The Risk Professional: if you can't remember your computer passwords, you go to jail
You know that thing where people are threatened with dismissal if they write down their password? Well - a UK court has jailed a computer user because he didn't write down his password and then forgot it.
Most Recent - This SectionThe Risk Professional : don't let the media fool you: terrorism is not a "western" problem
The Risk Professional : why terrorism works
The Risk Professional : Syrian rebels turn radical, allying themselves with al Qaeda.
The Risk Professional: UN's Ban has a good idea. But it's not going to work.
The Risk Professional: Banks - Breathe. Slowly. Banks in Cyprus will not open today.
Most Recent - Whole SiteF1: Wot, no race report?
InfoTech: Adobe puts its head in the Cloud
F1: the good, the bad and the tyres in Bahrain 2013 as, at last, we get fast and furious racing
Publishing: today's dumb spam
Airports: the world's top airports. Allegedly.
Securities: KPMG partner charged with insider trading; conspirator pleads guilty
Banking: HKMA explains internet banking security and how not to be caught in the phisherman's net
Banking: Early signs of a mortgage crisis appear again
Securities: Day Trader and Asset Manager gets fine and community service for insider trading
Pump and Dump Alert: Nuvilex Inc.
The story begins not with the teenage computer user in question, nor even with the police investigation in which he was caught up. Instead it starts with the decade-long attack on personal freedoms under the UK's Tony Blair and Gordon Brown, as (mis)guided by the hand of the USA in the post-11 September 2001 paranoia.
Are there bad people? Yes. Do those bad people do awful things? Sometimes. Do those "sometimes" justify an extraordinary expansion of powers exercisable by state agencies without the intervention of a court? Probably not.
But in a wide range of areas, during the last decade, there has been a significant shift towards, literally and figuratively, a police state. The powers which have been devolved to the police (and other state agencies such as HM Revenue and Customs The Financial Services Agency) are far more intrusive than at any time other than under emergency powers.
The difficulty that the UK population faces is that, under a barrage of laws generated over a decade, they are still bound by the old maxim that everyone is presumed to know the law. That would be fine if it were properly debated and that debate properly reported. Instead, by manipulating the news agenda (as it has become known) to focus on one thing about which synthetic rage can be generated, the big, surprising stuff slips through.
Regulation of Investigatory Powers Act 2000 sounds like a good thing - in that it appears to more closely constrain the excesses of certain styles of investigation. But just as The Bank Secrecy Act is about abolishint bank secrecy, so RIPA is about expanding powers.
One of those powers provides that, if an officer demands access to a computer, then he must be granted that access.
This is, in effect, a search warrant. Note: no court order is required for this search of your computer. A senior police officer can sign off on it if he is satisfied that there is or may be evidence of a crime on the computer.
19 year old Oliver Drage became entangled in an investigation relating to something we don't need to discuss here. When the police turned up at his home, having traced him through an IP address, they found that his computer was secured using strong (ish) encryption. An officer demanded his password.
Drage told the police that he could not remember it: it was somewhere between 40 and 50 characters long. He had not, he said, wrtten it down.
He was prosecuted for failing to provide the necessary information within the time allowed.
The Court was told that it was ridiculous that anyone would create a password of as many as 50 characters and not write it down. And that was the basis of the conviction. Grage, who is technically a minor, will spend the time in juvenile detention instead of jail.
For those in business, for whom IT security is a big issue, the story is worrying.
Staff will be faced with a choice: write down the password or get something easy to guess. Or else - particulaly those travelling to the UK with a laptop - be ready to face jail if you can't turn it on e.g. when a customs officer at Heathrow asks you to.