ROS app could scupper encryption lawBy Chris Williams. Published: 21st May 2006, 17:54:00 | Permalink | Printable
We're not going to mention the T wordCivil liberty defending RISC OS users believe they can continue to protect their encrypted data despite the government's desire to force individuals to hand over their encryption keys. The Home Office is hoping to activate the controversial part three of the Regulation of Investigatory Powers Act, which until now has remained dormant after it caused outrage from privacy advocates.
The section in question gives the police the power to demand encryption keys or decrypted data from people and organisations - the penalty for refusing to comply is up to five years' imprisonment.
However, Birmingham University's Dr Nat Queen said: "This attack on personal privacy can be defeated by programs that provide plausible deniability. I for one will never hand over encryption keys or encrypted data which I don't want anyone else to see."
Dr Queen believes his Stealth software renders the legislation ineffective because his application can hide multiple encrypted documents in a larger innocent file, with no way of finding out how many files are hidden.
Each document in the 'container' file can be protected with an individual pass-phrase using a process called steganography; if a person is forced to reveal the encrypted contents, they can simply unlock one or more dummy files while keeping the sensitive information protected.
In a mailing list post, he said: "The user can reveal a few insignificant files under duress, but the secret police can never prove whether or not any more exist. Even torturing the user is pointless, because the victim has no way to prove that no more exist when all the passphrases have been revealed. The source code is public, and the secret police will know this."
A program equivalent to Stealth exists for Linux, and Dr Queen said he was not aware of any other similar programs for other platforms.
It gets political
The government said it is holding a consultation, and will review the results of this process before deciding on how to press ahead with enabling part three of the RIP Act.
In parliament last week, Home Office minister Liam Byrne said: "The use of encryption is proliferating. Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of part three of RIPA, which is not presently in force."
Encryption expert Peter Fairbrother said: "It is, as ever, almost impossible to prove 'beyond a reasonable doubt' that some random-looking data is in fact ciphertext, and then prove that the accused actually has the key for it, and that he has refused a proper order to divulge it."
Speaking to ZD Net, Richard Clayton, a security expert at Cambridge University, added: "The police can say 'We think he's a terrorist' or 'We think he's trading in kiddie porn', and the suspect can say, 'No, they're love letters, sorry, I've lost the key'.
"How much evidence do you need [to convict]? If you can't decrypt the data, then by definition you don't know what it is."
Dr Queen's software
ZD Net: Government to force handover of encryption keys
Previous: RISC OS 3 caught running on Amiga hardware
Next: Microdigital boss turns makeover gardener
DiscussionViewing threaded comments | View comments unthreaded, listed by date | Skip to the end
Please login before posting a comment. Use the form on the right to do so or create a free account.
Search the archives
Today's featured article
Being a DJ with RISC OS
The people want entertaining. Jon Wright has the solution
36 comments, latest by jonix on 25/11/03 10:42PM. Published: 22 Nov 2003
STD reveal USB, NIC, IDE combo-podule
Silicon tonic for the aging RiscPC [Updated] Trade-in options
38 comments, latest by mfraser on 09/04/04 08:11AM. Published: 31 Mar 2004
News and media:
RISCOS Ltd •
RISC OS Open •
MW Software •
Advantage Six •
CJE Micros •
Liquid Silicon •
Chris Why's Acorn/RISC OS collection •
The Register •
The Inquirer •
Apple Insider •
BBC News •
Sky News •
Google News •