Encryption law could mean jail time

Regulation of Investigatory Powers Act now carries up to five-year jail sentence if data or keys not handed over.

It is now a crime to refuse to decrypt almost any encrypted data requested by authorities as part of a criminal or terror investigation under new laws which have just come into effect in the UK.

Part 3, Section 49 of the Regulation of Investigatory Powers Act (RIPA) 2000, which includes provisions for decryption requirements that are applied differently based on the kind of investigation underway, was included when RIPA was first introduced, but not activated until now.

Failure to hand over either cryptographic keys or data in a decrypted form that resides in the UK on is hosted on UK servers and affects a police or military anti-terrorism investigation could now cost the data holder up to five years in prison. All other failures to comply can lead to a maximum two-year sentence.

But the law does not authorise the government to intercept encrypted materials in transit on the internet via the UK or to attempt to have them decrypted under the auspices of the jail time penalty.

The law has been criticised for giving authorities too much power to access sensitive data. A financial institution could find itself having to hand over information relating to financial transactions and customers in the event of an investigation to track the movement of terrorist funds, for example.

And the receipt of a Section 49 notice could result in encryption key holders being prevented from revealing their part in any investigation to anyone but their lawyer.

The Home Office however maintains the law is aimed at catching terrorists, pedophiles, and hardened criminals, who it said are familiar with using encryption to avoid discovery.

However, it has been suggested a pedophile may prefer five years in jail for withholding information rather than a potentially longer term for abuse charges.

Featured Resources

Virtual desktops and apps for dummies

An easy guide to virtual desktop infrastructure, end-user computing, and more

Download now

The total economic impact of optimising and managing your hybrid multi-cloud

Cost savings and business benefits of accelerating the cloud journey

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

What’s next for the education sector?

A new learning experience

Download now

Recommended

Russian spy chief rebuffs “pathetic” SolarWinds hack accusations
cyber attacks

Russian spy chief rebuffs “pathetic” SolarWinds hack accusations

18 May 2021
Data breaches increase by a third as staff continue to work from home
cyber security

Data breaches increase by a third as staff continue to work from home

17 May 2021
What is phishing?
phishing

What is phishing?

17 May 2021
Cisco to acquire threat intelligence provider Kenna Security
Acquisition

Cisco to acquire threat intelligence provider Kenna Security

14 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021