The Risk Professional: if you can't remember your computer passwords, you go to jail
You know that thing where people are threatened with dismissal if they write down their password? Well - a UK court has jailed a computer user because he didn't write down his password and then forgot it.
Most Recent - This SectionThe Risk Professional: Did 11 September 2001 deliver its primary objectives?
The Risk Professional: US to close embassies at the end of Ramadan claiming increased threat levels
The Risk Professional: London suffers terrorism in its purest form
The Risk Professional : don't let the media fool you: terrorism is not a "western" problem
The Risk Professional : why terrorism works
Most Recent - Whole SiteChiefOfficers.Net - Changing
Motorsport: chaos, excitement and boredom in motorsport's big weekend
F1: Renault Formula One cars to carry an unusual brand in Korea
The Legal Professional: English solicitors on the edge as profession faces meltdown
Comms: Samsung finally reveal Note III. But you can't buy one.
BankingInsuranceSecurities.Com : we're changing
Phishing: Westpac credit card holders
Banking: UK Home Loans guarantee scheme - an accident waiting to happen
Pump and Dump: Monarchy Resources Inc
Consumer Credit: Aus warns of fraudulent loan arranger
The story begins not with the teenage computer user in question, nor even with the police investigation in which he was caught up. Instead it starts with the decade-long attack on personal freedoms under the UK's Tony Blair and Gordon Brown, as (mis)guided by the hand of the USA in the post-11 September 2001 paranoia.
Are there bad people? Yes. Do those bad people do awful things? Sometimes. Do those "sometimes" justify an extraordinary expansion of powers exercisable by state agencies without the intervention of a court? Probably not.
But in a wide range of areas, during the last decade, there has been a significant shift towards, literally and figuratively, a police state. The powers which have been devolved to the police (and other state agencies such as HM Revenue and Customs The Financial Services Agency) are far more intrusive than at any time other than under emergency powers.
The difficulty that the UK population faces is that, under a barrage of laws generated over a decade, they are still bound by the old maxim that everyone is presumed to know the law. That would be fine if it were properly debated and that debate properly reported. Instead, by manipulating the news agenda (as it has become known) to focus on one thing about which synthetic rage can be generated, the big, surprising stuff slips through.
Regulation of Investigatory Powers Act 2000 sounds like a good thing - in that it appears to more closely constrain the excesses of certain styles of investigation. But just as The Bank Secrecy Act is about abolishint bank secrecy, so RIPA is about expanding powers.
One of those powers provides that, if an officer demands access to a computer, then he must be granted that access.
This is, in effect, a search warrant. Note: no court order is required for this search of your computer. A senior police officer can sign off on it if he is satisfied that there is or may be evidence of a crime on the computer.
19 year old Oliver Drage became entangled in an investigation relating to something we don't need to discuss here. When the police turned up at his home, having traced him through an IP address, they found that his computer was secured using strong (ish) encryption. An officer demanded his password.
Drage told the police that he could not remember it: it was somewhere between 40 and 50 characters long. He had not, he said, wrtten it down.
He was prosecuted for failing to provide the necessary information within the time allowed.
The Court was told that it was ridiculous that anyone would create a password of as many as 50 characters and not write it down. And that was the basis of the conviction. Grage, who is technically a minor, will spend the time in juvenile detention instead of jail.
For those in business, for whom IT security is a big issue, the story is worrying.
Staff will be faced with a choice: write down the password or get something easy to guess. Or else - particulaly those travelling to the UK with a laptop - be ready to face jail if you can't turn it on e.g. when a customs officer at Heathrow asks you to.