Charging for iPlayer
 

On Mon, 13 Jul 2015 15:29:22 +0100, Andy Furniss [email protected] wrote:

I think you'll find it will be up to the magistrate/jury to decide
whether you are lying or not about not having the password for the
possibly incriminating chunk of encrypted data in question that
the state can't (or don't want to admit they can) decrypt.

How could anyone tell that a chunk of data is encrypted?

In the case of a large file on disk - I guess because it's not something
known.

There are lots of large chunks of data on any computer whose content,
function and provenance are not known to their owners. It doesn't mean
a thing. Can you explain every file on your computer? Can you expplain
what it does and how it got there? Under the default settings in
Windows, you can't even *see* every file on a computer, and hardly any
computer owners even know this.

Try an experiment. Run CCleaner to delete all the junk files it knows
about, then spend a typical amount of time checking your emails and
browse the newspapers, Ebay, Amazon, Facebook, IMDB, check a few
programs for updates, whatever you normally do every morning. Then run
CCleaner again and see how much junk it has found, just from, say,
half an hour of normal innocent internet activity. The chances are it
will be several hundred megabytes of stuff you didn't ask for or
consciously put there. Can you explain and account for all of it? Do
you know anybody who could? It's plainly absurd to expect everybody to
be responsible for all the files on their computers when most people
don't even know what's there, didn't put all of it there themselves
and can't even see some of it, even if the computer isn't secondhand.

Working on the principle that any computer file the owner can't
explain must be evidence of something unauthorised, anyone could be
declared guilty on the strength of effectively nothing at all.

Rod.

Charging for iPlayer
 

Roderick Stewart wrote:
On Mon, 13 Jul 2015 15:29:22 +0100, Andy Furniss [email protected] wrote:

I think you'll find it will be up to the magistrate/jury to
decide whether you are lying or not about not having the
password for the possibly incriminating chunk of encrypted data
in question that the state can't (or don't want to admit they
can) decrypt.

How could anyone tell that a chunk of data is encrypted?

In the case of a large file on disk - I guess because it's not
something known.

There are lots of large chunks of data on any computer whose
content, function and provenance are not known to their owners.

I didn't say not known to their owners. Computer forensics people will
know what's what.

I do agree with you regarding the absurdity of catch all laws - at the
time it came in there were plenty examples around illustrating it.

I really only replied because you wrote as if a case could never be
convicted and that's wrong.

Charging for iPlayer
 

On Mon, 13 Jul 2015 16:56:35 +0100, Jim Lesurf wrote:

Files also have datestamps, of course. Indeed the OS may log such events as
saves or commands. So any 'recent' such files would indicate the user must
have known how they were created in terms of the software used, any
password required, etc.

What utter bull****. Just because a file has been accessed or modified
doesn't mean a user necessarily had anything to do with it.

Charging for iPlayer
 

On Mon, 13 Jul 2015 20:23:22 +0100, Andy Furniss [email protected] wrote:

I think you'll find it will be up to the magistrate/jury to
decide whether you are lying or not about not having the
password for the possibly incriminating chunk of encrypted data
in question that the state can't (or don't want to admit they
can) decrypt.

How could anyone tell that a chunk of data is encrypted?

In the case of a large file on disk - I guess because it's not
something known.

There are lots of large chunks of data on any computer whose
content, function and provenance are not known to their owners.

I didn't say not known to their owners. Computer forensics people will
know what's what.

But they won't know how it got there, or whether the owner of the
computer knew anything about it, and if they decide that they think it
looks like encrypted information, there's no way of proving that this
is the case if they can't make anything meaningful out of it. If they
can't prove that it's encrypted, they can't prove that a key even
exists, never mind that any individual knows what it is.

I do agree with you regarding the absurdity of catch all laws - at the
time it came in there were plenty examples around illustrating it.

I really only replied because you wrote as if a case could never be
convicted and that's wrong.

