One key to rule them all; one key to find them...

Status
Not open for further replies.
S

Sindawe

Member
Joined
Dec 26, 2002
Messages
3,480
Location
Outside The People's Republic of Boulder, CO
Coming soon to a country near YOU! I have no doubt our "servants" in power are drooling to bring this here...
(UK) Government to force handover of encryption keys
Tom Espiner
ZDNet UK
May 18, 2006, 12:10 BST

The UK Government is preparing to give the police the authority to force organisations and individuals to disclose encryption keys, a move which has outraged some security and civil rights experts.

The powers are contained within Part 3 of the Regulation of Investigatory Powers Act (RIPA). RIPA was introduced in 2000, but the government has held back from bringing Part 3 into effect. Now, more than five years after the original act was passed, the Home Office is seeking to exercise the powers within Part Three of RIPA.

Some security experts are concerned that the plan could criminalise innocent people and drive businesses out of the UK. But the Home Office, which has just launched a consultation process, says the powers contained in Part 3 are needed to combat an increased use of encryption by criminals, paedophiles, and terrorists.

"The use of encryption is... proliferating," Liam Byrne, Home Office minister of state told Parliament last week. "Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of Part 3 of RIPA... which is not presently in force."

Part 3 of RIPA gives the police powers to order the disclosure of encryption keys, or force suspects to decrypt encrypted data.

Anyone who refuses to hand over a key to the police would face up to two years' imprisonment. Under current anti-terrorism legislation, terrorist suspects now face up to five years for withholding keys.

If Part 3 is passed, financial institutions could be compelled to give up the encryption keys they use for banking transactions, experts have warned.

"The controversy here [lies in] seizing keys, not in forcing people to decrypt. The power to seize encryption keys is spooking big business," Cambridge University security expert Richard Clayton told ZDNet UK on Wednesday.

"The notion that international bankers would be wary of bringing master keys into UK if they could be seized as part of legitimate police operations, or by a corrupt chief constable, has quite a lot of traction," Clayton added. "With the appropriate paperwork, keys can be seized. If you're an international banker you'll plonk your headquarters in Zurich."

Opponents of the RIP Act have argued that the police could struggle to enforce Part 3, as people can argue that they don't possess the key to unlock encrypted data in their possession.

"It is, as ever, almost impossible to prove 'beyond a reasonable doubt' that some random-looking data is in fact ciphertext, and then prove that the accused actually has the key for it, and that he has refused a proper order to divulge it," pointed out encryption expert Peter Fairbrother on ukcrypto, a public email discussion list.

Clayton backed up this point. "The police can say 'We think he's a terrorist' or 'We think he's trading in kiddie porn', and the suspect can say, 'No, they're love letters, sorry, I've lost the key'. How much evidence do you need [to convict]? If you can't decrypt [the data], then by definition you don't know what it is," said Clayton.

The Home Office on Wednesday told ZDNet UK that it would not reach a decision about whether Part 3 will be amended until the consultation process has been completed.

"We are in consultation, and [are] looking into proposals on amendments to RIPA," said a Home Office spokeswoman. "The Home Office is waiting for the results of the consultation" before making any decisions, she said.

The Home Office said last week that the focus on key disclosure and forced decryption was necessary due to "the threat to public safety posed by terrorist use of encryption technology".

Clayton, on the other hand, argues that terrorist cells do not use master keys in the same way as governments and businesses.

"Terrorist cells use master keys on a one-to-one basis, rather than using them to generate pass keys for a series of communications. With a one-to-one key, you may as well just force the terrorist suspect to decrypt that communication, or use other methods of decryption," said Clayton.

"My suggestion is to turn on all of Part 3, except the part about trying to seize keys. That won't create such a furore in financial circles," he said.

Source: http://news.zdnet.co.uk/0,39020330,39269746,00.htm#zdpoll
Click to expand...
 
People can always start sending each other large amounts of encrypted random hash.

Then when decrypted, it will still be hash.

And the UK constabulary won't know whether or not a message has been properly decrypted or if they've been given the proper keys.
 
Doesn't matter. They'll charge you with obstructing justice for giving them the wrong key, even if it was the right key and the decypted data was just trash.
 
They'll bend over and take it, just like they do all of Big Brother's edicts. Ingsoc lives on in the UK. Amsoc coming soon to a city near you! (oops, too late...)
 
Welcome to the police state. (I know, I write this a lot).
britain is lost
Europe is very close to being lost (the netherlands are lost)
and honestly, the US isn't far behind.

Very scary times my friends.
 
This is only the beginning. There is no end to a gov's hunger for power, and it likes to share power with no one.

In a way, liberties were better protected due to lower technology level in the past. With the advent of semi-conductor electronics, we were set on a path of no return. The next step is massive biometrics based on the developing biotechnology, especially molecular biology. Then cash will disappear and all transactions will be paid for with a finger-print, a hair, and/or a retinal scan. Welcome to the brave new world, with privacy and liberty for none.
 
