Bitcoin Forum

In the UK, we have a particularly insidious piece of legislation called the http://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act_2000 (http://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act_2000). One of the lovely parts of this bill is that the UK courts can put you in jail for 2 years if you refuse to divulge the keys to any encryption if so directed by a court.

I wonder, could this act be applied to encrypted wallets, Bitcoin private keys etc.? Even for brain wallets, you would have to "prove" you had forgotten the passphrases - yes, ridiculous, I know.

What's more, an employee of a UK based exchange could, theoretically (under this act) be ordered to divulge his employer's private keys, and this employee would be legally barred from telling anyone this had happened (under threat of prosecution).

There are a few chilling thoughts for the day.

As stupid and harmful as this law is, I think you are reaching here.

Encryption has been used to protect valuable things for longer than bitcoin has existed, and it still continues to do so even with the existence of RIPA.

Just because the police can force you to decrypt something and show it to them does not mean that they get to take it off of you. Normal property law still applies.

Your scenario regarding a company employee being compelled to hand over their employer's encryption keys and not tell anyone they had done so could in theory already happen, because like I say, encryption already protects more things than bitcoins. Yet it hasn't been an issue as far as I am aware.

A properly formed request under RIPA is signed by a judge or senior police officer and is in connection with a specific investigation. You are normally free to discuss it within relevant people within the company and with legal counsel. Even ones that say they are covered by the Official Secrets Act can't stop you getting legal advice.

I have been in receipt of a couple of RIPA subject access requests (in relation to Internet hosting, not bitcoin) and where they have asked for decryption of customer data they have taken me at my word when I have explained that I do not have access to the secret keys for it.

Once again, I do not agree with this law. I protested it when it was implemented. But it hasn't caused the sky to fall up until now.

Would it be that hard to determine if someone forgot the passphrase?  No cash moving out of the account for a while = likely forgotten.  Cash moved out yesterday = the person is lying.

Seems like this law would be necessary too though.  Imagine a divorce trial where someone took their combined life savings and threw it into BitCoin, then refused to give up the password.

If that did happen in a divorce the judge would make the judgement on the presumption that the bitcoins are available and can be used. If the husband/wife still refused to give up the bitcoins after the ruling the judge would send them to prison.

In a UK divorce proceeding you need to prove that you're acting honestly. If the judge has any suspicions that you're withholding assets they will make the ruling on the presumption that the assets they think you're hiding are still under your control.

Yes, I am. I saw an Aussie commentator mention a new law there and how it might affect Bitcoin, I am pretty familiar with RIPA but hadn't considered it's impact on Bitcoin, if any.


It's a bad law, and very few people have been prosecuted under it.


Considering a couple of things here. This week's budget gave the HMRC the power to simply remove money from your bank account if they believe you owe them money. (http://blogs.telegraph.co.uk/technology/willardfoxton2/100012871/did-you-spot-this-budget-gives-hmrc-power-to-raid-your-bank-account-like-wonga/)

Those of us who are active tax resisters are already fearful of holding fiat in the UK, this is just another nail in the coffin. And considering that Bitcoin will naturally attract money launderers, I'm wondering whether HMRC *might* decide they like the idea of seizing funds/Bitcoins using this law.


This orders are given in secret, so we wouldn't have a lot of data. But I'm inclined to agree that this isn't a likely scenario.


Yes, I also reviewed it when it came in and was critical of it. A bad idea, turned into a bad law, and poorly enforced.

Thanks for your thoughts.

So you just "forgot" the password to your funds, Mr Smith? That's very convenient, wouldn't you say?

The way the law is written, it is assumed you know the password unless you can prove otherwise.


This is different to criminal proceedings, this would just be contempt of court, and happens quite regularly when people move assets out of the jurisdiction of the court.

If you're Irish, remember this?

http://www.bbc.co.uk/news/uk-northern-ireland-18396329

:)

The answer is to store your wallet using TrueCrypt (http://www.truecrypt.org/)

Using the hidden volume facility you can create one 'container' which has two 'partitions' (volumes) each one having it's own password.  In the 'innocent' volume you could put a wallet containing a tiny amount of BTC for plausible deniability and in the hidden volume you put the wallet containing your massive stash.

When you're asked to reveal your password you give the password for the 'innocent' volume containing the wallet with the small balance and you've complied with the regulations/court order/whatever.

No-one can prove whether the TrueCrypt volume contains a hidden volume or not because without the password to decrypt it it's just random noise, which is what a TrueCrypt volume would contain with or without a hidden volume inside it.

Regards
MonkeyThink

Say you forgot it.

Kid was in the news for importing an AK47 just a few days ago, he "forgot" his encryption key to his laptop. No charges filed over the key.

http://www.standard.co.uk/news/crime/teenager-jailed-after-police-find-vast-arsenal-of-guns-and-weapons-at-home-in-middlesex-9193554.html


Here you go.

Probably because they were satisfied with the 6 years for everything else??

The longest custodial sentence for refusing to give up secret key that I have so far heard of was 9 months.

Did they say they'd forgotten it or refused to give it up?

