Is full disk encryption useless in the UK?

In the UK we have a law where if you don't decrypt your device you can be prosecuted for not decrypting. Its more terrorist level of charges as well.

Is this true? And what does that mean for the merit of encrypting your data in the UK?


Comments


[5 Points] Vendor_BBMC:

Tor browser doesn't store your browsing history. The cops need to catch you with drugs, THEN get your laptop.

The UK Government is about to make whispering illegal. It might be about terrorism.


[2 Points] Morvu:

https://en.wikipedia.org/wiki/Encryption_ban_proposal_in_the_United_Kingdom


[1 Points] datfakeaccounttho:

Out of curiosity, what if you're simply unable to remember your encryption passwords? I'm sure plenty try to use this excuse but surely some people must legitimately forget or lose access to their credentials. Do they have to prove you're intentionally refusing to give them up?


[1 Points] Satoshi-:

"Yeah... um i'm sure Azmsbjsjdj292uij2mlkjns was my password, can you check again?... oops i must have forgot it, it's a new password" is a better answer to the LE when it comes to a case like this.


[1 Points] pinochetHA:

No. Full disk encryption is certainly not useless in the UK. You have options if you are worried about being charged for not decrypting. Full disk encryption programmes such as Truecrypt and the more recent Veracrypt can provide you with plausible deniability. This is achived through hidden volumes. You have a hidden volume with your darknet stuff, and another larger volume on the system with sensitive looking but ultimately legal content (eg. put your dick pics there). If forced to decrypt you give the password for the legal part and say nothing about the other volume. There isn't a known way to prove the existence of another volume unless you mess up, and you have complied with the order to decrypt.

Another option is to just say you have forgotten your password to decrypt the device. If you have a good legal defense this option is likely viable. People forget things all the time.

Another totally experimental option which I am thinking about, but not currently vouching for is purcahasing a vps in a shithole country which will not co-operate with the UK, encrypting everything sensitive and putting it on your vps. Only access the vps from tails and decrypt your sensitive stuff locally. Shut down tails when finished without saving anything. The vps doesn't see your information, only encrypted data and nothing is stored in your tails persistence or harddrive. You are able to decrypt the device when requested without exposing information.

Personally I would do none of the above to mitigate against this threat and tell them to go fuck themselves. Stupid I know, but based on the principle that my data is mine kthnx. Also something else to consider: LE normally are not stupid enough to risk a case on you telling them to get lost and refusing to decrypt. That would show the public just how dumb all of this is. If they've gotten that far your probably screwed in many different ways and they won't need evidence from your drive to convict you.


[1 Points] DooshNozzzle:

It depends what you have stored. Even with all other things considered, like the hidden volume mentioned by others, or the possibility of forgetting your password... If the consequences for what is contained on the hard drive is worse than the consequence of defying the court order to decrypt it, then no it's not worthless. Just refuse to unlock it and accept lesser consequence.


[1 Points] lovelylittlegangster:

It's not useless but you need to plan carefully.

Veracrypt with a hidden volume and some dick pics on your decoy partition gives you plausible deniability.

Full disk encryption without careful planning is not ideal and could mean a 2 year stay at her majesty's pleasure unless you hand over your keys.

It's not easy or quick to get it right though (despite what people tell you).