We Predicted This Would Happen: Man Jailed in UK for Failing to Disclose Passphrase

UK jails schizophrenic for refusal to decrypt files.

In the UK under the odious Regulation of Investigatory Powers Act (RIPA), if you are served with an order to disclose a passphrase to an encrypted file and you don't, you're guilty.

We saw this coming ten years ago,

Caspar Bowden, director of the Foundation for Information Policy Research, said ministers still had the power to reintroduce such “objectionable proposals” later as regulations. He said two new offences in the bill raised serious civil liberties concerns:

“The bill will give police the power to demand decryption keys from anyone they suspect of possessing them, and failure to hand keys over can lead to a two-year jail sentence.

“Defendants will be presumed guilty of withholding a key unless they can prove otherwise, a likely contravention of the European Convention on Human Rights, and decryption notices will be secret, so it will be impossible to complain effectively if they are used in an oppressive way.”

A “tipping-off” offence could prevent innocent associates from complaining publicly, with a penalty of five-years imprisonment, he added.

The National Council for Civil Liberties took a similar line. Liberty's Director, John Wadham, said :

“These powers are too sweeping, and in some respects problematic. It's difficult to discern quite how an individual could prove that they didn't have a key: you can't prove a negative. This reversal of the burden of proof may well infringe the right to a fair trial. The indefinite gagging order on any individual whose e-mail has been intercepted is extraordinary.”

A Home Office spokeswoman denied the bill would mean defendants being presumed guilty. “The bill doesn't reverse the onus of proof, the authorities still have to prove that an offence has been committed for it to get off the ground,” she said.

What Sir Humphrey didn't tell the reporter, of course, is that the relevant “offence” is not disclosing the passphrase, not some underlying crime — of which in this case there is no evidence, although the defendant certainly has issues. But there's evidence that he didn't disclose his passphrase, and that is all it takes to jail him for nine months.

This entry was posted in Civil Liberties, Cryptography, UK. Bookmark the permalink.

3 Responses to We Predicted This Would Happen: Man Jailed in UK for Failing to Disclose Passphrase

  1. cypherpunk says:

    In America, the National Rifle Association has never, ever truly believed that strong crypto belonged within the class of munitions.

    Why is that?

  2. Vic says:

    because crypto is a lot of things, but it is not a munition. More simply though, the NRA is most likely against lumping things alongside the catagory of currently legal firearms that would serve to create a meta-catagory that could reasonably then be regulated at the meta-level. As an extreme exemple of what I mean: Put A-bombs in with guns and call the new catagory guns+. Then announce sweeping new regs on guns+ because nobody in his right mind wants A-bombs unregulated… (this is an extreme example, but this sort of thing happens and I suspect it’s why the NRA is sceptical about diluting the catagory “guns” beyond it’s current plain civilian meaning.

    If you want to talk what can be exported or controlled…obviously crypto migt have a place on some list, but it still isn’t a munition, so much as an intel issue.

  3. cypherpunk says:

    Well, Vic, the NRA has a fair number of black-powder shooters on its muster rolls. Do wadding-papers for muskets belong on the munitions list?

    Shall the sovereign regulate your wadded papers?

Comments are closed.