Youth jailed for refusing to divulge his password

Sat, 2010-10-16 18:09 by admin

Oliver Drage

RIPA 2000 invoked
By Spencer DaIziel
Wed Oct 06 2010, 12:28

Read the complete article

A YOUTH HAS BEEN JAILED in the UK for refusing to give police his encryption password.

The 19-year-old from Lancashire has been sent up for 16 weeks porridge at a young offenders secure unit after police seized his computer. The police first arrested Oliver Drage in May while investigating the online exploitation of children.

When Drage was held the police formally requested that he give them his 50-character encryption password that was protecting his PC, but he refused to do so.

Drage still declines to hand over the encryption key for his PC and has been convicted of an offense under the Regulation of Investigatory Powers Act 2000 (RIPA 2000) for his refusal. …

Read the complete article

Hans's picture

Deniable encryption

Sun, 2010-10-17 08:29 by Hans

There are ways to solve this problem technically, generally by hiding or camouflaging encrypted data.

One way is to have an area inside the primary encrypted data that is not recognizable as data—it could look like unused disk space, for example—and encrypt private data inside that area with a second, different key. The primary encryption program could make sure that such areas are not overwritten or, alternatively, the user simply doesn't use the primary encryption program after initially putting in some decoy data, so it never overwrites anything.

Then you can hand over the primary key on demand, but nobody can possibly learn about the second data area and the second key, as long as you don't tell. The apparently unused space looks like gibberish, and there is no proof that it contains useful data.

There are many other conceivable ways to conceal encrypted data in a deniable way. Generally, encryption programs could provide second-level encryption and decrypt if you enter the secondary key, but refuse to reveal whether that function is used or not if you don't know the secondary key.

Or one could build a hidden vault in an area of the hard disk where nobody would search, like in unused files inside the operating system or even as an unused extension to files that are actually used, looking like a sleeping virus that is only activated by the unknown key. If somebody else finds out about the existence of such an apparent virus, the user could offer the possibility that his computer had been infected from the outside, and the infection was never noticed. The hidden payload data can still not be decrypted by anybody who doesn't know the secret key.

Ultimately what the authorities want—the transparent citizen—is not enforceable.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.