by Jeremy Kirk

UK May Demand Encryption Keys

Oct 01, 20062 mins

The U.K. government may soon activate a law that would compel a person to provide encryption keys or make scrambled data intelligible upon demand by authorities, or face jail time. The move follows British police complaints that increasingly, PCs containing encrypted data are stalling investigations in areas such as child pornography.

In 2000, Parliament passed the Regulation of Investigatory Powers Act (RIPA), updating how law enforcement should conduct covert surveillance and wiretapping in light of new communications technologies.

But the government didn’t activate a part of the law dealing with encryption—because it wasn’t widely used at the time, according to the Home Office. However, the government recently made an exception. As part of antiterrorism legislation approved in April, suspects in national security cases could face five years in prison for failing to disclose an encryption key.

Under RIPA, suspects may receive up to two years in prison for cases outside national security. But the legislation has worrisome aspects, security experts say. High-ranking military, police and customs officials could demand keys without a court warrant.

Multinational corporations may be nervous about storing encryption keys in that kind of climate, says Richard Clayton, a security expert at the University of Cambridge in Cambridge, England. “There is a case for a power to ask for decryption,” he says. But “almost everybody charged with this offense is going to say “I forgot the key,’ and frankly, a jury is going to believe them,” he adds.