Re: Two convicted in U.K. for refusal to decrypt data
Joseph Oreste Bruni wrote the following on 8/12/09 10:46 PM: http://www.securityfocus.com/news/11556 Not entirely on topic, but for those using GnuPG (or other encryption software), you should always keep abreast of the encryption laws of your country. Protect Your Laptop Data From Everyone, Even Yourself, by Bruce Schneier: http://www.wired.com/politics/security/commentary/securitymatters/2009/07/securitymatters_0715 And have a quiet week end. Charly ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
the dragon wrote: [...] encrytion is about maintaining personal and data privacy; it's not about having a tool to break the law. If the encryption is strong and used correctly (with all the non-technical elements that implies) how would you tell the difference? -Chris signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
On Thu, Aug 13, 2009 at 10:40 PM, the dragonce...@hotmail.com wrote: encrytion is about maintaining personal and data privacy; it's not about having a tool to break the law. Reminds me of when some in the US was talking of Law Enforcement Access Keys being incorporated into cryptographic products. In Australia you can also end up in jail for not handing over encryption keys. -- Roscoe ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: RE: Two convicted in U.K. for refusal to decrypt data
the dragon wrote: And if you look at the cases reported, these are not system admins refusing to divulge data, or even regular people trying to protect their privacy - they are child molestors and wanna-be terrorists. If I read the news report at that link, I see the following: The former High Court judge did not provide details of the crimes being investigated in the case of either individual — neither of whom were necessarily suspects — nor of the sentences they received. Neither of whom were necessarily suspects, is the key thing. Sounds to me like you can also be forced to disclose encrypted information if it is thought you have incriminating evidence regarding somebody else. If this interpretation is correct, it goes very, very far. In The Netherlands, you can be forced to divulge /somebody else's/ password if they think you know that. The suspect can't be forced. [1] Still an interesting observation about other people's keys, I think. But increasingly off-topic for this list. I hope people can still appreciate it. Peter. [1] http://www.iusmentis.com/beveiliging/hacken/opsporing-politie/ (in Dutch) PS: Yesterday I accidentally sent this only to the dragon where I intended to send it only to the list. Let's try again :) -- I'm using the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.ewi.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
On Wed, Aug 12, 2009 at 10:46 PM, Joseph Oreste Brunijbr...@me.com wrote: [clip] http://www.securityfocus.com/news/11556 Not entirely on topic, but for those using GnuPG (or other encryption software), you should always keep abreast of the encryption laws of your country. [clip] Has everyone seen the Vanish project from University of Washington? http://vanish.cs.washington.edu/ If you haven't you should really give their paper a read, it's pretty interesting. The basic idea is that the key is random, and no-one actually needs to know it: it's broken up using secret sharing and dsitributed through a peer-to-peer network. The recipient can retrieve the shares and reconstruct the key for a one-time decryption, but over time, the shares should naturally leave the network and eventually the key is lost completely. I have my doubts, but I'm open to the possibility that it could work, and I'm very interested to see how law-enforcement will respond if it does. Will they force all p2p nodes to log everything, try to monitor networks themselves, or just plain make the system illegal? -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
On Thu, Aug 13, 2009 at 8:40 AM, the dragonce...@hotmail.com wrote: oops, didn't reply all... And if you look at the cases reported, these are not system admins refusing to divulge data, or even regular people trying to protect their privacy - they are child molestors and wanna-be terrorists. encrytion is about maintaining personal and data privacy; it's not about having a tool to break the law. [clip] If you truly believe that, then there's no reason not to hand over your encryption key immediately to your local police department. For that matter, turn over a copy of your house key too: that's about protecting you from the bad guys, not the police, right? Clearly I'm being a little extreme (ad absurdum) , but you need to re-read the article: it said the cases had to do with the crimes you mention, but it specifically didn't say that the people being charged with refusing to turn over their key were actually suspects. For all we know, they could be childhood school mates of the suspect who haven't seen him/her in thirty years. And, as many on this list have already pointed out, even if they were suspects, that in no-way means that they actually are child-molesters or terrorists, it means somebody things they might be. I could very well claim that there's a secret message coded in your lengthy email signature which admits to a vile crime; that doesn't mean you actually did it. Would you want to turn over all your encryption keys and passphrases just because I made some accusation? Clearly this is a tricky issue, because there are two important but conflicting values at stake: public safety and private rights. But I'd like to just keep one thing in your mind when this comes up; a little mantra to chant to yourself: I am innocent until proven guilty. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian Mearns wrote: On Wed, Aug 12, 2009 at 10:46 PM, Joseph Oreste Brunijbr...