Encryption ≠ Terrorism

According to a recently published article on Arstechnica a man was arrested in Cardiff, Wales (UK) and charged for training people how to use encryption:

Arstechnica Story Link

Now, I think it would be easy to get the outrage bus out from its garage and heading to Westminster with pitchforks at the ready; but logically, this is the same as someone being charged with planning to use a rolling pin as a weapon to commit murder with.

The crime isn't knowing how to use a tool or educating other people on how to use it, rather the crime is the planning to commit an act of terrorism and the tool is just part of the execution.

In that sense there's nothing to see here and we can leave the outrage behind...

However, Theresa May when Home Secretary was one of the driving forces behind what was known as the Snoopers Charter in 2012 and in 2015 criticized the Liberal Democrats who blocked it in parliament.

At the moment the Investigatory Powers Bill is going through the Lords and will most likely be enacted. This doesn't affect personal encryption as far as I am aware but should make it easier for the security services to access data when conducting and investigation - it also includes the retention of ISP records etc to help prove what devices were used for Internet communication. I believe some bits of this were in the failed 2012 bill. My bet is that once this one is through, a new bill will be tabled next year that will again attempt to either force back doors into commonly encrypted communications or set out terms as to who/what can freely use encryption that does not have back doors.

I guess we'll have to wait and see, in the mean time, if you are planning something very naughty in the UK, it's probably best to stay away from encryption as it looks like that will help confirm your guilt intent - a bit like wandering around in public with a balaclava and baseball bat :-P

Do the brits have nuclear missles? Because if they ban encryption, I have their missles!

The Brits borrow US Navy missiles to put their nukes on; plot foiled, try harder ;-)

They must have something deadly protected by encryption... I want i!

look out guys he's doing some criminal mathematics

I find this part more than a little scary:

He has a USB stick with a live Linux Distribution on it and that must instantly mean he is using it for the purposes of terrorism because there is so other reason for him to have it. It isn't like he may need it for his job, or to fix a computer/diagnose a problem, NO IT HAS TO BE TERRORISM. I always have a USB stick loaded with Linux because it can come in handy, especially when other people want me to fix the shit they have broke on their computer, but no I should just format it because I might be called a terrorist.

Look encrypted files, I must be a terrorist /s

Screenshot from 2016-10-05 21-38-29.png881x533 30.9 KB

Think @wendell might have some interesting words for this.

I have reported this to the authorities. If I were you I would decrypt this before there is any trouble.

To be fair he was an ISIS suspect.
The fact they took him down for this shite, though, is ridiculous.
Mustn't have even crossed their minds the stigma it'd bring in the media to people who study IT security.

tinfoil hat mode
or maybe it did

haha, let them come at me, if they force me to decrypt the files all they will find is rsync backups of configurations and servers that I don't use anymore, hardly anything incriminating.

terrorist!

Indeed, if he actually committed terror offences then charge him with terror offences, don't charge him for using/teaching people how to use encryption, it is simply ridiculous.

The law can be more subtle than that. The Crown Prosecution Service just need to prove in court that he intended to conduct or support terrorism. He will then be convicted.

For the police to arrest him of this, to me, says they either already have who they were really after, or they needed to step in at this point to prevent something.

I don't have problem with this mans arrest, my concern is that those who wish to legislate against encryption will use this to further their flawed goal.

The main flaws are;

1 backdoors will almost certainly become security holes, eventually.
2 big brother watching stifles free speech and expression of opinion.

I don't have problem with the authorities seeing my data, but not if it means we are insecure or erode democracy.

The problem here is not that he was arrested but what they charged him with. Lets say for example somebody drove a car to the city centre, and then started shooting people. That person should be arrested for shooting people and not for driving to the place to shoot people, because the driving isn't the offence (unless he doesn't have a licence, in which case he should be charged for that also) the shooting of people is the important part.

To bring this back to the story, say he used said encryption to communicate with people to prepare for terrorism and the authorities have proof of this, then charge him with (and I'll take the last section of the quote I used in my earlier post) the commission, preparation, or instigation of terrorism because the means isn't important (especially if the means isn't in fact illegal) it is the actual act they committed that is. The using of a USB stick with Linux on it or teaching people how to use encryption isn't the illegal part but the preparation for terrorism is.

I don't have a problem with people I trust seeing my data.
The UK (or US) authorities are not "people I trust" tho.

Uhhh, I think I'm going to go on the lam for a while.

ha, on that I would agree. I wouldn't put it past the British government to introduce a bill to make it an offence to plan on driving a car to commit terrorism. If it makes it easier to get the charges to stick...

I think the best one to prosecute someone for would be owning a watch and teaching people how to tell the time in order to commit terrorism. After all even the best infantry battalion in the modern world will loose much of their effectiveness if they can't tell the time accurately :-)

I suspect that at this point it time the relative newness of the Internet and very strong digital encryption mean few people outside of those in the IT industry really understand it. Therefore it is easy to legislate against it and be seen to be doing something. It's also easy to convince the masses that encryption and operating systems on USB sticks are only used by shifty people up to no good and that if you have nothing to hide etc.

There are laws in the UK that make being in possession of information on how to build or use certain devices of equipment illegal. Technically anyone who has been trained by the British Armed Forces (or got a degree in Chemistry) will retain much of this knowledge long after leaving the colours - and could therefore be in breach of said laws. Fortunately the CPS would have to prove you intend to do something with this knowledge. I am almost sure than when this chap is tried his defence will be that he just had a passing interest in encryption, secure communications and missile technology, and there was never any intent to use any of it in the commission, preparation, or instigation of terrorism

It will be an interesting case to follow. My hope is that people come to realize that encryption along with USB sticks are just useful tools like hammers, knives, cars etc. that we all rely on in our daily lives to go about our business, which can on occasion be used by criminals and would be terrorists.

This shouldn't be a problem in the UK, the law already recognizes that many mundane daily objects can be used as offensive weapons, a hammer is only a hammer until you intend it otherwise:

The term 'offensive weapon' is defined as: "any article made or adapted for use to causing injury to the person, or intended by the person having it with him for such use". CPS offensive weapon definition

EDIT: If anyone is interested here is a link to Section 57 of the UK Terrorism Act 2000, which is what I think this guy is being charged under. Section 57

Basically this states that if you possess anything in circumstances that gives reasonable suspicion that your purpose for having it is connected to terrorism you can be prosecuted. So in effect the police probably could arrest someone for buying a car, if when they bought it, they commented on the amount of high explosives they could fit in the boot/trunk...

The law is a fascinating thing. I have learned lots this morning, unfortunately none of it is helping me get my work done :-(