His argument is: 1) They can lock you up for refusing to decrypt something. 2) Encrypted data looks exactly like random noise. 3) Encrypted data can be hidden in any file. 4) Therefore, they can allege that nearly anything is encrypted and lock you up on that basis.<p>I'd say that's terrifying.<p>Another thought: doesn't this make it possible to frame someone by writing random data to their hard drive?
It is impossible to prove a PRNG'ed file is or is not encrypted data. TrueCrypt volumes look identical to `dd if=/dev/urandom of=file.bin bs=512`. Create a few of each and then evaluate them using ent to see this for yourself.<p>Edit: Link to ent <a href="http://www.fourmilab.ch/random/" rel="nofollow">http://www.fourmilab.ch/random/</a><p>You could prove the file is encrypted <i>if</i> it is indeed encrypted <i>and</i> you have the passphrase <i>and</i> the program to decrypt it, but outside of that, it's simply not possible to say with any level of confidence that the bits are really encrypted.<p>BTW, I wrote TCHunt in 2007, a program that attempts to seek out encrypted TrueCrypt volumes and I have a FAQ that covers much of this. Here's the link for anyone interested in reading more about it: <a href="http://16s.us/TCHunt/" rel="nofollow">http://16s.us/TCHunt/</a><p>And, there is usually much more to it than randomish bits in a file on a disk. The government agents usually have other evidence that suggests the person in question is doing illegal things and may have cause to use encryption. Finding actual encrypted data is normally just icing on the cake to them.
While it is obviously a bad law, it's not <i>quite</i> as bad as he's making out.<p>s.53(3):<p>"<i>For the purposes of this section a person shall be taken to have shown that he was not in possession of a key to protected information at a particular time if—</i><p><i>(a) sufficient evidence of that fact is adduced to raise an issue with respect to it; and</i><p><i>(b) the contrary is not proved beyond a reasonable doubt.</i>"<p>In other words, if there's evidence for there to be 'an issue' about whether you actually do have a key (or whether e.g. it's just random noise), it's up to the prosecution to prove beyond reasonable doubt that it <i>is</i> actually data, and you <i>do</i> have the key.<p>So the flowchart is:<p>- If the police can prove they have <i>reasonable grounds to believe</i> that something is encrypted data that you have the key to, then<p>- That raises an <i>evidential presumption</i> that you do have it, which you can rebut by<p>- adducing evidence that just has to <i>raise an issue</i> about whether you have a key (inc. whether it's encrypted data at all), in which case the police have to<p>- Prove beyond reasonable doubt that it is encrypted, and you <i>do</i> have the key.<p>(IANAL)
In the section of the act mentioned (Regulation of Investigatory Powers Act 2000, part III), two of the defined terms are:<p><i>“key”, in relation to any electronic data, means any key, code, password, algorithm or other data the use of which (with or without other keys)—<p>(a)allows access to the electronic data, or<p>(b)facilitates the putting of the data into an intelligible form;</i><p>-- and --<p><i>“protected information” means any electronic data which, without the key to the data—<p>(a)cannot, or cannot readily, be accessed, or<p>(b)cannot, or cannot readily, be put into an intelligible form;</i><p><a href="http://www.legislation.gov.uk/ukpga/2000/23/part/III" rel="nofollow">http://www.legislation.gov.uk/ukpga/2000/23/part/III</a><p>At first, I thought the argument in this article was nonsense. However, whilst I'd hope common sense would prevail, the definitions above seem broad enough that a policeman could make one's life difficult for a while.
Every digital storage device on earth should contain a randomly sized random data file called RANDOM-DATA. The user of said device could optionally replace this file with encrypted data. Once critical mass is achieved, states that do not respect individual liberty would have no way of determining the nature of every RANDOM-DATA file that they obtain by eavesdropping, theft or force.<p>I know the answer to this is 'easier said that done'. Certainly hardware and OS vendors can't be trusted with this task. Maybe FOSS installers could educate users and optionally create the file? How can we make this happen? I want to wear a t-shirt that says 'random numbers save lives.'
Damn, the UK is pretty f'ed up - the list of things that British citizens can't enjoy compared to a lot of other countries (even developing ones) is growing every day.<p>Meanwhile, a criminal could easily just store everything on an encrypted microSD card, then eat it if anything goes wrong - the oldest trick in the book still works in the digital age :-D...
I have to wonder if this would ever hold up in court. I don't know much about the UK justice system, but in America it would be pretty rare to be convicted of a crime that they can't actually prove you committed. You could be jailed for refusing to comply with a court order to decrypt the file, but if you can prove it's not actually encrypted, they can't do anything about it.
Isn't TrueCrypt's 'hidden volume' feature enough to make this law pointless? Just have two encoded sets of information in the same file. When you are asked to give the key it is up to you the key of which one you give.<p><a href="http://www.truecrypt.org/docs/?s=plausible-deniability" rel="nofollow">http://www.truecrypt.org/docs/?s=plausible-deniability</a>
Hidden volumes.<p>Volume one contains hardcore porn, volume two contains bank job plans. Neither can be proved to exist with their keys.<p>When asked, hand over the porn keys. Plausible deniability.
