±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36775
New Yesterday: 0 Visitors: 105

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

How should the law deal with strong encryption?

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2 
  

bjgleas
Senior Member
 

Re: How should the law deal with strong encryption?

Post Posted: Nov 08, 05 08:10

- yey365
Under the terms of the UK RIPA Act the suspect can be compelled to divulge paswwords of face a 2 year prison sentence. Depending on what is being protected a 2 year term may be worthwhile!

Jim


I've always had a sneaking admiration for this law.

While it can (and probably will) be abused, I've always viewed it as being similar to someone refusing to take a drunk-driving test in the US. You can refuse, but it is an automatic loss of license for an extended period of time. This section of the RIPA seems very similar. As one other poster said, it may be worth it to take the 2 years.

But my question is: if you refused to cooperate and go to jail, would that halt the investigation? If, during the 2 years you are in prison, the police crack the code and find illegal activities, can you still be charged for the new crime, as well as for failing to surrender your password? It would not appear to be double jeopardy, since the 2 years is for failing to turn over the password, and not for the crime that was hidden.

Can any of our UK members address that?

bj  
 
  

Andy
Senior Member
 

Re: How should the law deal with strong encryption?

Post Posted: Nov 08, 05 16:45

As far as I am aware (Tristan is correct), legislation relating to liability for failure to disclose a password/passphrase under part 3 of the RIP Act was not included. It may be that it is implimented in some future update of the act.

Andy  
 
  

jlloyd
Member
 

Re: How should the law deal with strong encryption?

Post Posted: Dec 08, 05 17:55

I've always been very concerned about the potential for a miscarriage of justice inherent in this proposal.

Think about it, should an encrypted file be found on a machine, the owner or operator of that machine may be jailed for failing to produce the relevant key.

As you are all aware, it is not always possible to prove provenance of a file. Clearly, the owner/operator may legitimately have no knowledge of the existence of the encrypted file or, having knowledge of the file, may not know the decryption key. The file could have been downloaded, emailed, uploaded maliciously, encrypted by a work colleague etc.

In this case, that lack of knowledge provides no defence and would directly lead to a jail term.

In essence, the existence of any encrypted file on a machine, to which the defendant could not provide a decryption key, would provide a mechanism by which to ensure a jail term for that suspect. That may be great news for the prosecutor but it's not so great for those concerned with civil liberties.

Justin.  
 

Page 2 of 2
Page Previous  1, 2