Forgot your password?

Comment: Re:Seems appropriate (Score 1) 323

by Kijori (#47427515) Attached to: UK Computing Student Jailed After Failing To Hand Over Crypto Keys

I once had a baby rattle (when I was a baby). Why is it reasonable to presume I still have it in my possession? I can't prove that I don't since you can't prove a negative.

You wouldn't have to prove you don't have it - you just have to show enough evidence to show that the question is in issue. If in the circumstances it is reasonably likely that it isn't in your possession - such as where you have not had it in your possession for years - the question is in issue, and the prosecution will have to prove it beyond reasonable doubt.

As for 3b, he told them his best recollection of the password and it didn't unlock the drive. So there we go, where is the proff that he does correctly remember the key but chose not to tell them?

I don't think there's much point in speculating as to whether he did it. The person who saw all the evidence and who was able to listen to Wilson and assess his credibility was the judge - without any evidence I don't see how we can really question his judgement.

Frankly I think giving 50 incorrect passwords is more likely to be a sign that you were being obstructive than that you were genuinely trying to remember but couldn't, but again - I don't know, because the journalists didn't report any details.

There may be indications and reasons to suspect, but the standard for jailing someone is proof. Where memory is involved, there can never be proof. At least not with today's technology.

The standard for jailing someone is proof beyond reasonable doubt - not absolute proof. I presume that there was sufficient evidence for the judge to conclude, beyond reasonable doubt, that Wilson was lying. If not, I hope he will appeal and be vindicated - but we haven't seen any of the evidence so we don't know.

I would say that courts deal with lots of people who say they "can't remember" or "don't know" something, and have to decide whether they are telling the truth or not - whether that's people who can't remember where they were when a crime took place, or who don't know where some money went, or a million other possibilities. It's a difficult question, but it's an inevitable one for a criminal court to grapple with and they have plenty of experience doing so.

Comment: Re:Could Not Do It (Score 1) 323

by Kijori (#47427145) Attached to: UK Computing Student Jailed After Failing To Hand Over Crypto Keys

Or that he appreciated that people could forget passwords, but didn't believe the defendant in this case. We don't know on what the judge based his decision - the journalists declined to report that minor fact - but we do know that the judge had a lot more evidence on which to come to a conclusion (including, unless he chose not to appear, hearing the defendant's explanation from his own mouth) and it may be that having heard that evidence he was sure the defendant was lying.

Comment: Re:National security (Score 1) 323

by Kijori (#47426887) Attached to: UK Computing Student Jailed After Failing To Hand Over Crypto Keys

It's regrettable that the journalists present chose not to report the judge's actual explanation of the orders he was making instead of just a few quotes taken out of context - which makes it impossible to know whether the finding was reasonable or not. (In England, while almost all higher court judgments are transcribed at public expense and put online, Crown Court hearings are not.)

Comment: Re:What if he forgot it? (Score 1) 323

by Kijori (#47426717) Attached to: UK Computing Student Jailed After Failing To Hand Over Crypto Keys

It doesn't matter. In the UK, you face jail time for not turning over passwords... even if you can prove you never had them. If the cops think that a photo has steganographically hidden data, you must produce the decryption key, or face jail time. If some anonymous so and so sends you a floppy disk, or USB stick, you must produce the decryption keys to any files on it.

This is completely false. I have set out an overview of the process of proving that someone has the decryption key here.

Comment: Re:Seems appropriate (Score 1) 323

by Kijori (#47426653) Attached to: UK Computing Student Jailed After Failing To Hand Over Crypto Keys

Real question...what happens if somebody legitimately forgets their password? If they're paranoid (or realistic) enough to use AES to begin with, they're likely going to have a good strong password. That's a lot of entropy for a human to remember for a number of years, especially if they don't decrypt it very often.

Then you should not be found guilty - I've set out the process that is followed in another comment. (In reality, if it is plausible in the circumstances that you have simply forgotten the password, it is unlikely that it would actually get anywhere near court to begin with.)

We don't know the facts of this case - unfortunately the journalists chose to give us a few selected quotes out of context, rather than a transcript of the judge's entire remarks - but it sounds like the judge may have thought that the claim to have forgotten the password was just the latest in a series of lies that the defendant has told to try to avoid giving up the data. If that is the case, and the defendant has genuinely forgotten his password, that is very unfortunate (although no different to any other trial, in that if you squander your credibility you may find that your truthful remarks are not believed).

Comment: Re:Seems appropriate (Score 1) 323

by Kijori (#47426611) Attached to: UK Computing Student Jailed After Failing To Hand Over Crypto Keys

The problem with demanding the key and jailing him for not doing so is that they haven't (as far as I know) proven he actually remembers the key at all. Have they done anything to prove that he didn't genuinely believe the passwords he told them would decrypt the data? People do forget things all the time, even very important things. Throw in some duress and mental anguish over being jailed plus autism and it's a wonder if he gets his middle name right.

Assuming that the judge followed the requirements of the legislation - and there doesn't seem to be any reason to think that they didn't - that question will have been answered in the following way:

1. By default, the prosecution would have to prove beyond reasonable doubt that the defendant has possession of the key (in this case, by knowing the password).
2. However, where it has been proved that they had the key, there is a presumption that they still have it. I expect that applied here, since they could probably show that he had accessed the encrypted data.
3a. If the defendant does not bring any evidence, then the presumption will stand and they will be found guilty.
3b. If the defendant disputes it, they do not have to prove that they do not have the key. They only need to show enough evidence to "raise an issue" - i.e. for there to be reasonable doubt as to whether they have it. At that point the prosecution must prove beyond reasonable doubt that they do.

I don't know the specific details here - it would have been helpful if the journalists present had transcribed the judge's entire remarks, rather than just presenting one or two quotes out of context. However, I could imagine a situation where a suspect was known to have used the password regularly up until the date of his arrest, at which point he claimed suddenly to have forgotten it, and where that simply wasn't believable - particularly if he had lied to the police or the court about other matters, and had been generally obstructive*. I would also point out that the judge will (unless he chose not to take the stand) have heard whatever Wilson's explanation was from his own mouth, and will have therefore been in a better position than any of us to judge whether he was telling the truth.

*Which you are, of course, free to do, but which is unlikely to improve your credibility.

Comment: Re:Seems appropriate (Score 1) 323

by Kijori (#47426411) Attached to: UK Computing Student Jailed After Failing To Hand Over Crypto Keys

Statutes like PACE lack one essential attribute of a constitution: they are not entrenched, so Parliament could remove the protections by a simple majority. If you don't include that as a requirement of a constitution, it is difficult to see what the word "constitution" means.

There have been suggestions that there is an English constitution (it's difficult to speak of a UK constitution, since the UK does not have a single legal system - PACE, for example, is part of the law of England and Wales, with some application in Scotland). The House of Lords, for example, suggested that an attempt to abolish the right to trial, or to extend the length of Parliament, would simply not be effective and would be ignored by the Courts. In practice, if those were attempted the result would be constitutional crisis and much would depend on the practical question of who forces like the police listened to.

I'd also point out that the idea that England has an unwritten constitution is fairly old and often repeated - but there are a lot of contemporary legal scholars who think the extent of any unwritten constitution that does exist is so small, and so toothless, that it's a bit disingenuous to say that it exists at all.

Comment: Re:Who is actually influenced by ads?? (Score 1) 254

by Kijori (#47306627) Attached to: The Bursting Social Media Advertising Bubble

You may be right that you are completely unaffected by advertising. However, there are two things that should give you pause:
1. The vast majority of people are regularly influenced by advertisements.
2. The majority of people think that they are not influenced by advertisements.

In other words, there are lots of people who think, like you, that advertising doesn't influence their decisions - and mostly they are wrong.

Comment: Re:ugh (Score 1) 146

by Kijori (#47170933) Attached to: Local Police Increasingly Rely On Secret Surveillance

How is this even a question?

