Fractal knows his shiznit here folks, I've been convinced by private discussions w/him.

I've been a Hushmail user for a long time, and everything has been fine, but I'm sure now that that's only because no one has been interested in me. If any blue meanies ever became interested and I were using Hushmail, it would be scary.  So I'm going to drop them like a bad habit. Fractal showed me that even if you are using the in-RAM java applet Hushmail uses, you could still be hosed. I didn't realize that---I thought that if you always encrypted/decrypted in your own RAM w/the java thingy, then someone would absolutely need your passphrase to get to your account (some poor idiots actually choose to let the encrypt/decrypt be done on Hushmail's servers without the java applet, which is no protection whatsoever). I was misunderstanding the nature of it; there is a total backdoor, apparently.

For years I've allowed myself to believe Hushmail when they say that they will turn over accounts only if/when they are presented with a legal instrument under Canadian law. Then again, can (and do) Canadian authorities stand up to US authorities who want to go fishing and tell them to go through the courts, or do they bend right over and all go fishing together? The latter, no doubt. Nonetheless I think it's probably pretty safe until/unless someone wants you... and then suddenly at that point it's not safe at all, which means that overall, it's not safe at all.

BTW I don't know what happened, but when Hushmail started out, they were an offshore company in Anguilla! That was why I was attracted to them in the first place. I don't even know at what point along the line they became Canadian and subject to Canadian (and by extension, US) law.

I use GnuPG with a smart card. You can use a Thunderbird plug-in called Enigmail.

Also if you set your GPG up correctly you can store the secret key on the smart card itself, not on the computer.
This way if your pc is seized it makes it harder to decrypt any encrypted mail.

I use the Open GPG smart card from Kernel Solutions, if your pin is entered incorrectly 3 times the card locks permanently.
Thus preventing a brute force attack on your key.

Smart cards are actually not very safe against police.

The main benefit of smart cards is protection against morons and computer viruses.

Storing the encrypted private key in a file system which is itself FDE is really the only way to feel reasonably safe. With a strong disk password, they'd have to catch the computer on and in an unlocked state to be able to do anything.

Tools like dm-crypt and Truecrypt aren't going to be broken when used properly (good passwords, cold boots, kill switches, etc).

This is maybe not exactly about the topic but it is about encryption and one has to store ones keys and passwords somewhere. In the UK one has no right to privacy using encryption on hard disks. The same would probably be true with emails. That was proved when a young man had a visit from the pigs and they couldn't get into his hard disk because he had used a password with 50 characters. He got sent to prison because he wouldn't tell them it. The shit we call government had made a law to help fight against "terrorists" and the pigs used that allthough he wasn't accused of any terrorist offences. There was no evidence against him except the statement of an informer saying that he possessed child pornos. If anyone wants to know more i`ll provide more info.

This is maybe not exactly about the topic but it is about encryption and one has to store ones keys and passwords somewhere. In the UK one has no right to privacy using encryption on hard disks. The same would probably be true with emails. That was proved when a young man had a visit from the pigs and they couldn't get into his hard disk because he had used a password with 50 characters. He got sent to prison because he wouldn't tell them it. The shit we call government had made a law to help fight against "terrorists" and the pigs used that allthough he wasn't accused of any terrorist offences. There was no evidence against him except the statement of an informer saying that he possessed child pornos. If anyone wants to know more i`ll provide more info.

Yeah, the UK's laws are fucked up.

On a minor semantical note, they can't force anyone to disclose keys. They can only punish those who don't. The penalty for failing to disclose will likely be much lighter than some things they can find.

Anyone encrypting things which they wish to keep away from oppressive government needs to make peace with the fact that they might need to sit in prison for a few years....as opposed to many more.

What the UK did is unconscionable. Disclosing an encryption key is like being forced to reveal what is in your mind. I know if I had a perfect photographic memory, there wouldn't be anything worthy of encryption on my hard drives.

GPG stores the private keys either AES or twofish encrypted by default (can't remember which, I'm leaning towards AES), so the security of your private key doesn't become an issue unless we're talking about the NSA busting in with freon cans.  And I don't think anyone here is that important

It is either 3DES or AES depending on version. The setting can be changed in your ~/.gnupg/gpg.conf

One can also change the number of iterations (hardening) for the private key there as well.

