In the UK under the odious Regulation of Investigatory Powers Act (RIPA), if you are served with an order to disclose a passphrase to an encrypted file and you don't, you're guilty.
We saw this coming ten years ago,
Caspar Bowden, director of the Foundation for Information Policy Research, said ministers still had the power to reintroduce such “objectionable proposals” later as regulations. He said two new offences in the bill raised serious civil liberties concerns:
“The bill will give police the power to demand decryption keys from anyone they suspect of possessing them, and failure to hand keys over can lead to a two-year jail sentence.
“Defendants will be presumed guilty of withholding a key unless they can prove otherwise, a likely contravention of the European Convention on Human Rights, and decryption notices will be secret, so it will be impossible to complain effectively if they are used in an oppressive way.”
A “tipping-off” offence could prevent innocent associates from complaining publicly, with a penalty of five-years imprisonment, he added.
The National Council for Civil Liberties took a similar line. Liberty's Director, John Wadham, said :
“These powers are too sweeping, and in some respects problematic. It's difficult to discern quite how an individual could prove that they didn't have a key: you can't prove a negative. This reversal of the burden of proof may well infringe the right to a fair trial. The indefinite gagging order on any individual whose e-mail has been intercepted is extraordinary.”
A Home Office spokeswoman denied the bill would mean defendants being presumed guilty. “The bill doesn't reverse the onus of proof, the authorities still have to prove that an offence has been committed for it to get off the ground,” she said.
What Sir Humphrey didn't tell the reporter, of course, is that the relevant “offence” is not disclosing the passphrase, not some underlying crime — of which in this case there is no evidence, although the defendant certainly has issues. But there's evidence that he didn't disclose his passphrase, and that is all it takes to jail him for nine months.