Its five years with no limitations, so when you are due to be released; Whats your password? Another five years... Its such a poorly worded law you could literally spend your life in prison for forgetting your password. And Its mostly used against peaceful protesters.
I'm not even sure how much practical difference there is between 5 and indefinite in practice, 5 years is a long time. I imagine it is pretty life-destroying. Especially for the crime of having something on your phone that you want to keep private.
> If it’s not about nation security or CSAM, it’s two.
I am sure we all get what you mean, but there is a comic interpretation in vaguely-Soviet style here where if someone hasn't done anything wrong they only get 2 years. I'm going to spend some time this weekend making sure my encryption is plausibly deniable where possible.
The police must obtain appropriate permission from a judge to obtain a s.49 RIPA notice.
Before a judge grants the notice, they must be satisfied that:
The key to the protected information is in the possession of the person given notice.
Disclosure is necessary in the interest of national security, in preventing or detecting crime or in the interests of the economic wellbeing of the UK.
Disclosure is proportionate.
If the protected information cannot be obtained by reasonable means.
Feature request: Make it default behavior on phones that you can have multiple passwords, connected to different profiles. With no way to determine how many profiles a phone have.
I'm sure there's some people here working on mobile operating systems, might be worth considering?
I think everyone's glossing over that this extends to anyone who knows the password. Your sysadmin, your business partner, your spouse. Hong Kong just turned your company's entire key management chain into a legal liability.
It would be nice if phones had a feature where you can define more than one pin, but only one is for your actual phone contents - the other ones leave you to a completely harmless but otherwise indistinguishable looking smartphone interface that contains no or only completely bogus data.
No one likes when I say this but it's really past time to stop doing anything interesting on your phone. Delete all your apps, set it as minimally as possible. Leave it home when you go for walks, and power it off when you go driving or to the store, or whatever.
Now we just have to wait N years for Android and iOS to get approval from the government to build something similar, that they can market yet somehow screw up enough to not actually help.
That is exactly why a Duress Pin, like the one in GrapheneOS, should be standard everywhere. Ideally, it should also include an option to visibly destroy the device by overheating it, to ensure that no one can accuse you of not having actually deleted the data and keep asking for a password.
I wonder what would happen if HK tried to force somebody to unlock their business phone. It's typically a violation of corporate policy to allow a third party to access the encrypted, confidential information on corporate mobile devices.
The poor device user would be faced with a choice of losing their job and being held criminally liable for breaching their company's systems, or going to jail in Hong Kong.
160 comments
Yes, it can be a criminal offence. But the maximum tariff for this under RIPA 2000 is five years. If it’s not about nation security or CSAM, it’s two.
(Incidentally, the USA is a real outlier in this topic)
I'm not even sure how much practical difference there is between 5 and indefinite in practice, 5 years is a long time. I imagine it is pretty life-destroying. Especially for the crime of having something on your phone that you want to keep private.
> If it’s not about nation security or CSAM, it’s two.
I am sure we all get what you mean, but there is a comic interpretation in vaguely-Soviet style here where if someone hasn't done anything wrong they only get 2 years. I'm going to spend some time this weekend making sure my encryption is plausibly deniable where possible.
Before a judge grants the notice, they must be satisfied that:
The key to the protected information is in the possession of the person given notice. Disclosure is necessary in the interest of national security, in preventing or detecting crime or in the interests of the economic wellbeing of the UK. Disclosure is proportionate. If the protected information cannot be obtained by reasonable means.
I'm sure there's some people here working on mobile operating systems, might be worth considering?
Now we just have to wait N years for Android and iOS to get approval from the government to build something similar, that they can market yet somehow screw up enough to not actually help.
The poor device user would be faced with a choice of losing their job and being held criminally liable for breaching their company's systems, or going to jail in Hong Kong.
>The US is evil
>China makes you give phone passwords, China makes Apple give user data
>The US wiretaps 1 person
"OMG THIS IS AN OUTRAGE!"
We forget because a Republikan is in charge how good we have it in the west. We forget how bad it is elsewhere.