Refuse a judge your password and face jailtime

I suppose it is the same thing as seizing personal documents or searching your house. Didn't read the article but will now. If a Judge wants your password for something, there is probably a damned good reason he wants it. No issue here. May change my opinion after I read the details.
 
Providers of encryption have to register with the DoC - bwahahah! Yes, I'm sure the global software community is going to line up to register with the South African government.

Yet again, smacks of lawmakers making laws about technology that they do not understand... at all. Do they realise that every time you browse to an SSL encrypted website, the website can be construed as being a cryptography supplier? Do they understand that encryption is pervasive and built in to a huge amount of software and OSs (e.g. Windows encrypting file system)? Do they have a clue that the suppliers of open source cryptography packages probably comprise hundreds of developers from all over the world, and that there's no one company to register for anything in that case, not that any of the developers would give a flying hoot about SA law?

What this amounts to is government forbidding it's citizens from keeping any secrets at all from them. Why is government so threatened by the thought that information might exist that they can't get their grubby little hands on?
 
This all seems fine and reasonable to me. I just don't get the part about cryptography suppliers. Everyone can use open source cryptography solutions, which are for all intents and purposes uncrackable. See TrueCrypt.

Also see deniable encryption. You can have two passwords. One that reveals a 'fake' secret, and one that reveals the real secret. There will be no way to tell whether you have a second password of not, so they won't be able to prosecute.
 
three things that are potentially misleading from the article:

(1) a directive from a judge under RICA is aimed at securing access to the underlying data - not the password or key or anything else.

2) the provisions of the Act apply to encrypted data and it is tenous at best to extend it to require a person hand over their gmail login.
The purpose is to decrypt a fax which incriminates a certain individual as having committed treason by violating his/her office at the behest and pay of a military contractor in the service of a foreign government, and that sort of thing.

3) It is judge - as in High Court - not judicial officer, the article does say judge but it is prevalent for magistrates to be thought of as judges - so your local brandy club president is not in the picture - for which we should probably blame the Americans and the French, and post 1997 Great Britain.

Section 205 of the Criminal Procedure Act on the other hand does give magistrates some pretty extensive interrogatory powers and I can foresee access information being sought under this section.
 
As with everything this can be useful or just as bad. I have nothing to hide, any organization can come inspect my software of hardware, but out of principal I will not make it easy, they will have to have all their t's crossed and i's dotted before I hand over any form of password.
 
Yeah, but the alternative is that for example people who have cooked their financial books committing fraud can just encrypt their information and be 100% safe. In cases where the defendant is actually under arrest it would go against 2.35, but it's a very tough issue requiring at least some protection for the defendant in as far as the confidentiality of information falling outside the scope of the investigation is concerned. But what are the options? Abolish encryption? Then honest folk suffer as well. It comes down to trust or somebody very clever and wise coming up with an ideal solution.
 
One has to ask though how is this really any different from the police having a warrant to search your home?
 
Last edited:
And if you have a RSA key that changes every 60s... break the device and no-one gets in...

Of course, the hardest thing for the court to prove is that you encrypted those files and they belong to you AND that you know the password.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter