You are currently browsing EDRi's old website. Our new website is available at https://edri.org

EDRI-gram

If you wish to help EDRI promote digital rights, please consider making a private donation.


Flattr this

logo

EDRi booklets

UK: Decrypt data or go to prison!

10 October, 2007
» 

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The controversial Part 3 of the Regulation of Investigatory Powers Act (RIPA) in UK is in force starting with 1 October 2007. This new regulation gives the power to police forces to ask for the disclosure of encryption keys, or force suspects to decrypt encrypted data.

RIPA was adopted in 2000, but Part 3 was not in force until last year when the UK government has started a public consultation on its enforcement. Despite the negative comments received from the security experts and the major concerns that the adoption of such a measure will push businesses outside UK, the authorities decided to uphold their initial position and to apply the law starting with 1 October 2007.

Section 49 of RIPA Part 3 foresees that people are obliged by law to provide to the law enforcement authorities, when served with a notice either the key to decrypt the materials or the materials as such. If they refused, a five-year imprisonment penalty could be applied for cases involving anti-terrorism efforts or a maximum two-year sentence for other cases.

The UK Government has pushed the application, considering that the terrorist, paedophiles, and hardened criminal could use encryption to hide their actions, but a criminal that refuses to decrypt its incriminating data could, in this way, serve less time in jail. "The measures in Part III are intended to ensure that the ability of public authorities to protect the public and the effectiveness of their other statutory powers are not undermined by the use of technologies to protect electronic information" explained the Home Office.

The Home Office said that the process will be overseen by the Interception of Communications Commissioner, the Intelligence Services Commissioner and the Chief Surveillance Commissioner.

The law also foresees that someone that has received a notice based on Section 49 can be prevented to disclose this information to anyone else, except his attorney.

RIPA can be applied only on UK territory, thus to data hosted on UK servers or stored on devices located within the UK.

UK can now demand data decryption on penalty of jail time (1.10.2007)
http://arstechnica.com/news.ars/post/20071001-uk-can-now-demand-data-d...

EDRI-gram : UK Government asks for the encryption keys (24.05.2006)
http://www.edri.org/edrigram/number4.10/ukencryption

Law requiring disclosure of decryption keys in force (2.10.2007)
http://www.out-law.com/page-8515

‹ German DP Commissioner against Google-Doubleclick dealupEuropean Parliament resolution on a European digital library ›
Printer-friendly version
 
Site by Floatleft.

Syndicate:

Syndicate contentCreative Commons License

With financial support from the EU's Fundamental Rights and Citizenship Programme.
eu logo