UK Law on password disclosure

Has anyone on here had experience with the blue motherfuckers and password disclosure law?

Any uk criminal law savvy people got any input?

Any US equivalent of this law etc?


Comments


[6 Points] Sean5861:

Could you not say you just forgot your password? How would they ever know?


[3 Points] al_eberia:

You can avoid it by using a deniable encryption setup, like a truecrypt hidden volume. You give them the encryption key to the clean volume and you have complied with the law.

Alternatively, you could just use TAILS without a persistent volume and use something like cassidy to generate all of your passwords from a remembered phrase each time you run it. That way nothing needs to be encrypted or even touch the disk.


[2 Points] ChewyTheSheep:

That Tails stick was left at your house after a party. You don't even know what's on it. You plugged it in once and saw nothing, didn't even occur to you to try booting with it. Just keeping it in case the owner happens to show up and ask, otherwise you'll just use it, for normal legal purposes.


[1 Points] ukdmnthrow:

In the UK you have to disclose your password protected files if asked. In the US you are protected under the 5th amendment I believe (I'm from UK so please correct if I'm wrong) that you can't incriminate.

If I remember correctly there was recently a case in the UK of a man being prosectued for perverting the course of justice or something or other for not giving out his password when asked.


[1 Points] dmn_lurker1:

I do not know about passwords but you could get up to two years imprisonment for not handing over encryption keys.
https://en.wikipedia.org/wiki/Key_disclosure_law


[1 Points] helooksfederal:

When they took my phone, its was back in 2009, I'd just got the latest google phone with the pattern unlock they had to ask me for the pattern as they'd never seen it before. I had no incriminating evidence on it luckily. Bastards had it 9 months. I'm in the UK btw.


[1 Points] sapiophile:

Yes, this is a real thing in the U.K. And in the U.S., it's still up in the air - some judges have ruled it to be protected under the 5th amendment, some have ruled that defendants must hand over their password(s).

It can all be avoided if you use key file(s) of some kind and have an opportunity to delete the file(s) - which you may not always have. Note that GPG keyrings also fit this role.


[1 Points] ThrowaMilkyWay:

Any US equivalent of this law etc?

From what I read there doesn't appear to be one.

While looking into this I came across an article that discussed the difference between testimonial evidence and non-testimonial evidence in regards to the 5th amendment. It stated that, when it comes to safes, a combination that someone has memorized is considered testimonial evidence and therefore protected under the 5th amendment. A key to a safe is non-testimonial so you'd be obligated to relinquish the key if LE had a legal right to investigate the contents of the safe.

With that in mind, a memorized password should carry the same 5th amendment protections that a memorized safe combination does. I would assume that if it could be proven that you have ever written or printed out a password, pass phrase, etc. and you don't present it when legally required, then you could possibly be screwed (as that would be non-testimonial evidence like a physical key). Although they would most likely have to prove that you deliberately destroyed/withheld it.