Police Need 90 Days To Crack Hard Drives 693
Twyko64 writes "The UK police may need 90 days to hold terrorist suspects because it takes that long to crack a suspect's PC hard drive." From the article: "Combining the analysis, the translation and second stage analysis, add inter-country co-operation and interview strategy formation, and from the police point of view, the existing 14 days is inadequate and 90 days doesn't look excessive. Another factor is encryption sophistication. If 256-bit triple-DES or similar techniques are used then decryption could require supercomputer-levels of cracking."
90 days, eh? (Score:5, Funny)
Hmmmm. Guess I'll come back in 90 days for the dupe...
Re:90 days, eh? (Score:5, Insightful)
Re:90 days, eh? (Score:5, Insightful)
If they don't have enough proof to charge someone after even a couple of days, why are they so sure someone is a suspect at all?
They must have some reason to arrest someone in the first place and I sincerely hope that reason is based on a collection of very compelling evidence. At which point they can charge him/her and have as much time as they want anyway.
Re:90 days, eh? (Score:5, Informative)
Re:90 days, eh? (Score:3, Insightful)
Of course these powers will be misused and overused. They make so many things easier by removing restrictions under which police operate and lessening the consequences of their actions. But I keep thinking of the following quote:
A policeman's job is only easy in a police state. - Mike Vargas, in "Touch of Evil" by Orson Welles br
Re:90 days, eh? (Score:4, Insightful)
Everyone hates us Irish until it comes time to pretend your Irish and drink green beer on St. Patrick's day, especially here in America.
Want proof?
"Paddywagon", hows that. If any other nationality or group was inserted into that term there would be a fucking riot.
Totally OT, but I hate this type of shit.
Re:90 days, eh? (Score:5, Insightful)
The thing that did my head in in the USA, were all the people who were convinced they're Irish. I'd get some guy there tell me in a pure american accent that he was Irish american? How are you Irish, mate? Were you born there? Do you have an Irish accent? Citizenship? Read Ulysseses? What?
In fact I met almost no actual americans, only hyphenated americans. When someone found I was from Europe, she introduced herself to me as a German-American. So I started talking in German to her and she didn't understand a bloody word. But she said her "Grandad would understand it." I met a guy over there from Mozambique. He said the thing that annoyed him most were people who said they were african-american. It pissed him off because they didn't know a damn thing about africa. It makes NO SENSE! If you're born and raised in America, you're american. Culture is not transmitted genetically and nothing that is makes a bit of difference to who you are.
So if the parent poster is born and raised in Ireland, then he can continue to rant about discrimination. If he's another hyphenated-american, I'm not interested.
And I'm Welsh, btw, and we're the Irish who couldn't swim. It's like anything else - if you let something bother you, people will use it. If you you're proud of who you are, they can't.
Re:90 days, eh? (Score:5, Interesting)
There was a time, around the mid-1800s, when Americans would identify themselves as just that -- Americans. This was back in the early days of the republic, and there was still a cultural (and sometimes a real) memory of the war of independence. Self-identification as American was part of the pride.
Now, back then, there were self-identified Americans who were actually born in France or England or Germany. To anyone else, they were French or British or German. Their kids, not having any personal experience of the family-homeland, also identified themselves as Americans, though saying you were British-American or French-American or German-American wasn't really an option, since all American families actually hailed from somewhere else in the past. Assimilation (the melting pot) was a very powerful force for white Americans. In a social sense, blacks of the era simply didn't have the social power to self-identify, and their identity was further stripped by having to take their master's surname. Native Americans (or North American aboriginals, if you prefer that appelation) had their own tribal identification, which still remains to this day.
As you get closer to 1900, there were huge waves of immigrants from all over the world, and these were people who wanted a clean slate. They wanted nothing more than to be assimilated. In some families, the language of the homeland was forbidden. Educational institutions sought to have kids learn and speak english without accent. The pride of the immigrant American at the turn of 1900 buried the notion of self-identification of the homeland. My four great grandfathers and mothers (on both mom and dad's sides) spoke very little english because they came to the country when they were too old for schooling, but their kids (my grandmas and grandpas) all spoke English in the upper-midwestern American accent, and while they could understand some of the old languages and maybe speak and read a bit, they were Americans and identified themselves as such.
