LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Security quotes of the week

Security quotes of the week

Posted Jul 19, 2012 23:05 UTC (Thu) by jake (editor, #205)
In reply to: Security quotes of the week by nix
Parent article: Security quotes of the week

> Note that the UK government has never prosecuted anyone under RIPA
> for refusing to provide encryption keys to files full of astronomical
> noise, and if they tried to do so the judge would laugh them out of court.

is there some foolproof way to distinguish between an encrypted file and one containing astronomical noise?

jake

(Log in to post comments)

Security quotes of the week

Posted Jul 19, 2012 23:16 UTC (Thu) by nix (subscriber, #2304) [Link]

No, but the law does not require 'foolproof'. That's why judges have discretion, and why laws that prevent judges from exercising that discretion are so bad.

(Honestly, the police aren't likely to realise that a bunch of random noise *is* encrypted unless it has a header from a major encryption program attached to it, and if you keep files of astronomical noise around you probably have a reason for it which you can tell the judge. Most people don't keep files of white noise lying around just for the hell of it. Now the law *is* evil: among other things, it presumes that people who keep encrypted stuff around are either hiding something from the police or don't mind the police rifling through their private stuff, which is an unjustified assumption. But it's not *quite* as bad as all that, and Falkvinge's complaint is making a mountain out of, not a molehill, but a worm cast.)

Security quotes of the week

Posted Jul 20, 2012 0:09 UTC (Fri) by jake (editor, #205) [Link]

> Honestly, the police aren't likely to realise that a bunch of random
> noise *is* encrypted unless it has a header from a major encryption
> program attached to it

hmm, you seem to have some faith in police and judges that I lack I guess ... since you can't *prove* in any sense of that term that any random data you have lying around isn't some kind of encrypted "bad stuff" (defined, of course, by said police and judges), it just gives them license to lock you up for not providing the "key" should they wish to ...

not at all saying this is some UK-specific problem, btw, I imagine these kinds of games could be played anywhere ...

jake

Security quotes of the week

Posted Jul 20, 2012 13:06 UTC (Fri) by nix (subscriber, #2304) [Link]

Note that judges in the UK are not elected, so don't have to pander to the lowest common denominator, make every decision in the light of future election campaigns, and so forth. Faith in the judiciary in the UK is a *lot* higher than in the US, and is not declining. This may not always be justified, but the judiciary (the libel-tourist-friendly antics of Mr Justice Eady notwithstanding) is a lot more trustworthy, and trusted, than most other arms of UK public life right now.

suspicious-looking random files

Posted Jul 21, 2012 0:08 UTC (Sat) by giraffedata (subscriber, #1954) [Link]

This raises a question I haven't encountered before: for many purposes for which encryption is used, the very existence of the document might be what you're trying to keep private. So is there a common encryption format that doesn't make it obvious that the file is encrypted?

I guess that wouldn't be enough. A carefully preserved file of random data with no header at all would obviously be something encrypted. You'd probably have to go full steganography and make the file appear to be something else (like a telescope image).

suspicious-looking random files

Posted Jul 21, 2012 13:46 UTC (Sat) by nix (subscriber, #2304) [Link]

If you really wanted an evil approach to hiding confidential data, build up a Gentoo or other source-based system, then encrypt your data and conceal it in plausible-sounding ELF sections in chosen binaries (sections that could perfectly well be there otherwise, are often quite large, but have little impact if filled with arbitrary junk: .debug_types in a file that actually has its debugging information in DWARF 3, something like that). (If you want to be really evil, take a legitimate ELF section and perturb it, using alternate representations of DIEs and instruction choices and the like to steganographically encode your data.)

Note that the binaries still work because the addition of a non-loaded section won't affect them at all. Hash checking for modified binaries to find the hacked ones won't work because the distro is source-based and everyone has different hashes anyway. Looking at the binaries to find suspiciously random info won't work because binaries have lots of random info in them anyway (this would be doubly true if DWARF debugging sections were gzipped, but they're not, oh well). The only way anyone would find info stashed in a random-but-plausible ELF section like this is to know what e.g. a legitimate .debug_types section looks like, dump all of them and find the ones that don't look right -- and nobody's going to do that who doesn't already know what they'll find. And even that will be fooled by the steg-encoding approach.

Security quotes of the week

Posted Jul 20, 2012 13:04 UTC (Fri) by james (subscriber, #1325) [Link]

This is something that really would need a qualified English or Welsh lawyer (which I am not), but reading the sections of the Act (linked to in the original post), it strikes me that
  • Section 49 notices only "appl[y] where ... protected information has come into the possession of any person" with suitable statutory powers: it would be for the prosecution to prove beyond all reasonable doubt that this was a Section 49 notice, and if the data was not "protected information", then the alleged Section 49 notice was not a Section 49 notice;
  • "a person shall be taken to have shown that he was not in possession of a key to protected information at a particular time if—
    (a) sufficient evidence of that fact is adduced to raise an issue with respect to it; and
    (b) the contrary is not proved beyond a reasonable doubt",
    which appears to be a very weak standard for the defence to meet: I would presume that the defendant would merely have to give evidence that he or she did not possess the key to "raise an issue".
In any case, the offence would be an "either-way" case, triable either before three lay magistrates with a maximum six month prison sentence, or before a jury in the Crown Court. In "either way" cases, the defendant can always elect to be tried by jury.

Security quotes of the week

Posted Jul 20, 2012 16:16 UTC (Fri) by nybble41 (subscriber, #55106) [Link]

> I would presume that the defendant would merely have to give evidence that he or she did not possess the key to "raise an issue".

You make that sound so easy. What would count as evidence that you did _not_ possess a key capable of decrypting an arbitrary random-looking binary file? The key could be anything; the only real evidence that you _didn't_ have it is all in your head.

The requirement should be the other way around: they should have to prove that you did have the key, i.e. that you've decrypted the same file before, _and_ that the key is still in your possession. Even then, I would support your right to refuse to provide the key (without penalty), but then I've never been a fan of forced testimony, self-incriminating or otherwise.

Security quotes of the week

Posted Jul 20, 2012 16:28 UTC (Fri) by james (subscriber, #1325) [Link]

Sorry, I can see how that wasn't clear.

Try this: I would presume that the defendant would merely have to testify under oath that he or she did not possess the key to "raise an issue".

Security quotes of the week

Posted Jul 26, 2012 11:50 UTC (Thu) by farnz (guest, #17727) [Link]

Certainly in the UK, and I believe in the US (whose system derives from ours), a simple statement under oath is evidence, and has to be countered by stronger evidence.

So, if you were in court under Section 49, and said under oath "I do not possess the key", it would be up to the prosecution to demonstrate that your statement was not believable (for example, by showing evidence that you had decrypted the file recently).

It's one of the things that, until a recent discussion with a lawyer, confused me about the legal system here; "sufficient evidence" apparently just means "will swear under oath, and has convincing explanations that counter any evidence presented by the other side". So, the police claim "nybble41 has hidden encrypted terror instructions in his photographs of a cat"; you can literally say to that "no, I didn't", and you've presented sufficient evidence.

It gets more complex if the police have more than just a bald statement; for example, if the police said "we saw nybble41 run 'convert catphoto.jpg -cdl 42.txt catphoto.png' and we believe that he was inserting encrypted instructions from 42.txt into catphoto.png". You could then explain about ImageMagick color description lists, and still convince a judge you didn't have the key.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds