UK can now demand data decryption on penalty of jail time

Sarad AV jtrjtrjtr2001 at
Wed Oct 3 02:57:05 PDT 2007

That's pretty useless anyway.  You can provide a
different one time pad(claim it as key) so that it
decrypts to some other innocent message. There is no
way to prove in court otherwise. 


> Game over?
> Cheers,
> Naw, prolly not. Yet, anyway...
> --------
> Ars Technica
> UK can now demand data decryption on penalty of jail
> time
> By Ken Fisher | Published: October 01, 2007 -
> 10:20PM CT
> New laws going into effect today in the United
> Kingdom make it a crime to
> refuse to decrypt almost any encrypted data
> requested by authorities as
> part of a criminal or terror investigation.
> Individuals who are believed to
> have the cryptographic keys necessary for such
> decryption will face up to 5
> years in prison for failing to comply with police or
> military orders to
> hand over either the cryptographic keys, or the data
> in a decrypted form.
> Part 3, Section 49 of the Regulation of
> Investigatory Powers Act (RIPA)
> includes provisions for the decryption requirements,
> which are applied
> differently based on the kind of investigation
> underway. As we reported
> last year, the five-year imprisonment penalty is
> reserved for cases
> involving anti-terrorism efforts. All other failures
> to comply can be met
> with a maximum two-year sentence.
> The law can only be applied to data residing in the
> UK, hosted on UK
> servers, or stored on devices located within the UK.
> The law does not
> authorize the UK government to intercept encrypted
> materials in transit on
> the Internet via the UK and to attempt to have them
> decrypted under the
> auspices of the jail time penalty.
> The keys to the (United) Kingdom
> The law has been criticized for the power its gives
> investigators, which is
> seen as dangerously broad. Authorities tracking the
> movement of terrorist
> funds could demand the encryption keys used by a
> financial institution, for
> instance, thereby laying bare that bank's files on
> everything from
> financial transactions to user data.
> Cambridge University security expert Richard Clayton
> said in May of 2006
> that such laws would only encourage businesses to
> house their cryptography
> operations out of the reach of UK investigators,
> potentially harming the
> country's economy. "The controversy here [lies in]
> seizing keys, not in
> forcing people to decrypt. The power to seize
> encryption keys is spooking
> big business," Clayton said.
> "The notion that international bankers would be wary
> of bringing master
> keys into UK if they could be seized as part of
> legitimate police
> operations, or by a corrupt chief constable, has
> quite a lot of traction,"
> he added. "With the appropriate paperwork, keys can
> be seized. If you're an
> international banker you'll plonk your headquarters
> in Zurich."
> The law also allows authorities to compel
> individuals targeted in such
> investigation to keep silent about their role in
> decrypting data. Though
> this will be handled on a case-by-case basis, it's
> another worrisome facet
> of a law that has been widely criticized for years.
> While RIPA was
> originally passed in 2000, the provisions detailing
> the handover of
> cryptographic keys and/or the force decryption of
> protected content has not
> been tapped by the UK Home Office-the division of
> the British government
> which oversees national security, the justice
> system, immigration, and the
> police forces of England and Wales. As we reported
> last year, the Home
> Office was slowly building its case to activate Part
> 3, Section 49.
> The Home Office has steadfastly proclaimed that the
> law is aimed at
> catching terrorists, pedophiles, and hardened
> criminals-all parties which
> the UK government contends are rather adept at using
> encryption to cover up
> their activities.
> Yet the law, in a strange way, almost gives
> criminals an "out," in that
> those caught potentially committing serious crimes
> may opt to refuse to
> decrypt incriminating data. A pedophile with a 2GB
> collection of encrypted
> kiddie porn may find it easier to do two years in
> the slammer than expose
> what he's been up to.
> -- 
> -----------------
> R. A. Hettinga <mailto: rah at>
> The Internet Bearer Underwriting Corporation
> <>
> 44 Farquhar Street, Boston, MA 02131 USA
> "... however it may deserve respect for its
> usefulness and antiquity,
> [predicting the end of the world] has not been found
> agreeable to
> experience." -- Edward Gibbon, 'Decline and Fall of
> the Roman Empire'

Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos & more.

More information about the cypherpunks-legacy mailing list