BRITISH AUTHORITIES are attempting to force a man accused of hacking the U.S. government to hand over his encryption keys in a case that campaigners believe could have ramifications for journalists and activists.
England-based Lauri Love (pictured above) was arrested in October 2013 by the U.K.’s equivalent of the FBI, the National Crime Agency, over allegations that he hacked a range of U.S. government systems between 2012 and 2013, including those of the Department of Defense, the Environmental Protection Agency, the Department of Energy, and NASA.
The U.S. Justice Department is seeking the extradition of Love, claiming that he and a group of conspirators breached “thousands of networks” in total and caused millions of dollars in damages. But Love has been fighting the extradition attempt in British courts, insisting that he should be tried for the alleged offenses within the U.K. The 31-year-old, who has been diagnosed with Asperger’s syndrome, has argued that he would not get a fair trial in the U.S., where his legal team says he could face a sentence of up to 99 years in jail.
The issues raised by Love’s case, however, are not limited to hacking. In recent weeks, his case has taken on a new dimension — opening up another potential battleground in the ongoing international debate about encrypted data and the power governments should have to access it.
Following Love’s arrest in 2013, the National Crime Agency, or NCA, seized computers and hard drives in his possession. He was then served with an order under Section 49 of the U.K’s controversial Regulation of Investigatory Powers Act, which demanded that he hand over his passwords to open encrypted files stored on the devices. Love refused, and when the NCA did not push the issue any further, it appeared that the agency had given up on its attempt to make him comply.
Subsequently, Love sued the NCA in an attempt to have his seized computers and hard drives returned. But that effort has now culminated in the NCA doubling down and renewing its demand that he turn over his encryption keys. According to a court document dated March 2, 2016, the agency is asking that Love “provide the encryption key or password” for data encrypted using TrueCrypt software that was found on his Samsung laptop, two hard drives, and a memory card.
Naomi Colvin, a campaigner for transparency advocacy group the Courage Foundation, told The Intercept that she believed the case could have “huge implications for journalists, activists, and others who need to guard confidential information” — potentially setting a precedent that could make it easier in the future for British police and security agencies to gain access to, or to seize and retain, encrypted material.
Colvin said that the Courage Foundation, which is raising funds for Love’s legal defense, is backing him because “his case fits in to a pattern of political prosecutions of hacktivists and other truthtellers.” She added: “From our work with some of our other beneficiaries — particularly Jeremy Hammond and Barrett Brown — we’re very familiar with the prosecutorial overreach, inflated damage figures, absurd sentencing, and discriminatory prison treatment, including frequent spells in solitary confinement, that is common in these kinds of cases.”
The encryption key demand is set to be the focus of an April 12 court hearing, at which a judge is expected to rule on whether Love should be ordered to turn over his passwords. But regardless of the hearing’s outcome, Love has no intention of turning over his encryption keys.
“I don’t have any alternative but to refuse to comply,” he told The Intercept. “The NCA are trying to establish a precedent so that an executive body — i.e., the police — can take away your computers and if they are unable to comprehend certain portions of data held on them, then you lose the right to retain them. It’s a presumption of guilt for random data.”
Notably, in the lead-up to the April 12 hearing, the NCA has appeared keen to keep public discussion of the case out of the media, perhaps in light of a recent high-profile controversy on the other side of the Atlantic over FBI demands that Apple Inc. help thwart the encryption on an iPhone.
Court documents show that the agency requested — and a judge approved — that witness statements and skeleton arguments should not be disclosed “to the press, the public, or any third party save with the leave of the court until after the final hearing, and then only in relation to such matters as are referred to in open court or as permitted or directed by the court.”
Karen Todner, Love’s attorney, told The Intercept that the NCA’s apparent desire to minimize publicity was quite unusual. “In other cases that I’ve dealt with — not necessarily about extradition, but computer hacking cases — they’ve put out press statements and been quite proactive in the press,” she said.
Todner noted that Love’s case has similarities to that of Gary McKinnon, a Scottish man who successfully fought extradition to the U.S. over allegations that he hacked NASA and U.S. military computers. Like Love, McKinnon had also been diagnosed with Asperger’s syndrome. After a 10-year campaign and lengthy legal battle, McKinnon’s extradition was ultimately blocked by the British government over health concerns.
“I think that they [the NCA] are possibly nervous because of the McKinnon case, because certainly the press that McKinnon received was helpful to his case. It courted public opinion and certainly Lauri’s case would probably also court public opinion.”
The NCA declined to comment for this story.
With more cases like this companies like http://www.qredo.com offering easy to implement end to end encryption that can be added by app developers without any encryption knowledge will be more and more popular. I think it is down to public to understand how important this is.
