Man Jailed For Refusing To Reveal USB Password 374
judgecorp writes "Syed Hussain, already serving time for helping to plot attacks against UK targets, got another four months for refusing to divulge the password of a USB stick the police and GCHQ wanted to examine. The USB was believed to contain data about a suspected fraud unconnected with national security, and Hussain claimed to have forgotten it under stress, He later remembered it and it turned out to be a password he had used on other systems investigated by the police."
1 Password to rule them all (Score:4, Interesting)
Another point of the story. Don't reuse passwords :D
Good news !! GCHQ couldnt crack the password (Score:4, Interesting)
The password was $ur4ht4ub4h8 - as Bruce Schneider said a few weeks ago - encryption is still on our side. Regardless of the NSA /GCHQ revelations, they cannot break AES yet. That's why the British police resort to section 49 http://www.theregister.co.uk/2014/01/16/password_refusal_earns_terror_suspect_extra_jail_time/
GCHQ is incompetent (Score:5, Interesting)
The password he used was the same as one that he had previously divulged, but the incompetent investigators at GCHQ and the police didn't think to try it.
Re:Good news !! GCHQ couldnt crack the password (Score:4, Interesting)
What makes you think they hadn't it all cracked, but just wanted to have him spend more time in jail while they prepare the other stuff they will hit him with ? What if he really had forgotten the password ? Beside he had already given them; why would not they have tried all other passwords they had received ?
Re:Cry me a fucking river... (Score:5, Interesting)
Indeed. As the US government operates outside of its constitutional limits, it can only be considered a criminal organization.
Re:Cry me a fucking river... (Score:3, Interesting)
I'm more annoyed that the police didn't figure it out based on the password for other systems.
Re:Cry me a fucking river... (Score:5, Interesting)
Indeed. As the US government operates outside of its constitutional limits, it can only be considered a criminal organization.
Since it defines what is and isn't criminal it cannot, by definition, be a criminal organization. What it can be is unethical, immoral, corrupt, incompetent, unjust, and moronic... but it can't be illegal. People often confuse the word "criminal" with the concept of the "bad person". Ethics and morality have nothing, absolutely nothing, to do with the law. The law is about order. Ethics and morality is about justice. And our justice system has as much to do with actual justice as the military has to do with "peace" keeping.
In every society in which the rule of law has existed for more than a couple generations, it has been corrupted to prioritize order over justice -- and order is another way of saying "remove malcontents and political undesireables". Principally, in an industrialized society these will be young males under the age of 35 who are unemployed, under-employed, sexually frustrated, mentally ill, not eligible for meat grinder service or otherwise producing wealth for the already-wealthy.
Eventually, the law reaches the point where everyone can be a criminal, that the law itself has become and inaccessible bureauacracy, and every action can be rationalized as legal. That point is now, in the UK, the US, and indeed, most of Europe and much of eastern Asia. Every major empire has a historical record of its citizens complaining about overly dense laws and regulations, from modern times all the way back to the Roman Empire, and fragments of literature suggesting an intractable bureaucracy that appeared to randomly punish people as far back as the Akkadian Empire (for the iPod generation, that's about 2300 BC, or about the time Al Gore invented the internet and Jesus rode around on primitive loldinocats).
My point in all this is, it's not a new problem. Arguably, it isn't even a problem: It is in fact the natural progression of all empires and countries. But have hope: It's a sure sign that the civilization has passed its epoch. Within the next 50-100 years, western civilization will start to deteriorate back to a feudalistic-capitalistic hybrid where destitution, slavery, debtors prisons, and constant warfare again become the norm... and eventually the people will rebel, the world will burn, and out of the ashes a new civilization will rise up, and our grandchildren will enjoy a period of relative peace and prosperity.
Humanity is cyclical.
Re:Good news !! GCHQ couldnt crack the password (Score:5, Interesting)
Reporting on this provision of RIPA is always wrong, and the Slashdot discussion is even worse.
To face conviction for failing to disclose a password in the UK the police have to be able to prove beyond reasonable doubt (and that's specifically stated in the legislation itself) that you knew the password at the time.
This case is no different. The guy was arrested for terror plots, asked to divulge a password but then claimed he didn't know it, the police couldn't prove he did know it so nothing came of it, the guy was jailed anyway under all the other evidence they had.
The police then found it seemed he'd been involved in card fraud. Turns out incriminating evidence of this was on the memory stick and that's why he didn't want the police acting it, because he clearly hoped if he got off with the terrorism charge they'd never find out about the card fraud charge, so he had nothing to lose. Once they had found out about it he hoped for further sentencing leniency over the card fraud for admitting the password and hence helping the police. The problem for him is by admitting it he gave the police the "beyond reasonable doubt" that they needed all along to do him for failing to disclose the password.
So to this day, if you don't know the password, if you pretend you don't know the password, then there's fuck all the police can do to you with this legislation, hence it's not half as bad as people make out.
To date the only people getting done by it are those admitting they know the password and explicitly refusing to hand it over, those who do stupid things like this guy, and for example, more complex scenarios where someone pretends they've lost a password and the police can't cracking, but then they manage to crack, say, weaker encryption such as that used for his desktop login to find his desktop password which they can confirm forensically that he has entered and used since denying knowing his encrypted USB password and if it matches the encrypted USB password they can claim, well, he knew his desktop password, he logged in, and it was the same as his encrypted USB password, and hence beyond reasonable doubt...
Really, it's not the worst law in the world, the police have to hit a pretty high standard of evidence, or the accused has to fuck up and basically admit their own guilt to ever become victim of this. If you genuinely don't know your password, or if you deny knowing it and the police can't prove otherwise, then you're fine. You have to explicitly and provably obstruct a police investigation to get done by this law.