There's one that's possibly being held indefinitely:

https://the-collective.ws/forum/index.php?topic=19573

UK JAILS SCHIZOPHRENIC FOR REFUSAL TO DECRYPT FILES

Science hobbyist with no previous criminal record.

The U.K. overtly overrode the time-honored rights to remain silent or not incriminate oneself in a criminal proceding with the Regulation of Investigatory Powers Act (RIPA), which became effective about two years ago. RIPA imposed penalties for not providing the keys to encrypted files if authorities demanded that the keys be disclosed.

Now the first person has been jailed under these laws: A possibly schizophrenic, definitely eccentric, self-described “amateur scientist” who authorities involved admit is in no way a terrorist threat. In other words he is being jailed purely because he is resisting arbitrary government demands. Yup, that sure enough sounds like the government we all know and love.

Why is the jailed man not providing the encryption keys demanded? On principle. One must admire his attitude. His defense of the right to remain silent appears to be unrelated to his mental issues.

    The first person jailed under draconian UK police powers that Ministers said were vital to battle terrorism and serious crime has been identified by The Register as a schizophrenic science hobbyist with no previous criminal record.

    His crime was a persistent refusal to give counter-terrorism police the keys to decrypt his computer files. The 33-year-old man, originally from London, is currently held at a secure mental health unit after being sectioned while serving his sentence at Winchester Prison.

    In June the man, JFL, who spoke on condition we do not publish his full name, was sentenced to nine months imprisonment under Part III of the Regulation of Investigatory Powers Act (RIPA). The powers came into force at the beginning of October 2007.

    JFL told The Register he had scrambled the data on several devices as part of security measures for his business, a small software company.

    He was arrested on 15 September 2008 by officers from the Metropolitan Police’s elite Counter-Terrorism Command (CTC), when entering the UK from France. Sniffer dogs at Gare du Nord in Paris detected his Estes model rocket, which was still in its packaging and did not have an engine.

    On arrival at St. Pancras, JFL was detained under the Terrorism Act and taken to Paddington Green police station, a highly secure facility where UK police hold their most dangerous suspects.

    He was returning to the UK for an appointment with customs officials, to surrender after a missed bail appearance. This separate customs investigation – since dropped without charges – surrounded a failed attempt to enter Canada, and JFL missed bail following a move to the Netherlands. This contact with British authorities was apparently part of CTC’s decision to arrest JFL.

    While interviewing him, CTC, the unit that in 2006 replaced Special Branch as the UK’s national counter-terror police, also seized more luggage. JFL had sent packages separately via Fedex to the Camden Lock Holiday Inn, where he had booked a room.

    Throughout several hours of questioning, JFL maintained silence. With a deep-seated wariness of authorities, he did not trust his interviewers. He also claims a belief in the right to silence – a belief which would later allow him to be prosecuted under RIPA Part III.

    A full forensic examination found 9 nanograms of the high explosive RDX on his left hand, but JFL was given police bail. His passport was seized, however.

    JFL says he does not know how the RDX, which has has military and civil applications, came to be on his hand. A result of 5 nanograms or less is routinely discounted by forensics and no charges were ever brought over his result of 9 nanograms.

    He returned to Paddington Green station as appointed on 2 December, and was re-arrested for carrying a pocket knife. During the interview CTC officers told JFL they wanted to examine the encrypted contents of the several hard drives and USB thumb drives they had seized from his Fedex packages.

    Again he maintained silence. Police then warned him they would seek a section 49 notice under RIPA Part III, which gives a suspect a time limit to supply encryption keys or make target data intelligible. Failure to comply is an offence under section 53 of the same Part of the Act and carries a sentence of up to two years imprisonment, and up to five years imprisonment in an investigation concerning national security.

    Following the warning he was bailed again, to reappear on 4 February. JFL did not attend the bail date. Instead he moved to Southampton, living in a series of temporary homes. He says he felt harassed by authority and helpless against police he believed were determined to pin a crime on him.

    His disappearance led to a raid on 7 March this year. Officers bearing sub-machine guns broke down the door of JFL’s flat. He rang local police before realizing CTC had come for him.

    At the local Fareham police station he was served with the section 49 notice. Signed by CTC’s Superintendent Bell, it said: “I hereby require you to disclose a key or any supporting evidence to make the information intelligible.”

    JFL maintained his silence throughout the one hour time limit imposed by the notice. He was charged with 10 offences under section 53 of RIPA Part III, reflecting the multiple passphrases needed to decrypt his various implementations of PGP Whole Disk Encryption and PGP containers.

    The list had been compiled by the National Technical Assistance Center (NTAC), part of the intelligence agency GCHQ, which attempts to decipher encrypted files for intelligence and law enforcement agencies.

    In his final police interview, CTC officers suggested JFL’s refusal to decrypt the files or give them his keys would lead to suspicion he was a terrorist or paedophile.

    “There could be child pornography, there could be bomb-making recipes,” said one detective. “Unless you tell us we are never gonna know. ... What is anybody gonna think?”

    JFL says he maintained his silence because of “the principle – as simple as that.”

    He was also charged for his February missed bail appearance and for two attempts to get a new passport falsely claiming his was lost. He says CTC told him he would not get the one they had seized back, so he applied for a new one.

    After three months on remand JFL faced trial on 2 June. He pleaded guilty to all the charges, wrongly believing he would be released that day with an electronic tag thanks to time served. Instead, taking into account the passport offences and missed bail, he received a total of 13 months.

    Before finishing what would have been a 6 1/2-month prison term during September, JFL was sectioned under the Mental Health Act. He now does not know when he will be released from hospital.

    In his judgment, Judge Hetherington accepted JFL was no threat to national security and noted his outsider lifestyle. “You ... wished to involve yourself in a world which was largely based upon the access to the internet and using computers and not really interacting with other people in the ordinary outside world to any great extent,” he said.

    “It is said on your behalf that you lead an existence rather akin to that of a monk, and that there is nothing sinister in any of this but it is essentially private matters and you do not see why you should have to disclose anything to the authorities.”

    The judgment also took note of JFL’s unusual hobbies and interests. He describes himself as an “amateur scientist” and his Fedex packages contained lab equipment, putty, devil bangers (which explode with a snap when thrown to the ground and are sold in joke shops), a metal detector and body armour. He also had a book on gun manufacture, a book on methamphetamine production and an encryption textbook. All are available from Amazon.

No wonder Loompanics went out of business. You can get all the books they used to sell on Amazon!

    JFL also had a copy of Steal This Book, Abbie Hoffman’s 1970s counter-culture bestseller. Judge Hetherington described it as “a book that detailed how to make a pipe bomb.”

    Images of the evidence haul were sent to the Defence Science and Technology Laboratory (DSTL), an MoD agency that carries out assessments in explosives cases. A scientist wrote: “Some of the contents of the luggage could [DSTL’s emphasis] be used for the manufacture of explosives or explosive devices but none of the items (as far as I could tell from the images) were obviously for this purpose and, with the exception of the throwdowns [devil bangers] and model rocket they all appeared to have other non-explosive uses.”

    Judge Hetherington backed CTC’s initial suspicions. Added to the encrypted files, he said, the luggage made it “understandable in those circumstances that the various authorities were highly concerned initially as to whether there was some link to terrorism and a threat to national security.”

    During sentencing, the judge seemingly confirmed that NTAC staff had been unsuccessful in their attempts to crack the encrypted files – or had not bothered trying. “To this day no one really has any idea as to what is contained in that equipment,” he said. One file encrypted using software from the German firm Steganos was cracked, but investigators found only another PGP container.

    The suspicion of terrorism was dropped long before trial and JFL was sentenced under RIPA Part III as a general criminal rather than a threat to national security. Although he admitted guilt, JFL argues he did nobody any harm and the offences were all related to not cooperating fully with police.

    Despite referencing his solitary existence, Judge Hetherington appeared not to know about JFL’s mental health problems and criticized him for not speaking to authorities.

    Abandoning normal court procedures, he said: “It was because I was satisfied you would not tell the Probation Service anything significant further that I saw no purpose in obtaining a pre-sentence report which is normally a prerequisite for someone of no previous convictions who has not previously received a prison sentence.”

    Sticking to normal procedure might have helped explain much of JFL’s behavior in interviews and while on bail. Pre-sentence reports include mental health records and JFL himself sought psychiatric treatment once before, while a computer science student.

