Extraordinarily, there has not, so far as Spy Blog has noticed, until now been a conviction under the controversial Regulation of Investigatory Powers Act 2000 Part III Investigation of electronic data protected by encryption which has invoked "national security".
The mere utterance of "national security" or "child indecency" raises the potential maximum prison sentence (N.B. a fine can also be levied in addition) from 2 years to 5 years, for failing to comply with a RIPA section 49 Notice, regardless of whether there is anything incriminating in the encrypted data or not.
The case of Syed Hussain, appears to Spy Blog, to be be the first such conviction involving "national security", in spite of the large numbers of USB memory devices and computers which have been seized as evidence in terrorism (or the handful of espionage) investigations over the years .
The Luton on Sunday / Luton & Dunstable Express @LutonOnSunday reports:
Terrorist who plotted attack on Luton Territorial Army centre faces an extra five years in jail for refusing to hand over computer password
BY JULIA SUTTON
Published: 14/01/2014 18:00 - Updated: 14/01/2014 17:27
A TERRORIST who plotted an attack on a Territorial Army centre is facing an extra five years in jail for refusing to hand over his computer password.
Syed Hussain, 22, was part of a Luton-based cell which discussed attacking MI5, the US Air Force, the English Defence League and their local shopping centre.
He was jailed for five years and three months at Woolwich Crown Court last April.
Hussain failed to meet a deadline to reveal the key to an encrypted USB stick found at his home during the police investigation.
He was today convicted by a jury of failing to comply with a disclosure order after a short trial at the Old Bailey.
The jury took just 19 minutes to reach its guilty verdict.
Prosecutor Alex Chalk said the files contain evidence that he carried out a possible fraud and that Hussain deliberately withheld the key for 20 months.
He said: 'This is a case about a USB stick that was seized by police as part of an investigation into terrorism.
'It is alleged that Mr Hussain failed to comply with a deadline to reveal the password to that device.
'He pleaded guilty to the terrorism which forms the context to this case and he has been sentenced for that.
'This is about his failure to reveal the password.
'We say that he always knew the password and only disclosed it, as he recently did in December a year or so after the notice, because he thought it would be in his interests to do so.'
Hussain will be sentenced tomorrow (weds) at 10am. The maximum penalty for the offence is five years imprisonment.
Last March he admitted conspiring to send a remote-controlled toy car carrying a home-made bomb under the gates of a Territorial Army centre in Luton.
N.B. there was no actual bomb ever constructed by the terrorist plotters, nor did they even have a remote controlled toy car.
They were convicted on the basis of a surveillance recording of one of them punting this idea to his co-conspirators.
Luton terror plot: four jailed over plan to bomb army centre
N.B. the reliance by the prosecution and the deluded plotters on the on the dubious, possible intelligence agency honeypot, Inspire magazine.
c.f. MI5 / MI6 / GCHQ / CTIRU should positively deny any involvement in "Operation Cupcake" alleged cyber attack on "Inspire" magazine
It is unlikely that a radio controlled toy car could carry a pipe bomb using matches or firework gunpowder (there are no kitchen recipes for high explosives in the Inspire magazine article) powerful enough to seriously damage a car or building. Seemingly these plotters were too cowardly contemplate simply throwing a pipe bomb (if they had one) over the (not very high) fence, something which used to be very common in Northern Ireland.
They seem to have had evil terrorist intent, but these plotters, without the money, access to explosives or weapons or the know how to cause mass casualties, cannot be claimed to have posed a real threat to national security. The "lone wolf" Ukranian murderer and bomber Pavlo Lapshyn posed more of a threat on his own, than this whole gang.
Police searched his home in March 2011 as part of an investigation into the terrorist offences.
Officers found a USB stick and external memory drive which were both encrypted with a password.
Which encryption software was used e.g. TrueCrypt ?
Hussain refused to hand over the passwords and claimed the hardware was not working.
The devices were sent away to NTAC (National Technical Assistance Centre) and both passwords were revealed to be the same phrase from the Koran, the court heard.
'The police examined the contents of the items,' Mr Chalk said.
'On the external hard drive police discovered large volumes of material glorifying jihad and practical guidance on carrying out acts of terrorism.
In April 2012 officers searched Hussain's address and found another encrypted USB stick.
When questioned by police he said he could not remember the password because he was 'stressed'.
Not being able to remember a de-cryption pass phrase is a sort of defence under RIPA Part III. The evil "reverse burden of proof" is changed so that the prosecution now does have to prove, beyond reasonable doubt, that the defendant did actually remember / still have access to the encrypted data.
This is only a defence in Court i.e. only after you have been arrested, photographed , fingerprinted and DNA sampled and blacklisted on travel and financial databases as a terrorist suspect.
Hussain only revealed the password in December 2013 after officers informed him that they wanted to question him over the alleged fraud.
The password turned out to be the same phrase from the Koran that he had used before.
The USB was decrypted and police found material linking the defendant to an alleged fraud,' Mr Chalk said.
Why did the Police not try the same passphrase, especially from the Koran, which the National Technical Assistance Centre had already discovered (presumably through a dictionary attack) which unlocked the first two encrypted devices?
The suspicion must be that they did in fact do so and that they abused the RIPA section 49 Notice system simply, to add to Hussain's existing prison sentence.
If they did not do so, then the investigators need to be punished for negligence or incompetence.
'He was interviewed on suspicion of fraud and asked about the decrypted material.
'Those investigations remain live.
'The defendant maintained for 20 months he could not remember the password.
'Just months before this trial and when he was told he would be interviewed on suspicion of fraud he said he remembered.'
Hussain, of Cornel Close, Luton, admitted one count of engaging in conduct in preparation for acts of terrorism between 1 January 2011 and 25 April 2012.
He denied failing to comply with a disclosure order. Hussain has not been charged with fraud.
Presumably there is little or no other evidence e,g, from credit card or bank records that ties Hussain into any such alleged fraud, apart from what is alluded to on this decrypted USB memory device.
Either Hussain is stupid or trying to martyr himself deliberately, or his defence lawyers are incompetent - "evidence of a possible fraud", for which he has not in fact been charged, implies that whatever incriminating evidence there may be would not have been likely to attract a prison sentence of 5 years, so