[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 24/04/13 23:46, Eion MacDonald wrote: > > On 24/04/2013 21:05, Richard Brown wrote: >> Hi All >> >> Thanks so much for the replies. It is interesting that the discussion >> revolved around security because part of me just wants to be sure I own >> the data. >> >> Rich > I would note that even if you only stored data on your own in house hard > drives as encrypted files, you may 'own it' but you are required to > divulge every last bit as clear text to those who have the 'need to > know' under a court order. While UK is not as loose as USA on issuing a > fishing warrant to search, it is possible. > > That which you would keep private you never store in any form. (Refer > Master Cromwell for that). > Actually, in some respects we in the UK are now officially in a worse position than our counterparts in the USA. http://yro.slashdot.org/story/13/04/24/1458203/federal-magistrate-rules-that-fifth-amendment-applies-to-encryption-keys As you can probably deduce from the article headline in the URL, in some circumstances at least in the States you can plead the 5th Amendment and not be forced to divulge your cryptography keys. We have no such protections here, and can be thrown summarily in jail for 3-5 years for refusing to comply with a legal request for said keys. Plausible deniability, most commonly implemented by way of hidden volumes using Truecrypt, is strictly speaking your only option. Personally, the few hundred megabytes of my absolutely most critical information - the stuff that I absolutely will not decrypt for anyone, ever - is massively encrypted several layers deep and distributed piecemeal to several highly secure remote locations via a proxychain and then routed through Tor. I may or may not *cough* use wifi connections that strictly speaking may not belong to me for the first hop to the internet as well so that it never ever originates from my IP. Obviously enough, this is a borderline insane level of security and massively complex to use, which is why only the absolutely mission-critical stuff goes that route - hardly a valid method of backing up my movie collection for example. It very, very rarely needs to be updated as well or it would be completely unmanageable. On the other hand that data is safe from everything except an act of god I think - it's utterly uncrackable, untraceable and totally deniable as it can't be linked to me in any way.* I love the historical reference to Cromwell, but he didn't have access to the internet, massive paranoia and solid sysadmin skills: luckily, I do. Regards * no smart comments about this email giving the game away please - I'll simply deny this in court too! "Will the defendant, Mr Meowski, please take the stand..." does have a nice ring to it though :] -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq