digg

Facebook Connect Join Digg About

Government Seeks Power to Demand Your Encryption Keys

arstechnica.com The law actually allows UK police to request the master key for encrypted files. Anyone who refuses to comply with the request can be imprisoned for up to two years. In a terrorism investigation, that penalty can be increased up to five years of jail time.

Who dugg this? Made popular May 19, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

63 Comments

show profanity settings
expand all
  • WeThePeople, on 10/12/2007, -1/+27Sure, no problem, just as soon as they give me keys to their files, what? they don't trust me to do the right thing? How then can I trust them?

    It's a two way street, in a free society you have to have some trust in your people and people have to have some trust in their government, this trust is diminishing as institutions and governments work to gain a level of control that they need not have and should not have.

    This is all heading in a very bad direction, thank GOD it's at least getting out in the open for some debate.

    Best to fix the roof when the sun is shinning. JFK
  • gwjc, on 10/12/2007, -3/+20Jack Bauer doesn't need a law
  • anonymonk, on 10/12/2007, -1/+16Time to use TrueCrypt's "plausible deniability" option...
  • bieber, on 10/12/2007, -1/+15WHEN THERE IS REASONABLE SUSPICION THAT SOMEONE HAS COMMITED A CRIME. Getting phone service through AT&T doesn't count as cause for reasonably suspicion.
  • Wolf451man, on 10/12/2007, -2/+13Even though this is UK specific, I dugg it as I expect to see the US follow in short order.
    Government leaders never see restrictions on their power. Here in the States, neither party has a problem with interfering with the liberties of private individuals. While everyone crawls on Bush, as he is currently in office, his predecessor from the other party had just as much disdain for the public.
  • p9s50W5k4GUD2c6, on 10/12/2007, -1/+11Related - eloquent summary of the security versus privacy debate: http://www.wired.com/news/columns/1,70886-0.html
  • CypherXero, on 10/12/2007, -0/+8It already exists. TrueCrypt, for example, has plausible-deniability. It won't release a virus on the system, but it'll make it look like you gave up the key and the information you were hiding.
  • Chive, on 10/12/2007, -1/+7Cops and spooks no longer want to actually investigate crimes anymore.

    They would rather just isten in to phone calls and internet traffic, read data off drives and gather every bit of info they can about everybody. Then they can just charge people with conspiracy and other vague crimes.

    How about if they go out and actually catch the guys who commited real crimes? Sorry, that would be hard work.
  • Smarterdanu, on 10/12/2007, -1/+6unless of course, the crime is made up just to say....silence someone....no....that could NEVER happen
  • Saintlink, on 10/12/2007, -1/+6At least Jack is one of the good guys. I'm not so sure about some of his co-workers. That's why we need privacy.
  • Ozymandias42, on 10/12/2007, -0/+4You know what scares me most about your example? In America, the police have guns instead of billy clubs.
  • Boondoggle, on 10/12/2007, -0/+4No surprise that 1984 was set in England.
  • Silencer7, on 10/12/2007, -1/+5or rather, when there is reasonable suspicion that your government has committed crime(s), trust goes right out the window...
  • krux, on 10/12/2007, -0/+3Not that I live in the UK, but if they tried that ***** here in the states they would have to pry my crypto keys out of my cold dead hands.
  • kualla, on 10/12/2007, -0/+3I saw this headline and the first thing I thought of was TRUECRYPT... too bad someone beat me to it. Do a search for it all you UK people, then rest assured the government can once again go ***** themselves :P

    I hate government's trying to run peoples lives, come on, I don't wan't them coming across my secret plans to rule the world ;P


    P.S. I believe TrueCrypt is FREEWARE
  • tower31, on 10/12/2007, -0/+2Actually, it is known as the new world order. The puppets have taken over and now it is time for us to suffer......
  • otomo, on 10/12/2007, -0/+2So encrypt with a self signed ssl key that lasts for 2 weeks every 2 weeks. Even if you give them the key after that, unless you have re-encrypted the data it is useless for everyone.