Consider, then, the melting pot. By the time it got around to me, the national heritage of my family was Belorussian, Lithuanian, French and Norwegian. I only speak one of those languages, but how could I possibly self-identify with any of those nations? I can't, and I don't, but mustly because I still take some pride in being an American, regardless of how my country seems to be perceived at present.
However, their are groups who have been marginalized over time, who seek to re-enforce their sense of identity to elevate their pride. Some black Americans prefer to align themselves with their African roots. Some Irish-Americans identify themselves that way because they seek a tie to their family heritage that may have been repressed as a part of assimilation. Interestingly, the force of assimilation has decreased in American culture. We're a much more multi-lingual, multi-cultural nation, now, and that's also being reflected in the way certain people self-identify. In America, you are free to identify yourself in any way that you prefer, and that's what people do.
Hope it helps.
Re:90 days, eh? (Score:4, Interesting)
Stop looking for proof that the world hates you. The term paddywagon is one of respect, from the days when most cops were Irish. Paddywagons were driven by the Irish - they weren't carrying them.
And I'm Irish on my paternal great-grandfather's side.
Re:90 days, eh? (Score:5, Funny)
Yeah, and I'm a woman on my grandmother's side.
Xcott
The IRA *were* terrorists, after all (Score:3, Insightful)
Re:90 days, eh? (Score:4, Insightful)
Re:90 days, eh? (Score:4, Insightful)
As you say, these people have been arrested but not charged. The relevant point is that people should not be arrested without charge. For anyone who hasn't really considered it, 90 days is a long time and for anyone who has never been in prison, I would suggest it works on a similar principle to rape or a violent assault - it is a sudden message from another that they can do what they like to you and you can't stop them. Anyone who has been inside in a proper prison will at least understand where I'm coming from. I don't mean this as a disrespect to rape victims either. Being grabbed off the street and locked in a room, suddenly cut off from your friends and family can be a terrifying experience and the police don't need "torture" to scare you. Just being told you're going down for "terrorism" and they'll take the next fifteen years away from you if they so please? Just a few days can scar you terribly (google for the Stanford Prison Experiment). Ninety days? You don't want to go through that.
And all this, they can do just because they want to. They can do it to scare you, they can do it to punish you and they can do it all without any evidence at all. br
Re:90 days, eh? (Score:4, Insightful)
It is the virtual handing over to law enforcement the power to blackmail anybody. All that needs to happen for you to be declared a terrorists suspect is for some one to say it and some else to listen, no evidence, no proof, nothing but the words of individual. If they had the slightest bit of sence they would understand how much power they are giving terrorists over innocent people, if you should fail to assisst them in some minor way, should they get caught all they have to do is name you and the authorities will listen (a law that terrorises).
This is a law of the rich versus the poor. Rich lawyer on standby no problem, free in a few hours and if you don't like some one you can arrange for an accusation against them. Poor, enjoy you 90 day conviction for no crime, just for having dared to annoy a wealthy or connected individual.
Re:90 days, eh? (Score:5, Insightful)
In the twisted logic of the law enforcement game, pretty much anything can be used as PC.
Put it this way, when I worked for the state AG's office all we'd need is the slightest whif and the next thing you know we would be hauling out paper records and computers, servers, etc.
And in the U.S. we have secret courts that will issue warrants with virtually no burden of proof. How do you like those apples?
Re:90 days, eh? (Score:4, Informative)
No we don't, they issue warrents right out in the open
(sad but true, due to the lack of public scrutiny, they might as well be secret)
-nB
Re:90 days, eh? (Score:5, Informative)
Of course, that's supposed to be only in case of terrorists, ordinary criminal cases are supposed to be tried in ordinary open courts (although even there, the court can seal entire hearings so all you know is that the police made a motion before a judge at a particular time and place, not anything about the content of the motion. In wiretap warrants, for example, so as not to tip off the person to be spied on.)
Encrypted drives? (Score:3, Insightful)
Re:90 days, eh? (Score:3, Insightful)
"With the measure unlikely to make it into law thanks to widespread opposition from MPs due to its civil liberty implications..."
Also, this isn't about it taking 90 days to crack a hard drive, decrypt the contents, and translate them... it's about an overload of hard drives needing to be cracked, and the lack of resources to do it in a timely manner.
