Police telling Porkies
To grab more power...UK case for holding terror suspects 'misleading'
The UK government's stated case for holding terror suspects longer than 14 days without charge is misleading, according to a top computer security specialist.
When home secretary Charles Clarke was trying to persuade the House of Commons to extend the detention period to 90 days, he argued that this was needed to break into encrypted files on suspects' computers. MPs voted against the government's planned increase, but backed a compromise 28-day limit.
But Ross Anderson, professor of security engineering at the University of Cambridge, says that breaking into highly encrypted material is no longer possible. "You find the key lying around, or you give up."
Police investigators might usefully "spend a couple of days tossing a dictionary at the encryption software", he says. This could provide access to a file containing the encryption key itself, but only if the suspect had been careless enough to choose an easily guessed password to protect it.
Investigators might then spend a few more days trawling through the hard disc for passwords and clues, he adds. They would hunt, for example, for copies of the key left behind in the "swap file" that many computers use when they run out of memory. But all this could be done within the existing 14-day limit.
Liberal Democrat peer Lord Thomas of Gresford has told New Scientist that he will raise the issue when the bill is discussed in parliamentary committee next week.
The UK government's stated case for holding terror suspects longer than 14 days without charge is misleading, according to a top computer security specialist.
When home secretary Charles Clarke was trying to persuade the House of Commons to extend the detention period to 90 days, he argued that this was needed to break into encrypted files on suspects' computers. MPs voted against the government's planned increase, but backed a compromise 28-day limit.
But Ross Anderson, professor of security engineering at the University of Cambridge, says that breaking into highly encrypted material is no longer possible. "You find the key lying around, or you give up."
Police investigators might usefully "spend a couple of days tossing a dictionary at the encryption software", he says. This could provide access to a file containing the encryption key itself, but only if the suspect had been careless enough to choose an easily guessed password to protect it.
Investigators might then spend a few more days trawling through the hard disc for passwords and clues, he adds. They would hunt, for example, for copies of the key left behind in the "swap file" that many computers use when they run out of memory. But all this could be done within the existing 14-day limit.
Liberal Democrat peer Lord Thomas of Gresford has told New Scientist that he will raise the issue when the bill is discussed in parliamentary committee next week.
posted by professor rat at 4:51 PM
<< Home