:
1. Where does it say the warrant must be public? A secret warrant seems like it would qualify as long as it fit the requirements set out.

2. It doesn't explicitly say "all searches require a warrant"; it only refers to "unreasonable searches". Does a reasonable search not require a warrant? In fact, where does this expressly say that any searches require a warrant?

3. Where does it say that this applies to electronic communications (or any non-physical communications)? Are electronic communications "persons, houses, papers, [or] effects"? What's the "place to be searched" if you intercept broadcast information?

One of the great difficulties of constitutional study is that the US constitution is pretty vaguely drafted.

Comment: We need to consider both sides (Score 0) 240

by Kijori (#47170845) Attached to: UK Seeks To Hold Terrorism Trial In Secret

This has very clear and obvious potential implications for justice. Open justice has been a cornerstone of British justice and we should be very careful about derogations from it.




What I think is missing from the vast majority of the comments to this article is the recognition that this is a very difficult situation. You can imagine the possibility that, for example, a long-term intelligence source reveals a terrorist plot - but where to prove that in open court would reveal the existence of the source, shutting the door to future intelligence and possibly leading to an informant's horrific death.


You may think that the inviolability of the principle of open justice is such that no derogation is permissible from it. If you do, however, you should still be open about the fact that this might mean that known terrorists cannot be prosecuted - or, God forbid, are allowed to carry out deadly attacks - because the cost of losing our intelligence sources is judged too great.


It might also be worth considering where the alternative leads. If the intelligence agencies are left with the dilemma above, will they in fact choose to allow the terrorist to go free or to perpetrate an attack - or is it more likely that they will deal with the threat in secret, without the oversight of the courts? It would be unfortunate if we were so unwilling to sacrifice any of the protections of a suspect that we ended up, in practice, losing them all.

Weekends were made for programming. - Karl Lehenbauer