UK Police Can Now Demand Encryption Keys

People in the UK who encrypt their data are now obliged by law to give up the encryption keys to law enforcement officials who request it, under part of the Regulation of Investigatory Powers Act 2000 (RIPA). Section 49 of Part III of RIPA compels a person, when served with a notice, to either hand over an encryption key or render the requested material intelligible by authorities. This section of RIPA was included in the original draft of the Act but was not activated, as encryption was considered not widely used enough at the time to be of sufficient concern. If the order comes as part of a terrorism investigation, refusal can earn someone up to five years in jail, and in other cases refusal to comply could get you a two year sentence.

The new law came into effect on October 1, the same day RIPA forced all telecommunications companies to log details about every call and text message sent and received in the UK for a year. The Home Office claims that this move will aid in the investigation of terrorists as well as criminal gangs and paedophiles. "The measures in Part III are intended to ensure that the ability of public authorities to protect the public and the effectiveness of their other statutory powers are not undermined by the use of technologies to protect electronic information," said a spokesman for the Home Office.

View: Full Story on vnunet.com

Report a problem with article
Previous Story

EU Opens In-Depth Probe of IBM's Telelogic Buy

Next Story

Another CNet Blogger Says No to Vista (SP1)

44 Comments

Commenting is disabled on this article.

haha you people make me laugh, im quite happy for the police to go through my comp, i don't have anything to hard and they aint going to pick random people they will build up a case overtime and then seize a computer, its not a
"oh today im going to takes someones computer and see if they are a terrorist"

its for if they have a logn term investigation and believe someone already to be a terrorist of have recieved inelligence form someone that someone may have somethign on a computer the police should investigate...


i mean how many of you have been to court, i work for the Youth Offending Team and see some of the worst kids of today in court every Monday and Friday and i can tell you now, out court system is very llenient... and they really do work on the system of innocent to proven guilty, if you knew what some kdis got let off, or got away with and even police themselves are lenient... anyway thats jsut my personal experience...

and just so you know, something as small as someone go to court for possesing class c drugs takes over 4 months to hit court for evidences gathering, statements and so on.. and then nearly another month if they plead not guilty...

redmanmark86 said,
i mean how many of you have been to court, i work for the Youth Offending Team and see some of the worst kids of today in court every Monday and Friday and i can tell you now, out court system is very llenient... and they really do work on the system of innocent to proven guilty, if you knew what some kdis got let off, or got away with and even police themselves are lenient... anyway thats jsut my personal experience...

come down here, where the police will arrest you for anything, including pee-ing up a tree in the middle of no-where, come on its better there than on a road or something.

if you go to jail for 5 years, yeh PC progress I know, but say you use the most modern encryption now and use a huge huge HUGE key that would take thousands of PCs like 20 years to crack... surely with all technology progression you would be released after 5 years n they would be like "just need to wait about 11 years while we finish bruteforcing your key" haha, now thats an idea for something in a comdey film ;D

I can't help feeling that those who so desperately need to encrypt and not tell the law agencies their key are already in a world of trouble, and so the prospect of another five years in prison seems a little senseless.

Wow how many paraniod people do we have here?

This is a great law for cases where a criminal (e.g paedophile, terroist) has encrypted files on their PC that could potentially evidence on their PC. Police are now able to demand the encryption key to easily decrypt it without having to spend time and resources breaking the encryption themselves, unlike before where they were simply able to refuse to give the encryption key if it suited them. Yes, there will be cases where the suspect genuinely doesn't know their encryption password but this law will provide more of an incentive not to withhold it (their encrypted files can usually be decrypted eventually anyway).

Alternatively we could just scrap this law and spend more tax payers money decrypting systems simply becuause of paraniod neowin users who think the law could somehow apply to them if they are law abiding citizens.

Finally, do you really think that the police will have the time or resources to use this law on people who haven't committed any offence? Why not just stop and think about how much the benefits of the law outway the negatives before you go moaning about the country turning into a police state.

what happens if you have a encrypted file from years ago and they find it and assume you must be a terrorist as you wont give them the password you dont remember.
Thats what concerns me, if you forget the password what the hell can you do other then go to jail.
Its a stupid law as they should just have master keys and then the problem is gone. No one can be incarcerated for having a bad memory.

There is a "forgotten" loop hole, its for the lawyers to duke out.

They won't assume you're a terrorist, they'd need evidence and also they can't just ask for keys in the event of any old crime ...

Master Keys? They'd be subject to less judicial oversite, it would be a bigger privacy invasion and make all encryption for nought.

I'm so scared ... now the next time I'm under police investigation and a flash drive is called into evidence and my lawyer fails to prove I've actually lost the key, I'm going to have to give them the password or go to jail. :(

Listening to some people - you'd think they have no idea of the law and think you'll be stopped on the streets for carrying a flash drive.

If you want to prove Britain is a police state, there are better laws than this ...

Tell me, how is it any different than the police getting into your home to search for evidence (with a warrant) of course?

But I'll give the obligatory crap post anyway: wez is su luky we get constituten!! yu if tey tri tis wit me i shoooot em up homey! socialism!

RAID 0 said,
Tool.

Of what?

Law & Order?

A copper can't just walk up and demand the key to your flash drive you know, you and it would have to be implicated in a crime.

God bless freedomland.

SimpleRules said,

Of what?

Law & Order?

A copper can't just walk up and demand the key to your flash drive you know, you and it would have to be implicated in a crime.

God bless freedomland.

I'm picking up your sarcasm.