    His given reason for not cooperating with CTC – the fact that a section 49 notice overrides the right to silence – echoes the original debate over RIPA and encryption. When the law was drafted at the end of the last decade it sparked protests from civil liberties groups and security experts.

    In September 2001, shortly after his stint as Home Secretary, when he had introduced RIPA, Jack Straw took to the airwaves to defend the powers.

    “It was government trying to put in place increased powers so that we could preserve and sustain our democracy against this new kind of threat,” he said in a Radio 4 interview. “We needed to take powers so that we could de-encrypt commercially encrypted e-mails and other communications. Why? Because we knew that terrorists were going to use this.”

    News that the first person jailed for the offence of not talking in a police interview has been judged no threat to national security and suffers from a mental condition associated with paranoia and a fear of authorities is unlikely to win RIPA Part III new supporters.

    It will also be news to at least the part of government that administers the justice system. On 3 November, Claire Ward, a junior Minister in the Ministry of Justice told Parliament: “Up to the end of 2007 (latest available) there have been no persons reported to the Ministry of Justice as being cautioned, prosecuted or convicted under section 53 of the Act in England and Wales.

    “The government are satisfied that offences set in RIPA are appropriate and that the legislation is being used effectively.”

The Tragic Consequences of Anti-crypto Law

    Comment The first conviction of a man under the draconian powers of RIPA Part III tragically bears out a prediction I made at the time: That these powers would do little or nothing to tackle serious crime or terror, but would create a power the police could use to harass people and undermine their right to remain silent.

    After all, a hardened criminal can use deniable encryption, or claim to have forgotten the password; the likely victims would be the less organized and the vulnerable.

    And so it has turned out. The first person convicted under this law was a vulnerable eccentric who refused to decrypt the files on his laptop when the Met’s terror squad told him to. He was convicted and jailed despite prosecutors accepting that he was not involved in terrorism at all. He is now in a mental hospital.

    Old-timers will remember the crypto wars of the 1990s. The U.S. government tried to force everyone to use the Clipper chip, an encryption device for which they had a back-door key. When cryptographers broke the Clipper chip, Washington tried to make cryptography illegal unless the keys were deposited with a “trusted third party” from whom the police could obtain keys secretly using a warrant.

    Cryptographers and computer companies fought back, complaining of the threat to privacy, the chilling effect on e-commerce and the cost. Eventually the chief crypto warrior, Al Gore, dropped the issue during his presidential campaign in an attempt to curry favor with the industry.

    As sometimes happens, U.S. policy had toxic effects here. In 1996, trade minister Ian Taylor laid a trap for the opposition by talking of government control of cryptography. His shadow Chris Smith was not to be outdone at the “tough on crime” game, and promised that New Labour would require people to hand over keys so that paedophiles could not escape surveillance.

    This raised a storm of protest from geeks and from the IT industry, which had been cosying up to New Labour in the belief they would win the 1997 election. Anne Campbell, the MP for Cambridge, ended up in charge of the issue as back then she was the only Labour MP with a publicly visible email address that she actually answered.

    The compromise that appeared among New Labour’s election promises was a power to compel decryption of seized material. Taylor then calmly said that he had changed his mind; crypto control was not necessary.

    This nifty piece of political footwork was not enough to save John Major, though, and Labour’s election promise duly arrived as Part III of the Regulation of Investigatory Powers Act 2000.

    Blair initially tried for even more macho controls on crypto, but these were undermined by UK crypto campaigners, by the Gore U-turn, and by an EU ruling that keys would only be good for digital signatures if only the signer had a copy. So the bill’s passage through Parliament was turbulent. There was much talk of serious crime and of terror. But even despite the events of 2001, Part III was not actually brought into force until 2007.

