Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy Crime Facebook Security United Kingdom

Murder Suspect Jailed Over Refusing To Reveal Password In the UK (bbc.co.uk) 165

A man suspected of murdering a teenager in England has been arrested for failing to hand over his Facebook password to authorities. The BBC reports: Lucy McHugh, 13, was found stabbed to death in woodland last month, a day after she disappeared. Stephen-Alan Nicholson, 24, pleaded guilty to failing to comply with an order under the Regulation of Investigatory Powers Act, requiring him to disclose the Facebook password. He was sentenced to 14 months in jail.

He was first arrested on July 27 on suspicion of murder and sexual activity with a child and subsequently bailed. But he was also charged under the Regulation of Investigatory Powers Act. The court heard the charge related to a court order that Nicholson disclose his Facebook password protecting any private communications with Lucy McHugh. Passing sentence, Judge Christopher Parker did not accept Nicholson's "wholly inadequate" excuse that providing his password would expose information relating to cannabis.

This discussion has been archived. No new comments can be posted.

Murder Suspect Jailed Over Refusing To Reveal Password In the UK

Comments Filter:
  • what are the laws in the uk on this?
    • Re:laws in the uk? (Score:4, Informative)

      by AHuxley ( 892839 ) on Friday August 31, 2018 @05:53PM (#57234426) Journal
      Regulation of Investigatory Powers Act https://en.wikipedia.org/wiki/... [wikipedia.org]
      • he's toast...at least on that
        • Naah, he's just proven the old joke about forced-disclosure of encryption keys:

          Judge: Do you know what the penalty is for not complying with RIPA?

          Accused: No, but I bet it's a lot less than the penalty for murder.

          • Remembering that the UK is, currently, in the civilised world and doesn't have the death penalty for murder. Therefore the maximum penalty for non-compliance with RIPA (which I think is just another form of contempt of court) is imprisonment for the rest of your life, which is precisely the same as the maximum punishment for murder.

            In practice, since the contempt embodied by non-compliance with RIPA will occur before trial can take place, you'd serve this punishment before trial (and possible acquittal) fo

            • While the UK still follows the ECHR, which admittedly it probably won't for much longer, it could be argued that prolonged imprisonment for refusing to reveal a password is a form of duress, article 3, and that imprisonment without trial runs up against article 6. Not sure how successful you'd be, but the ECtHR has been fairly flexible in how broadly they'll interpret article 3.
    • Re:laws in the uk? (Score:4, Informative)

      by ShanghaiBill ( 739463 ) on Friday August 31, 2018 @06:52PM (#57234698)

      They don't need the password. They can just subpoena the evidence directly from Facebook.

      • and in the meantime the schmuck is in jail for violating The Regulation of Investigatory Powers Act 2000 (RIPA), Part III. and if he's guilty of other stuff he's in jail and can't run or commit other crimes.
      • by dkman ( 863999 )

        Why can't they just look at Facebook for the girl? Messaging is similar to email, the posts are on both sides - unless she took effort to delete them.

        They can't ask her for her password, but they could certainly exercise power of attorney to get access.

        • Because they want to see what else in his Facebook account, not just any messages he sent to her. And yes, she might well have deleted them. He might have told her to.

          But who knows what else he might have in there - photos that place him in certain places at certain times, messages to other potential victims, and so on.

          It's called "gathering evidence" and you don't just look in the most obvious places.

          It'd be the equivalent of that Stormtrooper who goes "This door's locked; move on to the next one" when the

          • "He's an Imperial Stormtrooper! He could just bust the door down!"

            Well hold on a minute. Not in all circumstances. On their own ships they get in a lot of trouble just busting doors down. Stormtroopers were blasting doors off their hinges if they forgot their keys or for other trivial reasons and after a while Facilities complained to the Captain. Now if they don't have a Designated Master Key Holder in the squad they have to call in for permission from an senior officer and then fill in reports afterwa

  • by SuperKendall ( 25149 ) on Friday August 31, 2018 @05:45PM (#57234380)

    Why can't the authorities just ask Facebook for all private communications as part of the investigation? I'm sure Facebook works with authorities on other things. Maybe because the victim was a minor there is some special detail to this case?

    To me it makes sense from his part if he did kill her, to take 14 months over however long he might get for murder.

    • Re: (Score:2, Insightful)

      You're asking for too much intelligence on part of this generation of Britons, I'm afraid...
    • by Alain Williams ( 2972 ) <addw@phcomp.co.uk> on Friday August 31, 2018 @05:53PM (#57234422) Homepage

      Why can't the authorities just ask Facebook for all private communications as part of the investigation?

      They are, it just takes a lot of time. The BBC article says:

      Matthew Lawson, prosecuting, said police were following a "lengthy procedure" to get the information from Facebook itself.

      • by Raenex ( 947668 )

        Matthew Lawson, prosecuting, said police were following a "lengthy procedure" to get the information from Facebook itself.

        Why is it a "lengthy procedure" that takes longer to convict this man and sentence him to 14 months in prison? Why don't they raid the offices of Facebook? Why do megacorps have more rights than individuals?

        • by AmiMoJo ( 196126 )

          "Lengthy procedure" is code for "you made me fill out some paperwork so I'm going to punish you".

          They won't screw with Facebook because Facebook has enough money to push back hard.

        • Why don't they raid the offices of Facebook?

          Because the only offices Facebook have in the UK sell advertising, and do management shit. Which country their server farms are in is not known (to me), but one would infer they're not in the UK. And you can bet that the "management shit" of Facebook will have enough legal horsepower in the office that the RoTW management of Facebook will know about the raid before the officers start to try to force passwords out of the arrested, so the Facebook internal security

    • Read the article - they are working with Facebook on that, but it takes a lot longer. Now, though, they should have 14 months to get it done.

      What I wonder, though, is what sort of stuff could be in the account that would incriminate him? Surely the parents of the victim cooperated and provided *her* FB password, which would have given them access to any mutual communication?

      • by Wycliffe ( 116160 ) on Friday August 31, 2018 @06:15PM (#57234536) Homepage

        Read the article - they are working with Facebook on that, but it takes a lot longer. Now, though, they should have 14 months to get it done.

        What I wonder, though, is what sort of stuff could be in the account that would incriminate him? Surely the parents of the victim cooperated and provided *her* FB password, which would have given them access to any mutual communication?

        The parents don't necessarily have the password. There are plenty of young kids with accounts that parents don't have passwords to. Most parents don't do a good job monitoring their kids activities otherwise they would likely detect a groomer long before something bad happened.

        As far as what's on his phone, if he had something like child porn on his phone he would likely be convicted of the murder even if he had nothing to do with it.

      • Surely the parents of the victim cooperated and provided *her* FB password

        As a parent of teenagers, I can assure you that they don't tell us their social media passwords.

        • As a parent of teenagers, I'm surprised you let them piss on you like that.
          Do they give you a weekly allowance, and tell you off if you are home late also?

          Trust is them giving you the password, and you not using it unless you need to, NOT them keeping it from you.

          • Reality is them giving you the password, you not using it (because "trust"), and so you not discovering that they changed the password 3 minutes after they gave you the old one.

            A better reality would be having a monthly ("weekly" is also defensible) ceremony of them (all, assuming multiple kids) changing their passwords for all their online accounts in front of you, you writing down the passwords into a notebook, then locking the notebook into a box which is bolted into the wall of a public room. After all

    • He did not get out of the murder charge by refusing to unlock his phone and getting 14 months, Kendall you fucking moron.

    • Where did you get the erroneous idea he would get out of murder ? What happens is 1) he is charged with murder 2) but in addition he is now on the hook for 14 month because he does not give his password. In other word, while they are investigating and getting the password from facebook with a court order, he is in prison for not giving up his password. If he get judged for murder , then the sentence would be in addition of that 14 months.
    • by Agripa ( 139780 )

      Why can't the authorities just ask Facebook for all private communications as part of the investigation? I'm sure Facebook works with authorities on other things. Maybe because the victim was a minor there is some special detail to this case?

      To me it makes sense from his part if he did kill her, to take 14 months over however long he might get for murder.

      They can. And Facebook will hand everything over. This is just a way to stack charges and convictions on him.

  • by locater16 ( 2326718 ) on Friday August 31, 2018 @05:49PM (#57234400)
    Possession of cannabis is punishable by up to 5 years in the UK.

    Instead this kid, guilty of murder or not, only gets 14 months. He's doing the very thing the laws say is smartest to do, and because of it it's possible a murderer may get away with their crime.
    • by Gaxx ( 76064 )

      Except that at the end of his sentence, they can ask for his password again and if he refuses he can be jailed again.

    • by gweihir ( 88907 )

      No. He is getting 14 months now while the police gets the Facebook access another way. If there is evidence in there, he may still get the murder conviction on top.

