Comment Irony or blowback? (Score 0) 129
The webertarian project aims to create software that makes tyranny mathematically infeasible.
The webertarian project aims to create software that makes tyranny mathematically infeasible.
Where exactly does the law state that? There's no "then and only then"
It was the law I quoted immediately above it. I even bolded the relevant part.
For the purposes of this section a person shall be taken to have shown that he was not in possession of a key [ie he forgot it] to protected information at a particular time if—
(a)sufficient evidence of that fact is adduced to raise an issue with respect to it; *AND*
(b)the contrary is not proved beyond a reasonable doubt.
(my emphasis)
Note the word 'AND'.
Hopefully most people understand that X = a AND b means you need to test b if and only if a is true.
even the CPS themselves highlight that your earlier interpretation
This is a press release from the CPS - not an argument made in court. We don't know what was said in court. We do know, for certain, what the law says and it's quite clear. The prosecution do NOT need to prove 'beyond reasonable doubt' that someone remembers their password, as you claimed they do, except in exceptional circumstances.
someone stupid enough to incriminate himself
The information we have is that he behaved consistently with someone who was being as helpful as possible to the police, but had forgotten his password.
Note that there is little special status in England for 'self-incriminating' evidence, unlike America. If you refuse to answer the police questions on the grounds that they are 'self-incriminating' the prosecution can and will use this in court.
, he admitted he had set the password,
So are you saying he should have lied to the police? Will any encryption software will let you encrypt data
To recap, you said
Similarly there's a lot of FUD about RIPA's password clause by people who haven't read the law which explicitly states that police have to prove beyond reasonable doubt that someone has a key before they can be prosecuted for not handing it over
(my emphasis)
I quoted the exact law, which 'explicitly states' the precise opposite of what you claimed - implying that you yourself 'haven't read the law'.
You also said, about people being imprisoned for apparently forgetting their password:
it's never happened
I gave a example of precisely that happening.
This is a far cry from simply saying
from the press release:
the defendant [said he] could not recall it
... As the defendant claimed to have forgotten a password ...
So this is exactly what happened.
Some people, if they were caught out so badly wrong about so many things they were so dogmatic about, might think "when you're in a hole - stop digging".
But I'm glad you don't because it gives me an opportunity to repeat this point about which there certainly is 'a lot of FUD':
Basically, based on the few contested cases that have come up so far, if the police demand a password to some file you encrypted, only 2 things can happen:
a) you give them the password
or
b) you go to prison.
Except in special circumstances, saying 'I forgot my password' is NOT a valid defence.
The claim that the prosecution always have to prove 'beyond reasonable doubt' that you remember it is clearly false. It's up to the victim to show 'sufficient evidence' they have forgotten it, something that has never happened, and may be impossible in practice.
The following are also not defences:
This is going to have a chilling effect on the use of encryption in general, will give the authorities power over people who have done nothing wrong, and will encourage those in the know to use 'deniable encryption' which will give police still less knowledge about the metadata.
HTH
Similarly there's a lot of FUD about RIPA's password clause by people who haven't read the law which explicitly states that police have to prove beyond reasonable doubt that someone has a key before they can be prosecuted for not handing it over
Except it doesn't.
The actual quote from the law is:
For the purposes of this section a person shall be taken to have shown that he was not in possession of a key to protected information at a particular time if— (a)sufficient evidence of that fact is adduced to raise an issue with respect to it; and (b)the contrary is not proved beyond a reasonable doubt.
IOW the defence has to show "sufficient evidence
AFAIK (and IANAL) no judge has yet accepted the defence has shown 'sufficient evidence'. How do you show a negative - that you don't know something? Maybe judges think (correctly) that it's impossible to 'raise an issue', so the prosecution never has to prove anything apart from that you didn't hand over a password.
This is what's known as the 'reverse burden of proof' introduced in RIPA. You don't have to prove 'beyond a reasonable doubt' you forgot the password, but you do have to show 'sufficient evidence', or - if you don't hand over a password - you're automatically guilty.
What's more the Home Office code of practice says that even if you have 'sufficient evidence' - it might not even be allowed in court 'if the person fails to raise some doubt as to whether he still had the key when the notice was given'.
it's never happened, everyone prosecuted to date has been like the plonker in yesterday's news story who incriminated themselves for the simple reason they were actually dickheads.
Perhaps you're assuming no judge would be that corrupt,so here's a case of someone who quite plausibly forgot his password being imprisoned:
A TEEN who refused to give police officers an encryption password for his computer has been jailed for four months. Evidence showed that the defendant admitted in police interviews that he had set an encrypted password of between 40 and 50 characters containing both letters and numbers using an encryption software programme and that he had had originally relied on his memory to recall it but could not recall it when he was served with the notice.
The jury heard both the prosecution and defence case and accepted the prosecution case that the defendant must have kept a record of this very complex password, rather than relying on memory, and that he had deliberately failed to disclose it to the police. They returned a guilty verdict after 15 minutes deliberation.
Incidentally, if you do get ordered to hand over a password - even to sometimes else's data you happen to have - you're not allowed to tell anyone, presumably not even to ask for the password.
See, a rational person would have looked at what's going and concluded that the NSA's position is "of course you're more likely to be an extremist" rather than "of course you must be an extremist".
This is a comment in the actual code used by the NSA:
The source also says the NSA refers to "the Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum".
So yes, the NSA, in their own words, do indeed believe if you use TAILS, or read The Linux Journal, you are an extremist.
Leaving JS on will make some pages easier to use, e.g. loading comments in the background.
The bot defences have had to be reworked, so you may see more captchas than before.
Software production is assumed to be a line function, but it is run like a staff function. -- Paul Licker