I was watching 'Garrow's Law' yesterday. He said that "Laws which are passed in times of fear, are rarely removed from the statute books". Terrorists always win, because every time they attempt to strike the Government removes our basic liberties under the guise of protecting us.
Encryption isn't just about hiding your documents. It is also about securing your assets and providing identification.<p>- The passwords on your bitcoin wallet give you the authority to spend your money.<p>- Your encrypted signature requires your private key so other's know your message came from you.<p>So, this law gives the government the ability to impersonate you and consume/use your assets in an unrecoverable way.<p>While the government might not have the authority to impersonate you or spend your money, they do have the authority to acquire the means to do so. And then all it takes is one dishonest person working for the government to use that information maliciously.
We are have begun to outlaw privacy. This is wrong. Speak up, while you still have a voice.<p><a href="http://archive.org/details/the_hangman_1964" rel="nofollow">http://archive.org/details/the_hangman_1964</a>
<a href="https://www.youtube.com/watch?v=keZlextkcDI" rel="nofollow">https://www.youtube.com/watch?v=keZlextkcDI</a>
<a href="https://en.wikipedia.org/wiki/The_Drumhead" rel="nofollow">https://en.wikipedia.org/wiki/The_Drumhead</a>
This reminds me of this American Case:<p><a href="http://www.wired.com/threatlevel/2012/02/forgotten-password/" rel="nofollow">http://www.wired.com/threatlevel/2012/02/forgotten-password/</a><p>But on the whole, the whole article is scary and slightly unsettling. On the upside I dont live in the UK - But if we were to be traveling through the UK with our encrypted HardDrives, would we be targeted by the law?
The difference with programmers/scientists/hackers and politicians/authorities/lawyers is that the former see instantly where seemingly small changes in laws and policies will ultimately lead whereas the latter will dismiss these potential problems by making remarks such as "It will only be used against bad guys", which translates to "<i>We had a few hairy cases where this sort of law would have really helped, so we wrote one to cover similar circumstances in the future and while we don't really know how to think of what else goes out with the bathwater we will need</i> something <i>at our disposal.</i>"
>Yes, this is where the hairs rise on our arms: if you have a recorded file with radio noise from the local telescope that you use for generation of random numbers, and the police asks you to produce the decryption key to show them the three documents inside the encrypted container that your radio noise looks like, you will be sent to jail for up to five years for your inability to produce the imagined documents.<p>Of course, if you have access to the files, you could just XOR the noise with some innocuous documents, and send the result to the police saying it's a one-time-pad.
Please forgive my technical ignorance, but can an encrypted cookie be dropped in to my browser cache by a web site? Could an encrypted image with hidden information on a web site end up in my cache? If so, millions of people could have terrorist data in their caches and never know, nor have the key to decrypt it. Also, who has that file Wikileaks published as "insurance". Any one got the key? Any one know whats in it?
So, now Random actually /is/ Resistance?
<a href="http://www.youtube.com/watch?v=aE6RtzwVdHI" rel="nofollow">http://www.youtube.com/watch?v=aE6RtzwVdHI</a>
Assuming this article is true (which I am pretty skeptical of, I live in the UK and never hear about people being jailed for not giving up an encryption key).<p>What would happen if there is encrypted data on your system but you didn't set the key yourself? For example DRM systems usually work by encrypting data and trying their best to make sure you never acquire the key.
It makes me really angry seeing protests about laws which have already passed! It seems to be lazy journalism - after Liberty et al have done the hard work while the bill passes through parliamentary stages, once it's passed, traditional media and others pick up on it and start complaining.<p>Prevention is better than ranting after it's set in stone.
This article is paranoid ill informed speculation, as are many of the Brit-bashing comments. The police have to show a judge they have good grounds to believe you are concealing evidence from them. Note also that if the powers that be are really determined to stitch you up then they will plant data on you, much simpler.
Can you say, "Who is John Galt?"<p>Eventually the preposterous laws drive those with mobility to simply leave. Follow that to it's logical conclusion; the UK will make it difficult to impossible to leave with your assets intact. Loss of privacy is a just a precursor to loss of private property altogether.
This makes me wonder why Brits prefer to courageously make jokes at Putin's regime (with which I'm fine, they're deserved), instead of just going to the Big Ben palace and giving a boot to the same kind of governors sitting there.
How does/would this affect Freenet users? As far as I know, a Freenet user's 'deniability' claim comes from the idea that the user does not know the key to the encrypted content hosted on their machine.
I don't like or support the legislation - but I think this is a bit of an over-reaction.<p>The law as I understand it says that if you've got data (and the context of the law is in focussed primarily on targeting terrorism, child-porn etc) that you've encrypted but refuse to give over the encryption keys to; then if the police then convince a judge that there is valuable evidence in the encrypted data, and you still refuse, then you could ultimately go to prison.<p>Is this really any different to a digital search warrant?<p>Sure this law, like many others, could be abused. But I don't see it as anything to get to wound up about.<p>P.s. what kind of person has a 32GB file of satellite noise to generate random numbers with?!
I stand by my argument that you can have a encryption key that is say 2000 characters long. Print it out 1 character per page and submit that in advance at your local police station, getting a receipt. You are then within the law.<p>Now question is - compression can be views as encryption. How does that pan out if you use a non-standard form of compression that does not require a key as the compression formula is the key in itself!