Then I guess Truecrypt will become popular in Britain. Truecrypt lets you put encrypted files into a container file AND add another container with another password. It works like this:

Create an encrypted container with the password you plan to give up and some files close to what the police are looking for.

Create the container in the container, with the second password which nobody can prove to exist. There go the real files.

There is nothing the British police can do against this approach, as they got your password. If your data is sensitive, spend a day or two in jail before 'surrendering' the first password.

www.truecrypt.org
 
In a way, liberties were better protected due to lower technology level in the past. With the advent of semi-conductor electronics, we were set on a path of no return. The next step is massive biometrics based on the developing biotechnology, especially molecular biology. Then cash will disappear and all transactions will be paid for with a finger-print, a hair, and/or a retinal scan. Welcome to the brave new world, with privacy and liberty for none.
Click to expand...

And the inevitable result of this madness to control will be increasing anarchism, subversion, and terrorism, all designed to break the stifling fist. An excess of Order will breed mounting Disorder.
 
So, much like all these studies that state things like 'Too much Captain Crunch causes cancer in lab rats' when are they going to realize that 'Too much gov't intrusion into people's private lives causes paranoia'?

I also recommend just sending random junk encrypted, just to keep them busy.
 
I would suggest sending everything encrypted. But there's a caveat:

Sooner or later they'll get tired of wasting time and manpower decrypting people's personal ads, forum posts, shopping lists, restocking orders, love letters, and Fark photoshops that they'll simply outlaw encryption software to civilians, just as they outlaw the export of certain encryption technologies.
 
One time pad. Picture a DVD that is nothing but a giant digital one time pad. You make two copies, and send one via a more secure physical route. I don't think it would take much work to design a program that would take the random numbers and use them to scramble a message, and include a tag so that the recieving machine can unscramble it. Heck, with using a very light encryption with it, you could probably use such a pad several times before needing to replace it.
 
The UK Government is preparing to give the police the authority to
force organisations and individuals to disclose encryption keys, a move which has outraged some security and civil rights experts.
Click to expand...


From a bumper sticker I once saw:

"You can have my private key when you pry it from my cold, dead brain."
 
One time pad. Picture a DVD that is nothing but a giant digital one time pad. You make two copies, and send one via a more secure physical route. I don't think it would take much work to design a program that would take the random numbers and use them to scramble a message, and include a tag so that the recieving machine can unscramble it. Heck, with using a very light encryption with it, you could probably use such a pad several times before needing to replace it.
Click to expand...

You, sir, are a GENIUS.

DVDs ARE one time pads, AS IS.

All you would need to do would be to agree on what DVD, what range of bytes, and how the bytespace is consumed.

I'm gonna give this more think. There's probably something that gives the show away in there.

Flipside, making your own pad isn't hard, once you've sorted out a good entropy source.
 
The technique is well-known. It is called a "code book". Previously it used to be a random, hard-to-find book, e.g. a paperback novel, and the message contained the coordinates of a word or letter according to a pre-agreed algorythm, e.g. 812305 might mean page 81, line 23, 5th word.

An additional layer of encryption would be to use identical words in different locations, so that the actual number associated with a particular word is always different.

On top of that, one can add a "cypher", which is an algorythm for one-to-one displacement of letters and/or symbols. One of the most famous is Caesar's cypher. Allegedly, Caesar wrote some of his letters by displacing each letter of the alphabet by two positions, so that he would write C instead of A, D instead of B, etc.

Yet another technique is to vary the rules from day to day based on pre-agreed timetable, e.g. the way the Germans used the Enigma machine.

Stacking up such layers of encryption, especially by going back and forth between codes and cyphers that vary in time would make the required computer resources and time for decryption prohibitively large.
 
There's been some things done on the order of quantum packet encryption as well. Due to Heisenberg's uncertainty principle, any attempt to examine the makeup of the message literally changes any bit you look at, so you can't ever find the patterns to decrypt it.

I like that. :D


For the here and now, you can also encode quite a bit into a simple bitmapped image, which appears to be just another boring vacation photograph to anyone who intercepts it.
 
Status
Not open for further replies.

Similar threads

C
  • Locked
Alan Keyes: Government will stage terror, declare Martial Law
Replies
8
Views
687
XavierBreath
XavierBreath
2
  • Locked
Four Cuban Coast Guardsman Defect in Key West- w/ their ak 47's
Replies
1
Views
528
NewShooter78
N
T
  • Locked
Lawmakers Warn That Patriot Act Will Not Be Renewed Without Changes
Replies
7
Views
686
Sergeant Bob
S
H
  • Locked
Most terrifying gun in the world seized.
2 3 4
Replies
98
Views
2K
iapetus
I
O
  • Locked
Chips track license plates
2
Replies
43
Views
2K
Sleeping Dog
S
Back
Top