Which will work so long as you've used a perfect system that can't be shown to have encrypted data by the boffins of GCHQ.
Not a gamble I'd take. Remember if you've claimed there is no encrypted data and so refused to provide a key they'll only need to show that there is encrypted data and possibly that you own that computer (but if you've made the aforesaid denial I don't think they'd even need to do that, logically) - perhaps on seizing the computer an officer caught information displayed on screen on their video camera (used to record during raids) before you hit the power switch. Perhaps there's a snippet of something that can be extracted from a volatile memory buffer?
I don't fancy your chances. So you may as well not bother planning any terror attacks, kthnxbye
To my lay understanding (IANAL) it seems the legal system used to have a strong distinction between "things you have" and "things you know". To the point in the U.S. where "taking the 5th" is very much in the public consciousness as not having to say anything that could be used against you. A warrant certainly can be used to take the drive with any encrypted material on it, but forcing divulgence of the keys seems like another level entirely.
The proper analogy would be refusing to give a combination for a safe, which you can probably do, its not such an issue because they can break the safe open.
The 5th amendment right to avoid self-incrimination only extends to testimony. A search warrant can compel you to furnish the contents of a safe (as property, it is governed by the 4th amendment -- due process is all that is required, and in this case, the process of getting a search warrant is all that the Constitution requires).
It is not that clear cut. You don't have to unlock the safe, you have to provide the key to unlock the safe. If the key only exists in your mind, and the contents of your mind are protected by the Fifth Amendment, then it is likely that you don't have to provide the key.
You are further protected by the fact that we don't have mind-reading devices yet. (People are often forgetful under stress, so it follows that you could forget your difficult-to-remember password under the stress of arrest and trial.)
Yes, there is US v. Boucher. That is a very special case, however, and District Court rulings are far from definitive.
The "contents of your mind" are not protected by the 5th amendment. The part of the 5th that everyone remembers and obsesses about only prevents the state from compelling you to testify against yourself.
Here is the example which is more appropriate to this discussion: The state contends that Bernie Madoff may have stashed billions in offshore bank accounts, the state has proof that these accounts exist and that he accessed them on a regular basis. The state (specifically a judge) can compel him to produce the account numbers and access codes to enable prosecutors and investigators to examine the account activity. If he refuses the judge has the power to place him in jail (for contempt of court) until such time as he provides the information to the court that it feels is necessary to render a fair judgement.
Sure, but the judge can hold you in contempt for anything. There was one judge who put his entire courtroom in jail because someone's phone rang and nobody admitted to it. He is no longer allowed to be a judge.
Anyway, this is why there exists deniable encryption. The example cases usually involve someone beating you with a rubber hose, but contempt is a much more realistic outcome. So you spend a day or to in jail, "decide to remember" your key, and everyone thinks you have done them a big favor. In reality your cache of bomb-making plans and maps of the white house are still several enctyped volumes deep. It looks like you were coerced into cooperating, but you actually didn't.
The contents of your mind are a bitch -- nobody knows them but you.
But really, in real life, the state would have to prove that you don't actually have an unformated drive containing random data. I have a few disks like this; they once contained useful data, but I since upgraded them, and now they are useless. They were overwritten with random data, but at one point had real data. Do I risk indefinite imprisonment for this? Hopefully not. (The government mandates that government agencies keep their unwanted disks in this state.)
Bullshit. If providing information incriminates yourself you do not have to provide it. If those account numbers are on a piece of paper, sure he has to produce the paper. But not if it's in his brain only.
What if you forgot your password. O have a file catted from /dev/random that looks like a it could be TrueCrypt partition, good luck trying to convince them it is not an encrypted file. They'll just say "yeah, yeah" and you go to jail for 5 years.
Despite what you might hear from Fox News, you do actually have the right to a fair trial.
So far the case law (in the US) with respect to crypto is unclear. The only case involved someone showing the government child porn on their computer, and only later not providing the key. As far as I know, having an encrypted partition has never gotten anyone in any trouble, even if accused of a crime.
Under UK anti-terror measures in a case of national security failure to provide means to unlock encrypted files carries a 5 year prison sentence.
Those of the 15 cases (since the legislation passed in 2007) that have not been terror related have concerned child abuse (probably pornography) or domestic abuse (I'm thinking that possibly means "honour killings", but that's speculation).
Personally I have no problems with coercing people to reveal details of the children they've abused, family members they've had killed, or of their plans to blow up my fellow countrymen.
<sarcasm>But I can see how, if it's just your porn collection that you're hiding from your wife, that when you get collared for terrorism that having some mathematician at GCHQ know you've got a rubber fetish is really going to ruin your day.