@me.com wrote: [clip] http://www.securityfocus.com/news/11556 Not entirely on topic, but for those using GnuPG (or other encryption software), you should always keep abreast of the encryption laws of your country. [clip] Has everyone seen the Vanish project from University of Washington? http://vanish.cs.washington.edu/ If you haven't you should really give their paper a read, it's pretty interesting. The basic idea is that the key is random, and no-one actually needs to know it: it's broken up using secret sharing and dsitributed through a peer-to-peer network. The recipient can retrieve the shares and reconstruct the key for a one-time decryption, but over time, the shares should naturally leave the network and eventually the key is lost completely. I have my doubts, but I'm open to the possibility that it could work, and I'm very interested to see how law-enforcement will respond if it does. Will they force all p2p nodes to log everything, try to monitor networks themselves, or just plain make the system illegal? If I remember correctly, wasn't something like this on Slashdot recently (or was it Vanish)? - -- Thanks Harry Rickards hricka...@l33tmyst.com GPG Key Info: pub 1024R/58449F6F 2009-06-12 uid Harry Rickards (OpenPGP Card) hricka...@l33tmyst.com sub 1024R/D775CCEE 2009-06-12 sub 1024R/9394048C 2009-06-12 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iJwEAQECAAYFAkqFfi4ACgkQ+9DWHFhEn2+dkwP/ZUImyBFwcV1CmfItKLbb6Sp7 YJdlmfrUNqOrEBwAKwkV3lFe4yyvLqw0Q7Pn3RsgFy1WMNqBuVMHr6AnoxFfnFF9 aq4iHUTkxzpy+oVOsqqj5aUHuijQzAjVQ93cYyWbRBA7suJlDD86gduWS0mUXnEH uTK6G1YrLvPQgnRU15o= =Uq97 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Joseph Oreste Bruni escribió: http://www.securityfocus.com/news/11556 Not entirely on topic, but for those using GnuPG (or other encryption software), you should always keep abreast of the encryption laws of your country. Unfortunately, it is not unusual people forgets the passphrases used to protect files, or secret keys... Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJKg8F1AAoJEMV4f6PvczxAsrEH/2ltwMl0GWt/VZU8wiTRfDcE X3F3ezKgd60zjb8NYZSm3PT4PcawC+Ta3MB5GHU7anhZG8+RTCM0lT0eg6fkSKT4 Q+/1WQqQ/PKgYIUbv9nxcug1zM7iTB1AcgcfitTRM8TLIhK4Y7fSorgA8ad2g/bv k66OzWgTgyNWwPlAANm1aGrJ9x/uTPj6z9WuMcKYywfOluu5b3Xv8jw7e2NZj9FN IBndZmK8+UOdb9iRtO9bm3FuxvHvTMmcoEcGmEUe0bdVMwJ+17nCSX75T2xiug+p KE9bbHgG1cTCN8sV1wRFJHrardqYUkzAc6lxgSFBTVS2H7x/pIViCHnFQCSgmps= =6pzl -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
Faramir wrote the following on 8/13/09 3:32 AM: [...] Unfortunately, it is not unusual people forgets the passphrases used to protect files, or secret keys... Best Regards Two people have been successfully prosecuted for *refusing* to provide U.K... Charly ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Two convicted in U.K. for refusal to decrypt data
oops, didn't reply all... And if you look at the cases reported, these are not system admins refusing to divulge data, or even regular people trying to protect their privacy - they are child molestors and wanna-be terrorists. encrytion is about maintaining personal and data privacy; it's not about having a tool to break the law. PSA: Salary Slavery. If you earn a salary, your employer is renting your services for 40 hours a week, not purchasing your soul. Your time is the only real finite asset that you have, and once used it can never be recovered, so don't waste it by giving it away. I work to live; I don't live to work. Time is the coin of your life. It is the only coin you have, and only you can determine how it will be spent. Be careful lest you let other people spend it for you. -- Carl Sandburg (1878 - 1967) It is impossible to defeat an ignorant man in argument. -- William G. McAdoo Religion is regarded by the common people as true, by the wise as false, and by the rulers as useful. -- Seneca I distrust those people who know so well what God wants them to do because I notice it always coincides with their own desires. - Susan B. Anthony Date: Thu, 13 Aug 2009 06:59:55 -0400 From: shavi...@mac.com Subject: Re: Two convicted in U.K. for refusal to decrypt data To: gnupg-users@gnupg.org Faramir wrote the following on 8/13/09 3:32 AM: [...] Unfortunately, it is not unusual people forgets the passphrases used to protect files, or secret keys... Best Regards Two people have been successfully prosecuted for *refusing* to provide U.K... Charly ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users _ Get your vacation photos on your phone! http://windowsliveformobile.com/en-us/photos/default.aspx?OCID=0809TL-HM ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
On Thu, Aug 13, 2009 at 06:59:55AM -0400, Charly Avital wrote: Faramir wrote the following on 8/13/09 3:32 AM: Unfortunately, it is not unusual people forgets the passphrases used to protect files, or secret keys... Two people have been successfully prosecuted for *refusing* to provide U.K... You are, of course, assuming that the reporting is correct in its implication that the defendants either admitted to having access to the keys, or that it has been proven that they do have the keys. I remember a lot of discussion at the time that the RIP bill was being pushed through about the difficulty of proving that you don't have access to a particular piece of information. The RIPA is a particularly nasty piece of legislation in this respect. -- David Smith| Tel: +44 (0)1454 462380Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 462305 Mobile: +44 (0)7932 642724 1000 Aztec West| TINA: 065 2380 GPG Key: 0xF13192F2 Almondsbury| Work Email: dave.sm...@st.com BRISTOL, BS32 4SQ | Home Email: david.sm...@ds-electronics.co.uk ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
