The [British] government said today it does not know their fate.
The power to force people to unscramble their data was granted to authorities in October 2007. Between 1 April, 2008 and 31 March this year the first two convictions were obtained.
The disclosure was made by Sir Christopher Rose, the government’s Chief Surveillance Commissioner, in his recent annual report.
The former High Court judge did not provide details of the crimes being investigated in the case of either individual – neither of whom were necessarily suspects – nor of the sentences they received.
The Crown Prosecution Service said it was unable to track down information on the legal milestones without the defendants’ names.
Failure to comply with a section 49 notice carries a sentence of up to two years jail plus fines. Failure to comply during a national security investigation carries up to five years jail.
(a) in the interests of national security;
(b) for the purpose of preventing or detecting crime; or
(c) in the interests of the economic well-being of the United Kingdom.
Oh that’s rich. Are you freaking kidding me. I didn’t think there was a politician on either side of the pond that stupid.
Mr Diesel. Unfortunately it’s true, I couldn’t believe it myself. Section 3 on the page I linked to says the authorities can require disclosure “for the purpose of preventing or detecting crime”
I cant see any caveats to this and if you don’t comply you are committing a criminal offence!
Orwell warned us did he not? Now the monkeys have a choice: submit or revolution. My money is on submit. The American citizenry is much to docile to fight anymore.
#56
Thomas,FYI TrueCrypt was well-designed, and provides “plausible deniability” — space is allocated to the TrueCrypt volume, but it is impossible to tell through any analysis that is known today whether what is in that volume is data or random noise. TrueCrypt’s encryption algorithms result in a data stream that is pseudo-random, and indistinguishable from random noise.
This, combined with the multiple password/container feature makes, makes it impossible (at least today) for anyone to tell whether you have something else in the TrueCrypt volume besides those photos of your kids that come up (or, more realistically, a Word document containing a ‘password’ list that you decided to encrypt) when you give them the “decoy” password.
#64
Any encrypted volume provides the same result. in that it will appear as a set of gibberish data on the disk. In this case, the authorities saw that they had encrypted data (whether individual files or a whole volume it isn’t clear) and forced them to provide the keys. TrueCrypt would likely fool local flatfoot, but wouldn’t fool Federal authorities. They’ll find out that you were using TrueCrypt and have a hidden volume if by nothing other than the differential of the drive capacity from data of which they can account.
You do raise an interesting question which is how they are able to provide probable cause (assuming they had to) to initiate the mandate in the first place. I.e., by what criteria did they determine there was valuable information in the encrypted data? That is kind of the crux of the issue. They are fishing for evidence *and* expecting you’ll help them. Telling them to go pound sound is the right answer, but not everyone is ready to spend a couple of years in the clink and deal with a criminal record. Where is Guy Fawkes when you need him?
#65, TrueCrypt would likely fool local flatfoot, but wouldn’t fool Federal authorities. They’ll find out that you were using TrueCrypt and have a hidden volume if by nothing other than the differential of the drive capacity from data of which they can account.
I don’t think that is case. My understanding is you have to be careful to leave enough disk space for your hidden volume in the outer volume or it will be overwritten.
From their website:
Protection of Hidden Volumes Against Damage
As of TrueCrypt 4.0, it is possible to write data to an outer volume without risking that a hidden volume within it will get damaged (overwritten).
When mounting an outer volume, the user can enter two passwords: One for the outer volume, and the other for a hidden volume within it, which he wants to protect. In this mode, TrueCrypt does not actually mount the hidden volume. It only decrypts its header and retrieves information about the size of the hidden volume (from the decrypted header). Then, the outer volume is mounted and any attempt to save data to the area of the hidden volume will be rejected (until the outer volume is dismounted).
Note that TrueCrypt never modifies the filesystem (e.g., information about allocated clusters, amount of free space, etc.) within the outer volume in any way. As soon as the volume is dismounted, the protection is lost. When the volume is mounted again, it is not possible to determine whether the volume has used hidden volume protection or not. The hidden volume protection can be activated only by users who supply the correct password (and/or keyfiles) for the hidden volume (each time they mount the outer volume). For more details, please see the section Protection of Hidden Volumes Against Damage in the documentation.
