Feeds

UK police can now force you to reveal decryption keys

Refuseniks face jail time

Beginner's guide to SSL certificates

Users of encryption technology can no longer refuse to reveal keys to UK authorities after amendments to the powers of the state to intercept communications took effect on Monday (Oct 1).

The Regulation of Investigatory Powers Act (RIPA) has had a clause activated which allows a person to be compelled to reveal a decryption key. Refusal can earn someone a five-year jail term.

Part III of RIPA was in the original Act but was not activated. The Home Office said last year that it had not implemented the provision because encryption had not been as popular as quickly as it had predicted. It launched a consultation which culminated in Part III being made active on 1st October.

The measure has been criticised by civil liberties activists and security experts who say that the move erodes privacy and could lead a person to be forced to incriminate themselves.

It is also controversial because a decryption key is often a long password – something that might be forgotten. An accused person might pretend to have forgotten the password; or he might genuinely have forgotten it but struggle to convince a court to believe him.

Section 49 of Part III of RIPA compels a person, when served with a notice, to either hand over an encryption key or render the requested material intelligible by authorities.

Anyone who refuses to decrypt material could face five years in jail if the investigation relates to terrorism or national security, or up to two years in jail in other cases.

Controversially, someone who receives a Section 49 notice can be prevented from telling anyone apart from their lawyer that they have received such a notice.

The Home Office said that the process will be overseen by the Interception of Communications Commissioner, the Intelligence Services Commissioner and the Chief Surveillance Commissioner.

Complaints about demands for information must be made by the Investigatory Powers Tribunal. "The Tribunal is made up of senior members of the judiciary and the legal profession and is independent of the Government. The Tribunal has full powers to investigate and decide any case within its jurisdiction, which includes the giving of a notice under section 49 or any disclosure or use of a key to protected information," said a Home Office explanation of the process.

The Home Office said that the actions were consistent with the European Convention on Human Rights and the UK Human Rights Act as long as the demand for decryption was "both necessary and proportionate".

"The measures in Part III are intended to ensure that the ability of public authorities to protect the public and the effectiveness of their other statutory powers are not undermined by the use of technologies to protect electronic information," said the Home Office.

Copyright © 2007, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.