This is why the Regulation of Investigatory Powers act is such a farce. If the police showed up at *your* house, said you had encrypted materials and required you to decrypt it – but you don’t know what it is or have a password to give them, you can go to jail just like this chap. Given that you wouldn’t necessarily need software installed or a file called “secret stuff” there (you can encrypt and hide data in lots of different types of file or even hidden partitions on the HD, how on earth could you prove your innocence? Complete reversal of the usual “innocent until proven guilty” burden of proof.

In his case, assuming he’s protecting dodgier stuff that would warrant a longer sentence, this is a nice way of bypassing all that. Bonkers.

He was witholding evidence? Something to hide huh? Deserves all he gets (and a beating in jail I hope).

Take it you got bullied a lot at school and that’s why you joined the police, then. You’ve obviously feel the need to insult people but don’t have the whit or physical presence to actually defend yourself without the authority granted to you by your job. Why don’t you take some counselling or something. You never know, maybe it’ll make you happier in the long run.

Oooooh someone got out of bed the wrong way this morning!!! LOL!
oh, and you couldn’t be more wrong. Didn’t get bullied, its got nothing to do with “defending” myself (what’s that about?), I just know how search warrants work and what you can and can’t do under PACE (Police and Criminal Evidence Act). Just because someone knows their job does this mean they need counselling? 😀
And I’m not even a policeman!

And I’m not even a policeman!

No, he’s a lot, LOT worse than that! 😉

If the householder had tried to prevent us from searching anything else in the house that was under the jurisdiction of the warrant then then could (and have been in the past) be charged with obstruction. And that’s the same if I’m investigating something using the powers that I have with my personal warrant, as long as I am complying with the law as described by the Act under which my warrant is authorised.

The maximum penalty for obstruction is 1 month imprisonment and the Magistrates’ guidelines suggest a fine.

Complete reversal of the usual “innocent until proven guilty” burden of proof.

I don’t think it will be. In order to bring this prosecution for failing to provide the password (and is it the only thing that was withheld – we don’t know the whole case) then the police would have to have pretty compelling evidence that the person involved was withholding something he obviously knew. I don’t know what that would be, but if, for example, there was one PC which you said was yours and no-one else used it but it was found it then needed a password to enter it (maybe the whole OS) and you refused to give it then you may then have the evidence.
What may, and I’m guessing from knowing how these people talk to you anyway, is that this guy probably bragged that the police would never get it so they knew full well he knew the password.

robdob – Member
If the householder had tried to prevent us from searching anything else in the house that was under the jurisdiction of the warrant then then could (and have been in the past) be charged with obstruction. And that’s the same if I’m investigating something using the powers that I have with my personal warrant, as long as I am complying with the law as described by the Act under which my warrant is authorised.

Could you force him to tell you the combination to his safe and imprison him if he doesn’t?

Oooooh someone got out of bed the wrong way this morning!!! LOL!
oh, and you couldn’t be more wrong. Didn’t get bullied, its got nothing to do with “defending” myself (what’s that about?), I just know how search warrants work and what you can and can’t do under PACE (Police and Criminal Evidence Act). Just because someone knows their job does this mean they need counselling?
And I’m not even a policeman!

I did get out of bed on the wrong side this morning and being called a fool by someone who couldn’t even answer my question didn’t improve my mood. For the third time, how do you tell if data was downloaded intentionally or if it was downloaded by a virus?

how do you distinguish between data that someone intentionally downloaded and data that was downloaded by a virus?

Can’t comment on the Old Bill’s L33T hacking skills, but I’d say that’s fairly straightforward. “Is there a virus” for a start.

Stuff downloaded intentionally and saved, stuff browsed and then discarded, and stuff snagged by a virus will all be different behaviour, stored in different places at different times. All it’d take to clear a name would be a file creation date where he’s got an alibi.

Cut his cock off with a rusty spoon. He looks guilty. Enough for me.

But given that it’s straightforward to hide this stuff away and have an otherwise working, normal PC (see here) – it would be perfectly possible for the police to suspect you of wrongdoing and demand an encryption key that you don’t have.

How do you prove that something hidden isn’t there? How do you prove that you don’t know a password rather than refuse to disclose? If police turn up with a search warrant, you can let them into your house and give them as long as they want to look through and try to find things. With this, they’ll stand over you requiring you to decrypt or you face jail for non-compliance.

Has everyone forgotten their tinfoil hats today?

I was also surprised that this is an offence, but after reading the story, it seems reasonable (in this case)

A 50 character password (assuming a 50ish sized character set) would give you (approximately) 26,500,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000
possible combinations…,

So a fair bit of work to crack, especially if they are unable to automate the process.

And lets be frank here, most that any of us do are ‘hide’ files from the misses.