    • Possession of cannabis is punishable by up to 5 years in the UK. Instead this kid, guilty of murder or not, only gets 14 months.

      Good grief, you're saying not only that refusing to disclose your password should get you jail time, but it should get you more than 5 years? WTF is wrong with you?

      • by Anonymous Coward

        Presumption of guilt.

    • Possession of cannabis is punishable by up to 5 years in the UK.

      Doesn't your country have laws against incidental incrimination for an unrelated crime?

    • by Agripa ( 139780 )

      Possession of cannabis is punishable by up to 5 years in the UK.

      Instead this kid, guilty of murder or not, only gets 14 months. He's doing the very thing the laws say is smartest to do, and because of it it's possible a murderer may get away with their crime.

      Except they will get a warrant (if necessary, I'm not sure if it is in the UK) for his Facebook content anyway and then add a cannabis conviction as well.

    • by mjwx ( 966435 )

      Possession of cannabis is punishable by up to 5 years in the UK.

      However unlike the US, the UK does not lock up drug users. Dealers, sure, but users end up getting a misdemeanour fine and possibly an Anti-Social Behaviour Order (ASBO).

      Cannabis is practically defacto legal in the UK. Cops have better things to do over here.

  • This will not be the only time this happens. It will happen more as time goes on and Law Enforcement has to rely upon technology to gather evidence needed to convince a jury of someone's guilt in any matter before a court of law.

    In all honesty, you really shouldn't be putting anything you don't want any one in particular to see on the internet. Period. Because this will happen. Best defense against this is just don't put any compromising information on ANY website. Hell, don't put it on any 'device' yo

    • by sjames ( 1099 )

      At the same time, why do the authorities think on a computer should give them special access. If I write a diary entirely in a cipher of my own devising, I am under no obligation to teach it to them.

      • If I write a diary entirely in a cipher of my own devising, I am under no obligation to teach it to them.

        People have gone to jail for refusing to disclose encryption keys.

    • Re:Get used to it (Score:5, Insightful)

      by fafalone ( 633739 ) on Friday August 31, 2018 @06:46PM (#57234672)
      Firstly of course the poster above mentioned written ciphers. Second and even more important, you do realize people forget passwords right? Fortunately in the UK it appears if you don't remember the password to every encrypted item or account the police want you only get 14 months, in the US you can effectively get life (they hold you on contempt of court until you enter it, one man is approaching 3 years in for this).
      Plus here in the US we're supposed to (and some other courts have recognized) have the 5th Amendment, which prevents you from using the contents of your mind to assist in your own prosecution. In the most well known precedent, the court explained that while you were obligated to turn over a key to a safe, you could not be made to disclose the combination to one. They're trying to argue a password is more like a key than a combination, which is absurd. If it's something you can forget, it's the contents of your mind, and should be off limits. Computers don't become some magic space exempt from that just because police don't have any other way to get the information.
      • Second and even more important, you do realize people forget passwords right? Fortunately in the UK it appears if you don't remember the password to every encrypted item or account the police want you only get 14 months, in the US you can effectively get life (they hold you on contempt of court until you enter it, one man is approaching 3 years in for this).

        Not buying it. I'd say, if a suspect in a case forgot his password and told the judge that, AND that he'd be willing to attempt to guess it, or work with password reset mechanisms to assist, (s)he'd be free to go.

        I couldn't tell you any of my passwords, either. I don't know them. But I could tell you how to access my password storage thing to retrieve a password. I really don't think a judge would jail me on contempt of court for having a password manager, or forgetting a password and being willing to h

        • by Kjella ( 173770 )

          Not buying it. I'd say, if a suspect in a case forgot his password and told the judge that, AND that he'd be willing to attempt to guess it, or work with password reset mechanisms to assist, (s)he'd be free to go. I couldn't tell you any of my passwords, either. I don't know them. But I could tell you how to access my password storage thing to retrieve a password. I really don't think a judge would jail me on contempt of court for having a password manager, or forgetting a password and being willing to help get it reset or whatnot.

          Honestly, I think you're blissfully naive. If you manage to decrypt it somehow, you're off the hook. If for any reason you can't because you've forgotten the password or your "password storage thing" is corrupt or the stress of facing years in prison is causing you to mind blank then they're likely to slam you double for pretending to know it and wasting everybody's time.

