On 01/08/2019 14:05, Martin Brown wrote:
On 01/08/2019 11:36, newshound wrote:
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:
I've been giving some thought as to how to
protect one's privacy from the ever growing
snoopings of the Brit monarchy and all its
lapdogs and subordinate dogs' dinners
such as GCHQ, the MIxs and the po lice,
and to kill off RIPA and the sending of innocent
people to jail for not revealing their
passwords and security keys to the plodderies.

1. In case of computers being seized, you have to
guard against previous data being scattered around
the disk in various deletions. The solution here would
be to store all data in an indexed data base file of
such a size that it won't be moved willy nilly by
the OS. Then, by overwriting records at fixed and
known locations, previous data can be guaranteed
to be deleted.

2. When receiving encyphered messages, the one-time key
is to be the previously received message, giving only
one opportunity to read your message before it takes the
place of the previously received message at the fixed
location in the indexed data base.

3. Still working on data that has to be kept indefinitely,
watch this space.

Not answering the above, but on an associated topic there must be many
people, like myself, who do some consultancy work that is wholy
dependent on computers. There's a small but finite chance that
innocent people might get their systems seized and my understanding is
that it may take months or years to get the hardware and data back. In
such a case, they are instantly out of business *unless* they have all
their data backed up in the cloud, in which case it is just a case of
buying a new laptop and carrying on.

It is an interesting question. I would demand carbon copies of the
working drives seized since without them the job stops. I wish them luck
finding anything recognisable in my highly compressed chess databases.

The first thing they should do after seizure is bitwise clone the
original drives so if they make an extra copy at that point I'd be
happy. Annoying to have hardware taken away but not a show stopper.

Having all the backups and email archives seized and unavailable would
be much more of an annoyance. And their sheer volume would tie up a lot
of resources to scan though even with automatic tools.

Now, I don't mind having my contacts and calendar together with my
spotify playlist in the cloud. Email is already there. But *some* of
my client data can't go there.

Won't the police insist on locking that down too and inspecting it?

Well they will want your IDs and Passwords, but presumably for "normal"
cloud like Google Drive or OneDrive they have an access route anyway.


Otherwise all anyone needs do is keep their dodgy stuff in the Cloud or
encrypted on a server hosted in some lawless region of the internet.

But in principle they can pick it up in transit, and even with end to
end encryption it's an offence not to disclose the key.


Gareth's stuff above is a bit tinfoil hat to me, but my scenario seems
to me to be a real (if low probability) threat. If you keep an
off-site backup that you don't declare to the police, presumably you
are committing an offence.

I no longer use hard encryption routinely since I think the security
services need all the help they can get. Back when the USA was
persecuting Phil Zimmerman for PGP I routinely exchanged emails with
like minded tech folk with the hardest encryption then available.
I stopped after 9/11.

My view too (I never felt the need to start). When I was working on
(government) Confidential and above that was on LANs with no internet
connection at all.