    You followed the letter of the law and prevented any of your data being compromised.

    And this can all be automated with any modern unix system.
  • RandomSkratch, on 10/12/2007, -1/+3While you're at it, why not write down all of your usernames and passwords onto a post-it firmly affix it to your monitor.
  • CypherXero, on 10/12/2007, -1/+3It doesn't matter what the public thinks, if the government wants it done, then it's DONE. It doesn't matter if they have do do illegal things to get it done, but if they want it, they have it. End of story. Period.
  • FAT_PIGGY, on 10/12/2007, -0/+2POLICE STATE
  • innerspirit, on 10/12/2007, -1/+3what happens if i lose/forget my key? :0
  • solidcube, on 10/12/2007, -0/+2Naw, they have billy clubs as well as guns. And to be fair, they do try really, really hard not to shoot people. The USA has this really strange attitude about killing.

    But torture? Torture is just fine by our lights.
  • Odweaver, on 10/12/2007, -0/+1So would a loophole be to have a master key for the filesystem, and have a "sub-password" for all the files, with a .exe file on the desktop that would fry the bios or such?
  • bitcloud, on 10/12/2007, -0/+1I get tired of *debating* these issues. My life should be more than fending off oppression.

    I just want to say very loud and clear to the politicians behind this and similar bills: ***** YOU
  • TheRepublic, on 10/12/2007, -0/+1*cough *steganos* cough*
  • solidcube, on 10/12/2007, -4/+5And you expect to do this in which crack-universe?

    You're aware, of course, that encryption algorithms are OS-dependent? What if the ciphertext was decrypted by someone with paper and pencil? Would it then start an ebola outbreak? How would it do that?

    What about if it was decrypted on a VAX? Would it start a VAX virus?

    Sigh.
  • inactive, on 10/12/2007, -0/+1This is why I prefer to rely on steganography (http://en.wikipedia.org/wiki/Steganography) rather than cryptography. It's a lesson that I think a lot of privacy-concerned people should learn.

    It's better to take steps to hide the fact that information is there rather than to encrypt it. Sure, you can encrypt it, but that's the strategic equivalent of fighting a defensive battle: your enemy knows where you are and can attack you at his convenience and time of choosing. Eventually your position will break, eventually he will crack your encryption.

    The upside of the increasing amounts of trash on the internet is that there's more opportunity to hide and go unnoticed. An encrypted file or datastream sticks out like a sore thumb. The saying "if you don't have anything to hide, what are you afraid of?" is actually true, just not in the way most people think.
  • BrewmasterC, on 10/12/2007, -0/+1Encrypt with a secret one time pad and always auto-generate a one time pad that xors your encoded text to "1984" :)
  • syko21, on 10/12/2007, -1/+2All secret messages shall be hand copied to edible paper, memorized by the other party, and then consumed.
  • Pollack, on 10/12/2007, -0/+1Use TrueCrypt [http://www.truecrypt.org/user-guide/?s=version-history]. It is open source, the source code is published, it is free, it is easy to use and the hidden volume feature gives a very high level of plausible deniability.
  • logic, on 10/12/2007, -0/+1Encryption algorithms OS dependent? Hell no...virii though, yeah.
  • bigboehmboy, on 10/12/2007, -0/+1This is pretty scary in my opinion, if only used for very serious issues ot's ok, but when the government strips humans of all privacy to try to stop all crime, we have a problem. I think to protest we should all change our encryption keys to 1984. that would be effective! (XD jkjk)
  • inactive, on 10/12/2007, -4/+5Chuck Norris doesn't encrypt his data. He just reads it, and the data gets so scared it scrambles itself.
  • siliconglen, on 10/12/2007, -0/+1Some thoughts I wrote a few days ago on the security Vs Privacy argument. Some examples there on questions as a response to "Have you anything to hide?". See here

