UK jails schizophrenic for refusal to decrypt files

Terror squad arrest over model rocket


Exclusive The first person jailed under draconian UK police powers that Ministers said were vital to battle terrorism and serious crime has been identified by The Register as a schizophrenic science hobbyist with no previous criminal record.

His crime was a persistent refusal to give counter-terrorism police the keys to decrypt his computer files.

The 33-year-old man, originally from London, is currently held at a secure mental health unit after being sectioned while serving his sentence at Winchester Prison.

The Eurostar terminal at St Pancras

In June the man, JFL, who spoke on condition we do not publish his full name, was sentenced to nine months imprisonment under Part III of the Regulation of Investigatory Powers Act (RIPA). The powers came into force at the beginning of October 2007.

JFL told The Register he had scrambled the data on several devices as part of security measures for his business, a small software company.

He was arrested on 15 September 2008 by officers from the Metropolitan Police's elite Counter-Terrorism Command (CTC), when entering the UK from France. Sniffer dogs at Gare du Nord in Paris detected his Estes model rocket, which was still in its packaging and did not have an engine.

On arrival at St Pancras, JFL was detained under the Terrorism Act and taken to Paddington Green police station, a highly secure facility where UK police hold their most dangerous suspects.

He was returning to the UK for an appointment with customs officials, to surrender after a missed bail appearance. This separate customs investigation - since dropped without charges - surrounded a failed attempt to enter Canada, and JFL missed bail following a move to the Netherlands. This contact with British authorities was apparently part of CTC's decision to arrest JFL.

While interviewing him, CTC, the unit that in 2006 replaced Special Branch as the UK's national counter-terror police, also seized more luggage. JFL had sent packages separately via Fedex to the Camden Lock Holiday Inn, where he had booked a room.

Throughout several hours of questioning, JFL maintained silence. With a deep-seated wariness of authorities, he did not trust his interviewers. He also claims a belief in the right to silence - a belief which would later allow him to be prosecuted under RIPA Part III.

A full forensic examination found nine nanograms of the high explosive RDX on his left hand, but JFL was given police bail. His passport was seized, however.

JFL says he does not know how the RDX, which has has military and civil applications, came to be on his hand. A result of five nanograms or less is routinely discounted by forensics and no charges were ever brought over his result of nine nanograms.

He returned to Paddington Green station as appointed on 2 December, and was re-arrested for carrying a pocket knife. During the interview CTC officers told JFL they wanted to examine the encrypted contents of the several hard drives and USB thumb drives they had seized from his Fedex packages.


Other stories you might like

  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading
  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • 1Password's Insights tool to help admins monitor users' security practices
    Find the clown who chose 'password' as a password and make things right

    1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.

    Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.

    "We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.

    Continue reading

Biting the hand that feeds IT © 1998–2022