Also FTA: "Dr Mirza said: "There was a massive backlog of computers to anal
Re:90 days, eh? (Score:5, Interesting)
Maybe we should start differential taxation - if you support extended imprisonment without trial and excessive police powers because you think it will make you safer, then you must also be willing to pay extra for it. I don't want my taxes wasted on this game of idiots.
Re:90 days, eh? (Score:3, Interesting)
There are other remedies, such as filing suits for false arrest and malicious prosecution, but these carry very high burdens of proof, and are often not successful.
Having been wrongfully jailed for a brief time (only days), I can say that n
They're really going to hate it when... (Score:5, Insightful)
Re:They're really going to hate it when... (Score:5, Informative)
Generally they try to capture a complete computer containing all the algos used for the steganography. That way they don't have to search for a needle in a haystack.
It's a bit like the code devices of WWII. It was always easier to capture a code machine than try to brute force the code itself.
Re:They're really going to hate it when... (Score:5, Interesting)
The old "manipulate the image in the picture" effect would allow me to hide data in an image, and it could be done to where only modifying the image to specific hue or color adjustments reveals the data. It would be something that someone could memorize, and open files read-only to find, modify in RAM, and never save back to the drive once the message is known. There could be thousands of photos in someone's photo album, and only a few that actually contain data too, so that it's hard to even find the files used, let alone to figure out how they're used.
I could also know that certain letters in a text file based on some derivation of a number sequence for position of the letter or word is the message. Anyone that I'm corresponding with could also know the sequence, but if neither party writes it down then it's much harder. It would also work for storage of sensitive data, and be even better security since there'd be only one person who'd know how to recover it.
The most effective way to hide something or protect something is to ensure that nothing is ever written down about recovering it, ever. If there's no key to find then it's again down to brute force.
Re:They're really going to hate it when... (Score:5, Funny)
Re:They're really going to hate it when... (Score:3, Interesting)
Re:They're really going to hate it when... (Score:5, Informative)
There are other methods that work quite well. For instance: dilating the eyes with drugs, propping the subjects eyes open , and then directing an absurd amount of light into the eyes will break most people down quickly.
There are other methods that can gain the subjects acquiesence with very little mess and few lasting marks (on the outside).
Re:They're really going to hate it when... (Score:5, Insightful)
Example: You're falsely ID'ed by a bad guy, or you're mistaken as a terrorist due to bad luck (see: Paul in 24 Season 4).
So you lose all your toes, and have your genitals fried off, because you *CAN'T* give them what they want. This is why torture is useless.
No, torture is useless because (Score:3, Interesting)
After all that, you *do* give them what they want... a confession and lots of information.
Sure, it's crap you made up in a delirium that'll waste hundreds of hours of valuable time that would be better spent going after actual criminals. But the White House parrots will claim this proves torture "works" anyways.
Re:They're really going to hate it when... (Score:5, Insightful)
Re:They're really going to hate it when... (Score:3, Insightful)
-nB
Re:They're really going to hate it when... (Score:3, Interesting)
Another good reason for RAM drives
Re:They're really going to hate it when... (Score:5, Interesting)
Generally they try to capture a complete computer containing all the algos used for the steganography. That way they don't have to search for a needle in a haystack. It's a bit like the code devices of WWII. It was always easier to capture a code machine than try to brute force the code itself
This is actually wrong. Kirchoff's principle applies as equally to steganography as it does to cryptography; even with completly knowledge of the algorithm it should be computationally infeasible to determine a secret message is implanted in the cover text.
Secure stegangraphy is truly undetectable.
Simon.
Re:They're really going to hate it when... (Score:5, Informative)
Let us consider hiding some data in an image. Assuming the use of decent steganography techniques, then without knowledge of the key used when hiding the data, it is impossible to know that they are hidden in the image in the first place, let alone retrive them.
If this is not so then an attacker would be able to knock up a quick shell script that scanned every file on the system to detect hidden data--thus making the use of steganography pointless in the first place!
Re:They're really going to hate it when... (Score:4, Informative)
Oh, but I do. Except in Steganography, the extraction algo *IS* the key. Now you can use encryption above and beyond the steganography, but that doesn't make the message any more secure than if you'd sent the encrypted message by itself.
The whole intent of using steganography is to obscure the fact that the message was sent. Once that line of defense is down, you're on to more traditional lines of defense.
