How would you respond if, after seizing your computer, police order you to give them the means to view any encrypted files you keep on it?
I suspect you'd feel it was an invasion of privacy. But if you live in the United Kingdom, this is now the law.
Encryption is an essential privacy and security tool. It allows you to convert plain-text files on your PC into unreadable gibberish.
I've long recommended encrypting all confidential files on your PC. Programs like PGP Desktop that automatically encrypt your entire hard disk are even better.
Unfortunately, government busybodies don't like it when ordinary people have the opportunity to take back a smidgen of the privacy rights they've been systematically stripped up in recent decades. And so, we have legislation like the notorious Regulation of Investigatory Powers Act (RIPA), which allows U.K. police to demand encryption keys or provide a clear text transcript of encrypted text.
Failure to comply can result in up to two years imprisonment for cases not involving national security, or five years for terrorism offenses and the like. Police can order you to turn over data months or even years old.
This authority came into force in October 2007, seven years after the U.K. Parliament enacted the original legislation. We now know that this authority has already been used on at least one occasion.
Surely, police reserved this draconian sanction for a known associate of Osama bin Laden, someone reasonably suspected of planning a reprise of the horrific London bombings of 2005, or in an investigation of a similarly severe threat.
But that's not how it was used. Instead, the first known use of this authority came against (drum roll, please) an animal rights activist.
Police seized this woman's computer last May. On November 3, she received an "invitation" to disclose her encryption keys and passphrase to police. If she declines the "invitation," she faces a two-year prison sentence.
(For her fascinating account of her experiences, click here. The comments to her posting are also very interesting.)
Now, quite apart from the total violation of one's right to be free from "unreasonable" searches and seizures, what happens if you didn't knowingly encrypt any files on your PC? Obviously, if you did so, you would have no encryption keys or passphrase to disclose. Or, alternatively, if you deliberately encrypted files and then lost, accidentally deleted, or misplaced your private key, or forgot your passphrase?
What would happen in this situation? Stay tuned for tomorrow's blog entry.
Copyright © 2007 by Mark Nestmann
Comments