Recently there has been debate in the UK and USA about the necessity to give up passwords. Particularly surrounding encryption keys. The UK has laws forcing you to divulge passwords as requested or there is jail time, the USA is still formulating a legal position, some saying that refusal is in keeping with 5th amendment rights not to incriminate yourself others likening an encrypted hard drive like a safe which there is legal precedent can be opened on a warrant.
I can see both sides to why the authorities want to view data and the converse about why it should be kept private. I will explain why I think this is futile and something not desirable.
Often people suspect that if you encrypt your data then you must be a criminal or a terrorist. They say that if you don’t have anything to hid then you should not mind handing over your data. I support encrypting things because of many different reasons;
Reasons for encryption
I am not a paranoid person ~ I know that people read things stored on computers.
- I want to do secure Internet banking and want a secure platform to do this from.
- I know that businesses routinely do things like read people’s email (they claim they can because it is in their IT policy, although I doubt it is that compliant with national privacy principles)
- I know that chat records are routinely intercepted.
- I know that email providers such as google have in the past handed over user names and passwords to governments (which may or may not have jurisdiction over the owner) and I know that mistakes are routinely made.
- From working at a mobile phone company I know that phone records and what happens in phones is subject to requests from agencies who may not necessarily have a warrant to view those records and internal fraud teams who may also Cross reference your data.
- I know that some companies are pushing heavily to be able to seize computers and accuse you of copyright violations without what I would call a high standard of proof.
- I know that you are rarely the only one to use a computer – you may have friends, acquaintances or relatives who want to use it to check facebook and may look for other things even by accident.
- I know that a computer may be stolen and people love personal information for nefarious means.
- I know that after studying the law for over five years that if the police want to get you for something then they will even if it was not what they were originally trying to get you for then they will take whatever else if they are out to get you.
Unreasonableness of nothing to hide argument
Just because you have private data does not mean you want that knowledge made public. Of course I personally don’t have anything to hide but you may. You may not want your boss to know that you are looking for another job, you may not want your mother to know what you get up to in your spare time you may not want your partner to know what you are getting them for christmas or you may not want your identity to be stolen and you may not want the police to accuse you of something becasue of a worm inserted on your computer downloaded something dodgy… so why let people know if you don’t want to?
There is no guarantee that if the police or government authorities or anyone else having a look won’t keep your data private even if what they find is not what they were looking for.
Means of encrypting your data
You can encrypt your web traffic using a vpn server to stop it being intercepted
You can encrypt sms messages on an iPhone (http://www.redmondpie.com/send-secret-encrypted-sms-text-messages-from-your-iphone-using-secretsms-app-jailbreak-req/)
You can encrypt your email using many methods including PGP and http://enigmail.mozdev.org/documentation/quickstart-ch3.php.html
You can encrypt your chat records off multiple different protocols using OTR http://www.cypherpunks.ca/otr/
You can encrypt your whole hard drive using truecrypt http://www.truecrypt.org/
There are many alternatives to the above scenarios and other products that produce the same results. Whenever you go to a website with https you are encrypting data so people in the middle can’t see what is going on, on most websites your passwords should be encrypted so they can’t fall into the wrong hands. Without encryption many of the benefits of the modern internet could not function. So even if you are unfamiliar with the technology you are using encryption probably every day. These are just means to enhance things that y may not be encrypting.
How Encryption Works
All the encryption methods above are based on the same premise that data is scrambled using a key (a very large number) so only someone with the appropriate key to decrypt (may or may not be the same key that encrypted) can access the data. To unlock this key you can use a file or password which is then used to produce an even longer stream of data which is used for encryption. The longer the file or password and the bigger the key the more secure your data should be.
If you use enough bits of encryption (a larger number) and there is sufficient entropy (randomness) in the key theoretically it will take longer than the universe has existed to crack these encrypted files. For all intents and purposes if it is locked then it can not be unlocked. I’m sure that in 100 years your data is probably not going to be safe, due to either advances in quantum computers or more likely a breakthrough in computing very large prime numbers. Some people think that the NSA can crack modern encryption. If they could, I think it will be like bletchley park in world war 2 and it would be used sparingly and only known by the elite few, I’m sure they will not be pointing their attention to the average reader of this post any time soon to read their compromising emails. I’m sure whoever discovers it will be stealing money on an unprecedented level if this were the case.
As you can see the key for encryption is very valuable if you want to keep your information secret. The key can be a password or can be a file or a combination of both.
Should the authorities be able to obtain my key?
If you think that the threat of terrorism is an all encompassing threat that involves giving up most of your personal freedoms then maybe it is acceptable for more of your rights to be trampled and you to be forced to give it up. If you don’t mind if everyone knows everything you don’t want them to find out then fine (If you really believe that why don’t you post all your personal information on facebook all of the time??). Looking at the history of recent totalitarian and other oppressive regimes I don’t think having authorities knowing everything about everyone is a particularly good idea.
I read the other day that as we know in most democracies, you are innocent until proven guilty, that there is no onus on you to help prosecution because you can not be more innocent than you already are. I agree with this sentiment, If there is evidence of a crime on a computer they should be able to find the evidence independently of you having to give up your freedoms.
