Mr. Matt 
Remember folks: You must provide your password to authorities in the U.K. if told to. Failing to provide your password to authorities will get you convicted of a crime.
@matt
That's fucked up, good thing you can render it useless with encryption containers like LUKS
That's fucked up, good thing you can render it useless with encryption containers like LUKS
@architect Not so. The Regulation of Investigatory Powers Act requires you to decrypt ANYTHING they ask WITHOUT a court order.
@matt
You can delete the LUKS headers, without which you're (at least by design) unable to decrypt the data any more. Of course that requires you had the time to anticipate such demands are coming your way.
You can delete the LUKS headers, without which you're (at least by design) unable to decrypt the data any more. Of course that requires you had the time to anticipate such demands are coming your way.
@architect NOW you would be guilty of destruction of evidence, even in the US
@matt
No one can prove that it's not just part of your usual process. IANAL, but afaik it's not destruction of evidence if you're not currently involved in a legal dispute where that data's relevant either. So it can also be integrated into your regular routine to varying degrees
No one can prove that it's not just part of your usual process. IANAL, but afaik it's not destruction of evidence if you're not currently involved in a legal dispute where that data's relevant either. So it can also be integrated into your regular routine to varying degrees
@architect I wouldn't test that theory myself...
Faveing@matt
That's really messed up! Would a corporation have to follow those rules like if you were murdered and the police want the data on your phone, pc, etc
That's really messed up! Would a corporation have to follow those rules like if you were murdered and the police want the data on your phone, pc, etc
@Faveing In the UK? Most definitely.
In the US? Most likely, but since IANAL I can only say I don't believe it is not settled by case law. Yet.
Michael Brazda@matt really???
Jase@omnipotens
@matt
As I understand it any enforcement of the IP Act does require a court order, however it is issued by political committee and not reviewed by the judiciary, which is i Think contrary to established methodology as it Is a criminal not civilian matter
This will only get worse post-brexit
@matt
As I understand it any enforcement of the IP Act does require a court order, however it is issued by political committee and not reviewed by the judiciary, which is i Think contrary to established methodology as it Is a criminal not civilian matter
This will only get worse post-brexit
Michael Brazda (@[email protected])
1K Toots, 254 Following, 973 Followers Β· <p>Just Ask</p>
@jason @omnipotens in the US, if it's not issued by a judge, it's not a court order (Imo, but IANAL).
On the other hand, NSLs...
@matt
Yeah, as i understand it tradionally a judge would sign off on a court order, however since the enactment of the [sarcasm]balanced and fair[/sarcasm] laws the IP Act brings to the tables the politicians decided to help out and not increase the judiciary workload and oversee such things themselves
@omnipotens
Yeah, as i understand it tradionally a judge would sign off on a court order, however since the enactment of the [sarcasm]balanced and fair[/sarcasm] laws the IP Act brings to the tables the politicians decided to help out and not increase the judiciary workload and oversee such things themselves
@omnipotens
Mr. Matt :debian: :linux: (@[email protected])
3.24K Toots, 356 Following, 358 Followers Β· Based out of #Arizona. #Linux advocate. Gamer. Father. Technician @ #Intel Fab32. Getting old. Loves #chiptune and #metal #nobot please
Istvan ππΊπ§@matt
UK went crazy!!!
UK went crazy!!!
Bit_Faced@matt Here's my password sir: π
@Bit_Faced don't jest, I think emoji can be used as passwords now ;)
David Bern@matt So its a crime to have a bad memory?
In Sweden there has to be an intent or criminally "bad judgement" (There exist a more correct english word for it but cant remember it now) to get convicted of anything in Sweden.
In Sweden there has to be an intent or criminally "bad judgement" (There exist a more correct english word for it but cant remember it now) to get convicted of anything in Sweden.
@drobban the jury is out on that one (ie it hasn't been settled with case law yet)
h3artbl33d π‘@h3artbl33d @matt exactly, I remember a feature of true crypt was a hidden encrypted partition, you get two password, one show a dummy partition, the other the real.
Exactly! It should be noted that the non-hidden part shouldn't be a brand new, default OS installation as that would raise suspicion.
Another method would be using a live environment that encrypts all temporary data, whether in RAM or on disk. Having a password vault hidden and inaccessable 'somewhere' might make this more viable.
But in the end - this is mitigating a situation that shouldn't be there in the first place. Madness!
@h3artbl33d @benoitj I would be careful with that approach. At least in regards to TrueCrypt, the authorities are well versed in hidden partitions.
True that. I think hidden partitions aren't the best means to achieve opsec. Also, one shouldn't trust a sole method. Like TOR - even if properly used, if there is a vulnerability in the browser, the user and location info could be at serious risk.
The best bet - as far as I am concerned - is to design the opsec model to the particular situation, with the assumption that everything is comprimised from the start.
@h3artbl33d @benoitj my assumption is that encryption will only thwart a casual burglar or thief. A state sponsored attacker will have means to break in (either via brute force, or drugs and a $5 wrench).