UK Government asks for the encryption keys
The UK Home Office is planning to implement Part 3 of the Regulation of
Investigatory Powers Act (RIPA). That would allow the police forces to ask
for the disclosure of encryption keys, or force suspects to decrypt
encrypted data.
RIPA was promoted in 2000, but until now the officials have not implement
Part 3. There were still voices that considered that parts I and III of the
Act should be reviewed to consider whether the Act was effective in meeting
its aims. However, until now, the Act has remained in its initial form .
The Home Office have indicated that a consultation will be launched on
the 5th June. It is expected that this will say that the Part 3 is
needed to fight against an increased usage of encryption by criminals,
paedophiles, and terrorists.
The Home Office minister of state, Liam Byrne, told Parliament last week
that “Encryption products are more widely available and are integrated as
security features in standard operating systems, so the Government has
concluded that it is now right to implement the provisions of Part 3 of
RIPA… which is not presently in force.”
This decision has triggered a lot of comments and criticism from experts in
the industry, considering that anyone who refuses to hand over a key to the
police would face up to two years imprisonment. Experts are worried about
the effects of the Act, that might push some businesses outside UK, but also
about the practical solutions related to financial institutions that use
such security devices.
Readers and experts cited by Zdnet UK point out that the law might be
impossible to enforce. The encryption expert Peter Fairbrother underlined:
“It is, as ever, almost impossible to prove ‘beyond a reasonable
doubt’ that some random-looking data is in fact ciphertext, and then prove
that the accused actually has the key for it, and that he has refused a
proper order to divulge it”.
UK Government to force handover of encryption keys (18.05.2006)
http://news.zdnet.co.uk/internet/security/0,39020375,39269746,00.htm
Anger over encryption key seizure threat (19.05.2006)
http://news.zdnet.co.uk/internet/security/0,39020375,39270276,00.htm