If this is not so then an attacker would be able to knock up a quick shell script that scanned every file on the system to detect hidden data--thus making the use of steganography pointless in the first place!
As another fellow pointed out, you can already do that. There are a variety of methods that can be used to detect its use. The key is that there's no way to tell *which* image might be carrying a message among all the images floating around the internet. Now if I capture your computer and find images of cute kittens, I'll start looking for signs that this machine was engaged in steganography. However, if I'm looking at random postings to alt.binaries.cute.kittens, I'm going to have a hard time sorting through the sheer amount of data to find what I'm looking for. For all I know, it may not even exist! That is the *real* quandry that steganography poses.
Re:They're really going to hate it when... (Score:3, Insightful)
Re:They're really going to hate it when... (Score:4, Insightful)
And if people have 500GB of data, or more, does that mean the police are going to want to detain them for even longer?
There are already 500GB drives out there.
Re:They're really going to hate it when... (Score:5, Informative)
Under the Regulation of Investigatory Powers Act it is already an offence not to hand over encryption keys to the police when requested to do so.
If a person is detained, the police could investigate the hard disk and ask for the appropriate keys, if the suspect refuses they could then be charged under RIPA.
They would then be brought in front of a magistrate who would determine if there was a case for refusing bail (if they are truly a threat then bail would be refused) before the case is taken up by the higher courts.
The police could then have all the time they want to crack the disk, my rights would be less infringed than they already are and the police would actually have to work to prove the case for a serious crime.
Plausible deniability... (Score:5, Interesting)
So then you need a method of being able to hide precisely what is encrypted and what is not. Look around and you'll find systems for filling a file system with chaff files to make finding the real data more interesting. One I looked at ended up with a filesystem with all the files apparently the same size, with constantly changing timestamps and all apparently contain random data. This system then allowed you to apply keys to make certain files readable while leaving the rest as noise. The point of this is that even the empty file system is full of rubbish files. It is impossible to tell (without the complete set of keys) precisely what is really data and what is just generated chaff. This gives you a lever of plausible deniability - if you are asked for the keys to the repository, you can hand over the keys and let them at it. It would be difficult (never say never) to correctly identify encrypted files amongst the chaff which were not covered by the keys provided.
Cheers,
Toby Haynes
Re:Plausible deniability... (Score:3)
It's well worth remembering when discussing any aspect of British IT law that the present administration is headed by a man who was incapable of buying flowers for his wife over the Internet, what hope have they of understanding cryptography?
They're morons who deserve to get caught (Score:5, Funny)
Re:They're morons who deserve to get caught (Score:5, Interesting)
Re:They're morons who deserve to get caught (Score:4, Insightful)
That's because they are criminals. Failure to turn over your encryption key is an offence under the RIP Act, punishable IIRC by up to two years imprisonment.
The innocent, of course, have nothing to hide.
Re:They're morons who deserve to get caught (Score:5, Interesting)
I guess that's why one may use TrueCrypt [truecrypt.org] with its support for two-level plausible deniability [truecrypt.org]. I.e. it's practically impossible to prove there isn't more on the encrypted volume than you see, unless you have an enormous time to spend on trying to crack the hidden nested volume.
Re:They're morons who deserve to get caught (Score:4, Insightful)
Re:They're morons who deserve to get caught (Score:4, Interesting)
Wouldn't that fall under not incriminating ones self ? I mean, why should you be forced to turn evidence over to someone to use against you ?
No such thing as "256-bit triple des" (Score:2, Informative)
Re:No such thing as "256-bit triple des" (Score:5, Informative)
Seriously, nobody, including name-your-favourite-government-agency, is brute forcing a 256-bit AES key. Not in 90 days. Not in 90 years. Think about the number 2^256 for a second, and consider the computing power required to do that many operations.
What may be possible in 90 days is brute forcing passwords, which is practical if the perp uses password-based keys. The article doesn't mention that.
It's also possible that the authorities are just exaggerating their capabilities so as to deter pedophiles and what-not. If you can't read people's mail, it's sometimes effective to pretend to be reading people's mail.
Re:No such thing as "256-bit triple des" (Score:5, Funny)
0x00000000 00000000 00000000 00000000 00000000 00000000 00000000 00003039? That's the kind of encryption key an idiot would have on his luggage!
