no more UK for me

Eugen Leitl eugen at leitl.org
Thu Oct 16 07:35:43 PDT 2008


http://www.linuxworld.com.au/index.php/id;897277082;fp;;fpid;;pf;1

UK appeals court rejects encryption key disclosure defense

Defendants can't deny police an encryption key because of fears the data it
unlocks will incriminate them, a British appeals court has ruled.

Jeremy Kirk (IDG News Service) 15/10/2008 08:44:00

Defendants can't deny police an encryption key because of fears the data it
unlocks will incriminate them, a British appeals court has ruled.

The case marked an interesting challenge to the UK's Regulation of
Investigatory Powers Act (RIPA), which in part compels someone served under
the act to divulge an encryption key used to scramble data on a PC's hard
drive.

Failure to do so could mean a two-year prison sentence or up to five years if
the case involves national security.

The appeals court heard a case in which two suspects refused to give up
encryption keys, arguing that disclosure was incompatible with the privilege
against self incrimination.

One of the suspects had been ordered not to move house without permission
under a terrorism-prevention act. The man defied the order, and he and
another man were arrested, according to the ruling from the England and Wales
Court of Appeal Criminal Division.

Police also seized encrypted material on a disc belonging to the first man.
When the second man was arrested, police saw he had partially entered an
encryption key into a computer.

In its ruling, the appeals court said an encryption key is no different than
a physical key and exists separately from a person's will.

"The key to the computer equipment is no different to the key to a locked
drawer," the court found. "The contents of the drawer exist independently of
the suspect; so does the key to it. The contents may or may not be
incriminating: the key is neutral."

The right against self incrimination is not without bounds, as suspects also
can't refuse to give a DNA sample if properly compelled.

RIPA, passed in 2000 by the U.K. Parliament, is intended to give police new
powers to conduct covert surveillance and wiretap operations in respect to
new communication technologies.

The third part of RIPA concerning the disclosure of encryption keys came into
force in October 2007. It was delayed since when RIPA was approved, law
enforcement wasn't seeing wide use of encryption. It was also one of the more
controversial parts of RIPA, as critics said companies could be at risk if
law enforcement mishandled their data.

To obtain a key, a so-called "Section 49" request must first be approved by a
judicial authority, chief of police, the customs and excise commissioner or a
person ranking higher than a brigadier or equivalent. Authorities can also
mandate that recipients of a Section 49 request not tell anyone except their
lawyer that they have received it.





More information about the cypherpunks-legacy mailing list