Security Bullet In
Communiques from the security front, sir
Friday 25 January 2008, 6:08 PM
Encryption key legal challenge?
The power of the police to force people to hand over encryption keys may be possible to challenge under human rights law, according to an article on OUT-LAW.com.
From the article:
"The Regulation of Investigatory Powers Act (RIPA) was changed last autumn to allow police to force people to hand over passwords or keys to encrypted data. Refusal to do so is a criminal offence carrying a penalty of two years in jail, or up to five years if the issue concerns national security.
One criminal law specialist has told technology law podcast OUT-LAW Radio that the law could be challenged under the Human Rights Act, though he also warned that such a challenge could fail under legal tests set out by the European Court of Justice (ECJ)."
Security expert Richard Clayton has suggested an alternative hypothetical defence for innocent IT professionals unfairly accused: 'forget' your encryption key. It isn't a refusal.
From the article:
"The Regulation of Investigatory Powers Act (RIPA) was changed last autumn to allow police to force people to hand over passwords or keys to encrypted data. Refusal to do so is a criminal offence carrying a penalty of two years in jail, or up to five years if the issue concerns national security.
One criminal law specialist has told technology law podcast OUT-LAW Radio that the law could be challenged under the Human Rights Act, though he also warned that such a challenge could fail under legal tests set out by the European Court of Justice (ECJ)."
Security expert Richard Clayton has suggested an alternative hypothetical defence for innocent IT professionals unfairly accused: 'forget' your encryption key. It isn't a refusal.
Previous
