Judge strikes down NCA attempt to grab Lauri Love's encryption keys
Magistrate rules police should have used RIPA in federal reserve hack case
Lauri Love, the 31-year-old British activist accused of hacking into the US Federal Reserve, won a key court case this morning against the UK National Crime Agency (NCA).
Love is in the process of suing the NCA under section 1 of the Police (Property) Act 1897 (PPA) for the return of computer equipment seized in 2013 as part of its investigation into his alleged involvement in stealing "massive quantities" of sensitive data from the Federal Reserve.
As part of the civil proceedings, the NCA applied under the court's case management powers for an order to force Love to hand over encryption keys for the hard drives and other items it took from him, ostensibly to prove he is in fact the real owner of the devices, to enable the court "to adjudicate fairly upon the complete contents of the devices" and to keep procedures moving at a reasonable speed.
According to lawyer David Allen Green, who once went by the pseudonym Jack of Kent, the application represented an attempt by the NCA "to sidestep the RIPA scheme and effectively circumvent the section 55 safeguards and the protections of the Code of Practice".
District Judge Tempia, the magistrate who has been hearing the case, threw out the NCA's request, saying: "After reading the papers and hearing from the parties, I am not granting the application because in order to obtain the information sought the correct procedure to be used, as the NCA did 2 12 years ago, is under section 49 RIPA, with the inherent [Human Rights Act] safeguards incorporated therein."
As reported by the BBC in April, the police did in fact issue Love with a RIPA order in February 2014, which Tempia referred to in her ruling. Although he refused to comply with that order, it expired with no further consequences.
Tempia continued: "The case management powers of the court are not to be used to circumvent specific legislation that has been passed in order to deal with the disclosure sought."
Green reports that the NCA has said it will not be commenting on today's ruling, citing "ongoing proceedings".
This article was originally published at 11.27 and has since been updated with details of Judge Tempia's ruling.
Application security fallacies and realities
Web application attacks are the most common vulnerability, so what is the truth about application security?Download now
Your first step researching Managed File Transfer
Advice and expertise on researching the right MFT solution for your businessDownload now
The KPIs you should be measuring
How MSPs can measure performance and evaluate their relationships with clientsDownload now
Life in the digital workspace
A guide to technology and the changing concept of workspaceDownload now