What if you genuinely had forgotten the password?

How do you prove you have forgotten something, rather than are just refusing to disclose it?

Genius imo! Surely the police would be able to crack the password. If they cant crack into a computer what hope is there!!

For the third time, how do you tell if data was downloaded intentionally or if it was downloaded by a virus?

Well, I know smeg-all about computers, but even I can think of a couple of ways you could tell, for a start!

A 50 character password for a start means hes overparanoid about something isn’t he?

A virus would have to download a set of web url’s into the browsers immediate history, into the hardrive, add in attached pics throughout the hardrive with various dates to show/simulate a viable viewing history no?

OK, let’s say the authorities can without a doubt prove that you intentionally downloaded child pornography (afterall, the justice system never makes mistakes).

Let’s say instead that he did have something to hide but not pornography. Let’s say he has Asperger’s syndrome and there is evidence on your computer that you’ve been hacking into US government computers looking for evidence of UFOs a la Gary McKinnon

http://en.wikipedia.org/wiki/Gary_McKinnon

If it was a choice between giving them the password and being extradited to spend the next 70 years in a US prison then I think I’d be a bit hesitant about giving up the password. I’d take the 16 weeks and the risk of being strung up from the nearest lamp post by the torch and pitchfork brigade.

It’s going off on a tangent I know but what can I say, I have absolutely no faith in the UK justice system in general and specifically when it comes to computer crime and I can understand anyone who wants to protect their privacy when it comes to computers.

wonder if it’s possible to have a “bomb key”

i.e. a correct password will unlock the computer, whereas the bomb key will nuke the harddrive?

He should have just thrown his computer in the bath, that’s what they usually do when plod comes a knockin’.

Its not impossible for a virus to make it look like someones downloaded this stuff.

There was a case recently where someone had put indecent images on someones computer to get them into trouble. It was a rubbish attempt, and he got caught, but proves there could be a motive for doing so.

Not saying whats happened here though.

wonder if it’s possible to have a “bomb key”

i.e. a correct password will unlock the computer, whereas the bomb key will nuke the harddrive?

Since the police remove the hard drive before carrying out any investigation (as just starting up the machine alters so many files), they’d probably notice the ‘bomb’…

hora – Member
A virus would have to download a set of web url’s into the browsers immediate history, into the hardrive, add in attached pics throughout the hardrive with various dates to show/simulate a viable viewing history no?

No.

PeterPoddy – Member
Well, I know smeg-all about computers, but even I can think of a couple of ways you could tell, for a start!

Such as?

BruceWee – Member

OK, let’s say the authorities can without a doubt prove that you intentionally downloaded child pornography (afterall, the justice system never makes mistakes).

Let’s say instead that he did have something to hide but not pornography. Let’s say he has Asperger’s syndrome and there is evidence on your computer that you’ve been hacking into US government computers looking for evidence of UFOs a la Gary McKinnon

http://en.wikipedia.org/wiki/Gary_McKinnon

If it was a choice between giving them the password and being extradited to spend the next 70 years in a US prison then I think I’d be a bit hesitant about giving up the password. I’d take the 16 weeks and the risk of being strung up from the nearest lamp post by the torch and pitchfork brigade.

It’s going off on a tangent I know but what can I say, I have absolutely no faith in the UK justice system in general and specifically when it comes to computer crime and I can understand anyone who wants to protect their privacy when it comes to computers.

Yep, spot on.

He didn’t take it to PC World did he?

The last sentence on this page is interesting

http://www.yourrights.org.uk/yourrights/the-rights-of-suspects/the-rights-of-suspects-in-the-police-station/curtailment-of-the-right-to-silence.html

wonder if it’s possible to have a “bomb key”

I imagine Paedo’s have researched/visited forums under the guise of ‘I’ve had my bank details phished countless times and want extra security’ then shared this info with each other on their own forums to find the best security means.

Or..

They could just use the dodgy rockstar argument that they were researching a book.

PeterPoddy – Member
Well, I know smeg-all about computers, but even I can think of a couple of ways you could tell, for a start!

Such as?

Well, the documnets I have on my PC here are linked back to me, if I created them (Sensitive material is not necessarily downloaded at all. In fact, I know of one person who runs 2 PCs, one of which is never connected to the internet, for security reasons)

Browser history

🙂

I must admit this concerns me.

I have a number of files on my computer for which I have forgotten the password. I keep them there in the hope I’ll find the original key. They’re database, not nasties 🙂

Also, at one stage I was using a remote desktop system to control a computer in Oz. All files were downloaded on to it there and there was nothing on my computer.