If that's the impression I gave, then perhaps I could have worded it
better because it's not what I intended and it is as you say wrong.
The law relating to password secrecy, as I understand it (and I'm sure
I don't fully understand it) appears to make it far too easy to
convict people. I was mainly concerned about the possibility of guilt
being assigned on the basis of the mere existence of a file on
someone's computer. A law like this would be as dangerous as any of
the other "possession laws", which all make it too easy to incriminate
people who have done nothing.

Rod.

Charging for iPlayer
 

In article , Roderick
Stewart
wrote:
On Mon, 13 Jul 2015 20:23:22 +0100, Andy Furniss [email protected] wrote:

I think you'll find it will be up to the magistrate/jury to decide
whether you are lying or not about not having the password for the
possibly incriminating chunk of encrypted data in question that
the state can't (or don't want to admit they can) decrypt.

How could anyone tell that a chunk of data is encrypted?

In the case of a large file on disk - I guess because it's not
something known.

There are lots of large chunks of data on any computer whose content,
function and provenance are not known to their owners.

I didn't say not known to their owners. Computer forensics people will
know what's what.

But they won't know how it got there, or whether the owner of the
computer knew anything about it, and if they decide that they think it
looks like encrypted information, there's no way of proving that this is
the case if they can't make anything meaningful out of it.

Its not that simple and black-and-white. Chances are that anyone doing pro
work on forensics will know a lot about what file characteristics stems
from which programs and filetypes. And the stats of what to expect given
the hundreds/thousands/more files on typical machines using that OS. And
what kinds of non-user processes may tend to occur, and be able to look for
them. And so on.

So they may well be able to provide info on how it could or could not have
"got there". Particularly on a machine with many files.

"We don't know absolutely everything" isn't a synonym for "We know
nothing".

If they can't prove that it's encrypted, they can't prove that a key
even exists, never mind that any individual knows what it is.

But as pointed out already, there are various ways to find if files are
encrypted or not and the relevant statistics given.

In a way this isn't much different to fingerprints, DNA, etc. In each case
the pattern matching against a crowd of examples can be accepted as
evidence. One individual bit of evidence doesn't have to be "absolute
proof" for a jury to convict. Even a confession isn't "absolute proof".
What matters is the body of evidence overall.


I do agree with you regarding the absurdity of catch all laws - at the
time it came in there were plenty examples around illustrating it.

I really only replied because you wrote as if a case could never be
convicted and that's wrong.

If that's the impression I gave, then perhaps I could have worded it
better because it's not what I intended and it is as you say wrong. The
law relating to password secrecy, as I understand it (and I'm sure I
don't fully understand it) appears to make it far too easy to convict
people.

That's why we have courts with judges and juries. The prosecution and
denfence can present their arguments and evidence for their view of what
has or has not occurred. The jury then decides.

I was mainly concerned about the possibility of guilt being
assigned on the basis of the mere existence of a file on someone's
computer.

I doubt "the mere existence *one* file" in the absence of *any* other
evidence would do so. But of course, that would depend on the details of
what was found when the said file was examined, what other files and
software (inc any viruses, etc) were present, etc.

Indeed, in Scots Law I suspect one item of evidence in isolation would fail
the "corroboration" requirement as things stand. If so, no case could come
to court. Although the law on this may be changing.

Jim

--
Please use the address on the audiomisc page if you wish to email me.
Electronics http://www.st-and.ac.uk/~www_pa/Scot...o/electron.htm
Armstrong Audio http://www.audiomisc.co.uk/Armstrong/armstrong.html
Audio Misc http://www.audiomisc.co.uk/index.html

Charging for iPlayer
 

In article ,
lid says...

On 11/07/2015 13:21, Yellow wrote:
Getting folk to pay for I_Player is trivially insignificant against to
door that would be left ajar if such snooping was allowed.

It would be fought.

I wish I could believe that.

You do realise that under current law it is illegal to forget your password?

(What the law says is that you must supply it when required)


I assume you are talking about passwords for encrypted data and
computers when you are accused of being a pedophile or drug baron?

A law with privacy/liberty implications of course, but nothing to do
with ISPs and customer rights groups fighting a law forcing the handing
over of customer data regardless of whether or not the customer is
suspected of behaving illegally or there being good quality proof to
support a suspicion.