Jump to content

Recommended Posts

Posted

Yea! for Encryption, boo for child porn...

Posted
Yay 5th amendment?

Aren't you from the UK? You don't get the 5th amendment :)

....or do they have an equivalent over there?

Posted

Actually we don't, had this guy been caught in the UK he would have gotten 2-5 years for refusing to hand over his encryption key. Yay British law!

Posted

It's not illegal but if they want your keys then you have to give them the keys, else you can be arrested for withholding them...

Posted
It's not illegal but if they want your keys then you have to give them the keys, else you can be arrested for withholding them...
yeah UK FTL

but then as far as I know people in your county don't just disappear...

oh wait we can kidnap them now too.... nevermind

Posted

This is an interesting situation. The guy gets caught with his drive open, police see illegal stuff and arrest the guy, shut down the machine and because of that now need a passphrase to remount the encrypted drive. This shows that the procedure used here is wrong. When you kill someone in your own home, some cop doesn't show up, sees that a murder has been comitted, takes you to the police station for interrogation and a couple weeks later a forensics team shows up, only to find that your cleaning lady has once again shown to not only be ruthlessly efficient, but very much worthy of that christmas bonus you were planning for her.

They should have a computer forensics team on stand-by much like the CSI people and the cop in question should've kept the machine on until those people got there.

Forcing the guy to produce his encryption key in this case I would consider reasonable because the evidence of the crime he's been charged with was on there and it already was accessible at the time of his arrest. If the laptop was confiscated in a bust of some sort, and police at no time in the investigation had access to the key to the drive, they shouldn't be allowed to request the suspect to divulge it.

The UK system is just wack, but I'm not sure where my country stands on this one.

EDIT:

Found it! In .NL you don't have to provide the key. Specifically

-----------------------

You don't have to cooperate with your own conviction. It's called the 'nemo tenetur'. It's not explicitly in our lawbooks, but is recognised based on article 6 of the EVRM (dutch abbreviation of 'european treaty of human rights and fundamental liberties'). Based on the Saunders-arrest of the European Court a suspect cannot be compelled to make a statement, but can be compelled to provide materials which are independant of his will, such as documents and blood samples. If the defendant writes a confession in his diary, and the police finds it during a search, it's admissible. Even when it's on a computer. But if the police can't find the diary, the suspect cannot be compelled to tell them where it is.

A password is similarly inside your head, and divulging it is akin to "making a statement". Which is why such an order to compel cannot be given here. This has been explicitly noted in article 125k Wetboek van Strafvordering. To witnesses, but also other relevant parties (such as a systems administrator) such an order to compel CAN be given - naturally as long as they actually know the password.

-----------------------

Source: http://blog.iusmentis.com/2007/12/18/ameri...en-aan-politie/

That blog post also points out that in a discussion in dutch parliament on a new computer crime law, our justice minister explicitly stated that 'nemo tenetur' made it illegal to compel a person to divulge his password. (source: http://www.ejure.nl/mode=display/dossier_i...ds/KST86350.rtf [dutch, rtf])

Interesting follow-up question posed in that blog post: If the suspect was using biometrics as authentication mechanism, can he be compelled to place his finger on the sensor? After all, taking someone's fingerprints is legal.

Posted

Does raise an interesting point. Also, if you use biometrics like a finger print, what happens if you dip your finger in acid or use a dremel to remove or damage the finger beyond the biometric sensors ability to recoverer usable data? Plus, if your using something like a TPM to encrypt your data, and that breaks or is broken, how can they legally use something like the RIPA against you?

Posted

I wonder if this would cover finger print scanners as well.  This just makes me want to use truecrypt even more (even though I don't have child porn or anything to the nature on my drive).

Posted
This is an interesting situation. The guy gets caught with his drive open, police see illegal stuff and arrest the guy, shut down the machine and because of that now need a passphrase to remount the encrypted drive. This shows that the procedure used here is wrong. When you kill someone in your own home, some cop doesn't show up, sees that a murder has been comitted, takes you to the police station for interrogation and a couple weeks later a forensics team shows up, only to find that your cleaning lady has once again shown to not only be ruthlessly efficient, but very much worthy of that christmas bonus you were planning for her.

They should have a computer forensics team on stand-by much like the CSI people and the cop in question should've kept the machine on until those people got there.

Forcing the guy to produce his encryption key in this case I would consider reasonable because the evidence of the crime he's been charged with was on there and it already was accessible at the time of his arrest. If the laptop was confiscated in a bust of some sort, and police at no time in the investigation had access to the key to the drive, they shouldn't be allowed to request the suspect to divulge it.

The UK system is just wack, but I'm not sure where my country stands on this one.

QFE

taking and using fingerprints is fine with me because it like leaving "it" right out in the open

Like marijuana if you let it grow outside but behind a fence designed to keep people out and not let them see in police can't then use that but if it's behind a chain link fence they can use that

I'm too tired to make sence I'll try again tomorrow

Posted

PGP uses PGP...

and assuming that good passwords where used with good random number generators PGP is fairly difficult (as in a few million years of brute forcing) to brake.

Posted
Pretty Good Privacy.. the title alone makes it sound just not that good enough.

Good enough to keep the cops out. this guy was lucky to have PGP, i bet most guys or girls that look at shit pictures like those would have to be really good with a computer. you would be dumb not to know how to hide it and take it to the airport.

Thats probably why when you see guys get caught its always old guys who think delete is all they need.

Posted

Well, when you see busts of pedofile rings on the news, there's always a ton of computers, CDs and DVDs taken out of homes. I'm under the impression that they catch these crooks primarily by tracing back parcels, rather than actively monitoring internet sites and such.

This bright spark was simply brazen enough to put the shit on his laptop and head across the border with it. He should be counting his undeserved blessings for having chosen to store the filth on an encrypted drive.

Posted

You do actually have a right to silence in the UK, but that's only in relation to giving evidence to something you've been charged with, i.e. you don't have to provide testimony during criminal proceedings (although since 1994 the jury can draw inferences from your silence, in England and Wales at least, not sure about Scotland and NI). Being forced to hand over encryption keys doesn't come under the same protection and you don't even have to be charged with a crime before being ordered to surrender your keys.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...