None shall password

[Dave Birch] Technology does throw up some damned difficult issues sometimes, particularly when it has an impact on law enforcement. In the old days, when your door was kicked in by size 12s, all of your documents could be read and used in evidence. But it’s not so easy now.

Brazilian police seized five hard drives when they raided the Rio apartment of banker Daniel Dantas as part of Operation Satyagraha in July 2008. But subsequent efforts to decrypt files held on the hardware using a variety of dictionary-based attacks failed even after the South Americans called in the assistance of the FBI. The files were encrypted using Truecrypt and an unnamed algorithm, reportedly based on the 256-bit AES standard. In the UK, Dantas would be compelled to reveal his passphrase under threat of imprisonment, but no such law exists in Brazil.

[From Brazilian banker’s crypto baffles FBI • The Register]

I suppose you could always say that you were mentally ill and couldn’t remember the password, or something similar, but in the UK that wouldn’t keep you out of chokey.

The first person jailed under draconian UK police powers that Ministers said were vital to battle terrorism and serious crime has been identified by The Register as a schizophrenic science hobbyist with no previous criminal record. His crime was a persistent refusal to give counter-terrorism police the keys to decrypt his computer files. The 33-year-old man, originally from London, is currently held at a secure mental health unit after being sectioned while serving his sentence at Winchester Prison.

[From UK jails schizophrenic for refusal to decrypt files • The Register]

This is a really difficult issue. In the UK it’s illegal to not give the police your password to (I think) anything. Certainly, if you have encrypted email, files, disks etc and you won’t hand over the password (or decryption key) to the forces of law and order then you will go to jail. Someone else just has, in fact.

A teenager has been jailed for 16 weeks after he refused to give police the password to his computer. Oliver Drage, 19, of Liverpool, was arrested in May 2009 by police tackling child sexual exploitation. Police seized his computer but could not access material on it as it had a 50-character encryption password. Drage was convicted of failing to disclose an encryption key in September. He was sentenced at Preston Crown Court on Monday.

[From BBC News – Man jailed over computer password refusal]

He got 16 weeks in chokey for this. I can see three possibilities here: he is guilty of some child porn offence and his encrypted files would prove it, he is guilty of something else or he is not guilty but just doesn’t want the police looking through his files. Take the worst case (from society’s point of view, not his) and let’s say he is guilty of a serious child porn offence (I’m not saying he is, or isn’t, and I fully recognise that he wasn’t convicted of any such thing). I’m a parent. If he did such a thing, I want him locked up for a long time and I don’t want him back on the streets without treatment. 16 weeks is a joke. 

In the future, everyone will be famous for fifteen megabytes