People in the UK who encrypt their data are now obliged by law to give up the encryption keys to law enforcement officials who request it, under part of the Regulation of Investigatory Powers Act 2000 (RIPA). Section 49 of Part III of RIPA compels a person, when served with a notice, to either hand over an encryption key or render the requested material intelligible by authorities. This section of RIPA was included in the original draft of the Act but was not activated, as encryption was considered not widely used enough at the time to be of sufficient concern. If the order comes as part of a terrorism investigation, refusal can earn someone up to five years in jail, and in other cases refusal to comply could get you a two year sentence.
The new law came into effect on October 1, the same day RIPA forced all telecommunications companies to log details about every call and text message sent and received in the UK for a year. The Home Office claims that this move will aid in the investigation of terrorists as well as criminal gangs and paedophiles. "The measures in Part III are intended to ensure that the ability of public authorities to protect the public and the effectiveness of their other statutory powers are not undermined by the use of technologies to protect electronic information," said a spokesman for the Home Office.
View: Full Story on vnunet.com