    http://www.siliconglen.com/news/2006/05/stop-id-cards-and-database-state.html
  • mrpackrat42, on 10/12/2007, -0/+1Actually, it's a lot better to do both. That is, encrypt your data and then hide it using steganography techniques. The problem with steganography by itself is that it's a lot easier to figure out that you're using it than it is to brute-force an encryption key.
  • karamba_kid, on 10/12/2007, -0/+1Now all they would need would be the passphrase to use the key. Let me guess that's the next thing they try to demand. ya right, good luck getting my stuff.
  • krux, on 10/12/2007, -0/+1I like it.
  • ctech2k, on 10/12/2007, -0/+1It's already the law in the US--you can go to jail if a court orders you to provide your encryption keys and you refuse.

  • dscx, on 10/12/2007, -0/+1well frying the bios would be pretty pointless as it could be replaced
  • v3xt0r, on 10/12/2007, -1/+1In Soviet America...

    The government are the terrorists! =/
  • Saintlink, on 10/12/2007, -4/+4Chuck Norris needs a cane, Jack is the new Chuck.
  • JamesReyn, on 10/12/2007, -0/+0It seems to defeat the purpuse of encrypting files if someone can just come and ask for the code and you are forced to give it to them... but ofcourse this is a idea in the uk and will eventually come to canada so i dug it
  • PhatFingers, on 10/12/2007, -0/+0There's a fundamental problem with this. With ordinary public key encryption, the person encrypting the data has no "master" key to give. Say APowers sends JBond an encrypted message. MI6 intercepts the message.

    If MI6 asked APowers for the "master" key, he wouldn't have it (and shouldn't). He could only provide the public key used to encrypt the message, not the private key held by JBond.

    If they ask JBond for the key, he can give whatever key he wants or none at all. He has no control over APowers, who may have encrypted a message with a different key than the public key he published, or may have sent random data as a practical joke. Where's the burdon of proof?
  • julesp, on 10/12/2007, -0/+0@ywong137 I've seen this happen to other people mostly on wikipedia links but you guys keep forgeting to remove the last parenthesis from the hyperlink. Just a heads up.
  • geekee, on 10/12/2007, -1/+1A search warant can't have the same strict definition of innocent until proven guilty that a court proceeding has. Otherwise you'd be in a catch-22, and no search warrants would ever be issued.
  • SmokedL, on 10/12/2007, -0/+0@CypherXero

    As long as people think they're powerless that's true. Then again, when people actually get off their asses and do something about it the government has real problems. See there aren't millions of them! Unjust leadership stays in power through mind games consisting mostly of intimidation in all it's forms. This is one of them. They can only do it if the population let's them.
  • paintballpc, on 10/12/2007, -0/+0Putting all master key in one location is completely stupid security wise, an attacker would only need to compromise one network to get all master keys to all other networks in the UK. lol dumb ass! I dough they would be ready to handle the amount of attacks that this would cause. they would put all of the UK networks at risk.
  • _HAM_, on 10/12/2007, -3/+3Actually it should do the opposite.

    There should be two ways two decrypt.

    One way will decrypt what you actually want hidden.
    The other way will decrypt decoy information.

    So if they demand the key you say 'sure,' and give them the decoy key.
    Which then decrypts a private journal about how once you got pwned
    hard in WoW, but not the secret plans to build a nuclear bomb.

    That way they think you actually gave them something.

  • bentman78, on 10/12/2007, -0/+0Hey, some co-workers are good. Chloe O'Brian rocks. Not only does she help Jack out, she's a computer genius as well.
  • PhatFingers, on 10/12/2007, -0/+0Put another way, if I send you an e-mail with an encrypted file, and the police demand the decryption key from you, can they throw you in jail if you can't produce it?
  • Fetching more discussions...
    Show 51 - 63 of 63 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.