Wednesday, 6 October 2010

Hiding keys

http://www.bbc.co.uk/news/uk-england-11479831
[Someone jailed for not handing over an encryption key]

I was rather shocked by that. I remember being shocked when RIPA came in and had not caught up with the fact that there have been a few cases now.

It is a fact of life now that information can be hidden and not be accessible if someone wants it to stay hidden. To be honest this has always been the case even without convoluted tricks like Dan Brown's cryptex. People have been able to just keep secrets in their head.

Forcing someone to come up with a password if they do not want to goes against basic ingrained ideas like right to remain silent and right not to incriminate yourself as well as right to privacy. This is eroding civil liberties, IMHO.

It is also so pointless. People can hide information - there are plenty of tricks if you want to hide data in ways that do not look like the data is hidden. The more cases like this happen the more standard, off the shelf (well, downloadable for free), apps will provide this functionality and the concept of asking someone for their encryption keys will vanish.

There are almost certainly legal tricks too, such as the key being held by someone else but you having no right to it or control over them formally and them being in another country, etc. i.e. they happen to log in an unlock your disk for you if you ask, but there is no actual right to compel them to, and they won't if they hear you have been arrested.

I think I'll start putting random data files on my hard disk to prove a point.

1 comment:

  1. totally agree with you that this is an erosion of the right to silence etc (though that has actually been removed from the statutes quite a while ago despite my firmly believing that we hold that right regardless)

    I for one will [un]happily go to jail before I give up any of my keys

    not that I have anything untoward to hide ... just on the principle of the matter thank you very much !

    and as you quite rightly say its not necessary to even have anything encrypted in a conventional way ... I could give them my rsa/dsa/ssl/pgp keys etc and still have stuff hidden in plain sight without _them_ #1 being aware of the existence of such data #2 or its methods of hiding it

    much of RIPA is either plain wrong or ill-thought out or ill-conceived and goes against quite a few human rights

    ReplyDelete