On Thu, 03 Feb 2011 00:35:35 +0000, Phil Stovell
Post by Phil StovellPost by CynicIt's all to little avail in the UK however, because plod will charge you
under RIPA section 3 if you do not provide them with the means to decode
the file. OTOH if you destroy the keyfile *before* receiving a section 3
notice, AFAIAA you cannot be convicted of failing to hand over the key
(but could possibly be charged for PCJ if it can be proven that a crime
actually exists).
FFS,
http://www.truecrypt.org/docs/?s=plausible-deniability
Yes, that's where Truecrypt might have screwed the system quite well.
Here's a true story.
I know of a case late last year where a person had all their computer
equipment seized by the police. Months later all the equipment was
returned *except* for a single hard disk drive (out of about 20 HDDs)
that had been whole-disk encrypted with Truecrypt (nothing else had
been encrypted). The person was told that the police were
"considering their options" wrt that disk because of the "nature of
the data" it contained. A few weeks later the disk was returned and
the case was NFA'd without further comment, and without the police
ever having even asked politely for the passphrase.
Based on that single incident and a bit of reasoning, I am *guessing*
that section 3 will not usually be authorised for Truecrypt encrypted
data. Here's my reasoning:
1) Section 3 of RIPA, which allows the police to demand a person to
decrypt any encrypted data, was fraught with controversy from the
start, and eventually enacted quite a while after the rest of RIPA had
been in force.
2) The police may not use that section as they like, but must submit a
request higher up the chain (I think the Home Office BICBW) before a
demand to produce the means to decode the data under RIPA can be
issued.
3) The Home Office have given assurances that Section 3 will be used
rarely, and will not be used unless there is a very solid reason to
believe that the encrypted data contains evidence of a serious crime.
4) Many politicians are keeping a close eye on how many notices are
issued each year, and of those notices how many have resulted in no
evidence of criminal activity being found in the decrypted data.
Obviously if it is used too many times on (apparently) innocent data,
there will be questions raised as to whether the power is being
abused, and a very real risk of the law being retracted by the new
government. Thus ISTM that the Home Office will want to be reasonably
sure that incriminating data will be found if the data is decrypted
before issuing the demand.
If someone with a bit of technical savvy exists in the Home Office
(which I know is questionable), they may possibly realise that there
is a significant risk that a Truecrypt disk, even if it is used to
store incriminating data, could have such data in a hidden section,
and the suspect would then obviously give the dummy password when
demanded by a section 3 notice - which would then go down in the
statistics as being a case where section 3 was used unnecessarily.
Thus there may be a strong political reluctance to use section 3 when
Truecrypt encryption is involved.
I am therefore *guessing* that in the case described, the police had
in fact requested a RIPA section 3 notice, and the request had been
refused (or the police had been given indications that a request would
not be granted if applied for).
I know that it is a very tenuous theory based on very little evidence,
and reasoning that may be a tad too logical to believe from a
politician, so nothing to rely on, but the case I know of certainly
shows that the police will not *automatically* turn to RIPA whenever
they seize encrypted data.
--
Cynic