On Thu, Aug 13, 2009 at 08:41:37AM -0500, the dragon wrote: If you're in control of the computer the files reside on, and were in control of it when the files were created and last accessed, the chances that you *don't* know the key for the encryption is so slim as to be nonexistant. So the people who come on gnupg-users asking for help because they've forgotten their passphrase or accidentally deleted their ~/.gnupg directory don't exist? I guess that's a new way of replying to them: You don't exist. Not forgetting the possibility of malicious intentions - trying to frame someone by putting encrypted data onto someone's computer and tipping off the authorities. -- David Smith| Tel: +44 (0)1454 462380Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 462305 Mobile: +44 (0)7932 642724 1000 Aztec West| TINA: 065 2380 GPG Key: 0xF13192F2 Almondsbury| Work Email: dave.sm...@st.com BRISTOL, BS32 4SQ | Home Email: david.sm...@ds-electronics.co.uk ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
the dragon wrote: If you're in control of the computer the files reside on, and were in control of it when the files were created and last accessed, the chances that you *don't* know the key for the encryption is so slim as to be nonexistant. Apparently I don't exist, then. I have files which were last accessed by me a year ago, for which I've forgotten the passphrases to the symmetrically-encoded data. It's just another example of people forgetting what they rarely use. I'm certain there are other people here in the same boat. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Two convicted in U.K. for refusal to decrypt data
If you're in control of the computer the files reside on, and were in control of it when the files were created and last accessed, the chances that you *don't* know the key for the encryption is so slim as to be nonexistant. peace, clark PSA: Salary Slavery. If you earn a salary, your employer is renting your services for 40 hours a week, not purchasing your soul. Your time is the only real finite asset that you have, and once used it can never be recovered, so don't waste it by giving it away. I work to live; I don't live to work. Time is the coin of your life. It is the only coin you have, and only you can determine how it will be spent. Be careful lest you let other people spend it for you. -- Carl Sandburg (1878 - 1967) It is impossible to defeat an ignorant man in argument. -- William G. McAdoo Religion is regarded by the common people as true, by the wise as false, and by the rulers as useful. -- Seneca I distrust those people who know so well what God wants them to do because I notice it always coincides with their own desires. - Susan B. Anthony Date: Thu, 13 Aug 2009 14:30:01 +0100 From: dave.sm...@st.com To: gnupg-users@gnupg.org Subject: Re: Two convicted in U.K. for refusal to decrypt data On Thu, Aug 13, 2009 at 06:59:55AM -0400, Charly Avital wrote: Faramir wrote the following on 8/13/09 3:32 AM: Unfortunately, it is not unusual people forgets the passphrases used to protect files, or secret keys... Two people have been successfully prosecuted for *refusing* to provide U.K... You are, of course, assuming that the reporting is correct in its implication that the defendants either admitted to having access to the keys, or that it has been proven that they do have the keys. I remember a lot of discussion at the time that the RIP bill was being pushed through about the difficulty of proving that you don't have access to a particular piece of information. The RIPA is a particularly nasty piece of legislation in this respect. -- David Smith | Tel: +44 (0)1454 462380 Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 462305 Mobile: +44 (0)7932 642724 1000 Aztec West | TINA: 065 2380 GPG Key: 0xF13192F2 Almondsbury | Work Email: dave.sm...@st.com BRISTOL, BS32 4SQ | Home Email: david.sm...@ds-electronics.co.uk ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users _ Express your personality in color! Preview and select themes for Hotmail®. http://www.windowslive-hotmail.com/LearnMore/personalize.aspx?ocid=PID23391::T:WLMTAGL:ON:WL:en-US:WM_HYGN_express:082009___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Two convicted in U.K. for refusal to decrypt data
So who is on with the plausible deniability project for gpg? I have to admit the thought of not being able to prove my innocence doesn't sound like a good prospect. Innocent until proven guilty just isnt an option anymore Michael Griffiths - IT Systems Administrator Direct dial: +44 (0) 113 2763422 | Office: +44 (0) 113 2710033 - Ext: 203 | Mobile: +44 (0) 788 1957504 Address: Arc House | Middleton Grove| Beeston | Leeds | LS11 5BX | UK Email: michael.griffi...@arc-intl.com Please consider the environment before printing this email. -Original Message- From: gnupg-users-boun...@gnupg.org [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of David SMITH Sent: 13 August 2009 14:50 To: gnupg-users@gnupg.org Subject: Re: Two convicted in U.K. for refusal to decrypt data On Thu, Aug 13, 2009 at 08:41:37AM -0500, the dragon wrote: If you're in control of the computer the files reside on, and were in control of it when the files were created and last accessed, the chances that you *don't* know the key for the encryption is so slim as to be nonexistant. So the people who come on gnupg-users asking for help because they've forgotten their passphrase or accidentally deleted their ~/.gnupg directory don't exist? I guess that's a new way of replying to them: You don't exist. Not forgetting the possibility of malicious intentions - trying to frame someone by putting encrypted data onto someone's computer and tipping off the authorities. -- David Smith| Tel: +44 (0)1454 462380Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 462305 Mobile: +44 (0)7932 642724 1000 Aztec West| TINA: 065 2380 GPG Key: 0xF13192F2 Almondsbury| Work Email: dave.sm...@st.com BRISTOL, BS32 4SQ | Home Email: david.sm...@ds-electronics.co.uk ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users To ensure an optimal service, the ARC INTERNATIONAL Group uses the most powerful antiviruses and antispam systems currently available. This message and any attachments (the message) are intended solely for the addresses and are confidential. If you receive this message in error, please delete it and immediately notify the sender. Any use not in accordance with its purpose, any dissemination or disclosure, either in whole or in part, is prohibited without formal approval. The internet cannot guarantee the integrity of this message; ARC INTERNATIONAL (and its subsidiaries) shall (will) not therefore be liable for the message if modified. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Two convicted in U.K. for refusal to decrypt data