Again, there will be a large discrepancy between data that the can account for and data that they cannot. So when you provide the keys to the outer volume, there will still be a discrepancy in terms of data.
Granted, it depends greatly on who is analyzing the drive. If it is LAPD, you could probably just put your “hidden” stuff in a folder called “Do not look here” and they wouldn’t find it. If it is NSA, then I guarantee they’ll determine that you are using TrueCrypt. If TrueCrypt can find it, then so can a cryptologist.
#67, I still think you’re missing the point. TrueCrypt purposely fills the entire volume with “stuff.” It’s in the docs. A volume with absolutely no data on it looks full. You just don’t know how much is real data until you have the password — you cannot tell the difference between data and empty.
You look at with the password and you see what’s in the outer volume only (the hidden volume looks like empty space, ready for you to put stuff on). You look at it without the password and you see a full volume.
I get it but that doesn’t help you. We’re talking NSA now. They’ll be able to differentiate between “noise” and enciphered data. That “noise” will not be purely random; it will only look mostly random. If TrueCrypt can “know” that such a volume exists, then an expect can also determine that it exists. Keep in mind that the experts also know how TrueCrypt works. So, they’ll know what to look for in order to find it. It can’t be so hidden that TrueCrypt can’t find it or you wouldn’t be able to use it.
#69, That is what encryption is for — you can’t tell the difference between nothing and something. Without getting into encryption hash theory, you really cannot tell the difference between empty space and real data in TrueCrypt because it does write something there (for all we know, it might be encrypting the Funk and Wagnel’s Encyclopedia there). It is only “empty” in that it isn’t allocated. Something is there, it just doesn’t matter. And TrueCrypt doesn’t have to know where the data is because it knows where the volume information is and decrypts that to get the data location.
Now, could the NSA decrypt TrueCrypt’s directory? Probably. Will they? Not likely for civilian criminal cases because they don’t want to show their hand.
Eardae Obbobae
Ellwae
Cuuuuuuuuuuuuse-exae
Ymae
Oughtcrimethae
Incerelysae
belliesjae
Foremost, it’s a puzzle. On the one hand, a measure; on the other, let’s find a way to neutralize it.
Second, it is a measure that is obviously subject to abuse. For the sake of the abusees, who might tomorrow be fairly innocent bobbo or jbellies, let’s see if we can find a way to make it not work.
Third, you’re way too excited about this issue, bobbo. Nobody ever responds to my comments here. I’m nobody.
Criminals versus police? OK, let me say it: I support the work of the police.
But when a guy is trapped in the airport and is concerned
about his elderly mother who has come to meet him, and he gets tased to death by the police, I sympathize with him. Oh, too late to sympathize with him. Well, I sympathize with his mother and family. And I sympathize with Rodney.
I’ve read many of the comments at the original story site, and it seems to me there is no safety. If the British cops say that you have a key to information, even if the information is not in your possession, even if there is no information (such as a photograph of a foggy scene), even if there is no key, you’re out of luck. The unbearable lightness of information is inversely proportional to the heaviness of the jail time.
Here’s jbellies’s Umpteenth Tautology:
For example: See Dick run.
Dick, Nixon. Run, abdickate. See, encourage.
It is clear that the author wants to put an end to the God-ordained line of Presidents of These Great United States. Treason! If that doesn’t work, get him on
rights infringement. If it isn’t trademarked, it’s copyrighted.
Thus, The First Corollary
What’s in this file? Mother Goose stories? Seems entirely
too concerned with childish things. Is this what you use to entice them, bobbo? If that doesn’t work, try rights infringement. Maybe one of the characters has been disneyfied.
bobbo of many epithets wrote:
bobbo didn’t read the story. I’m obbove it. The police
don’t need a search warrant. I’m bobbove it. The police
don’t need to have anything approved by a judge. Do I look
worried? bobbo didn’t read the story. I’m bobbove it.
It’s based on their say-so. Do I look worried? It’s Britain. I’m not worried. So, what was the communication you
intended with your co-conspirators with that computer code, Roberto? I’m bobbove it. Do I look worried? I ain’t worried. (with apologies to British comedian Catherine Tate
and her character Lauren).
