Post Process

Everything to do with E-discovery & ESI

Posts Tagged ‘United Kingdom’

New U.K. anti-terror law used to demand encryption keys

Posted by rjbiii on November 15, 2007

A law billed by the British government as a tool for fighting terrorism has been turned against an animal rights activist, who has been informed that she must provide encryption keys so that police may decrypt files on her computer. If she fails to comply, she could face two years in jail. The twist in this story is that she claims that she never stored any encrypted files on her computer:

The contentious measure, introduced after years of consultation, was sold to Parliament as a necessary tool for law enforcement in the fight against organised crime and terrorism.

But an animal rights activist is one of the first people at the receiving end of a notice to give up encryption keys. Her computer was seized by police in May, and she has been given 12 days to hand over a pass-phrase to unlock encrypted data held on the drive – or face the consequences.

The woman, who claims to have not used encryption, relates her experiences in an anonymous posting on Indymedia.

[HT: Slashdot]

Advertisements

Posted in Articles, Document Retention, Encryption, Privacy | Tagged: , | Leave a Comment »

UK Government can demand decryption of data

Posted by rjbiii on October 3, 2007

So says a new article posted by Ars Technica. What happens if you don’t? Trouble.

New laws going into effect today in the United Kingdom make it a crime to refuse to decrypt almost any encrypted data requested by authorities as part of a criminal or terror investigation. Individuals who are believed to have the cryptographic keys necessary for such decryption will face up to 5 years in prison for failing to comply with police or military orders to hand over either the cryptographic keys, or the data in a decrypted form.

The max sentence is reserved for terrorism cases; all other cases carry a two year maximum penalty. There has, of course, been plenty of criticism:

The law has been criticized for the power its gives investigators, which is seen as dangerously broad. Authorities tracking the movement of terrorist funds could demand the encryption keys used by a financial institution, for instance, thereby laying bare that bank’s files on everything from financial transactions to user data.

There’s some irony present, as well:

Yet the law, in a strange way, almost gives criminals an “out,” in that those caught potentially committing serious crimes may opt to refuse to decrypt incriminating data. A pedophile with a 2GB collection of encrypted kiddie porn may find it easier to do two years in the slammer than expose what he’s been up to.

The intent of the law is, undoubtedly, valid. How it may affect companies’ decisions with respect to housing data within the U.K. will only be seen as events unfold.

[HT: Slashdot]

Posted in Articles, Data Management, Encryption, Laws, Trends | Tagged: | Leave a Comment »