Compliance Toolkit
Story: Police want power to seize encryption keys
Posted by: Arthur B. (Saturday 26 August 2006, 11:01 PM)
Nope. The police can't say hidden data is relevant to their case until they discover and unhide that data first. Until then they can only assume the hidden data is relevant to their case (like assuming that file names have to say something meaningfull about the file content).
Furthermore, the police have stated that they've nothing else on the suspects (they all walk free because). Obviously the police can't crack the data themselves or else we wouldn't have this discussion.
So that means that on nothing else but a police assumption (like file names) people are expected to hand over their private keys (never mind if a virus eaten it or people simply forgot under the stress of getting arrested and such) or face serious jail time instead. Wow, and this in cases where the police has nothing else on the suspects but some suspicious looking file names (or else they could bring other criminal charges against the suspects).
Concerning the ability to crack data. Sure, an intercepted PGP encrypted data transmission is nearly impossible to crack (short of a lucky shot). But things change dramaticly to your favour once you have physical access to the originating machine itself. For one, passphrases are commonly phrases people can remember and therefor not so complex as machine based phrases. As such easier to brute force.
Another thing are flaws in the encryption programs used. Most programs contain flaws that are solved over time. It's not unreasonable to think that machines that have been collecting dust for over a year now have (encrypting) programs installed on them for which various security issues are known by now. In other words, if you can't crack the data then crack the program. Furthermore, not everything is PGP encrypted. Plenty of people out there who rely on non PGP based encryption schemas. Plenty of those are much easier to crack.
Somehow I don't think that the police have managed to confiscate the only machines in the entire UK that are fully up to specs to the highest standards of modern security (even though they've been collecting dust for over a year now). As such I wouldn't be willing to hand over my encryption keys whenever the police feels lost. First the police needs to demonstrate a more then average best effort in doing a best effort themselves. There are plenty of creative ways to crack data BUT I WON'T REVEAL THEM IN PUBLIC no matter how many disagreeing comments I get. For those of you who think otherwise nonetheless, do feel safe in your false sense of security. You have my sympathy.
As for the Israel scientists. I've found the press release in question. It turns out to be RSA specific and only mentions PGP as a side note. My apologies for the confussion about that.
Full Talkback thread
Story: Police want power to seize encryption keys
-
Encryption keys are _public_ . This won't help th... Ron B. -
Hi Ron,
That's an interesting point, thanks.... Graeme Wearden -
The police want powers seize encryption keys; why... Anonymous
-
The whole question of encryption needs rethinking.... Anonymous
-
Perhaps it is time that civil servants like Simon... Chris Goodman
-
All they have to do is talk to matey boy gates you... pete
-
So we are to believe that terrorists, paedophiles... Arthur B.
-
Why can't there be more people like Arthur B.... Anonymous
-
Arthur B. wrote:
[Quote]
So we are to believe... Ron B.
-
In answer to Arthur B.'s suggestion that... Ron B. -
It seems as though the law and ever... Myles
-
I believe some years ago some Israe... Arthur B.
-
Arthur B. wrote:
[Quote]
I bel... Ron B.
-
Nope. The police can't say hidden data is relevant... Arthur B.