The most succinct answer was by “nichomach” at The Reg, where the original story comes from. Try it, you’ll like it.
There’s no such thing as playing with words, pisant. It’s all terrorism. Thought is crime.
What am I thinking? Is it blasphemy or prOn? Charades. Three words. First word, third word: Saviour. Spelling. Not American. Untrustworthy. Second word: naughty. No, I’m not thinking that. But among the millions of words on my computer, those three words might be there. It’s, potentially, a fishing * expedition.
#70
That’s not the purpose of encryption. Encipherment is not designed so that you do not know the cipher exists. That is stenography. Cryptographers will tell you that you should assume that your opponent knows everything other than the plain text or key. That means your opponent knows the cipher and the encryption method. The reason they make this assumption is that cryptanalysts are unbelievably good at finding ciphers.
> you really cannot tell the difference
> between empty space and real data
Not completely accurate. You cannot tell the difference between *random* data and real data *unless* there is a pattern. Thus, they’d have to see a pattern in the data. Granted, that depends greatly on what is being stored but regardless, it brings to light much more fundamental question. What happens if you create a TrueCrypt volume and then remove all vestiges of the TrueCrypt application and settings from the system. Can you reinstall TrueCrypt and find the volume again? If so, then a cryptanalyst will also be able to find it. If not, then how does the user find it?
Now, I will grant you that once they discover the volume, if it is encrypted with AES 256, it will be unlikely that NSA will be able to break it (or so we hope) in a timely fashion. AES 256 really is quite good. NSA might have some techniques to crack it in a more timely fashion than pure brute force but it is unlikely they’d be able to crack it fast enough for prosecution and even if they did, as you mentioned, they’d have to explain how they did it which they are unlikely to do.
#72, you really cannot tell the difference between empty space and real data
Not completely accurate.
I was referring to what TrueCrypt considers “empty” space. In that regard, the “empty” space is just unallocated and waiting for you to write over it.
When TrueCrypt creates a volume for you (of a known size beforehand), it does write every single byte with encrypted data. What that data is, is probably a well kept secret.
What happens if you create a TrueCrypt volume and then remove all vestiges of the TrueCrypt application and settings from the system. Can you reinstall TrueCrypt and find the volume again?
Considering the volume is nothing more than a file on your drive, yes (unless you do the whole drive). However, even if you did find the volume information inside the file, how would you decrypt it to know how much room you’ve actually used unless you have the password?
Just out of curiosity, have you played with it at all?
they’d have to explain how they did it which they are unlikely to do.
There was actually a case like this in NY awhile back. Some guy came across the border with what looked like kiddy-porn on his computer (something in the cache I think). The rest of the drive was encrypted and he refused to release the password. Supposedly, the prosecutors went to the Feds and asked them to help out. They declined.
I think he is still walking around.
I have played with TrueCrypt. It BSOD’d one of my machines while I was toying with it but that was some time ago. I found Cryptainer to be a bit more user friendly.
Remember the point here is to know if there is a volume. I think we agree that the outer volume can be located. The Feds come to you and mandate you give them the key. Now they have the unencrypted outer volume. The question is whether they can then determine that the inner volume exists. The answer is almost assuredly that they can. They’ll go through all the files on the volume and ensure that they know what each file is, does and/or contains. Given that they know about TrueCrypt, they’ll likely be looking for a second (or more) encrypted volume.
Granted, this all rests on the fact that you give up the key to one or both volumes. If you never give up the key, they are screwed unless NSA decides its a national emergency and even then, they are likely screwed depending on the quality of your key.
Where TrueCrypt/Cryptainer are useful is border situations where they don’t have that kind of time. So, they ask for the key to decrypt and you give it to them. They likely won’t have the time to determine if there is a second volume in there (whether in the original encrypted volume or not) and will be satisfied you have complied.
Where TrueCrypt/Cryptainer are useful is border situations where they don’t have that kind of time.
A better solution is to send your data home over a VPN to your home server and wipe your computer before crossing. That way our brave Border Patrol personnel find nothing. Ya Vol!