Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×

Submission + - SPAM: Judge Rules In Favor Of Hacktivist Love

Submitted by Anonymous Coward
An anonymous reader writes: A judge in Westminster has ruled that alleged hacktivist Lauri Love cannot be forced to provide encryption keys to the National Crime Authority. This move has been called a “victory for all who use encryption in the UK” and a “great decision for privacy and personal freedom”. The NCA’s request was widely regarded as an attempt to circumvent the Regulatory of Investigative Powers Act of 2000, which specifically legislates police power to compel subjects to hand over encryption keys. The NCA originally tried to force Love to turn over encryption keys under RIPA in 2014 but were unsuccessful. So Love, whose property was seized two years ago, made an application to have it returned under the 1897 Police Property Act. In response, the NCA attempted to legally force decryption under the same act.

The NCA argued, in the ruling documents, that they could only ascertain the contents of the devices if Love was forced to provide the encryption key. The district judge was not persuaded by this argument, saying, “The case management powers of the court are not to be used to circumvent specific legislation that has been passed in order to deal with the disclosure sought.” Legal experts have noted that this case represents a civil action being put forth in a magistrate’s court, which normally only deals with criminal issues.

Comment ACLU Article is wrong (Score 0) 242

The linked ACLU article has some very large inaccuracies. While the "file system key" is indeed stored in "effaceable storage" and can be read out, it does no good. The key itself is encrypted with device specific data. Please see: http://www.darthnull.org/2014/... (this is for iOS 8, but similar to 9). Getting the encrypted key is fairly useless as only that specific cpu can decrypt it.

Comment Fuzzy Hashing, Extractors and Vaults (Score 1) 242

by steamraven (#50905165) Attached to: Unhashable: Why Fingerprints Are Weaker Security Than Passwords

This is an area that has seen quite a bit of research and there are ways to hash fingerprints. I little google searching led to Fuzzy Extractors which create a cryptographic key from biometric data and Fuzzy Vaults that store fingerprints in a secure way.

https://en.wikipedia.org/wiki/...
http://www.cse.buffalo.edu/tec...
https://eprint.iacr.org/2004/0...

Comment Re:XEN PV mode is dead (Score 1) 61

by steamraven (#50832653) Attached to: Xen Patches 7-Year-Old Bug That Shattered Hypervisor Security

That may be the case for cloud deployment. However, there are other very important areas that PVs are being used. For example: qubes, a security focused Linux distribution https://www.qubes-os.org/.

In addition, there is actually a full spectrum between PV and HVM: http://wiki.xen.org/wiki/Xen_P.... Very few use straight HVM, generally it is HVM + PV Drivers. Linux on Xen ends up using PVHVM. The sweet spot for Open Sources OS under Xen is PVH.

Comment Netflix (Score 1) 183

I remember Netflix used to do this when a streamed video did not play correctly. When a movie wouldn't play the first time, or it dropped in the middle, I would get an email crediting my account for small amount. Of course, this was when they were just rolling out the streaming; now that they are established I don't receive these anymore.

Slashdot Top Deals

Old programmers never die, they just hit account block limit.

Close