[Gllug] Editors

[Kieran Barry]

On Tue, 31 Jul 2001, Tom Gilbert wrote:

> * Kieran Barry (kieran at esperi.demon.co.uk) wrote:
> > > > is it now? what happens if there is a good chance you will nock the
> > > > government out of office? surely they can use the law enforcement
> > > > forces to get all your encrypted data, not as far fetched as you may
> > > > thing. Just think back to the 30's in a country not that far away!
> > > 
> > > Conspiracy theories. Boring.
> > 
> > You are so naive, it's amazing.
> 
> Thanks for the troll.

Thanks you!
> 
> > Read up on the Birmingham Six. Read about the "appalling vista"
> > judgement by Denning. (The suspects were covered in bruises. Prison
> > officers were charged with assault. They were acquited. This meant that
> > the convicted "murderers" must have been assaulted by the police. When
> > proceedings got to Denning, Master of the Rolls, head of the appeal
> > court, he said that it was so embarassing, he wouldn't allow the case to
> > be heard. 15 or so years later, he said they should have been hanged to
> > avoid the hassle. Forensic tests proved that the "confessions" were not
> > records of interviews, but composed out of order by the police.)
> 
> I know all about that stuff. All this is saying is that we need to
> police the police. Fine, I don't argue with that. What it has to do with
> encrypted data is beyond me.

I need clarification here:

You are saying that we need to control the police? This is the first 
backdown we've seen here on this.
> 
> > What happens if a police officer comes in following a laptop theft. In 
> > the lift, you make a joke that he thinks takes the piss. He
> > asks you to examine all files on all backups. (This is unreasonable, but
> > in the context of the police suggesting that everyone make 7 years'
> > logs available, not impossible.) Kiddie Porn is found in /usr/local. Is
> > this what you want?
> 
> Do you think I'm stupid? I don't give accounts to anyone who would do
> such a thing, ever.

You join a company. First job is to commision a machine, and give
accounts. How do you identify someone who looks at such sites?

But you're not naive...
>  
> > Have you or any of your friends ever bought illegal drugs? If you have
> > nothing to hide, please make available details of every financial
> > transaction over UKP1 in value for the last ten years.
> > 
> > Do you have any pirate software on your boxes? BSA need to audit you.
> > And they'd like to install daemons (which are probably insecure) to 
> > log which files are copied to your hard disk.
> > 
> > Remember, anyone who objects must have something to hide...
> > 
> > If you haven't done anything wrong, you have nothing to fear...
> 
> I don't think every financial transaction over UKP1 I have made is any
> use to anyone, and frankly, with loyalty cards and customer tracking
> most of it's out there anyway. What the hell do I care?
> 
Are you refusing? It's only a little work. What are you hiding?
(This is a policy _you_ defended a couple of posts ago.)

> Of course I don't have pirated software on my boxes. I run linux.
> 
Are you a sysadmin? Are you guaranteeing never to be hacked?
Of course, you're not naive....

> I'm not advocating big brother here. As I've been saying throughout this
> whole thread - I simply believe that the authorities must have the
> ability to see the contents of encrypted partitions when there is
> suspicion (and some body of proof) that someone has been involved in
> illegal activity, because otherwise that encrypted partition lets you
> literally get away with murder.

That is not the case. You get away with murder if the only evidence is
in the encrypted partition. Anyone who can shoe-horn body, murder
weapon, witnesses, scene-of-crime etc into a seagate has clearly taken
Moore's law further than we thought possible.

RIP is about giving GCHQ access to encrypted data streams without
controls. Did you know that telephone tap transcripts cannot be admitted
in British court? The spooks fought to keep this. They don't want any
info about what they intercept leaking out.

Miss Marple style bodies-in-a-hard-disk cases aren't all that common.
> 
> I have also said that the RIP act is slightly ambiguous and needs to be
> cleaned up, but I do strongly feel that it or something like it is
> required.
> 
I'd missed these heartfelt pleas for a better law, so perhaps you'll
recap.

Cleaned up covers a lot of stuff. What did you say needed doing?

1. Oversight of a judge on intercepts?
2. An appeal procedure if a sysadmin is told he cannot inform anyone
that he has to intercept.
3. The police to pay the costs for intercepts.
4. New regulations under RIP to actually be debated in parliament? (RIP
allow the Home Secretary to simply introduce secondary legislation into
the house. It will then go to a vote without debate.
5. The fact that non-production of a key is an offence. The crown only
needs to prove you previously had said key.
6. The fact that RIP doesn't specify how a formal interception request
should be served. Literally, the old Bill can write one on a fag packet.
7. The fact that RIP doesn't specify how to verify an interception
request.
8. The fact that it is an offence to tell anyone about an interception
request, if you're told not to.

And those are just off the top of my head, a year later. 

Which of these do you consider so quaintly "ambiguous"?

 > The idea that the police can (with a warrant) search your
pockets,
> search your house, run forensic tests on the boot of your car, but not
> see what's on your hard disk is stupid and indefensible and that has
> been my point all along. Of course, as usual, out come the total freedom
> nuts and it all goes to pot =D

I am not a freedom nut. I'm all in favour of warrants. Check the
archives of UKcrypto where I discussed this with the Home office team.

But, of course, you're not naive.

And I'm the troll.

Regards

Kieran


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug