“A controversial provision in the UK’s Regulation of Investigatory Powers Act (RIPA) allows investigators to demand access to cryptographic keys or fully decrypted data. Failure to comply leads to jail time”

“New laws going into effect today in the United Kingdom make it a crime to refuse to decrypt almost any encrypted data requested by authorities as part of a criminal or terror investigation. Individuals who are believed to have the cryptographic keys necessary for such decryption will face up to 5 years in prison for failing to comply with police or military orders to hand over either the cryptographic keys, or the data in a decrypted form.

Part 3, Section 49 of the Regulation of Investigatory Powers Act (RIPA) includes provisions for the decryption requirements, which are applied differently based on the kind of investigation underway. As we reported last year, the five-year imprisonment penalty is reserved for cases involving anti-terrorism efforts. All other failures to comply can be met with a maximum two-year sentence.

The law can only be applied to data residing in the UK, hosted on UK servers, or stored on devices located within the UK. The law does not authorize the UK government to intercept encrypted materials in transit on the Internet via the UK and to attempt to have them decrypted under the auspices of the jail time penalty.”

Ref.

Ken Fisher. 2007 [Cited 2010 Jan 08]; Available from http://arstechnica.com/tech-policy/news/2007/10/uk-can-now-demand-data-decryption-on-penalty-of-jail-time.ars

One Response to “UK can now demand data decryption on penalty of jail time”