Re:No such thing as "256-bit triple des" (Score:5, Funny)
Now, shut up and help me find my tinfoil hat.
Re:No such thing as "256-bit triple des" (Score:5, Interesting)
Re:No such thing as "256-bit triple des" (Score:4, Informative)
But brute forcing passwords and brute forcing random encryption keys are two totally different balls of wax. When you break passwords, you rely on the fact that there are a limited number of passwords users will use. If you consider how many 8 character passwords you can construct using upper case letters, lower case letters, and numbers, you'll see there are only around 2^48. If you only use English words than the number is far, far lower (less than 2^20). Those are crackable.
If, on the other hand, you use a random 256-bit AES key that is not derived from a password (meaning you have to store it somewhere securely), nobody is going to be able to brute force it.
Blatantly WRONG (Score:5, Interesting)
They have automated TOOLS that go through and find Web browser histories, caches, and cookies.
On machines where users do not run Microsoft Internet Explorer and use Outlook for email, often times departments are SOL.
Re:Blatantly WRONG (Score:3, Interesting)
Re:NTFS encryption is bollocks (Score:3, Informative)
Only if LANMAN hashes are available, which hasn't been necessary for about 4 years. Also, syskey allows encryption of the master EFS key with a further encryption key which can be stored on removeable media. It's still possible to brute force, but that's not exactly a matter of minutes.
Jon.
Comment removed (Score:5, Funny)
Re:Blatantly WRONG (Score:5, Informative)
Re:Blatantly WRONG (Score:3, Informative)
While largely correct, the situation changes if you get the attention of the three letter organizations. Of course, if they were on to you, the 90 day thing wouldn't mean anything, as you are more likely to just have your drive imaged and your keyboard bugged. If you got wise to the black bag job, you'd simply disappear...
I can understand th
Re:Blatantly WRONG (now with formatting!) (Score:5, Insightful)
And as easy as it is to make fun of the police's analysis methods, my guess is most slashdotter's don't even know what it's like to process evidence for a case. It's not just "running automated tools" on some suspect's hard drive. It's getting to know the case, knowing what you're looking for and where to look for it. Many times it's the police themselves that are writing these "automated tools", which only present the evidence in a way less technical minded officers assigned to the case can understand. And what happens once you get that evidence? You have to try to fit it into the puzzle of the case. It isn't CSI, where you find some email detailing the crime that's digitially signed and the suspect confesses to writing it. Often times its finding some random piece of partially-overwritten text and having to see if it fits into the overall case.
And yes, most digital forensic labs can analyze your precious reiserfs/ext2/ext3/whatever file systems. In fact, I've never run across a lab that couldn't. So don't think you're 1337 linux system will be safe if it's ever involved in a crime. And if they don't have the tools to analyze them, they'll contact a department that does. That's how the real world of forensics works.
Next time you want to talk about a subject you blatently don't understand, do us all a favor and don't hit the submit button.
use Firefox, go directly to GITMO! (Score:4, Interesting)
You think that they can afford to hire some lunix rocket surgeon as a computer forensics expert on what the local PD pays?
What a waste of time... (Score:4, Funny)
Oh wait...
Re:What a waste of time... (Score:3, Insightful)
Trying to decode the information held within several thousand lumps of human brain tissue would probably take even longer than 90 days
Re:What a waste of time... (Score:3, Funny)
What, you think they'll start talking after 5 rounds of free beer?
Re:What a waste of time... (Score:3, Informative)
Illegal not to give the police the key? (Score:5, Insightful)
Re:Illegal not to give the police the key? (Score:5, Insightful)
Re:Illegal not to give the police the key? (Score:4, Informative)
Re:Illegal not to give the police the key? (Score:3, Informative)
see here [ed.ac.uk] for a good writeup
Re:Illegal not to give the police the key? (Score:3, Insightful)
There's a real problem with burden of proof here, in that you now prove you don't have the key to any encrypted data the police demand a key for. This is essentially impossible.
This is particularly an issue if, say, Evil Bob accidentally e-mails his plans for world domination to me. Of course, he's not a fool (except for the inability to use an addressbook, but nevermind), so he's encrypted his plans. I get a freaky looking encrypted
256? 3des? no. (Score:5, Informative)
3 x 56 = 168. or 3 x 64 = 192. Either way, 256 is is not.
256 bit AES, then maybe.
