UK Decryption Law Pushed Through

Joel Rowbottom writes, "After all the lobbying and protests from the 'Net community over the past year, the UK government has still published The Regulation of Investigatory Powers Bill. If this becomes law then you could be sent to prison if your data is encrypted and you refuse to either supply the key, or the plaintext versions. If you're in the UK and you haven't done so yet, write to your MP and let them know your feelings on the subject! "

Overridden by EU Law?

Heard on the news yesterday the the Scottish courts have rendered the law on speed cameras obsolete (in Scotland anyhow).

AFAIR the argument went as follows: If your car gets caught on a speed camera the UK law requires the owner to identify the driver at the time so that the fine/license points can be levied at the appropriate person. If you refuse then the owner gets the punishment.

However, the Scottish courts (which are independent of the rest of the UK legal system) have noticed that the European laws say that no-one is obliged to incriminate themselves - it's the responsibility of the accusers to gather enough evidence to find them guilty.

Thus, in Scotland at least, if you get snapped by a speed camera, then the right defence is to not to deny you were the driver but simply to refuse to incriminate yourself. Then under Euro law they have no right to fine you.

Now this has to also apply to this data encryption business doesn't it? Just tell you refuse to incriminate yourself (by giving them the key) then they'll have to try and crack it themselves, not just punish you anyhow.

(I guess this is equivalent of "pleading the 5th" in US?)

Regards, Ralph.

Look on the bright Side (This Law and DeCSS)

This law effectively makes DeCSS legal in the UK. Since the law requires that (on demand) we hand over encryption keys to any encrypted data in our possession, they can hardly justify putting us in jail for having the key in the first place.
I quote the relevant part:

"And, as a result, the Bill proposes that the police or the security services should have the power to force someone to hand over decryption keys or the plain text of specified materials, such as e-mails, and jail those who refuse."

Re:Why is cryptography so terribly important?

I used to teach Introduction to the Internet classes at a community college where I also ran the open student lab. I would tell the students that they should not send anything in email that they wouldn't want to see in the headline of tomorrows newspaper. If I'm having a private email conversation with a friend about a third party, there may be information that I don't want the third party to know I said and information I don't want made public.

Assume I am a psychiatrist consulting with a colleague in another place about a client. I wouldn't want anyone but the intended recipient to see the information about the patients condition.

Just these facts are enough to make encryption worthwhile for me.

And what about business plans? If I was working on developing a new product, the exposure of that information could give someone else (with more money - like M/$) the idea to develop before I could get all my ducks in a row.

Other than that, is just simply the fact that I have a right to be secure in my possessions and particulary, my information. That was the whole point to forming this country (USA). For my government to force me to give them the encryption key to data is the same as demanding that I incriminate myself (also prohibited by the US Constitution.)

I realize the article is about the law in the UK, but the encryption issue is truly international.

Governments are chipping away at our rights to privacy (at whatever level) in many countries around the world. If we don't stop it now, nothing about our private lives will be beyond the reach of Government, and then corporations as they further lobby the Government (become the Government?)

Why is cryptography so terribly important?

Those reasons are enough for me.

Russ

How to get someone thrown in jail

Look at http://www.stand.org.uk/ [stand.org.uk] - this is an important site.

They show how to get Jack Straw (important government chap in the UK) guilty of committing a crime. That is, they encrypted a confession to an actual (undisclosed) crime, destroyed the key, and sent him the encrypted data. Jack Straw is now in possession of some information that would pressumably be of interest to the police, but he is unable to provide the decryption key (because he never had it in the first place), but, ofcourse, as many people are pointing out, how do you prove you don't have the key...

While the example of the above site is, considering the circumstances, a fairly light-heated example, consider this: lots of politicans/business people (or anyone, really) are accussed, and investigated, of serious crimes regularly. How easy will it become to provide encrypted data to the person under investigation, without their knowledge, and then inform the police that that person is in possession of encrypted data that may (or may not? who can tell?) be of interest to their investigations. Police find data, ask for key, person is flung in jail.

Ooops.

I really hope Mark Thomas [channel4.com] can squeeze a show in about this before the current season ends - I believe the shows are still being taped. (Mark Thomas is similar to Michael Moore, for you US people - only much, much better at what he does.)

...j