I have a little more faith in the mathematicians of GCHQ than this. Indeed I suspect that in at least some of these cases (which according to Sir Christoper relate only to child endangerment, domestic abuse or terrorism) GCHQ could decrypt the contents themselves but wished not to reveal that fact to terrorist groups that want to blow us all [in the UK] up.
> O have a file catted from /dev/random that looks like a it could be TrueCrypt partition, good luck trying to convince them it is not an encrypted file.
That's a mistake unlikely to be made; partly because the vast majority of seized computers run Windows :P but mostly because it is fairly obvious.
Actually, the randomness coming from /dev/random and the randomness of a TrueCrypt partition are demonstrably different. See: http://16systems.com/TCHunt/faq.php
As a point of interest. The level of evidence required to get to serve on of these notices is fairly high. I'm willing to bet (an informed guess really) that it is a very small percentage of people with encrypted material that qualify to be served.
Nah, not on the public, peer-reviewed algorithms. Any breaks are likely to be with implementation details of the program.
Truecrypt et al are open source, and are considered pretty good if set up by someone who knows what they're doing.
There is of course the possibility that The Man puts considerable effort into finding and/or encouraging subtle holes in common encryption products; even if so, though, they would sit on that asset and only use it when seriously important. Ie, military/national security level use, not cops. When you spend millions developing a tiny, secret advantage you do not fritter it away so PC Plod and Sgt Sad Sack can power trip on getting into some pleb's porn folder, after which the hole used is discovered and patched the next day.
update: oh he was downvoted? That's harsh, it's not like there hasn't been any precedent for such things. Search for Crypto AG. And encryption systems as used by programs like Skype are absolutely not to be trusted; you can assume they are backdoored wide enough to drive 10 unmarked white vans and a black helicopter through.
As far as I understand, this law was created to get very important information from really serious criminals. But if a person has materials that may get him into more serious troubles than 5 years jail-time it is in their interest not to provide encryption keys.
Perhaps 5 years is the time the UK security services believe is required to crack currently available encryption systems if necessary. So, you plan your truck bombing, get locked up for 5 years for not revealing the decryption keys, then get locked up for "life" for the planned terror acts.
You'd have had to have melted or burnt the CD, IMO. And be ready to be held for purjory (sp?) when the brightest and best computing and mathematical minds of the UK show that you accessed the data that day (or whatever). Or the less bright observations of the stakeout team show you're lying.
Best option: Don't abuse children, commit domestic abuse, or plan terrorist actions - then this law won't be applied.
I've been using computers since the 1980's, and have had dozens and dozens of passwords. I honestly don't remember the vast majority of passwords I've used in the past.
Many of the passwords I currently use have been randomly generated and are stored in a password storage app, the database in which these passwords are stored could be easily lost, damaged beyond recovery, or to which I could forget the master password.
So, if legally required to produce a password for some reason, I could quite conceivably go to jail even if I were willing to provide the password, but just couldn't remember what it was (or if it was one of the randomly generated passwords that I'd never memorized in the first place but no longer had access to for some reason).
Yeah, I don't remember all of my passwords either. And I usually have the most trouble remembering my most important passwords, since the number of times I use a password is pretty much inversely correlated to the importance of the data it protects. So the idea that I could be jailed for not admitting something that I no longer had knowledge of is somewhat scary.
How about the password for what ever is currently the most important thing in your life? Or not even most important, do you remember your cash-card PIN?
Terrorists planning the London bombings, for example, are unlikely to have forgotten their password. They've memorised the whole Koran (on the whole) remembering the access code to the details of the single most important defining action in their entire lives is unlikely.
Still possible, but I don't think your story is relevant.
My comment was in response to someone saying that they had lots of old passwords they'd forgotten - the point was that this law is not being used to get access to your old ASCII porn collection on your 386 in the closet.
The mention of the Koran was saying that one of the disciplines muslims strive for is reciting the whole Koran, quite a feat of memory IMO. A well motivated person, who has probably mastered this memory task is unlikely, I contend, to forget an encryption key (password) that is part of what will be the defining moment of their life.
Personally I fancy my chances of being hit by a meteorite as higher than those of being obliged to hand over my passwords under this law.
I don't think that UK police will get a section 49 notice just to get some random password because I am pretty sure that the NTAC requires a lot of information proving that they are looking for data that may help preventing future illegal actions or something like that.
So I think the police really know what are they looking for when obtaining this warrant.
http://en.wikipedia.org/wiki/Deniable_encryption