        • Not buying it. I'd say, if a suspect in a case forgot his password and told the judge that, AND that he'd be willing to attempt to guess it, or work with password reset mechanisms to assist, (s)he'd be free to go.
          I couldn't tell you any of my passwords, either. I don't know them. But I could tell you how to access my password storage thing to retrieve a password. I really don't think a judge would jail me on contempt of court for having a password manager, or forgetting a password and being willing to help get it reset or whatnot.

          But if someone is lying, those steps are easily faked, and someone telling the truth would have to admit they could in fact access it. Courts don't ask for the password itself, they ask you to sit at the computer/phone and decrypt/unlock it.

          Writing in a language (ie cypher text) the reader doesn't understand, I don't think a judge would find you in contempt in this case either. Unless of course, in the case of cypher, you refuse to assist in reading it. That's what contempt of court means, you refuse to do what the court instructs you to do. And when you decide to behave with contempt in a court, you can expect to be punished for your behavior, and rightly so.

          But how is this not self-incrimination? The 5th Amendment has been interpreted to mean using information in your mind to assist in your own defense, and there's no universe where that doesn't qualify. The court can't order you to waive one of your rights. You have comple

      • Second and even more important, you do realize people forget passwords right?

        He has already admitted that he knows the password, and has pled guilty to refusing to disclose it.

        That may have been a stupid admission, buy you have to admire his honesty.

        • Since most /. readers are in the US, that section was talking about here in comparison to the UK, not referring to him. I'm unsure of how high the burden of proof is given the law in the UK (Regulation of Investigatory Powers Act) for forgetting a password; this seems to be the relevent section if a password counts as a key:

          (2)In proceedings against any person for an offence under this section, if it is shown that that person was in possession of a key to any protected information at any time before the tim

    • by PPH ( 736903 )

      In all honesty, you really shouldn't be putting anything you don't want any one in particular to see on the internet.

      But the whole point of Facebook is to self promote. It doesn't do any good to brag to your buddies about your upcoming date with a 13 year-old if you do it behind an alias.

  • Wonder why the Facebook chat logs aren't already with law enforcement. Surely, there's a warrant by now.

    Does a Facebook user password also encrypt data at rest on Facebook servers? So, unless the user logs in and their password provides the decryption key, not even Facebook can decrypt stored chat history?

    • In what universe does Facebook respect privacy enough to even consider that? Of course they don't do that, in fact they mine the conversations for information about you. Allegedly not for advertising, but for their own use and to enforce rules against abuse definitely.
  • And the pressure of being forced to produce your password or be put in jail for not producing it only makes it worse so that you can't accurately remember it? While certain types of meds might alleviate some of that if everything goes according to planned expectations, it could just as easily make things even worse.

    Memory is a tricky thing sometimes.

    • Even worse, in a case like this [arstechnica.com] where a man has been held 3 years now for his claim of forgetting a password not being believed, whether that was legitimate or not, if a password is even a little complex just going a few months without using it and you're likely to have forgotten, nevermind multiple years. So the longer they hold you the less likely compliance is, and a contempt of court hold is supposed to produce the opposite effect. That's why I'm always saying that it carries an effective possible life
    • by UpnAtom ( 551727 )

      We can be imprisoned for forgetting a password. Any password.

      Blair's Govt wrote terrible laws, including two which can abolish elections without debate.

  • ....that the court didn't make a one time offer to give him an absolute discharge on all cannabis offenses that might be revealed by his Facebook messages, with the warning that if he didn't disclose the password in the light of this offer he would be charged with making a false statement (to a court) which carries a penalty of up to life imprisonment, same as murder.... :)

  • He gets married. Tells his FB password to his wife, she changes it. she can be forced to testify against him.

    • she can['t] be forced to testify against him.

      In most circumstances yes, she can. And in any case, demanding the password, which she knows, is unlikely to count as testifying against him.

  • A more general matter: there might be some wisdom in Robert Smith not ever posting any personal photos or videos, eschewing Friendships with IRL friends and relatives, you get the idea -- good luck establishing he is THE Robert Smith of a case in question. Especially if, dastardly Facebook-law breaker that he is, he lists his name as Lazarus Long, Dick Diver or Robert Axelrod. Yes, Facebook fights this sort of thing but with only partial success. HOW UNHOLY huh, subverting the core essence of Facebook's Bu

You can tune a piano, but you can't tuna fish. You can tune a filesystem, but you can't tuna fish. -- from the tunefs(8) man page

Working...