x404.co.uk
http://www.x404.co.uk/forum/

Man jailed over computer password refusal
http://www.x404.co.uk/forum/viewtopic.php?f=19&t=10872		 Page 1 of 3
Author:  Amnesia10 [ Tue Oct 05, 2010 7:55 pm ]
Post subject:  Man jailed over computer password refusal
http://www.bbc.co.uk/news/uk-england-11479831

Quote:
A teenager has been jailed for 16 weeks after he refused to give police the password to his computer.

Oliver Drage, 19, of Liverpool, was arrested in May 2009 by police tackling child sexual exploitation.

Police seized his computer but could not access material on it as it had a 50-character encryption password.

Drage was convicted of failing to disclose an encryption key in September. He was sentenced at Preston Crown Court on Monday.
Author:  pcernie [ Tue Oct 05, 2010 8:03 pm ]
Post subject:  Re: Man jailed over computer password refusal
Quote:
Det Sgt Neil Fowler, of Lancashire police, said: "Drage was previously of good character so the immediate custodial sentence handed down by the judge in this case shows just how seriously the courts take this kind of offence.

"Computer systems are constantly advancing and the legislation used here was specifically brought in to deal with those who are using the internet to commit crime.

"It sends a robust message out to those intent on trying to mask their online criminal activities that they will be taken before the courts with the ultimate sanction, as in this case, being a custodial sentence."


Now, it's a typical recent BBC article in that it's a bit short on detail :roll: , but the above reads like, 'We think he did it, you should too' :?
Author:  ShockWaffle [ Tue Oct 05, 2010 8:39 pm ]
Post subject:  Re: Man jailed over computer password refusal
Presumably they weren't just searching his hard drive because his eyes are too beady and the neighbours think he's weird. So I imagine the BBC isn't telling us what evidence the cops had because it pertains to a prosecution that is yet to materialise.

What appears to be missing from the story is a clarification of this point, although they may have been advised to avoid mention of the issue altogether to avoid accusations of prejudicing any future trial through implication of guilt.

Either way, I doubt the police will be kicking down my door and demanding my truecrypt key any time soon. If they did that without showing some compelling reason I would like to think I'd withhold it (it contains some commercially confidential stuff, but no porn) on principle.

I hope I would be allowed out of jail when I cried like a girl and offered the key up though (I'm portly, but too pretty for jail).
Author:  jonbwfc [ Tue Oct 05, 2010 9:09 pm ]
Post subject:  Re: Man jailed over computer password refusal
ShockWaffle wrote:
Presumably they weren't just searching his hard drive because his eyes are too beady and the neighbours think he's weird. So I imagine the BBC isn't telling us what evidence the cops had because it pertains to a prosecution that is yet to materialise.

They'd need a warrant to seize his stuff anyway. Or be able to later justify grabbing it without a warrant due to there a likelihood of harm to a person or destruction of evidence.

ShockWaffle wrote:
I hope I would be allowed out of jail when I cried like a girl and offered the key up though (I'm portly, but too pretty for jail).

Offsite anonymous storage FTW, you'd have thought. Anyone who stores anything vaguely dodgy on their own PC these days is an amateur.

NOTE: I do not own anything dodgy, on site or off. It's just a bloody obvious point for anyone who's even vaguely up to speed tech wise. For pete's sake, it's not as if you have to give any personal information to open a dropbox account.

Jon
Author:  mikepgood [ Tue Oct 05, 2010 9:17 pm ]
Post subject:  Re: Man jailed over computer password refusal
I might very well get stroppy over revealing passwords, there is some confidential and sensative information on my PC.

Wouldn't go to prison over it though
Author:  Amnesia10 [ Wed Oct 06, 2010 7:50 pm ]
Post subject:  Re: Man jailed over computer password refusal
mikepgood wrote:
I might very well get stroppy over revealing passwords, there is some confidential and sensative information on my PC.

Wouldn't go to prison over it though

I would. I am an amnesiac so have everything on my computers. For me it would be a serious breach of privacy. You might know what you have on your machines. Unless I do a search I have no idea. I have everything filed and stored in different categories. While I might have some porn (most men probably do on their machines) nothing is illegal. If I find child porn anywhere I report it. So there is really no reason for anyone to look at the contents of my machines to go on a criminal fishing trip. It is not as if I have a choice. If I do not write it down somewhere chances are i will never know it ever existed.
Author:  oceanicitl [ Thu Oct 07, 2010 2:48 pm ]
Post subject:  Re: Man jailed over computer password refusal
Am I missing something? If the police really wanted to get to the lads data could they not take out the drive and hook it up to another machine? We've done that here with laptop drives...

If it was a mac I could hack it ;)
Author:  jonbwfc [ Thu Oct 07, 2010 3:10 pm ]
Post subject:  Re: Man jailed over computer password refusal
oceanicitl wrote:
Am I missing something? If the police really wanted to get to the lads data could they not take out the drive and hook it up to another machine? We've done that here with laptop drives...

Not if it's running something like Truecrypt. That runs at boot - if you don't know the password, you can't boot off the disk and if you try to boot off another disk in the same PC, it looks just like an unformatted drive. It's also (for a decent sized hard drive) not decryptable in anything like worthwhile time.
Author:  oceanicitl [ Thu Oct 07, 2010 3:31 pm ]
Post subject:  Re: Man jailed over computer password refusal
jonbwfc wrote:
oceanicitl wrote:
Am I missing something? If the police really wanted to get to the lads data could they not take out the drive and hook it up to another machine? We've done that here with laptop drives...