Yes, and I'm sure that the government's (in any country) will word these cases in there own favour and make anyone who uses this technology look like the bad guys Michael Griffiths - IT Systems Administrator Direct dial: +44 (0) 113 2763422 | Office: +44 (0) 113 2710033 - Ext: 203 | Mobile: +44 (0) 788 1957504 Address: Arc House | Middleton Grove| Beeston | Leeds | LS11 5BX | UK Email: michael.griffi...@arc-intl.com Please consider the environment before printing this email. -Original Message- From: gnupg-users-boun...@gnupg.org [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of David SMITH Sent: 13 August 2009 14:30 To: gnupg-users@gnupg.org Subject: Re: Two convicted in U.K. for refusal to decrypt data On Thu, Aug 13, 2009 at 06:59:55AM -0400, Charly Avital wrote: Faramir wrote the following on 8/13/09 3:32 AM: Unfortunately, it is not unusual people forgets the passphrases used to protect files, or secret keys... Two people have been successfully prosecuted for *refusing* to provide U.K... You are, of course, assuming that the reporting is correct in its implication that the defendants either admitted to having access to the keys, or that it has been proven that they do have the keys. I remember a lot of discussion at the time that the RIP bill was being pushed through about the difficulty of proving that you don't have access to a particular piece of information. The RIPA is a particularly nasty piece of legislation in this respect. -- David Smith| Tel: +44 (0)1454 462380Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 462305 Mobile: +44 (0)7932 642724 1000 Aztec West| TINA: 065 2380 GPG Key: 0xF13192F2 Almondsbury| Work Email: dave.sm...@st.com BRISTOL, BS32 4SQ | Home Email: david.sm...@ds-electronics.co.uk ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users To ensure an optimal service, the ARC INTERNATIONAL Group uses the most powerful antiviruses and antispam systems currently available. This message and any attachments (the message) are intended solely for the addresses and are confidential. If you receive this message in error, please delete it and immediately notify the sender. Any use not in accordance with its purpose, any dissemination or disclosure, either in whole or in part, is prohibited without formal approval. The internet cannot guarantee the integrity of this message; ARC INTERNATIONAL (and its subsidiaries) shall (will) not therefore be liable for the message if modified. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
On 08/13/2009 08:40 AM, the dragon wrote: And if you look at the cases reported, these are not system admins refusing to divulge data, or even regular people trying to protect their privacy - they are child molestors and wanna-be terrorists. Some of them may molest children and some may want to be terrorists (is wanting to be a terrorist illegal in your jurisdiction?). Some of them may simply be accused of doing these things (or of other activities which you might find more or less offensive than molestation or terrorism-wanting). And perhaps they are accused incorrectly. It sounds like the innocent accused will still be at risk of conviction (for violating RIPA if not for their alleged crimes) if they choose to maintain personal and data privacy in the face of these accusations. encrytion is about maintaining personal and data privacy; it's not about having a tool to break the law. It sounds like the UK has made laws that target users of encryption whether or not those users have actually broken other laws. So in that sense, encryption *is* about having a tool to break the law, at least in the UK :( --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
Hi, Reference: From: the dragon ce...@hotmail.com And if you look at the cases reported, these are not system admins refusing to divulge data, or even regular people trying to protect their privacy - they are child molestors and wanna-be terrorists. Bollocks, To be charged is not necessarily to be guilty, The concept of fair trial presumend innocent until found guilty in a court of Law, must preceed assuming pronoun convicted applies to each charged. Better stick to technology. Cheers, Julian -- Julian Stacey: BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Mail ASCII plain text not HTML Base64. http://asciiribbon.org Virused Microsoft PCs cause spam. http://berklix.com/free/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Two convicted in U.K. for refusal to decrypt data