    The whole business brings to mind a comment attributed to Bismarck: “Laws are like sausages – it’s best not to watch them being made.”

whether this so called threat to national security is still in the mental hospital is unknown    As was mentioned at the Collective, it's evident who the real terrorists are 

The story i was refering to ---->

http://www.mirror.co.uk/news/top-stories/2010/10/06/password-teen-jailed-115875-22612304/
http://www.bbc.co.uk/news/uk-england-11479831

About the info from Lugh and psychexplorer ---->

JFC it very hard to be comited from a prison in the unUK . I know of a guy who used to piss himself and shit on the floor all over a prison and he was treated like he was "normal" and didnt get any medical treatment  They have their own doctors , usualy shit on the same level as mengele. whos only function is to say sick people arent sick . If a problem person gets sent down first they lock him down . If that doesnt work the screws abuse them. If that doesnt work the screws get prisoners to batter the fuck out of them . What the fuck could he have done to be comited ?

"9 nanograms"

Fuckin hell guys . You know how little that is . I think that IF its true and the pigs didnt falsify evidence that he could have got it by touching something in their custody . They deal with it as evidence , in their training and use it to train dogs .

"JFL was sectioned under the Mental Health Act. He now does not know when he will be released from hospital."

Thats the explenation for why he was comited = the fuckers dont have to let him out untill he can prove that hes not mentaly ill .

"Some of the contents of the luggage could be used for the manufacture of explosives"

Another trick they use . Its bullshit because one can build a bomb from a lot of things in a normal houshold . One can even build one in prison with things freely available to prisoners . Wanna know ? Ask .

"the offences were all related to not cooperating fully with police."

Thats obviously true . The bastards are a vain and vindictive bunch of scum and anyone who dares to stand up for themselves gets harrased for the rest of their lives .

"Sticking to normal procedure might have helped explain much of JFL’s behavior"

Yep and not doing it conveniently for them allowed them to continue to victimise him . Strange how the pigs and other shit like judges dont make mistakes that arent in their favour ?

"the fact that a section 49 notice overrides the right to silence "

The backbone of british laws are ( were ) the right to silence , the right to not give evidence that might incriminate oneself and habeous corpus = the pigs have to put the evidence on the table before a person can be locked up . The abolishion of those rights means in end effect that the british public has NO legal rights .

"it's evident who the real terrorists are"

Yep . Look at libya , bahrain , iraq , afghanistan and saudi arabia and its obvious . Its the US , the unUK and other US puppet states . The same shit that was behind the war crimes against vietnam , kambodia , laos , korea and more than 30 other states since the second world war . No offence ment to any US citizens here or anywhere else . The last quote in this post puts that in perspective .

"Can people actually be that stupid, or is this about raw control"

Its animal farm and 1984 PURE . Big Brother wants total control and total submission . He knows what hes been doing behind our backs in our names and what he is doing is a straight reflection of his guilty conscience .

Two quotes . The first tells the real story of Big Brother and his forces of evil and comes from a british judge denying the right of apeal to six inocent men who had been set up and tortured by the west midlands police . Those men spent 16 years in prison and most of that in solitary confinement being beaten up and haveing shit put in their food . The second one comes from one of the people who founded a country based on the distrust of governments .

"Just consider the course of events if their [the Six's] action were to proceed to trial ... If the six men failed it would mean that much time and money and worry would have been expended by many people to no good purpose. If they won, it would mean that the police were guilty of perjury; that they were guilty of violence and threats; that the confessions were involuntary and improperly admitted in evidence; and that the convictions were erroneous. That would mean that the Home Secretary would have either to recommend that they be pardoned or to remit the case to the Court of Appeal. That was such an appalling vista that every sensible person would say, 'It cannot be right that these actions should go any further.' They should be struck out either on the ground that the men are stopped from challenging the decision of Mr. Justice Bridge, or alternatively that it is an abuse of the process of the court. Whichever it is, the actions should be stopped"


"Whenever any form of government becomes destructive of these ends [i.e., securing inherent and inalienable rights, with powers derived from the consent of the governed], it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness."

Shit you were quick !!! So much for provocation being good for a good discussion and opening peoples eyes . LOL . I was hopeing to get slaged off for that one so i could come back with this ---------> Its from Thomas Jefferson: Declaration of Independence, 1776. ME 1:29, Papers 1:315 . Hope it works with the first one.........

Technology conspires against you: TomTom apologies for giving customer driving data to cops. http://www.theregister.co.uk/2011/04/27/tomtom_customer_data_flap/

DO NOT HAVE YOUR KEYS ON YOUR HARD DRIVE. Save to USB thumb drive, or similar media.