smartplanet.com / Smart Technology / Thinking Tech

Jail if you do not decrypt your personal files

By Dana Blankenhorn | Aug 12, 2009 |

“So what did they get you for?”

“I refused to decrypt my hard drive.”

Two people in England face up to five years in prison for refusing to give police their personal data decryption keys.

Police there were given authority to demand keys in October, 2007, and for the year April 2008-March 2009 applied for 26 such warrants.

Of those 17 went through judicial review, 15 were served, 11 people refused to comply, 7 were charged and 2 convicted. The Register notes that no requests for warrants were refused.

The warrants are issued by the country’s National Technical Assistance Center, part of the Office for Security and Counter Terrorism. They are then subject to judicial review.

Authorities there insist all these were “”counter terrorism, child indecency and domestic extremism” cases, but at least one animal rights activist was charged under the law.

Now, while you consider carefully whether this sounds like a good idea for the U.S., computer security expert Bruce Schneier wrote last month there is an easy way around such a law.

Encrypt the data to a key you don’t know.

Computer data is decrypted with a two-key process. A public key, generated by a computer program, is run through a private key, one that you know.

What Schneier suggests is that, if you suspect the cops want your data store you create a new private key by pounding the keyboard a while at random. Then pass this new key to someone you trust, and forget it.

Now when the cops want to get into your stuff you can honestly say you don’t know how to get into it. When the coast is clear you retrieve the private key from your friend and get back in.

Obviously there are two problems with this. First, you need a friend. Second you need to make certain the cops don’t know, and can’t easily guess, who this friend is.

Schneier suggests you use someone with whom you have a legally privileged relationship — a spouse, a priest, your lawyer. If you don’t have a friend copy the key to a USB drive and mail it to yourself.

One idea I just had is to place the key inside another, innocuous file, and pocket the USB drive, or give that drive to the privileged associate. Now if the cops even get the drive it becomes a very big haystack and your key a needle in that haystack.

If you’re really a bad guy, involved in one of the high crimes mentioned above, this conspiracy is an easy hack. If you just distrust the government you can do this before the black helicopters descend.

So does passing a law demanding encryption keys really make any sense at all?

 
Reply to Story

SmartPlanet TalkbackShare your ideas and expertise on this topic

Subscribe to this discussion via RSS

  •  
    1

    wekiva@...

    08/12/09 | Report as spam

    RE: Jail if you do not decrypt your personal files

    Not much of a secret key is it? Privacy is basic, natural law.

  •  
    2

    DanaBlankenhorn

    08/12/09 | Report as spam

    I don't see it in the Constitution

    This is what conservatives love to say when the subject is a woman's right to control her body. Suddenly you're facing a demand for potential evidence and you discover the principal.

    The 4th Amendment is a better argument than privacy, by the way, but that can be trumped by calls to national security or against child porn. At which point we go down the slippery slope.

  •  
    3

    Ajay.A.Desai@...

    08/12/09 | Report as spam

    Ajay Desai

    Chances are, if the authorities are after you and the data you have
    contains incriminating evidence, you would rather never see that data ever
    again in your life.

    I think that there are few who could use this method well however, and I'd
    narrow it down to those involved in the US vs UBS/Swiss Bank account
    and tax evasion investigations.

  •  
    4

    Ajay.A.Desai@...

    08/12/09 | Report as spam

    Ajay Desai

    Forgot to answer your question Dana. No, the laws don't make any
    sense at all. Frankly, how can we expect 435 people to have
    anywhere near the intelligence or experience to understand 1/10 of 1
    percent of the facts in this legislation. Such is the woe of most IT law
    out there, that it is is broad and unreachable, circumventable,
    convoluted, confusing, over abundant and lacking at the same time.
    Throw in more adjectives if you wish.

    Let me take a step back here, and propose a greater suggestion. If we
    take a look at our GDP and the amount of money that is generated by
    technology, can we really trust the current legal system with
    judgement on these matters? I believe a separate court system is
    needed with judges and jury's picked from certified technology
    professionals to delegate over these matters. The recent retarded
    judgement of a Texas judge in the Microsoft XML case being the latest
    consequence of Judicial ignorance.

The following tags are supported in Smartplanet comments:
<b></b> <i></i> <u></u> <pre></pre>

Leave a Reply
  1. Name: You are currently: a Guest |
advertisement
Click Here

Quick Poll

advertisement

Active SmartPlanet

Blog Roll

John Dodge

John Dodge has answered the call of journalism for 33 years, most of the time covering technology, engineering and business. While he's run magazines, newsweeklies and web sites, reporting and writing always took up half his time. He has have plied his craft at the WSJ, Boston Globe, PC Week (now eWeek), EDN, Design News, Electronic Business, Bio-IT World, Health-IT World, the Lowell Sun, Haverhill Gazette and Newburyport Daily News. He would have like to have been around when Boston supported seven or more newspapers (1940s) and while steam locomotives still pulled trains, but that era was nearly over by the time he raced into the world. That said, he has been blogging and shooting and editing video, writing for web and other online contents tasks for years now.

He has won numerous journalism awards in the past two years, including two Eddie Golds, one Neal finalist and the IEEE Award for Distinguished Journalism all for his reporting and coverage of the Boeing 787 Dreamliner.

Besides his family and myriad hobbies, reporting and writing is why he gets up in the morning. His personal blog focuses on netbooks and is called The Dodge Retort.

John Dodge

John Dodge prides himself on completely independent journalism. His opinions, observations and reporting are not influenced by any financial holdings. He holds no shares in computer, electronics, software or Internet companies. He also has no business affiliations with organizations except with those for which he creates content as a freelancer.

Dana Blankenhorn

Dana Blankenhorn has been a business journalist for nearly 25 years and has covered the online world professionally since 1985. He founded the Interactive Age Daily for CMP Media, and has written for the Chicago Tribune, Advertising Age's "NetMarketing" supplement, and dozens of other publications over the years.

Dana Blankenhorn

Dana Blankenhorn has been a technology reporter since 1982, a business reporter since 1978, and a writer for as long as he can remember. His Schwab IRA has a few tech stocks in it, most notably some Intel and Applied Materials bought over 10 years ago. But the vast majority of his tiny fortune (emphasis on the word tiny) is invested in mutual funds. He presently writes for no one else but ZDNet, SmartPlanet and himself. But if you've got an opportunity let him know. If he takes the gig he"ll first add it to this disclosure page.
The Thinking Tech blog focuses on technologies such as virtualization, smart electric grids, enterprise 2.0, open source, data center management, green technology and the intersection between the innovation and application of these advancements.

About SmartPlanet | | Newsletters