[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] The Encryption Advert ( was Re: SUID bit - how do I set it?)



> I've been having some longish conversations with people about this.
> One of the conversations went along the lines that someone who was
> reasonably honest would have to stand up before a judge before
> something solid came to light or was decided.  If the person involved
> was in any way dishonest then they wouldn't last too long.
>
> Others go along the lines of "they can stuff". So, where you go from
> here I don't know ?

"They can stuff" is probably not going to get you very far in front of a
judge. :)

> Since you are in the unhappy position of being an IT professional then
> we have to assume that there are those days when you do squirm around
> in your own chair a bit and don't feel too good ?

Actually, this reminds me a lot of the Data Protection Act. There are very
few companies out there aware of this kind of stuff, and it's probably
surprising how much 'illegal' stuff goes on. I think it would be remarkably
easy to get a court to demand you hand over your private keys. Let's
remember how Gary Glitter was caught - he had illegal material on his
hard-drive when he took his computer in for a service. Now, for the sake of
argument, let's say a similar situation arose, but the material found was
legal, or at least dubious. Stuff like porn (some of which is legal),
bomb-making (information on this is certianly legal), right-wing material
(again, still legal). Not necessarily wholesome stuff, but legal all the
same. Are these grounds for the police to be called in? On their own, not
necessarily. But what if your D: drive is completely encrypted? With this
circumstantial evidence, is *that* enough? It can certainly be shown you're
into the 'wilder' things; it could also be suggested that merely having
encrypted data is a smoking gun.

> One of the things I've wondered about for a long time goes like this.
> Suppose you are a domestic dialup user of the internet what then ?  I
> know that the British legal system tries to go out of its way to
> protect innocent or honest people who are caught up in domestic
> circumstances that may not be something of their doing.

I don't think that necessarily holds any truck, where the internet is
concerned. RIP was justified because the internet is 'bad'. More than 50% of
FTSE 1000 companies report having lost thousands to 'cybercrime'. You don't
need an exceptional amount of equipment to perform crime - downloading
explicit porn is something anyone can do. How do the police tell the
difference between someone doing something legal and someone doing something
illegal? The answer is, of course, investigation, and we all know what I
stands for in RIP - (de :)Regulation of Investigatory Powers.

> I think by this I mean that the Police would have to go to extreme
> lengths to get hold of the keys of a personal user who has done
> nothing more than point and click on his or her favourite software.

I don't know, it depends how the keys are stored. I imagine they must be on
the hard drive somewhere, in which case it would be trivially easy to get
them, even if you've erased the hard drive (this includes zeroing it,
although that is less trivial ;). Once they can show some sort of dubious
action, I don't think it would take them too long to actually go to court,
get the order, confiscate the PC and grab the data. If there are more secure
methods of storing the data, then even when the police get their order it
may be tough for them to get the data, although that places the user in a
difficult position. So, I guess at the end of the day it comes down to how
hard is it to get an order? Certainly, the police are actually pretty
clued-up as far as computers themselves go.

> The commercial and academic sides of all of this are completely
> different.  But, here again we have to look towards a judgement.  Such
> a judgement may not come from the County Court ?

It'll be interesting to see if RIP gets used soon. I would imagine a test
case would be a High Court affair, not a local thing.

Cheers,

Alex.

---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.