According to this it's 13 months

http://en.wikipedia.org/wiki/Key_disclosure_law#United_Kingdom

Anyway 13 months in the UK you'd be out on home release in 2 months. big deal.

I'd rather spend 2 months in a UK nick than pay HMRC the tax I owe, lol

This one sentenced to 4 months.

http://www.telegraph.co.uk/technology/news/10574309/Man-jailed-for-refusing-to-divulge-USB-password.html

You'd be eligible for home tagging after about 10 days.

basically this law is bullshit, and no one gets any real sentences over it, I wouldn't sweat.

Refused: http://www.theregister.co.uk/2009/11/24/ripa_jfl/

The sentencing guidelines for RIPA say that it's a maximum of 2 years for refusing to give up a secret key. I wouldn't be surprised that if you've already been sentenced to 6 years for other offences then they wouldn't bother, especially as there is a chance it might be served concurrently anyway.

The CPS rarely don't bother if they think they can get an easy conviction. They're paper pushers just like the police and always looking to add to their targets.

Either way I don't see the fuss.

Even for a terror related incident the guy got 4 months.

If you're that worried about a few weeks in the nick you shouldn't be doing illegal things.

If you're not doing illegal things, I don't see why this would concern someone.

a private key does not open documents or plans of terror.

the only "evidence" they can get is the proof that you own a certain public address as they are linked.

there is no way to alter that link so CPS can not say you have destroyed evidence by deleting files inside the private key, as thats not how bitcoin cryptography works.

again the only information during an investigation that they can gather is that you own the address. all other evidence about what and who yo have been trading with would come from third parties and blockchain analysis. so a private key is useless to them for investigative purposes.

so at stage one of the investigation a private key can stay your sole property and you have good reason not to hand it over. if however they find enough evidence to get an asset seizure order drawn up, then you hand over the private keys to the addresses that are mentioned in the request.

oh i forgot to mention. dont have funds in any public address you post on any communications. then leave it to them to prove the address that the funds moved to belongs to you. instead of a mixer address, a third party, etc.

and remember if they have enough evidence on you to start an investigation, then handing over privkeys to empty addresses is the least of your problems and secondly you have the right to remain silent. so dont tell them you own the other addresses, as you hopefully have not mentioned them in any communications they may have gathered. and leave them to prove otherwise

Now you know to also encrypt your wallet.

I just love this law :D Jail time for forgetting a password nice!

It's OK they hardly ever use this law right? and if your not guilty of anything what's to worry about?

Its not like this law can be called upon whenever its needed or anything and lets be honest when have good honest folk ever been screwed by a government.

I'm an honest chap and  have no issue with my government installing telescreens into my own home.
No need for all that GCHQ camera hacking business just send the boys over and hook me up, I'll put the kettle on.

http://business-reporter.co.uk/wp-content/uploads/2012/12/hal-596x478.jpg

I feel much safer knowing my government has these kind of laws and is looking out for me.

This is definitely one of those laws that sheeple think doesn't matter since they don't break the law.

If you have nothing to hide etc

haha you're a riot.

op, yeah they can take your keys. it doesn't matter if they can't take your property or whatever since it's yet another piece of leverage that the police can use against you. once they have your keys, they can also take the funds from those keys and justify it with law (that's how the police operate). the thing is if you ever find yourself in these situations then don't give an inch, and use everything at your disposal to protect yourself. once you've given consent and compliance, you've opened yourself to be taken advantage of.

If you set up your encryption properly you can always hand them the "key" anyway.

I've never done a hidden OS, I'm not sure if that utilises a dummy password also, but I did set up a hidden truecrypt volume on one computer that was seized. I gladly handed over the dummy password which opened a folder empty of anything except my CV and a video of me doing the helicopter dance.

The password was *fuckthepolice*

The helicopter dance is:

http://www.urbandictionary.com/define.php?term=The%20Helicopter%20Dance


This is a true story. I spent 4 months on remand and this story made me a hero on the block. Especially when I walked due to lack of evidence (not that there ever was any since I was innocent of course)

what were the charges against you?
was it a drug charge or why did they want your computer?

I'm skating on thin ice in terms of de-anonymising myself as it is!

The UK police seize computers all the time, I know someone who got arrested for a drunken brawl and the police carried out a section 18 search of their uni housing and seized everyones laptop, took several weeks to return them too

Yes, I plan my IT stuff assuming seizure. Everything is encrypted and backed up in "the Cloud". Just the reality of refusing to fund the state. I suspect my time in the UK is drawing to a close.

yep, UK = stay away
funny how far it's come.
i've lived in iran, and england is not far off.

I'd much rather face a trial in the UK than Iran...

I've been thinking about this law for quite a while and a way out of this could be for a user to upload an encrypted copy of a key to an online server.

Each time the user wants the encrypted key back so they can locally decrypt it and then decrypt their data, they need to  make a declaration that states something like the required download is not under duress and will not be passed to a 3rd party.

I can't see how the police or even a court can compel you to lie, or, if the declaration is worded cleverly,  commit  a crime.

Also because of the people there wanting to talk to you about their missing money?

https://bitcointalk.org/index.php?topic=323682.msg5743319#msg5743319