Re:256? 3des? no. (not exactly) (Score:3, Informative)
Re:256? 3des? no. (Score:3, Informative)
It sounds funny, but it is true. Check out Boltzmann's constant [wikipedia.org]. Quote: "Given a thermodynamic system at an absolute temperature T, the thermal energy carried by each microscopic 'degree of freedom' in the system is on the order of magnitude of kT/2" The Background Radiation [wikipedia.org] is at 2.725K. That means any action will use at least 3.76227207 × 10-23 joules. You have 2^256 = 1.15792089 × 10^77 possible keys, which gives 4.35641342 × 10^54 joules. The sun's
What about RIP? (Score:4, Interesting)
It seems that they are just using this as an excuse to hold someone indefinately?
Ninety days? (Score:5, Insightful)
For big corporations and places that have enough staff to be able to implement a good crypto policy, I'd be surprised if you COULD crack it in 90 days. 256 isn't anywhere near as high as you could go if you were paranoid, and storing data that you didn't need to read all the time.
And you think they're a terrorist... why? (Score:4, Insightful)
I understand that the police will sometimes be unable to completely make a case until they've gathered all the evidence, but it seems that there should be some sort of intermediate level to say, "We have at least some reason to hold this guy."
Perhaps what's needed is a judge to say, "Yeah, you have enough evidence, and the guy presents enough of a flight risk, for me to let you hold him for three months", even if that evidence would be insufficient for a real indictment.
Because right now it sounds like "We're going to lock this guy up for 90 days with absolutely no evidence at all on our say-so."
Re:And you think they're a terrorist... why? (Score:5, Informative)
Computer evidence is next to useless. It is infinitely easier to fake a word doc than it is someones handwriting, DNA and fingerprints that one might find on a piece of paper. I predict that in 10 years, once new forensic techniques for IT data analysis become available, a whole slew of "terrorists" will have their convictions quashed as the polices simply created a few fake emails. This is not tin-foil hat territory, this has happened numerous times in the past [wikipedia.org].
When will the public wake up? These "detention without trial" laws are something that the authorities have been seeking for decades. Only now do they feel they have the inertia to get them passed.
The definition of terrorism is "using fear to achieve a politcal goal". I wonder who the REAL terrorists are here...?
Thanks for letting us know (Score:5, Interesting)
The uncrackable algorithm (Score:3, Interesting)
It's just an excuse. (Score:4, Interesting)
Re:It's just an excuse. (Score:3, Insightful)
The National Security Agency is the largest employer of degreed mathematicians in the world. They are not stupid people.
They'll gladly crack encrypted information for allied countries and other US agencies.
These people aren't the Keystone Cops and it's not like a st
Re:It's just an excuse. (Score:3, Interesting)
Plus, thanks to the little gray men [milk.com], they're 200 years ahead of the rest of the world in mathematical theory.
With or without specific charges? (Score:5, Insightful)
I write this as a 'Merkin, so forgive if I don't fully "get" UK law, but...
At the point where the police would waste 90 days of supercomputer-level CPU power on cracking an encrypted HDD, wouldn't they already have enough other evidence to charge the suspect with an actual crime, and could just ask for that 90 days as a delay before the actual trial?
The idea of the police making people dissapear for three months at a time on a whim scares the hell out of me. Suddenly sarcasm, or wearing the wrong clothes, or "driving while black" becomes punishable by three months in prison? Time to invest in prison/industrial stock...
Re:With or without specific charges? (Score:5, Funny)
256-Bit Triple DES (Score:5, Insightful)
Ouch. Technobabble at its worst.
a) Triple DES is 112-bit encryption.
b) If you are using strong encryption, like a 256-bit AES cypher, no number of supercomputers are going to 'crack' it, whether it's 14 or 90 or 900 days, unless it's a really bad implementation.
c) One would HOPE that the police would have evidence before they start impounding things. But this is about 'fishing' for evidence for 'suspected' terrorists. "You look like a terrorist, so we'll impound your things in the hope that we'll find something". So much for presumption of evidence (which I believe holds true in the UK as well.
Things like this make me sad. Just another way for the authorities to 'protect' it's citizens by making that sure they can see all and know all. Welcome to the Panopticon [wikipedia.org].
