The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

UK can now demand data decryption on penalty of jail time

Posted by Xavier Ashe on October 3, 2007

New laws going into effect today in the United Kingdom make
it a crime to refuse to decrypt almost any encrypted data requested by
authorities as part of a criminal or terror investigation. Individuals who are
believed to have the cryptographic keys necessary for such decryption will face
up to 5 years in prison for failing to comply with police or military orders to
hand over either the cryptographic keys, or the data in a decrypted form.

Part 3, Section 49 of the Regulation of Investigatory Powers
Act (RIPA)
includes provisions for the decryption requirements, which are applied
differently based on the kind of investigation underway. As we reported last
year
, the five-year imprisonment penalty is reserved for cases involving
anti-terrorism efforts. All other failures to comply can be met with a maximum two-year sentence.

The law can only be applied to data residing in the UK, hosted
on UK servers, or stored on devices located within the UK. The law does not
authorize the UK government to intercept encrypted materials in transit on the
Internet via the UK and to attempt to have them decrypted under the auspices of
the jail time penalty.

Read the full article on ArsTechnica.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: