Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: politician's syllogism (Score 1) 329 329

This is the politician's syllogism at work: "Something must be done. This is something. Therefore this must be done".
The horror of the Hebdo attacks is that they are attacks on the freedom of speech. Allowing the gov't to spy on all our internet traffic is a far greater attack, because anonymity is the best defence of free speech. It's like someone responding to seeing you have a nosebleed by cutting off your head with a chainsaw "to make sure it doesn't happen again" .

+ - DoxBox: Open-Source disk encryption for Windows 1 1

monkey999 writes: A new disk encryption program for Windows has been released that is compatible with Linux encryption and — unlike Truecrypt — is fully maintained. From the announcement:


  • Full transparent encryption, DoxBoxes appear as removable disks in Windows Explorer.
  • Explorer mode lets you access DoxBoxes when you don't have admin permissions.
  • Compatible with Linux encryption, Cryptoloop "losetup", dm-crypt, and LUKS. Linux shell scripts support deniable encryption on Linux.
  • Supports smartcards and security tokens.
  • Optional 'key files' let you use a thumb-drive as a key.
  • Portable mode doesn't need to be installed and leaves little trace on 3rd party PCs
  • Deniable encryption protects you from 'rubber hose cryptography'.

Comment: Re:Talking of FUD (Score 1) 147 147

Where exactly does the law state that? There's no "then and only then"

It was the law I quoted immediately above it. I even bolded the relevant part.

For the purposes of this section a person shall be taken to have shown that he was not in possession of a key [ie he forgot it] to protected information at a particular time if—
(a)sufficient evidence of that fact is adduced to raise an issue with respect to it; *AND*
(b)the contrary is not proved beyond a reasonable doubt.

(my emphasis) Note the word 'AND'.
Hopefully most people understand that X = a AND b means you need to test b if and only if a is true.

even the CPS themselves highlight that your earlier interpretation

This is a press release from the CPS - not an argument made in court. We don't know what was said in court. We do know, for certain, what the law says and it's quite clear. The prosecution do NOT need to prove 'beyond reasonable doubt' that someone remembers their password, as you claimed they do, except in exceptional circumstances.

someone stupid enough to incriminate himself

The information we have is that he behaved consistently with someone who was being as helpful as possible to the police, but had forgotten his password.
Note that there is little special status in England for 'self-incriminating' evidence, unlike America. If you refuse to answer the police questions on the grounds that they are 'self-incriminating' the prosecution can and will use this in court.

, he admitted he had set the password,

So are you saying he should have lied to the police? Will any encryption software will let you encrypt data /without/ setting a password?

To recap, you said :

Similarly there's a lot of FUD about RIPA's password clause by people who haven't read the law which explicitly states that police have to prove beyond reasonable doubt that someone has a key before they can be prosecuted for not handing it over

(my emphasis) I quoted the exact law, which 'explicitly states' the precise opposite of what you claimed - implying that you yourself 'haven't read the law'.
You also said, about people being imprisoned for apparently forgetting their password:

it's never happened

I gave a example of precisely that happening.

This is a far cry from simply saying ... "I forgot it". As I said, no such case to date has ever happened -

from the press release:

the defendant [said he] could not recall it ... As the defendant claimed to have forgotten a password ...

So this is exactly what happened.
Some people, if they were caught out so badly wrong about so many things they were so dogmatic about, might think "when you're in a hole - stop digging".
But I'm glad you don't because it gives me an opportunity to repeat this point about which there certainly is 'a lot of FUD':

Basically, based on the few contested cases that have come up so far, if the police demand a password to some file you encrypted, only 2 things can happen:
a) you give them the password
b) you go to prison.
Except in special circumstances, saying 'I forgot my password' is NOT a valid defence.
The claim that the prosecution always have to prove 'beyond reasonable doubt' that you remember it is clearly false. It's up to the victim to show 'sufficient evidence' they have forgotten it, something that has never happened, and may be impossible in practice.
The following are also not defences:

  • 'I didn't set a password' (an obvious lie)
  • 'My answers would be self-incriminating' (this isn't America)

This is going to have a chilling effect on the use of encryption in general, will give the authorities power over people who have done nothing wrong, and will encourage those in the know to use 'deniable encryption' which will give police still less knowledge about the metadata.

Comment: Talking of FUD (Score 4, Interesting) 147 147

Similarly there's a lot of FUD about RIPA's password clause by people who haven't read the law which explicitly states that police have to prove beyond reasonable doubt that someone has a key before they can be prosecuted for not handing it over

Except it doesn't.
The actual quote from the law is:

For the purposes of this section a person shall be taken to have shown that he was not in possession of a key to protected information at a particular time if— (a)sufficient evidence of that fact is adduced to raise an issue with respect to it; and (b)the contrary is not proved beyond a reasonable doubt.

IOW the defence has to show "sufficient evidence ... to raise an issue", and then and only then does the prosecution have to prove 'beyond a reasonable doubt'. So this is a completely new standard of proof introduced into the British criminal system after 1000 years of using only the 'proof beyond a reasonable doubt' test. How do you show 'sufficient evidence' that you have forgotten a password? Nobody knows.
AFAIK (and IANAL) no judge has yet accepted the defence has shown 'sufficient evidence'. How do you show a negative - that you don't know something? Maybe judges think (correctly) that it's impossible to 'raise an issue', so the prosecution never has to prove anything apart from that you didn't hand over a password.
This is what's known as the 'reverse burden of proof' introduced in RIPA. You don't have to prove 'beyond a reasonable doubt' you forgot the password, but you do have to show 'sufficient evidence', or - if you don't hand over a password - you're automatically guilty.
What's more the Home Office code of practice says that even if you have 'sufficient evidence' - it might not even be allowed in court 'if the person fails to raise some doubt as to whether he still had the key when the notice was given'.

it's never happened, everyone prosecuted to date has been like the plonker in yesterday's news story who incriminated themselves for the simple reason they were actually dickheads.

Perhaps you're assuming no judge would be that corrupt,so here's a case of someone who quite plausibly forgot his password being imprisoned:

A TEEN who refused to give police officers an encryption password for his computer has been jailed for four months. Evidence showed that the defendant admitted in police interviews that he had set an encrypted password of between 40 and 50 characters containing both letters and numbers using an encryption software programme and that he had had originally relied on his memory to recall it but could not recall it when he was served with the notice.
The jury heard both the prosecution and defence case and accepted the prosecution case that the defendant must have kept a record of this very complex password, rather than relying on memory, and that he had deliberately failed to disclose it to the police. They returned a guilty verdict after 15 minutes deliberation.

Incidentally, if you do get ordered to hand over a password - even to sometimes else's data you happen to have - you're not allowed to tell anyone, presumably not even to ask for the password.

Comment: Extremism is evil (Score 1) 361 361

'Extremism' is an evil concept. An 'extremist' implies someone on the edges of the bell curve of belief - but guess what - most people think of themselves as being in the middle of that curve, no matter what their own beliefs. So in practice 'extremist' means 'extremely different from me'.
The purpose of law enforcement should be to stop acts of violence, terrorism, subversion, whatever - but never to stop mere difference. In a violent society, peace is extremist. In a dictatorship, freedom is extremist. In a racially segregated society, equality is extremist.
It's no wonder authorities love the word 'extremism', it's a slur for any kind of dissent.
Remember, the direct opposite of 'extremism' is 'conformism'.

Comment: The NSA is more extreme than you know (Score 1) 361 361

See, a rational person would have looked at what's going and concluded that the NSA's position is "of course you're more likely to be an extremist" rather than "of course you must be an extremist".

This is a comment in the actual code used by the NSA:

/* These variables define terms and websites relating to the TAILs (The Amnesic Incognito Live System) software program, a comsec mechanism advocated by extremists on extremist forums. */

The source also says the NSA refers to "the Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum".

So yes, the NSA, in their own words, do indeed believe if you use TAILS, or read The Linux Journal, you are an extremist.

User Journal

Journal: now JavaScript free 1 1

s'qute is now no-script friendly, it's possible to use all the features of the site (including posting anonymously) with JavaScript off, and it's perfectly usable in links.

Leaving JS on will make some pages easier to use, e.g. loading comments in the background.
The bot defences have had to be reworked, so you may see more captchas than before.

Mirrors should reflect a little before throwing back images. -- Jean Cocteau