Hi. As the RIPA 3 is currently written there seem to be two big holes. 1. Destroy the key and retain proof that you destroyed it - eg microwave the USB key. It seems that the law is only really designed to cope with keys (passphrases) that you can remember. Therefore if you have a physical 'key file' and can destroy it then there doesnt seem to be a penalty for that if I read it correctly. You can prove that you no longer posess the key - and therefore cant be penalised for refusing to reveal it! 2. Keep multiple keys (e.g. a dummy volume). The act specifies that if there is more than one key, you can choose which key to give up! ________________________________ From: owner-or-talk@xxxxxxxxxxxxx on behalf of Steve Crook Sent: Fri 19/05/2006 12:41 To: tor talk Subject: Re: Did you see this? On Thu, May 18, 2006 at 07:16:49PM -0700, Eric H. Jung wrote: > U.K. Government to force handover of encryption keys > http://news.zdnet.co.uk/0,39020330,39269746,00.htm Yes, once this is passed encrypting storage with a passphrase becomes a pointless exercise in the UK unless you are prepared to spend time at Her Majesty's pleasure in order to protect your data. I think the best solution is to run privacy services in a different jurisdiction from where the operator resides. For example, my Tor node is located in Texas and runs from encrypted volumes that I manually mount from the UK after a reboot. I don't think the "special" agreements between these countries currently stretch to international demands for passphrases. No doubt this would rapidly change if the accusation was related to terrorism or possibly one of the other horsemen of the infocalypse. I'd be interested to hear other suggestions for circumventing RIPA.