The Security Issues that governments claim are laughable. I wrote on here a while back about a dozen major breakthroughs made by British scientists that they couldn’t wait to go share with everybody else – TV, computers, the internet, computer programming, medicines, weapons, tank armour, jet engines…
Are there greater secrets than those inventions that we completely failed to keep to ourselves? No there are not. Is there are more dangerous power on the planet than the USA, with whom we freely share or just plain hand over to all our tastiest ideas? No there isn’t.
It’s bullshit. The need for secrecy is a lie, it is just an excuse to control people and get up to whatever governments’ fancy behind closed doors.
We should start a Transparent Democracy Movement, for a society that aims at removing secrecy in its governmental activities.
Steganography solves the problem of intrusive governments demanding encryption keys. With steg, all the thugs see is a music or video file, which can’t be proven to contain hidden information. Only someone with the right program and the right password can extract what’s inside, or know that it exists.
Hello,
Hmm, actually there exists experts who are skilled in deciphering, if you will, stenographic material. Although going into great detail about the methods and such would consume a lot of my time, I would like to warn not to go down the road of “Stenography is impossible to decipher due to X,Y and Z”.
Thank you. Good day!
Steganography, not stenography. These are entirely different topics.
I happen to think the Mackinnon decision was humane and hope that it works for this guy too. The US is a bully in this case, saying that an extraterritorial crime is somehow justiciable in this country. And the US prison system is no place for someone with Asperger’s and an anti-establishment mindset. Publicize this far and wide and get the people against sending him here. It’s his only hope.
There are 2 ways for societies to relieve themselves of power monsters. One is what happened in 1775 and 1792 and the other is by simply going off the grid.
In the case of the “off the grid” scenario, the power monsters will of course demand that all written communications be done in triplicate and recorded by your local notary who gets one copy and turns that over to the NSA review department. The other copy is mailed to the credit bureau because they already have those capabilities in place being as they are in the records business.
Of course, this sort of thing will require licenses for pens and pencils which of course will generate some sort of admin alert- and heaven forbid if you buy too many, you will be investigated for black market sales.
In any predatory regime, monitoring citizen communications has always been a really big deal. Take the nazi regime for instance. Warrantless was as it is today. Everyone is a suspect. America once made fun of these nutjobs “i suspect no one. i suspect everyone” .
Spying is itself by any right is a leadin to voyeurism. Voyeurism incorporates an abuse of power – a corruption of relationship. And while the spies have nothing else to do, they get itchy and scratch…
http://www.commondreams.org/news/2015/11/25/mind-blowing-abuse-power-walmart-spied-workers-fbi-lockheed-martins-help
http://www.theguardian.com/world/2013/sep/27/nsa-employee-spied-detection-internal-memo
http://www.cnn.com/2013/09/27/politics/nsa-snooping/
When favors and money enter that activity, _________________________.
good work on this…i had seen a report on mckinnon years ago and for a minute thought this article was about him (bad with names).
this is like an odd combination of rendition, nsa encryption whining and the “civil forfeiture” theft happening in the states. my favorite part of the mckinnon case was the pentagon saying “he did millions in damage” but then refusing to show evidence based on “secrecy”. turns out they won’t even hand over their own servers, much less those of some lawyerless civilian. it also probably has the bonus effect of feeding UFO conspiracies; “he looked for UFO stuff and now they refuse to let anyone look at the ‘damage’? someone call david icke!”
as the founding fathers warned us, the protection the people need most is from their government gone bad.
The “founding fathers” were more concerned with protecting slaveholders from the possibility of government going good by abolishing slavery, which had already effectively happened in the ‘mother country’, Britain, in the 1770’s, than with government ‘going bad’.
The law against hacking was the original sin of the internet. We could have had teenage hackers and aspies embarrassing our companies into securing their interfaces thirty years ago, instead of pros from China systematically stealing all their information today. It is wrong to ban any kind of hacking, save in the sense of real (non-computer) consequences the hacker knowingly makes happen. The cost of securing the system shouldn’t count in that because they should have done it already.
But it’s especially stupid in the case of defense computing architecture. Those people don’t have a damn excuse! I mean, the 9000 times before this kid showed up that they were hacked by Russia, China, Israel, North Korea, Saudi Arabia, Goldman Sachs, the People’s Republic of Buttfuckistan, whoever it is wanted their data, and they didn’t realize it because those guys are all better at it … who are they going to prosecute for that? Are they going to send the FBI into Pyongyang and put those hackers in cuffs? Then what the fuck is the point of doing it to this guy?!
Give it up – admit that there is one and only one responsibility for a Defense Department computer being hacked, and that’s with the Defense Department, because dammit, they were supposed to be able to defend it!
You shouldn’t blame the victim for not taking sufficient precautions. Some may argue that the DOD should take precautions, but this is a misunderstanding created by its confusing name. It used to be the Department of War, before Orwell made everyone get cute with language. Its original title clarifies that it has no interest in defense. In fact, being attacked has always been the best way to start a war. Unfortunately, the only hackers clumsy enough to have been caught, so far, are citizens of a vassal state, which it would be pointless to attack.
Funny how people still put forward China as the ultimate bunch of government hackers when it is now been shown that the USA is far worse AND is hoovering up and storing all the digital data they can. We are not the Good Guys fighting for a free world, we are the monsters in denial over our failed democracies.
I struggle to appreciate what there really is to hide – either “the enemy” is tech-savvy and will figure it out anyway, or they are not tech-savvy and so aren’t really a threat. And by “enemy” I mean whoever is being used to justify trillions of dollars of expenditure on weapons and security and draconian controls over partisan populations…
The concept of rights is alien to Britain. They have acquired some under the European Human Rights Convention, but this has made most Britons uncomfortable. As a result, they are currently voting to leave the EU, and will no doubt withdraw from the ECHR as well, since it only serves to embarrass the British justice system.
So it would be inappropriate to view this case in terms of American constitutional rights. Britons don’t have a Fifth Amendment; they make do with a fifth of scotch.
In the case of McKinnon, the British did deny the extradition request for nominally human rights reasons – that the subject was likely to commit suicide rather than enter America. But clearly sending someone to America is not a violation of their human rights – the British government, much as a British sovereign might have done in ancient times – performed an act of mercy in order to receive public acclaim. Privileges granted do not form a binding precedent.
So it all depends on whether Love can mobilize British public opinion in his favor – to provide the government with a political payoff for blocking his extradition. McKinnon’s hacking to find evidence of UFOs appealed to the British public’s fondness for eccentrics. Love needs to find a similarly sympathetic rationale for his hacking.
“But clearly sending someone to America is not a violation of their human rights”
Are you sure about that?
https://theintercept.com/search/?s=New York Guantanamo
Under “New Labour” Britain became reduced to colonial status in extradition law when the Blair regime accepted vassal state status visa vis the US in the extradition treaty it acceded to in 2003. No sovereign state would allow its nationals to face extradition to a barbaric legal system of a person whose acts, legal or illegal, were committed totally outside that jurisdiction.
This is a suspect who has been lawfully charged with a crime. A warrant for access to the tools he used to commit that crime seems easily justified. Refusing to comply with that warrant would be clear obstruction of justice in the US. What am I missing? How would this set a precedent for ordering journalists to disclose passwords?
He’s up for extradition, not crimes against his home country. Other countries extraditing suspects to the US has become a legal minefield for countries that, you know, have a history of actually banning torture. So it’s not so simple anymore.
Our country also has a history of banning torture… and then doing it anyway under a different name.
That’s right , didn’t they just rebrand it as “enhanced interrogation techniques” ?
It is justified if the US government hacks foreign companies, its own citizens computers, telephones, other devices, infect anybody they think they need to, hacking is legal and Justified for our governments. But if you have them no matter where you are they want to put you under the jail
You are not missing anything. The Left, which I used to recognize and admire, latches on to any criminal these days and elevates him or her to hero status.
I used to recognize and admire the right wing, but nowadays they have far too many jerks amongst their ranks who cannot read or understand the context of an article. These idiots cast unsubstantiated generalizations about the left which lack substance and this for me has destroyed the rights credibility.
The criminals are the United Snakes ruling class, its Killitary, and other institutions that defend and project its power. Attacking them, whether with arms or through other means, is not a crime but an effort to protect humanity and the planet from the world’s largest ongoing criminal enterprise.
P.S. Genuine leftists have no desire to be admired by whatever humanoid hides behind the handle ‘DcentDiscourse’.
@DK: In the US, we have something called the Fifth Amendment, that prevents the government from forcing you to incriminate yourself. Look it up.
I was curious, so I did look it up. A federal judge has ruled that the 5th amendment does not preclude a court order to produce encrypted information, but does protect the key itself. https://en.m.wikipedia.org/wiki/United_States_v._Fricosu. Basically, the defendant was ordered to decrypt the hard drive but not to hand over the key.
However, the case was settled with a plea, so it was never addressed by a higher court that might have established a more authoritative precedent.
I did. A federal judge ruled that the fifth amendment doesn’t allow a defendant to refuse to grant access to encrypted information. The case was settled rather than appealed, so no higher court has been able to set a more authoritative precedent.
Jesus was lawfully charged convicted and executed.
Have a nice f’n day.
What is particularly interesting here is that the data storage devices in question only have entirely random data on them, similar to what one would see on devices subject to the Linux “shred” command. This would effectively criminalize use of that command to wipe any blank device.