Yes, conspiracy to commit terrorism, or assisting terrorist organizations are federal felony crimes in the US. PSA: Salary Slavery. If you earn a salary, your employer is renting your services for 40 hours a week, not purchasing your soul. Your time is the only real finite asset that you have, and once used it can never be recovered, so don't waste it by giving it away. I work to live; I don't live to work. Time is the coin of your life. It is the only coin you have, and only you can determine how it will be spent. Be careful lest you let other people spend it for you. -- Carl Sandburg (1878 - 1967) It is impossible to defeat an ignorant man in argument. -- William G. McAdoo Religion is regarded by the common people as true, by the wise as false, and by the rulers as useful. -- Seneca I distrust those people who know so well what God wants them to do because I notice it always coincides with their own desires. - Susan B. Anthony Date: Thu, 13 Aug 2009 10:25:25 -0400 From: d...@fifthhorseman.net To: ce...@hotmail.com CC: gnupg-users@gnupg.org Subject: Re: Two convicted in U.K. for refusal to decrypt data On 08/13/2009 08:40 AM, the dragon wrote: And if you look at the cases reported, these are not system admins refusing to divulge data, or even regular people trying to protect their privacy - they are child molestors and wanna-be terrorists. Some of them may molest children and some may want to be terrorists (is wanting to be a terrorist illegal in your jurisdiction?). Some of them may simply be accused of doing these things (or of other activities which you might find more or less offensive than molestation or terrorism-wanting). And perhaps they are accused incorrectly. It sounds like the innocent accused will still be at risk of conviction (for violating RIPA if not for their alleged crimes) if they choose to maintain personal and data privacy in the face of these accusations. encrytion is about maintaining personal and data privacy; it's not about having a tool to break the law. It sounds like the UK has made laws that target users of encryption whether or not those users have actually broken other laws. So in that sense, encryption *is* about having a tool to break the law, at least in the UK :( --dkg _ Windows Live™: Keep your life in sync. http://windowslive.com/explore?ocid=PID23384::T:WLMTAGL:ON:WL:en-US:NF_BR_sync:082009___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Two convicted in U.K. for refusal to decrypt data
This is what the uk law has to say on the matter (see below) so I interpret it as this. You may not be guilty but if you don't give them the info they require in the format they require you are then guilty of that law. 3.1 Part III provides a statutory framework that enables public authorities to require protected electronic information which they have obtained lawfully or are likely to obtain lawfully be put into an intelligible form; to acquire the means to gain access to protected information and to acquire the means to put protected information into an intelligible form. 3.2 The specific provisions are: power to require disclosure of protected information in an intelligible form (section 49); power to require disclosure of the means to access protected information (section 50(3)(c); power to require disclosure of the means of putting protected information into an intelligible form (section 50(3)(c)), and power to attach a secrecy provision to any disclosure requirement (section 54). 3.3 Failure to comply with a disclosure requirement or a secrecy requirement is a criminal offence. Michael Griffiths - IT Systems Administrator Direct dial: +44 (0) 113 2763422 | Office: +44 (0) 113 2710033 - Ext: 203 | Mobile: +44 (0) 788 1957504 Address: Arc House | Middleton Grove| Beeston | Leeds | LS11 5BX | UK Email: michael.griffi...@arc-intl.com Please consider the environment before printing this email. -Original Message- From: gnupg-users-boun...@gnupg.org [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Julian H. Stacey Sent: 13 August 2009 15:39 To: the dragon Cc: gnupg-users@gnupg.org Subject: Re: Two convicted in U.K. for refusal to decrypt data Hi, Reference: From: the dragon ce...@hotmail.com And if you look at the cases reported, these are not system admins refusing to divulge data, or even regular people trying to protect their privacy - they are child molestors and wanna-be terrorists. Bollocks, To be charged is not necessarily to be guilty, The concept of fair trial presumend innocent until found guilty in a court of Law, must preceed assuming pronoun convicted applies to each charged. Better stick to technology. Cheers, Julian -- Julian Stacey: BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Mail ASCII plain text not HTML Base64. http://asciiribbon.org Virused Microsoft PCs cause spam. http://berklix.com/free/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users To ensure an optimal service, the ARC INTERNATIONAL Group uses the most powerful antiviruses and antispam systems currently available. This message and any attachments (the message) are intended solely for the addresses and are confidential. If you receive this message in error, please delete it and immediately notify the sender. Any use not in accordance with its purpose, any dissemination or disclosure, either in whole or in part, is prohibited without formal approval. The internet cannot guarantee the integrity of this message; ARC INTERNATIONAL (and its subsidiaries) shall (will) not therefore be liable for the message if modified. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
David SMITH wrote: On Thu, Aug 13, 2009 at 06:59:55AM -0400, Charly Avital wrote: Faramir wrote the following on 8/13/09 3:32 AM: Unfortunately, it is not unusual people forgets the passphrases used to protect files, or secret keys... Two people have been successfully prosecuted for *refusing* to provide U.K... You are, of course, assuming that the reporting is correct in its implication that the defendants either admitted to having access to the keys, or that it has been proven that they do have the keys. I remember a lot of discussion at the time that the RIP bill was being pushed through about the difficulty of proving that you don't have access to a particular piece of information. The RIPA is a particularly nasty piece of legislation in this respect. I've often wondered what the situation would be if you'd set your password to go and F**k yourself and were then required to provide it under the RIP bill. At the very least it would make for a very entertaining interview. -- David Smith| Tel: +44 (0)1454 462380Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 462305 Mobile: +44 (0)7932 642724 1000 Aztec West| TINA: 065 2380 GPG Key: 0xF13192F2 Almondsbury| Work Email: dave.sm...@st.com BRISTOL, BS32 4SQ | Home Email: david.sm...@ds-electronics.co.uk ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
