According to El Reg:
Users of encryption technology can no longer refuse to reveal keys to UK authorities after amendments to the powers of the state to intercept communications took effect on Monday (Oct 1).
The Regulation of Investigatory Powers Act (RIPA) has had a clause activated which allows a person to be compelled to reveal a decryption key. Refusal can earn someone a five-year jail term.
So, let’s have a look at some scenarios which may work with this. Like many laptop users, I routinely use encryptionÃ‚Â – if my laptop gets nicked, I really don’t want Johnny Chav to have access to my financial information, email, etc and I certainly don’t want his sinister Uncle Charlie having access to photos of my family. What if I forget the password and the same gang of incompetent plod who recently closed down half of Soho because they thought a Thai chef roasting chillies was a terrorist setting off a chemical bomb decide that my little fiat with a laptop in the boot looks like a Jihadmobile?
Two to Five years, that’s what. Two years for “withholding” an encryption key when not suspected of terrorism and five years when you are.
More to the point – if a terrorist was pulled up under this law he’d be given the choice “Tell us the encryption key so we can use your self-incrimination to put you away for life or withhold it and we’ll put you away for (covers mouth)<cough>five years</cough>”. Difficult choice there.
On the other side of the law – say there’s a couple of politicians I don’t like. I forge an email from one to the other containing cyphertext with hints of nefarious content in the plain text area. I then forge an encrypted reply. Then I call the police. The poor hapless politicians are then given the choice of producing keys they’ve no idea about or going to prison.
I wonder how long it’ll be before this gets abused. Fantastic!
One downside though -Ã‚Â if you’re served under this law you’re not allowed to tell anyone except your lawyer. Presumably so they can target the admins of dodgy websites and prevent them from telling all their “customers” that their accounts have been compromised. The knock on effect, though, is that you can’t then ridicule them for using the full powers of the law to force decryption of your holiday snaps.