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

That's not even remotely vague. It's clear as day. You need a warrant and that warrant should be public. Period. Any Judge that didn't see this as a violation of the 4th amendment should be strung up without a trial, since they don't feel the constitution is important.

I'm not sure that it's as crystal-clear as you say:
1. Where does it say the warrant must be public? A secret warrant seems like it would qualify as long as it fit the requirements set out.

2. It doesn't explicitly say "all searches require a warrant"; it only refers to "unreasonable searches". Does a reasonable search not require a warrant? In fact, where does this expressly say that any searches require a warrant?

3. Where does it say that this applies to electronic communications (or any non-physical communications)? Are electronic communications "persons, houses, papers, [or] effects"? What's the "place to be searched" if you intercept broadcast information?

One of the great difficulties of constitutional study is that the US constitution is pretty vaguely drafted.

Comment: We need to consider both sides (Score 0) 240

by Kijori (#47170845) Attached to: UK Seeks To Hold Terrorism Trial In Secret

This has very clear and obvious potential implications for justice. Open justice has been a cornerstone of British justice and we should be very careful about derogations from it.




What I think is missing from the vast majority of the comments to this article is the recognition that this is a very difficult situation. You can imagine the possibility that, for example, a long-term intelligence source reveals a terrorist plot - but where to prove that in open court would reveal the existence of the source, shutting the door to future intelligence and possibly leading to an informant's horrific death.


You may think that the inviolability of the principle of open justice is such that no derogation is permissible from it. If you do, however, you should still be open about the fact that this might mean that known terrorists cannot be prosecuted - or, God forbid, are allowed to carry out deadly attacks - because the cost of losing our intelligence sources is judged too great.


It might also be worth considering where the alternative leads. If the intelligence agencies are left with the dilemma above, will they in fact choose to allow the terrorist to go free or to perpetrate an attack - or is it more likely that they will deal with the threat in secret, without the oversight of the courts? It would be unfortunate if we were so unwilling to sacrifice any of the protections of a suspect that we ended up, in practice, losing them all.

Comment: Re:Hulk hogan could code too (Score 1) 581

by Kijori (#46732895) Attached to: Michael Bloomberg: You Can't Teach a Coal Miner To Code

I'm not sure that I see your point. He didn't say it was literally impossible - he said that the threshold for getting the jobs was very high.

Imagine two people who need to walk to the job centre to get a job. One has to climb over a series of low hurdles to get there; the other has to climb a series of 10ft walls.

You would be completely correct to say of the second person "those are all challenges, but not ones that can't be overcome. Can you honestly say that second person has worked hard and trained to climb walls all their lives?". Completely correct - but also completely missing the point.

Comment: Re:Freedom of Speech? (Score 1) 328

by Kijori (#46669921) Attached to: Federal Bill Would Criminalize Revenge Porn Websites

That is irrelevant. The government is supposed to follow the constitution. Following random crap that doesn't have anything to do with it is a sign of a broken system and makes the constitution useless. But then again, with the TSA, the NSA surveillance, constitution-free zones, free speech zones, unfettered border searches, etc., we already know our system is broken.

I would say that it's the sign of a "broken" constitution - or at least one that isn't really sufficiently well drafted.

The reason for the Courts looking at historical evidence is that the constitution isn't drafted in sufficiently precise terms to enforce it on its own. Look at the text of the First Amendment for an example - read literally it would seem to mean that Congress could not prohibit human sacrifice, if that were necessary for the free exercise of a religion, and could not prohibit false advertising, which would be free speech; but that seems an unlikely intention and an undesirable result.

In an ideal world I think you would agree on the exact rights that you want to give constitutional protection - and their precise extent - and enshrine those in a new constitution. In practice, of course, that's impossible because so many different groups use the wiggle room to their advantage to try to permit, or prohibit, their cause of choice.

"I've seen the forgeries I've sent out." -- John F. Haugh II (jfh@rpp386.Dallas.TX.US), about forging net news articles