On Aug 13, 2009, at 9:53 AM, michael GRIFFITHS wrote: So who is on with the plausible deniability project for gpg? I have to admit the thought of not being able to prove my innocence doesn't sound like a good prospect. Innocent until proven guilty just isnt an option anymore While I believe Perry Metzger was referring to the US courts, this post is still well worth reading. I doubt the situation is vastly different outside of the US: http://www.mail-archive.com/cryptogra...@metzdowd.com/msg10391.html David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
On Thu, Aug 13, 2009 at 02:44:44PM +0100, Iain Rae wrote: The RIPA is a particularly nasty piece of legislation in this respect. I've often wondered what the situation would be if you'd set your password to go and F**k yourself and were then required to provide it under the RIP bill. At the very least it would make for a very entertaining interview. The other thing to bear in mind is that there have been some recent cases of people impersonating policemen - so you do need to ask them to identify themselves and prove who they are. If you do not then you would fall foul of the data protection act. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 http://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php Past chairman of UKUUG: http://www.ukuug.org/ #include std_disclaimer.h ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Julian H. Stacey wrote: Hi, Reference: From:the dragon ce...@hotmail.com And if you look at the cases reported, these are not system admins refusing to divulge data, or even regular people trying to protect their privacy - they are child molestors and wanna-be terrorists. Bollocks, To be charged is not necessarily to be guilty, The concept of fair trial presumend innocent until found guilty in a court of Law, must preceed assuming pronoun convicted applies to each charged. Just another example of the thinking that says 'The Police wouldn't have charged Him/Her if they weren't guilty.' Not the sort of person You'd want on Your Jury; but probably a neighbor, friend, etc. This attitude is held by the vast majority of 'all people'. :( JOHN ;) Timestamp: Thursday 13 Aug 2009, 10:50 --400 (Eastern Daylight Time) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10-svn5068: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: Personal Web Page: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJKhChkAAoJEBCGy9eAtCsPNnQH/RQZKvkYc9et26rmKfp+snIZ iHh7EPTjDafjuZ5DJYVDMvU/iEWPRLFEhnjgods574zv2jh0ZqbPp5DqbfLTvx3Y ZPh48DKz53exnF2tcJ4xnRPE2ZRTnKUED0LKd0nD9X2Ddj4Bz8XekvvRmcWdAtE3 CQXNb/AXBjN9NEtqnnR7aUJTHIsfjR2OT4Yw+dJkV3tgAQt7nHXvEx7mQjgAV6bP M/KzB5ZxkdJYee5RAntjENQBTSh5+T9HN/4x2tHk/dtd5Tdd6J1LGdR5cFzEsxPw zRYRAcurr/X0pzhlvgoWYHO2z/n2Z9FCgMxPaQxxtIsdvQACADPyLg+2yU0OsM4= =3PGd -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/13/09 09:41, quoth the dragon: If you're in control of the computer the files reside on, and were in control of it when the files were created and last accessed, the chances that you *don't* know the key for the encryption is so slim as to be nonexistant. Scuze me? I thought this was the gnupg list! I'm sorta new at this stuff but I'm expecting just a bit more expertise from the people contributing to this conversation. First of all, I am running Thunderbird + Enigmail and I have gone out of my way to set Add my own key to the recipients to be OFF. I very much want email that I encrypt to others to not be readable by me at all. I am not a child pornographer or a terrorist and I do not have anything to hide except my own personal privacy. My personal choice is that if I send a message to someone and it is encrypted then I do *not*, by default, want to be able to see what I sent in my own sent-mail folder. If I want that option then I can simply Bcc myself when I send it. Second, I happen to be a Defendant in a case in US Federal Court. (Ever heard the phrase Don't make a Federal case out of it?) They did. And they're right now in the process of losing big time against us. My only regret is that when we were served and I had nothing to hide, I wish that some of my email that I was required to turn over as part of the Discovery process had been encrypted. I would dearly have wanted them to come to me and say Hey! This is encrypted so you have to decrypt it. and my response would have been Sorry Your Honor, but I have no ability to decrypt that message. It can only be decrypted by the recipient. And yes, when I first started learning about this stuff, I did initially add my key when encrypting and between Enigmail and gnupg.conf and gpg-agent.conf it actually took a bit to figure out how to shut it off. So, when we talk about chances that you *don't* know the key for the encryption is so slim as to be nonexistant, I think it's time for a few of us to take a step backwards and remember what the issue is here. As it sits right now, I do *not* know if the people who were in trouble in the UK are the encryptors or the decryptors and I also don't know if the encryptors even added their own keys to the message. - -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkqESM4ACgkQRIVy4fC+NyQ5xACfSeTYbNZAX7pqIVd5G2WQaS33 uvMAn2gYIW8xaOIUpKtz+qk23IXM2rsK =pXGO -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
On Thu, Aug 13, 2009 at 01:09:34PM -0400, Steven W. Orr wrote: Scuze me? I thought this was the gnupg list! I'm sorta new at this stuff but I'm expecting just a bit more expertise from the people contributing to this conversation. I think the point is that they were done under RIP and you can be prosecuted for refusing to hand over keys to encrypted systems. It's unlikely a judge would find you guilty (or a jury) if you didn't have the keys). All in the name of terrorism though ... Steve -- NetTek Ltd UK mob +44 7775 755503 UK +44 20 7993 2612 / US +1 310 857 7715 / Fax +44 20 7483 2455 Skype/GoogleTalk/AIM/Gizmo/.Mac/Twitter/FriendFeed stevekennedyuk Euro Tech News Blog http://eurotechnews.blogspot.com MSN st...@gbnet.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
On 2009-08-13, David SMITH wrote: So the people who come on gnupg-users asking for help because they've forgotten their passphrase or accidentally deleted their ~/.gnupg directory don't exist? I guess that's a new way of replying to them: You don't exist. Not forgetting the possibility of malicious intentions - trying to frame someone by putting encrypted data onto someone's computer and tipping off the authorities. http://news.zdnet.co.uk/internet/0,100097,2073974,00.htm In a stunt organised by the civil liberties group Stand, The Home Secretary Jack Straw was sent details to a crime Sunday that could earn him up to two years in prison if the controversial e-commerce bill were made law. ... According to Stand an encrypted email was sent to Mr Straw Sunday afternoon containing a confession to a real crime. The key to decrypt the message will be in Mr Straw's name. Stand will tip off the Metropolitan Commissioner of Police Monday, informing him that Mr Straw has important information about a crime. If the e-commerce bill were in place, Straw would be required to hand over the decryption key or face up to two years in prison. In principle, under the bill, Jack Straw would have to prove he never had the key in the first place. We are hoping this will help him understand that this is unworkable, an intolerable reversal of the burden of proof and against the Human Rights Act, Says Malcolm Hutty, spokesman for Stand. (September 1999) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Adam Funk wrote: On 2009-08-13, David SMITH wrote: /SNIP**/ Not forgetting the possibility of malicious intentions - trying to frame someone by putting encrypted data onto someone's computer and tipping off the authorities. http://news.zdnet.co.uk/internet/0,100097,2073974,00.htm In a stunt organised by the civil liberties group Stand, The Home Secretary Jack Straw was sent details to a crime Sunday that could earn him up to two years in prison if the controversial e-commerce bill were made law. ... According to Stand an encrypted email was sent to Mr Straw Sunday afternoon containing a confession to a real crime. The key to decrypt the message will be in Mr Straw's name. Stand will tip off the Metropolitan Commissioner of Police Monday, informing him that Mr Straw has important information about a crime. If the e-commerce bill were in place, Straw would be required to hand over the decryption key or face up to two years in prison. In principle, under the bill, Jack Straw would have to prove he never had the key in the first place. We are hoping this will help him understand that this is unworkable, an intolerable reversal of the burden of proof and against the Human Rights Act, Says Malcolm Hutty, spokesman for Stand. (September 1999) Highly interesting, this was the case before 9/11-2001. http://www.stand.org.uk/ is still online but has no stories about this case. See also: An open letter to Jack Straw. http://www.zdnet.co.uk/news/1999/38/ns-10235.html http://news.zdnet.co.uk/emergingtech/0,100183,2073973,00.htm === Surveillance: An open letter to Jack Straw ZDNN ZDNet.co.uk Published: 27 Sep 1999 11:25 BST The following is a copy of the letter sent to Jack Staw today by some particularly cheeky British privacy activists. It highlights an embarrassing flaw in the government's proposals for monitoring email communication and even promises Mr Straw a prison sentence for his troubles. Dear Mr Straw, How the E-commerce Bill could send YOU to jail... Please find at the end of the letter a confession to a crime, which has been affirmed by Statutory Declaration. The Commissioner of the Metropolitan Police has been informed that you are in possession of this information. You will not be able to understand the confession, because the words have been scrambled using a strong cryptographic key. This key was created in your name and has been registered on international public key servers. The police may come and demand that you supply the key required to make this message intelligible. If you fail to do so you would be committing an offence under the E-Commerce Bill rendering you liable to imprisonment for up to 2 years. The fact that you don't possess this key won't help you unless you can prove that you don't have it. I wish you well in proving that it isn't hidden away on a disk in your secretary's home, or squirreled away on the Internet somewhere. We might have sent it to you last week; but according to the Bill, the police won't have to prove you ever had it at all. Even if you can prove that you don't have it you would STILL be liable for imprisonment unless you give information to the police that enables them to decrypt the key. Unfortunately for you this is impossible, because we've destroyed all copies of the key in our possession. If the police ask you keep the demand to hand over the key secret, telling anyone would render you liable to five years in jail. So you couldn't complain, or explain your predicament, to the PM or Home Secretary, to the Chief Whip or a journalist, or even to another policeman. Happily for all of us, the E-Commerce Bill has not yet been enacted by Parliament, so we have not in fact set you up for jail time. The Bill will be introduced in the coming session. I hope this exercise has demonstrated some of the drafting flaws in