Criminals may try 'the virus ate my password' excuse
By Steve Ranger
Published: 15 August 2006 17:15 GMT
The introduction of legislation to crack down on criminals using encryption to hide their tracks could also leave users open to new forms of electronic attacks, according to one expert.
The Regulation of Investigatory Powers Act (RIPA) provides the legal framework for various methods of surveillance and information gathering by police and other agencies.
But because criminals are now encrypting their email, files, folders, documents and pictures in an attempt to conceal their activities, the government plans to introduce Part III of the Act.
This requires people - when requested - to put protected or encrypted electronic information into an "intelligible" form, or to provide the encryption key. Failure to comply with can lead to between two and five years in jail.
Police have said they want the legislation in order to crack down on criminals using encryption. Detective Chief Inspector Matt Sarti told the a meeting organised by the Foundation for Information Policy Research (FIPR) that there are 200 computers sitting in police forensic centres and property cupboards with encypted data on them which are likely to hold evidence of crime.
But Caspar Bowden, former director of FIPR warned that introduction of the legislation could lead to a new wave of cyber-attacks.
For example criminals could create malware that was able to change the encryption key or password on an innocent user's machine. This virus would then delete itself and the criminals could threaten to tip of the police about the encrypted data, claiming it was information about criminal activity.
Without the key - which the virus deleted or changed - innocent users could find they have to defend themselves against this sort of blackmail.
Similarly, criminals could use these viruses against themselves, claiming "a virus ate my password (Vamp)" as an excuse for not providing the encryption key, he argued.
"The bad guys have an incentive for causing mayhem through Vamp-ware cases for cover," Bowden warned, and said there is a risk of deterring honest users from protecting themselves.
And he said that as a result the the UK could become a "proving ground" for these types of Vamp-ware.
Personally, if I were involved in such activities,...
David Fletcher
Is it me just being stupid here or....
The word...
MusicFan
Can I point a huge flaw in MusicFan's comment, the...
Too cynical sometimes
Other responsibilities include: Implementing preventative measures; minimising business disruption; minimising risk of security attack, malicious ...
Huntress does not discriminate on the grounds of age, race, gender, disability, creed or sexual orientation and complies with all relevant UK ...
Project managing the collation of information from across the Elan and Manpower Groups Helping consultants tailor solutions to their individual ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Naked CIO Naked CIO: Social networks are useless for finding a job 'Quantity over quality' approach poisoning professional networks
Peter Cochrane Peter Cochrane's Blog: Uneconomics We must move away from short-termism to prevent next economic crisis