Not if it's running something like Truecrypt. That runs at boot - if you don't know the password, you can't boot off the disk and if you try to boot off another disk in the same PC, it looks just like an unformatted drive. It's also (for a decent sized hard drive) not decryptable in anything like worthwhile time.


Learn something every day. I bet Lisbeth Salander could hack it ;)
Author:  ShockWaffle [ Fri Oct 08, 2010 7:48 pm ]
Post subject:  Re: Man jailed over computer password refusal
the cops could create something like folding@home get millions of people to help them brute force paedos passwords. Catholics would probably be banned from participation, but the rest of us would chip in.
Author:  ProfessorF [ Fri Oct 08, 2010 8:06 pm ]
Post subject:  Re: Man jailed over computer password refusal
ShockWaffle wrote:
the cops could create something like folding@home get millions of people to help them brute force paedos passwords. Catholics would probably be banned from participation, but the rest of us would chip in.


*facepalm*
You're advocating a sort of virtual militia then, made up of 'us' and not 'them'?
Author:  jonbwfc [ Fri Oct 08, 2010 11:25 pm ]
Post subject:  Re: Man jailed over computer password refusal
ProfessorF wrote:
ShockWaffle wrote:
the cops could create something like folding@home get millions of people to help them brute force paedos passwords. Catholics would probably be banned from participation, but the rest of us would chip in.

*facepalm*
You're advocating a sort of virtual militia then, made up of 'us' and not 'them'?

Doesn't really matter. A typical 256bit AES key requires 2^256 comparison operations to decrypt by brute force. That is ... 1.15792089e+77, according to a quick google. If you're on a typical desktop PC, say 1.6GHz and it takes four cycles to do a compare (meaning you can do 400 million comparisons a second), that means it will take you (1.15792089 × 10^77)/(4*10^8*60*60*24) or 3.35e+63 days, or 9.18e+60 years. That is

9.18000000000000000000000000000000000000000000000000000000000000 years.

Say you have the equivalent of 10 million desktop PCs at your disposal. That means it will only take you

9.18000000000000000000000000000000000000000000000000000 years.

The Universe is roughly

13.750000000 years

old, according to the best science we currently have. Modern encryption mechanisms, even those available as freeware on the internet, are to all intents and purposes uncrackable by brute force, regardless of how much computing power you throw at them. If you have what they call a 'sidepath' where you can attack an inherent weakness in the algorithm you can reduce that significantly. But even with a good sidepath, using all the computing power available in the UK (i.e 100% of every single PC), you're not going to decrypt a truecrypt disk inside the lifespan of any of the people involved in the case. The only way to get at anything hidden using modern encryption techniques is to find out the password. The police know it and the bad guys know it too.

Jon
Author:  big_D [ Sat Oct 09, 2010 6:56 am ]
Post subject:  Re: Man jailed over computer password refusal
What he has been sent up for is refusing access, nothing else.

This has been an offence for decades (centuries?), in the physical world. Whilst I don't agree, totally, with the RIP Act, it is law. If a cop turns up at your home with a warrant and you refuse entry, because you don't want them to see you sex toy collection, you will have to serve time. The same is now true of the computer world, refuse "entry" to your computer is now treated as the same as refusing entry to the premises - if they don't have a warrant, you can refuse, if they do have a warrant, you have to let them in, or face the consequences.

As to the alleged "real" crime, it is irrelevant to the story, as he has not been charged, so the press should not say what that alleged crime was, until he is officially booked (I'd prefer to see the anonimity held until after the court decision*).

* We have a weatherman here, who was accused of raping his ex-girlfriend. He had to go into hiding, his career is ruined and he was top story on the news for weeks, now it seems that his ex-girlfriend isn't trustworthy, as a witness, even her mother doesn't believe she was raped! :? How is he supposed to rebuild his life after that? IF he is aquitted...
Author:  rustybucket [ Sat Oct 09, 2010 11:02 am ]
Post subject:  Re: Man jailed over computer password refusal
*Facepalm*

I know what you mean but

Quote:
9.18000000000000000000000000000000000000000000000000000000000000 years.

and

Quote:
9.18000000000000000000000000000000000000000000000000000 years.

are the same.

Oh and the Universe isn't roughly 13.75 years old

(Just sayin') ;)
Author:  Amnesia10 [ Sat Oct 09, 2010 11:05 am ]
Post subject:  Re: Man jailed over computer password refusal
big_D wrote:
As to the alleged "real" crime, it is irrelevant to the story, as he has not been charged, so the press should not say what that alleged crime was, until he is officially booked (I'd prefer to see the anonimity held until after the court decision*).

* We have a weatherman here, who was accused of raping his ex-girlfriend. He had to go into hiding, his career is ruined and he was top story on the news for weeks, now it seems that his ex-girlfriend isn't trustworthy, as a witness, even her mother doesn't believe she was raped! :? How is he supposed to rebuild his life after that? IF he is aquitted...

Yes unless there is a very good reason for announcing it there should be the presumption of innocence until convicted.
Page 1 of 3 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/