the Bill as it stands, copies of which are available from the DTI. I hope we have also demonstrated that it is not the perpetrators of crime who would suffer under these draconian new powers, but innocent parties who are in receipt of communications from miscreants. This is why such sober organisations as BT, Hewlett-Packard and Microsoft have publicly criticised the Bill at each stage of its development. I trust that when the Bill reaches the House we can rely on your most careful scrutiny. Further analysis is available on our web site at: http://www.stand.org.uk/. I am, Sir, Your most obedient servant, Malcolm Hutty === A well explained example get email of target to convict, create a key, confess a crime and submit. http://keyserver.pramberger.at/pks/lookup?search=Jack+Straw === evan facebook has a discussion of the topic: http://www.facebook.com/posted.php?id=54487688497 http://news.zdnet.co.uk/internet/0,100097,2073915,00.htm === If someone who didn't
Re: Two convicted in U.K. for refusal to decrypt data
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 the dragon escribió: oops, didn't reply all... And if you look at the cases reported, these are not system admins refusing to divulge data, or even regular people trying to protect their privacy - they are child molestors and wanna-be terrorists. Should I infer from that there where already proof about their guilt? encrytion is about maintaining personal and data privacy; it's not about having a tool to break the law. I agree. That's not the part that worries ME. Faramir wrote the following on 8/13/09 3:32 AM: [...] Unfortunately, it is not unusual people forgets the passphrases used to protect files, or secret keys... ... Two people have been successfully prosecuted for *refusing* to provide U.K... Charly What worries me is, if somebody is unable to decrypt the files, it may be interpreted as refusal to decrypt it. And how can you prove you are willing to obey, but you can't do it because you forgot the password? If somebody say I refuse to decrypt the data, ok, it's their fault. But would police believe it if somebody say sorry, I forgot the password? Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJKhOFKAAoJEMV4f6PvczxAW/YH/1qhvobZgSPlKy5vl8KH6RmP ++uVoXNPA9oR1/xkUKzlMj2pASHVGWA7kfo9ituJm5SHyE57RQ07HhbxOP2vQ2+C qm8rNPDIHcDr1G7hKgI3Dh+YrF4tuSo0ZfRRMM2VM3sNzL/RxWu4pPnvNjTdtok2 NRKiJx0d5WGWCkGqhvg4tLDGOwFGXCxwGGhFUYUPCuRPC7bKWMRzNmwPgJx9gsSv R7NVDMhBqQiSF1q8ZtLkQ0ub3w0oRN5SKcU58ayvAt8/yUPNLUryAbqu71aeT6tU zmmCPE4EdDclQNqfrjcSMNGR5WOrCtbfsCHvJ1CmJbI/THFxcZAZI3dvwKcnV/E= =nEiK -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 the dragon escribió: If you're in control of the computer the files reside on, and were in control of it when the files were created and last accessed, the chances that you *don't* know the key for the encryption is so slim as to be nonexistant. My point is about all the messages we have seen here, saying I forgot my passphrase, how can I recover my secret key?. Of course in normal circumstances people should be able to decrypt the data, but it is not unusual to hear about somebody who forgot the passphrase or lost the secret key (that's the reason why usually people recommends revocation certificates at the time of the key creation). Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJKhOabAAoJEMV4f6PvczxAZiAIAJMkPtLVXg+rVCc+NhVawYoM lXWCIKBOUCYlpHrju3QZiiGJORk/5VQrZGwyC1keLu8nmWC4ZqVsQjO74QS5P1Co KtQJI0Ym1/3hv19mHFTDXM4v0J5bmRzS4qe6zmb7AeJV/DO/DLLKNyNJzTp7EzKx qZhVNqx2IcLB0xdcxpWMOsccQDo9Qancoq9v0Sg3H3l5UcuYu25MUXAIjvnKWe3V dMxQDz6UtsZJlJcztZbl2VyP9AB4mwqMBlhZewHCC7vZNSfI6NvA/PMD1U6jO5DB epJxenCWkoYSHT/aw+hUjjffEahOcmwoEpsnYUGqV4T56LIBm8T+cmiIuoPTGMc= =X6X4 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 michael GRIFFITHS escribió: This is what the uk law has to say on the matter (see below) so I interpret it as this. You may not be guilty but if you don't give them the info they require in the format they require you are then guilty of that law. ... 3.3 Failure to comply with a disclosure requirement or a secrecy requirement is a criminal offence. In other words, forgetting the passphrase is a criminal offence... Maybe people should keep an unprotected copy of their secret keys, just in case of having a small cerebral infarction... Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJKhOoGAAoJEMV4f6PvczxAtlEH/AmgzLNuf4RpmmdGWOWwhXaC vci/yyKvy6ubS+mqr18Z38XqQdk/Sebd79or0N1KaFDkLP+pVzS2BpEVN0LdmZLe uV1GfBupPsykRvpCuB+67W78HdGyZzWKfzlbJevrfr0Sp4vOQAaA4LKcF6wrwyUC LokZ1Rz+2lVqYmI+9CeVo27+kct8lXkn77S1fgVyWNYPLglxP3e80pN92twOEhfI dD3oMIh4HP6Ijwx98BMk4tEEcf90H2uW7OhfAPeNZXuf/Khc5cJEp7IHfPC1DZOf WglFfUdy6hJYXrjI1hsmPC9PG+d6W8XiMJ24KgaDa61UYdpoVYUNC7Hjba4FVCk= =jwtz -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
One might point out that TrueCrypt offers astounding capabilities for hiding data, which the margin of this note is too small to contain. http://www.truecrypt.org/ http://www.truecrypt.org/docs/?s=plausible-deniability --dan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Two convicted in U.K. for refusal to decrypt data
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 http://www.securityfocus.com/news/11556 Not entirely on topic, but for those using GnuPG (or other encryption software), you should always keep abreast of the encryption laws of your country. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) iQEcBAEBCAAGBQJKg36cAAoJEFGV1jrNVRjHWIUIAJLGzlNq50u6wKkFMNE6BIFE RR1urE7EXngtZIvIrtRz97stReP2iJITQ0sfZUzwSziJ4DkB77jZCwHnQ0/SfT3z u0WY2nIdP0924Ff6+Wgu+jZUr7/oYbLgv/o0j1JeXyKm+nsLVu4TlR2iJg6urr45 vXLPAgyYK3ETLExAiXRMsbhIs/Lmbs1p/6DHFNANOzdiSdlCX4xY1B+nBxj1dbWt nHFCHXsApzOgzB+zIPXpbs0kzvzVIVzxqu4hk6hGaQlP4C1boowiDcCrOgfDt5cW WaUJpJ3mM+Wiold7GCdtcHL87zz7mlFH7CX9p8GrouSduzhgCEcM0HW5iqtXh5E= =Y3sE -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users