Re:256-Bit Triple DES (Score:4, Informative)
Of course, that's really just a technical issue, especially compared to the rather glaring errors ITFA you're pointing out, but I think it's something worth mentioning.
Criminalizing Encryption (Score:3)
More and more, according to law enforcement, encryption is considered only a tool of criminals. There have been a few cases like this in the US where a suspect's use of PGP or other common encryption has been used against him in court, even though no specific evidence was found encrypted.
So does that mean... (Score:3, Funny)
If you extrapolate it to "We get to hold people for as long as it takes to find whatever we're looking for on their hard drive", then they can argue for holding you for 200 years, depending how you might have hidden data on the hard drive.
Re:So does that mean... (Score:3, Informative)
Two million years (Score:3, Informative)
Such a computer can break an ordinary (56-bit) DES key in 18 hours, 12 minutes and 16 seconds at worst. The average time to break a DE
Here's what to do: (Score:3, Funny)
2. Store keyfile in a safe place.
3. Get a defective USB stick. Label "HD KEYFILE" in big red letters. Keep it on the computer desk at all times.
4. Get a 3.5" Floppy. Preferably from pre-1990. Wipe with magnet a couple of times. Label "HD KEYFILE BACKUP" in big red letters. Put on shelf next to computer.
5. Get a blank CD-R. Fill with PR0N. Label "PR0N + HD KEYFILE BACKUP". Mistreat CD-R a little (preferably adding some scratches on the inside. Leave in CD-Rom drive.
In case of arrest:
1. "Um
2. "What ?! It doesn't work ? Good thing I have a backup. It's on the floppy disk."
3. "What now ?! It's broken ? Good thing I have another backup of it on the CD with my PR0N colelction
4. "The CD doesn't work ? OH NO, ALL MY PR0N is GONE ! AAAAARGH !"
Don't use one time pads (Score:5, Funny)
90 days == 6 month jail sentence. (Score:5, Insightful)
Re:90 days == 6 month jail sentence. (Score:3, Insightful)
This is probably the original intention of the law setup: to destroy your life completely without legal consequences. I remember well that schema from totalitarian communist regime I lived in for more than 20 years. Pure possibility
Re:90 days == 6 month jail sentence. (Score:3, Insightful)
But we are talking about terrorists here, not normal people like you and I.
Yet.
Why am I being terrorized by the government's reaction of terrorism?
I can't speak for England, but someone suspected of a crime, should be formally and specifically charged with the approval of a 3rd party (judge) via a warrant.
Its a dece
I can crack my harddrive in a split second.... (Score:3, Funny)
Not quite the case (Score:4, Insightful)
One of the justifications was that they need that long to decrypt and analyse data. In which case, it is already a crime not to hand over a password of encryption key when requested so you can get them in custody on that charge for that long.
The arguments for the 90 days are incoherent, but that's what we have grown to expect from our government, especially when it comes to civil liberties and/or technology.
Oh great so know they've got a workaround. (Score:3, Funny)
1 Buy computer with big hard drive.
2 Get geek to store loads of "nonsense" data encrypted with as strong a key as possible (i.e. shopping lists, lists of birthdays, stuff from encyclopedias)
3 Store "bad stuff" (tm) in head only.
4 Get arrested, claim you "were wondering what all those junk files were" and wait 90 days whilst the forensics bods decrypt the useless data.
5 Get let out.
6 Profit !
(yes I admit it this is a piss poor version of the Slashdot "profit" post
Re:256bit triple DES (Score:5, Interesting)
They can't and don't, but what the hell, it's a pretext. The police have never liked this whole deal of having to let people go if you don't have enough evidence to charge them with anything. The longer they can get to find something that will stick, the more criminals they successfully prosecute and the safer we all are.
Now, if you'll excuse me I have to open my new estate agency, pontine transit solutions a speciality...
Re:The obvious answer (Score:3, Insightful)
and its only a matter of time before all of the evidence will show up,
will actually stay in the country?
yes yes, take away their passports, surely that will stop them...
oh wait, this is
Advanced Decryption? Advance Encryption! (Score:3, Interesting)
This is definitely plausible if you believe in the rumoured quantum encryption and a few other such concepts. But I believe it was one of Phil Zimmerman's reasonings to release PGP, or at least a meme that developed from its release, that the more stuff that is encrypted the less effective decrypting becomes since even with advanced techniques it will still be t