Pages

Don't Let Them Take Nibbles Out Of Your Bytes.

Man jailed over computer password refusal

A teenager has been jailed for 16 weeks after he refused to give police the password to his computer.
Oliver Drage, 19, of Liverpool, was arrested in May 2009 by police tackling child sexual exploitation.
Police seized his computer but could not access material on it as it had a 50-character encryption password.
Drage was convicted of failing to disclose an encryption key in September. He was sentenced at Preston Crown Court on Monday.
He was formally asked to disclose his password but failed to do so, which is an offence under the Regulation of Investigatory Powers Act 2000, police said.
'Robust message'
Officers are still trying to crack the code on the computer to examine its contents.
Det Sgt Neil Fowler, of Lancashire police, said: "Drage was previously of good character so the immediate custodial sentence handed down by the judge in this case shows just how seriously the courts take this kind of offence.
"Computer systems are constantly advancing and the legislation used here was specifically brought in to deal with those who are using the internet to commit crime.
"It sends a robust message out to those intent on trying to mask their online criminal activities that they will be taken before the courts with the ultimate sanction, as in this case, being a custodial sentence."
What are the key points in this story?
He was arrested in connection with what we can agree would be a serious crime, however he is serving his time for not disclosing a password. "He is of previous good character". Chances are he has nothing to do with the crime that he has been accused of. Maybe he has other reasons for not wanting the police trawling through his PC. Maybe he just values his privacy.

He has been arrested in connection with a sex offence. If he has a large database of legal porn, he may not want the police to see it as they may draw their own conclusions.

I have a large database of websites and information pertaining to Libertarian issues. If I were wrongly arrested in connection with a terror offence, the police may well see me as some kind of subversive.

I have a similar collection of martial arts ebooks and the like. I used to do a lot of martial arts when I was younger and like to keep on top of it. This could also be seen in a bad light if I was arrested for something I had not done.

Have a look through your computer files and your books / magazines around the house. How many of them could paint the wrong picture of you if you ever came to the attention of the law?

As quoted in the above article, ""It sends a robust message out to those intent on trying to mask their online criminal activities"". The keyword there is criminal. What it really means is anyone wanting to mask any activities done on their pc. If the police ask to see your database, you must comply.

I would like to think that any request for information on my PC would be backed up by a court order, and that order would only be obtained after the police had supplied sufficient evidence to the courts that I was involved in criminal activities. However, I am not that naive.

The reason this lad is now in jail is because he had a 50 character password. They are probably referring to the security program PGP.

When PGP first came out in America, the authorities made moves to outlaw it. They also wanted to ban research into encryption algorithms and keep it for themselves. They wanted to make you , as a concerned citizen, liable to fines or imprisonment if you dared own software capable of making your files inaccessible to them.

This went tits up when PGP was immediately distributed on the Internet as freeware. Since then, Phil Zimmerman, the software's creator, was harassed for three years and taken to court by the American government for allowing his own software to "escape" from the USA. All under the guise of anti terror, anti drugs. The usual suspects and this was (I beleive) about 20 years ago.

I have never been tempted to use this program or anything similar. The simple reason is, a 50 character password says to any casual observer, "look at me, I've got something to hide".

You don't need encryption software to keep your private information safe, particularly in this day and age with drives that have huge storage capacity.

My preferred method of keeping data secret is not to encrypt it, but to hide it among vast amounts of other information.

For example, download a copy of the Encyclopedia Britannica, pick a subject, say, the Alaskan Moose and replace that chapter with the data you want to keep secret. Only you know where it is or even that it is there. Anybody wanting to gain access would have to read through most of the encyclopedia just to find it. You can be put in jail for refusing to disclose a password, but not a passage in an encyclopedia.

You can also use this trick when emailing sensitive information. Send so much data that your secrets will never be picked out from among it. Only your recipient knows to look under "Moose's".

USB data sticks can hold a huge amount of information and can be hidden in very small spaces. If you store info on a USB, never copy it to your PC to work on it / edit it. Do it all with the data on the stick.

Encryption will only serve to flag your data and the police will just "ask" for the password.

If you store personal information on your hard disk and delete it of move it to a USB stick, it isn't really gone. The file has simply been flagged as free space. Unless other data is written over it, it can easily be recovered. Use a program such as Eraser to clean your old files. It's free to download. Eraser doesn't just mark data as free space, it overwrites junk data on top, erases that and does it again. This means that the files can never be recovered.

If you really, really must encrypt then do it wisely. If you have a set of bank accounts and stocks that you are saving incase the worst happens and you get divorced (a good plan), then you may want to use something a bit more secure than what I have stated above. Details on a USB stick that may one day be discovered by the Mrs would be better with some kind of encryption security.  PGP is still the best in my opinion. Pick a good password. Not Beckham or Manchester United. You need a string of characters and numbers that don't make any actual words. Decryption software will break a bad password in minutes. Encryption and decryption also takes time. Only do it to files you wont be accessing often. If you have to access them daily you will get lazy and leave them decripted for the next time, and that is when you will get caught.
And lastly, don't call your highly sensitive file, Otherwomenihaveshagged.doc. Call it "My poetry", or something equally as likely to not get read.

It's your data and you have a right to keep it private.

*Disclaimer* I use the methods above to keep my personal data privete, not to conduct criminal activities and neither am I condoning such. Don't be a cunt.

12 Comments:

The Wasp said...

Bucko said...

Smoking Hot said...

Anonymous said...

Anonymous said...

Bucko said...

Smoking Hot said...

Bucko said...

Anonymous said...

Bucko said...

Anonymous said...

Bucko said...