On 11 Feb 2009, at 00:54, Iain Buchanan wrote:
On Fri, 2009-02-06 at 22:21 +0000, Stroller wrote:
On 6 Feb 2009, at 05:28, Iain Buchanan wrote:
...
so I created a file:
dd if=/dev/urandom of=Desktop/random.img bs=1024 count=500960
It has just occurred to me:
In the UK you can be imprisoned for failing to provide an encryption
key corresponding to this file.
are you joking? what's the story there?
It is a facet of the Regulation of Investigatory Powers Act (RIPA),
which was passed in 2000 but which only came into effect just over
year ago.
... those served with a "Section 49" notice have to either
make decryption keys available or put the data in an
intelligible form for authorities. Failure to comply could
mean a prison sentence of up to two years for cases not
involving national security or five years for those that
do.
<http://www.infoworld.com/article/07/10/01/UK-encryption-disclosure-law-takes-effect_1.html
>
Under Part III of the act:
If any person with the appropriate permission under Schedule
2 believes, on reasonable grounds ... that a key to the
protected information is in the possession of any person,
... the person with that permission may, by notice to the
person whom he believes to have possession of the key,
impose a disclosure requirement in respect of the protected
information.
<http://www.opsi.gov.uk/acts/acts2000/ukpga_20000023_en_8#pt3-pb1>
Because the generated file is indistinguishable from an encrypted file
it may be reasonably be believed to be one. Especially if you are
charged with a crime &/or use encryption for other purposes.
In September 2003, Home Secretary David Blunkett announced
wide-ranging extensions to the list of those entitled to see
information collected under the RIPA. The list now includes
jobcentres, local councils, and the Chief Inspector of
Schools. Civil rights and privacy campaigners have dubbed
these extensions a "snoopers' charter". At the passing of
the act only nine organisations (including the police and
security services) were allowed to invoke it, but as of
2008, it was 792 organizations (including 474 councils).
In April 2008, it became known that council officials in
Dorset put three children and their parents under
surveillance, governed by RIPA, at home and in their daily
movements to check whether they lived in a particular school
catchment area. This was in the context of rules which allow
people who live in the school catchment area to enjoy
advantages in obtaining a place at a popular school. The
same council put fishermen under covert surveillance to
check for the illegal harvesting of cockles and clams in
ways that are regulated by RIPA. Other councils in the UK
have conducted undercover operations regulated by RIPA
against dog fouling and fly-tipping.
<http://en.wikipedia.org/wiki/
Regulation_of_Investigatory_Powers_Act>
(The cases cited in the last paragraph surely apply to the RIPA's
regulation of CCTV surveillance, rather than encryption, however I
thought it relevant to illustrate how wide-ranging the use of this
"anti-terrorism" act has become).
Stroller.