To be honest if your not up to anything bad why should you worry? Although some of you seem to be worrying about misuse of power and all that, I seriously doubt the Police would just turn up on normal peoples doors and investigate them without a damn good reason to.....

I like the idea of the Police having more powers, maybe it'll help them crackdown on actual crimes more rather than spending all their time doing paperwork, though I doubt it sadly :disappointed:

In my opinion to have social order you need tighter controls (can anyone guess the film? :cheeky: )

what they mean is, the UK police hackers are crap :)

have they not heard of hardware decryption devices maybe they should talk to the FBI

whocares78 said,
what they mean is, the UK police hackers are crap :)

have they not heard of hardware decryption devices maybe they should talk to the FBI


You lack of knowledge about the strength of modern encryption is humourous.

whocares78 said,
what they mean is, the UK police hackers are crap :)

have they not heard of hardware decryption devices maybe they should talk to the FBI

Maybe you should only post if you know what you are talking about.

download snowflakes.exe and say "i was downloading a game, but it turned out to be a virus :(" mwahahahaha! (it kills your drive data and can sometimes do physical damage)

toadeater said,
I couldn't decide which one was better.

My, what stereotypical views you have, grandma!

All the better for stereotyping you with, police-girl...

You know hiding evidence from the police is an offence. Hindering a police investigation is an offence. So if they find that you do have encrypted data (they will always find out one way or other), and you say no you don't have encrpypted data....that's an offence (lying to police). Just do the damn right thing.

What's the world frecking coming to?

actually there is a thing called the constitution it says government or police may not do search and seizures without cause having encrypted data does not count as having cause. thats why the law was written to prevent big brother.

mircleman said,
actually there is a thing called the constitution it says government or police may not do search and seizures without cause having encrypted data does not count as having cause. thats why the law was written to prevent big brother.

That would work so much better as a comment if the UK had a constitution.

joeydoo said,
Yeah!! The Candelária and Carandiru massacres were nothing compared to this encryption keys thing... go Brazil.

yes, but that was nothing compared to the dumb europeans massacring the natives on these lands long before that.

fu_eu said,

yes, but that was nothing compared to the dumb europeans massacring the natives on these lands long before that.


Your user name "fu_eu" says it all. Live and let live?

I honestly don't think the government really cares about your affair or what your vacation plans are for over the summer... I sure don't care.

^ If the only reason you encrypt your data is to keep it from the authorities, then you have problems. A lot of people encrypt corporate data or things they don't want anyone else to be able to see. If you feel the need to hide something from EVEN the authorities, then I'd say your either paranoid, or doing something illegal. The government isn't gonna come to your house some day and say "I wanna see that encrypted document with your girlfriend's phone number in it." They have reasons.

ok, ok... i think you got a good point ;)

i dont have nothing to hide to tell you the truth that the gov would care about.

so basically your point is a pretty good one ;)

although i do think something like this could be abused if they want to screw with certain people... they could probably just claim you got encrypted data and you aint telling em about it even if you did not encrypt nothing and then put you in jail etc.

although this is probably very rare it could happen.

but good thing i live in USA ... but then again if the gov wants to get you, there pretty much going to get you one way or another.

Just because I don't want an unauthorized person to read something, that doesn't make me a terrorist. This law, however, assumes you're guilty unless you prove you're innocent. Are you a terrorist? No? Then show us everything you've got! Now! Or we're throwing you in jail and calling you a terrorist!
What's next, compulsory anal probes?

Croquant said,
Just because I don't want an unauthorized person to read something, that doesn't make me a terrorist. This law, however, assumes you're guilty unless you prove you're innocent. Are you a terrorist? No? Then show us everything you've got! Now! Or we're throwing you in jail and calling you a terrorist!
What's next, compulsory anal probes?

Tin foil hat alert!

When was the last time the police investigated you? And if the police *did* ask to see your encypted info, why would that be a problem, unless you're doing something illegal?

Kirkburn said,

Tin foil hat alert!

When was the last time the police investigated you? And if the police *did* ask to see your encypted info, why would that be a problem, unless you're doing something illegal?


Ah, the old: "If you have something to hide, you're a criminal!" argument.
It didn't work in the McCarthyism era, and it doesn't work now.
I have a right to privacy, and if the government wants to see my private stuff they should need an actual reason. Not "Because we said so."

You call it encryption, I call it data corruption, an we all go round and round in a circle. Wheeee! Gosh, I'm sorry that the hard drive got all corrupted like that, guess all that data is lost, huh? If the government can't decipher the various ones and zeros I store on my computer, how is that my problem? What, not being able to prove I did anything wrong is reason to lock me up now? I don't think so.

See, isn't law enforcement fun?

Kirkburn said,

Tin foil hat alert!

When was the last time the police investigated you? And if the police *did* ask to see your encrypted info, why would that be a problem, unless you're doing something illegal?

HA! That's totally BS. Hey guess what, you're gonna hand over ALL your data, so we can prove you have nothing illegal. Although, a few of my X GFs would like the anal probe thing.. but that's for another time.

For reals, the world IS gonna be like V for Vendetta; all the big governments WILL lock us all down in the (maybe) near future. It's coming. Just watch.

/Ron Paul 08

Croquant said,
Ah, the old: "If you have something to hide, you're a criminal!" argument.

Er, I didn't say that ...

And notice why I said "tin foil hat alert". Fear mongering is such fun, isn't it.

thats bs... sorta gets rid of the point for encryption in the first place right?

cause if it was a genuine terrorist threat etc ... i could understand but this could be abused.