[abridgett]

It's even worse - under RIP act not only can you be "forced" to reveal any passwords:

- the onus is on _you_ to "prove" that you don't know it or have forgotten it - you can be told not to reveal that you've told them the password

Anyone administering systems might want to think about this, governments aren't known for good security.

[1827162]

And you can set someone up by just filling their hard drive with random data. Now all you need next is a fake tip off for child porn or something similar. The police will ask to "decrypt" it, but nobody has the key. Absolutely insane, yes the UK is probably already a de facto police state, because of this, the mass surveillance, "smart" CCTV everywhere and numerous other attempts by the government to strip us of our liberties.

Yes, because the Overton window has slipped so far, we are in a situation now, that in the 1970s people would easily class as a police state. Mass Internet surveillance, with complete dossiers on every web user being compiled by GCHQ, the criminalization of possession of data, which is a thought crime, yes prison for possessing certain books that are legal in the US. The list goes on and on.

All supposedly to protect us from some minor threat, whatever is in vogue as the latest moral panic (e.g. terrorism, child pornography, petty harassment, etc.). All while so many more people are killed or harmed in road traffic accidents each year than from all of those combined.

It really is nothing but excuses for authoritarianism. Yes, fascism, in disguise there. I don't even want to imagine what things will be like in 20-30 years time for now, if it continues at this rate.

[MagicMoonlight]

Charging under this law requires specific authorisation like most niche powers (eg charging someone for abducting their own child)

So they wouldn’t charge you based off a random anonymous tip off. It would more be, a naked child was found in your house and now they’re charging you for not giving them the tapes with the videos on it.

[1827162]

What about spoofing IP addresses (bittorrent DHT / IPFS / deliberately faked Tor IP leaks / etc.) or a combined technique, so that the police think illegal material was shared from that IP, and when they come to investigate they find large quantities of random data, which they think is encrypted?

[LawTalkingGuy]

Modern PCs are as secure as a loaf of bread in a mob of seagulls.

Use malware to actually install sharing software and hide it from the user and at the router. Then use actual full-disk encryption software and make a real hidden partition and dump the bait files from the file sharing into it and leave the forensic traces. Then wipe the malware and delete the password and the FDE is unopenable but the courts will never believe the user.

[eertami]

Hypothetically speaking, if you're not a UK resident: Surely you can keep the password on a separate device in another country, and if asked for it, say that you do have know how to get the password, but you can't physically access it without travelling to the other country.

You then aren't breaking the rules, as far as I can tell. Of course you can't give them something that is only available in another country, where those laws would not hold up.

[flangola7]

How would explain you were able to unlock and use the device within in the past minutes or hours? (Which could be easy to prove)

[kevviiinn]

Pass code is randomly generated by a person in the other country and it changes every 15 minutes. You must contact this person to get the code and they cannot be compelled by the laws in your country

[flangola7]

How do you set that up on an Android or iOS device?

[yootyootr]

Use a TOTP for a second factor of authentication and give it to your friend abroad.

[flangola7]

So you have to contact your friend every time you unlock your phone screen?

[LawTalkingGuy]

> you can be told not to reveal that you've told them the password

This is a good reason to use numbered, pre-made, one-time-passwords and require a reason when using them. "AdminX lost fob - using override to reset creds." Requiring you to lie is one step past requiring you to remain silent.

If the 'next PW to be used' number increased on everyone's override-PWs it couldn't be hidden. Co-admins could know to check an audit log of changes.

[teawrecks]

this is exactly the purpose of the 5th amendment in the US. the only thing I don't agree with is the supreme court's decision that you have to deliberately invoke your 5th amendment. so much for inalienable rights...

[Our_Benefactors]

> you can be told not to reveal that you've told them the password

Come again? I don’t catch the meaning of this.

[CaliforniaKarl]

abridgett didn't check after posting, and so didn't catch some weird formatting. They are making two separate points:

- the onus is on _you_ to "prove" that you don't know it or have forgotten it

- you can be told not to reveal that you've told them the password

[TulliusCicero]

But...how would you prove you've forgotten something?

[fuzzybear3965]

If you figure that out then let me know. Seems impossible to me. Maybe when brain scanning technology advances they'll be able to know what you're thinking.

[tejohnso]

You could be instructed not to disclose that you've given them the password.

So for example, you can be instructed not to tell your accomplices that their security is now compromised because every secret you had is no longer secret.