[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

RE: Did you see this?



Hi.
 
As the RIPA 3 is currently written there seem to be two big holes.
 
1. Destroy the key and retain proof that you destroyed it - eg microwave the USB key.
 
It seems that the law is only really designed to cope with keys (passphrases) that you can remember. Therefore if you have a physical 'key file' and can destroy it then there doesnt seem to be a penalty for that if I read it correctly. You can prove that you no longer posess the key - and therefore cant be penalised for refusing to reveal it!
 
2. Keep multiple keys (e.g. a dummy volume).
 
The act specifies that if there is more than one key, you can choose which key to give up!
 

________________________________

From: owner-or-talk@xxxxxxxxxxxxx on behalf of Steve Crook
Sent: Fri 19/05/2006 12:41
To: tor talk
Subject: Re: Did you see this?



On Thu, May 18, 2006 at 07:16:49PM -0700, Eric H. Jung wrote:
> U.K. Government to force handover of encryption keys
> http://news.zdnet.co.uk/0,39020330,39269746,00.htm

Yes, once this is passed encrypting storage with a passphrase becomes a
pointless exercise in the UK unless you are prepared to spend time at
Her Majesty's pleasure in order to protect your data.

I think the best solution is to run privacy services in a different
jurisdiction from where the operator resides.  For example, my Tor node
is located in Texas and runs from encrypted volumes that I manually
mount from the UK after a reboot.  I don't think the "special"
agreements between these countries currently stretch to international
demands for passphrases.  No doubt this would rapidly change if the
accusation was related to terrorism or possibly one of the other
horsemen of the infocalypse.

I'd be interested to hear other suggestions for circumventing RIPA.


<<winmail.dat>>