Encryption in the UK now legally irrelevant
Ars Technica reports that a new law going into effect today make it a criminal offense to refuse an order to decrypt your own data.
Individuals who are believed to have the cryptographic keys necessary for such decryption will face up to 5 years in prison for failing to comply with police or military orders to hand over either the cryptographic keys, or the data in a decrypted form.
Part 3, Section 49 of the Regulation of Investigatory Powers Act (RIPA) includes provisions for the decryption requirements, which are applied differently based on the kind of investigation underway. As we reported last year, the five-year imprisonment penalty is reserved for cases involving anti-terrorism efforts. All other failures to comply can be met with a maximum two-year sentence.
The article itself points out that part of the idiocy is that this gives criminals an easy way out.
Yet the law, in a strange way, almost gives criminals an “out,” in that those caught potentially committing serious crimes may opt to refuse to decrypt incriminating data. A pedophile with a 2GB collection of encrypted kiddie porn may find it easier to do two years in the slammer than expose what he’s been up to.
Wrong country to live in if you care about your privacy.
It is only a matter of time before this type of legislation is implemented elsewhere. Time to switch to deniable encryption software such as truecrypt.
Also I do not think the law gives criminals an “out”. They will jail the individual for two years, when he comes out they will present him with the encrypted data and ask him to decrypt it once again. If he refuses, another offense, another two years.
Good point. I was thinking that the “decryption denial” offense had already been penalized, but of course every time you decline to decrypt would be a new crime.
Unfortunately TrueCrypt still does not support OS X, but I can probably mount it on a Linux file server.