Assuming some basic hacking skills, what was to stop me using a remote desktop to hide encrypted nasty pics on say a neighbour’s computer, and enjoy browsing them from my computer. Wouldn’t he get a lovely surprise when asked for the password? So the question is how can they prove he actually put those pics there?

Someone else didn’t put them there, he refused to give the police the password as he had dodgy stuff on his PC. What’s the issue?

I must say the Court wouldn’t have sentanced him just for not revealing it.

They would have traced his IP address to a site(s)- possibly using a trojan/trick site themselves? Also, he might have used a credit card etc to access certain sites.

Otherwise one could say ‘I really can’t remember as stupidly I made it too complex’.

as he had dodgy stuff on his PC

This assumption – that’s the problem

PeterPoddy – Member

PeterPoddy – Member
Well, I know smeg-all about computers, but even I can think of a couple of ways you could tell, for a start!

Such as?

Well, the documnets I have on my PC here are linked back to me, if I created them (Sensitive material is not necessarily downloaded at all. In fact, I know of one person who runs 2 PCs, one of which is never connected to the internet, for security reasons)

Browser history

🙂 most browsers have ‘private’ or ‘incognito’ modes now where no cache or history is kept. But, that is assuming he used the web to download, equally could have been IRC, FTP, BitTorrent or any number of protocols.

Anyway, the real point here is that just having something on your computer is not proof that it was you who put it there, same as having something on your desk at work is not proof that you put it there.

IP addresses can easily be hidden with Tor or similar, bot-clients can easily download stuff on behalf of remote users etc etc.

It would be pretty trivial to create a script which run at 2 am, set the clock to a time when victim would have been at the computer, pop up the browser, download dodgypic.jpg, set the time back to being correct then erase itself. It would appear that the files had been downloaded when the original user was present.

They would have traced his IP address to a site(s)- possibly using a trojan/trick site themselves? Also, he might have used a credit card etc to access certain sites.

Or somebody else could be using his pc (and hence IP address) as a relay

God, there’s some really silly schoolboy dog-ate-my-homework stuff on here.

It won’t be a single factor (eg that he refused to give the password) that will have been used to convict the bloke but rather a whole series of facts/information, put together for the jury to make a decision that goes beyond reasonable doubt.

Anyway, the real point here is that just having something on your computer is not proof that it was you who put it there, same as having something on your desk at work is not proof that you put it there.

thats not the issue here – he is not saying that stuff on his computer was put there by others, he is refusing to give his password

I don’t know this law in detail but for it to stand up alongside the rest of UK law they police will have to show that he knew the password and that he was wilfully withholding it

to get the warrant in the first place they must have had reasonable grounds for suspicion.

Ah, I see, it’s a conspiracy. The Freemason lizards planted it on his PC.

TandemJeremy – Member
thats not the issue here – he is not saying that stuff on his computer was put there by others, he is refusing to give his password

Yes, I phrased that post badly, what I put there was in reply to Peter who said “Well, I know smeg-all about computers, but even I can think of a couple of ways you could tell, for a start! “

TandemJeremy – Member
I don’t know this law in detail but for it to stand up alongside the rest of UK law they police will have to show that he knew the password and that he was wilfully withholding it

So this law has taken away the right to silence? I think that was my original point!

GlitterGary – Member

😆

GlitterGary – Member

Ah, I see, it’s a conspiracy. The Freemason lizards planted it on his PC.

No, Illuminati. Derp.

I suggest he be held in custody until the password is cracked.

Rubbish. Don’t write about things you obviously know nothing about.
Searching a house recently under the authorisation of a court search warrant meant the only things I couldn’t read were letters to and from the householder’s solicitors, as it could be private discussions between a defendant and his legal advisor.

So, how will you know what letters are of that type, without reading them?

You’d have to have a warrant stating specifically what you are in the house to search for. You would only be allowed, by law, to search for specific things; IE if you were searching for a stolen TV, then you’d have no legal power to search in someone’s underwear drawer. Granted, a computer could have details of all sorts of crimes so could easily fall under a warrant’s list of things to search/take.

I suppose if you were investigating a fraud, then all sorts of pieces of paper might contain relevant information. As might a personal diary. Certainly, information not relevant to any investigation can never be revealed. Trouble is, people can’t be relied upon to keep their mouths shut. And these days, far too many others can get access to sensitive and private information, it seems. Under Right To Privacy Laws, you can prevent someone having access to your personal information if you can present a strong enough case that there is a significant risk of the private nature of that information being breached. Such as medical records, information relating to a person’s sexuality, etc.

What do you do, Robdob? You’re not a copper are you? 😯

RE this particular case; it is correct that this bloke is done for obstruction under current UK Law. He has no defence on that one. But it does open up the whole right to privacy debate once more.

Meanwhile, data protection/security software companies are doing quite well I understand…