There is precedent that currently a judge can force someone to give up the keys to their safe else they will force the safe open, this is analogous but not the same because the encryption can not be brute forced. It is also different because the safe is a physical object and everything in the safe would have been placed there by someone with a key a computer may hold information that was not placed there with consent and the evidence it contains may not reflect a physical occurance taking place. Besides i’m not that keen the idea that people can order my safe opened but that is another post.
The major reason I’m against the revelation of passwords is because it may be an exercise in futility. You can’t prove what someone knows and they may not know the key or the password. The key or password may not exist and even it it does what it reveals may not be what the authorities are after. The password may only reveal a glimpse of what is on the computer and there may be many levels of encryption which may be impossible for the authorities to detect and therefore not reveal what they were looking for anyway. Truecrypt for example lets you encrypt data so if you enter one password you can see one set of files, if you enter another one more hidden files will be revealed. It seems from my research impossible to prove beyond reasonable doubt that the second encryption actually exists. Different forms of encryption can be combined meaning that the system may be unlocked but innocous looking files can contain extra information. Additionally the person may not actually know the password, they could have used different techniques to automatically enter the passwords or keys that no longer exist.
I don’t think it is fair to arrest someone and detain them for accessing something that they can not physically unlock and the prosecution can not prove that they have the ability to do so. If the burden of proof is changed so they are forced to reveal or they are detained regardless if this can be proved then they are no longer innocent until proven guilty and this premise of our legal system is defeated.
If you make it a crime for people to encrypt their data then you are effectively preventing people from using anything secure on their computers including voip, internet banking, connecting to their workplaces and probably even using a chip and pin credit card (that contains onboard encryption). They also would not be able to watch dvds and would not be able to play on a playstation or watch something through HDMI (depending on the protocol). This would also mean that people who have data of their own can be committing a crime by obscuring or deleting it (even having a diary written in code would be wrong). This scenario appears so ludicrous it may actually come true but would be stupid.
So, if you don’t want to give up your encryption and don’t want to go to jail I think your options are limited. If you are innocent and you can’t prove it (as you would not be able to) then you would go to jail. If you were not allowed to encrypt this also would be ludicrous. Even if you comply they could then say there is another level of encryption (even if there is not) and this could continue until you end up serving time.
Can you have encryption but retain the ability prove you are not be able to decrypt?
After thinking about this very heavily there are several things that can be ruled out as options:
- If you were to install something that changes the key on the computer to something you don’t know when you shut it down then this may not work because of a number of reasons including the authorities could seize your computer when turned on and attach an external power supply to keep it running. Also – if power was just cut then it would just shut down and not actually change something on the disk.
- If you were to generate a key that is stored online then there is enough replication in the internet to mean those looking for your key may be able to grab a cached copy somewhere online.
- If you were to have a program that was to lock out all users whenever so many incorrect passwords were entered this may not work as when they seize your computer they may have taken a full image of it so can restore after each false attempt.
- If you split the key so two people had 1/2 each then both of you could be co opted into delivering the system access.
- If you were to use a key that resided on a flash drive then this could be confiscated from you and then your security is compromised.
The only solution that I can find is that you need to have a key that can be destroyed without your involvement so you can not recover it and you can prove it has been destroyed. The only practical way I can find to do this is to use a self destructing encrypted USB key. The funitsu tamatebako seems to be the solution to this. You can instruct it to destroy your files on a number of incorrect attempts or it not being accessed correctly for a particular period of time – such as 2 days. So if you put your key there and accessed it just before your computer was seized, then exercised your rights to silence then engaged a lawyer it would be longer than 2 days before they could make you divulge your key, by this time the key would be destroyed irrecoverably. You could then present this and say this is what unlocks it. It would mean that you would never get back onto your computer but no one else would either. They still may not take it as proof there are no other methods but would be fairly convincing in any reasonable court that you can not divulge what you have been requested to do and have complied with all their requests.
Personally I won’t be taking it to that extreme, If i were to encrypt something I think I’d just do the plausible denyability thing on truecrypt and encrypt a virtual machine in the hidden container. I’m yet to see what the direction of this will be in Australia but I’m hoping we can just take our own version of pleading the 5th and hope our elected representatives respect our privacy.
Further Reading:
Self Destructing Flash Drive http://www.ubergizmo.com/15/archives/2010/06/fujitsu_introduces_its_tamatebako_self-destructing_flash_drive.html
Protection against forced revealing of passwords http://www.techburgh.com/2010/01/05/how-to-protect-when-you-are-forced-to-reveal-your-computer-password/
USA forced divulge case http://news.cnet.com/8301-13578_3-10172866-38.html
UK forced divulge law http://www.out-law.com/page-8515
UK forced divulge case http://it.slashdot.org/story/10/10/05/2038219/British-Teen-Jailed-Over-Encryption-Password
WHAT DO YOU THINK?
What is your opinion of all of this? Do you think that we should be able to give up our passwords? Do you think my method of destructing keys would be effective against a determined legal opponent? Where do you see these laws in 10 years? Please comment below
No related posts.
2 comments
livelybrowsers says:
October 20, 2010 at 02:36 (UTC 10)
Thanks for good stuff
roclafamilia says:
October 21, 2010 at 22:48 (UTC 10)
Helpful blog, bookmarked the website with hopes to read more!