UK can now demand data decryption on penalty of jail time

New laws going into effect today in the United Kingdom make
it a crime to refuse to decrypt almost any encrypted data requested by
authorities as part of a criminal or terror investigation. Individuals who are
believed to have the cryptographic keys necessary for such decryption will face
up to 5 years in prison for failing to comply with police or military orders to
hand over either the cryptographic keys, or the data in a decrypted form.

Part 3, Section 49 of the Regulation of Investigatory Powers
Act (RIPA)
includes provisions for the decryption requirements, which are applied
differently based on the kind of investigation underway. As we reported last
, the five-year imprisonment penalty is reserved for cases involving
anti-terrorism efforts. All other failures to comply can be met with a maximum two-year sentence.

The law can only be applied to data residing in the UK, hosted
on UK servers, or stored on devices located within the UK. The law does not
authorize the UK government to intercept encrypted materials in transit on the
Internet via the UK and to attempt to have them decrypted under the auspices of
the jail time penalty.

Read the full article on ArsTechnica.


Author: Xavier Ashe

Entrepreneur, Infosec Executive, CISSP, CISM, Ironman triathlete, traveler, UU, paleo, father of 8, goyishe, gamer, & geek.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s