more on Can you be compelled to give a password? [was: Police Blotter: Laptop border searches OK'd]

[David Farber <dave () farber net>]

Begin forwarded message:

From: "Jonathan H. Care" <j.care () securitypractice com>
Date: July 28, 2006 3:02:01 PM EDT
To: dave () farber net
Subject: RE: [IP] Can you be compelled to give a password? [was:  
Police Blotter: Laptop border searches OK'd]


> From: "Patrick W. Gilmore" <patrick () ianai net>
> Date: July 28, 2006 2:11:45 PM EDT
> To: dave () farber net
> Cc: "Patrick W. Gilmore" <patrick () ianai net>
> Subject: Can you be compelled to give a password? [was: Police
> Blotter: Laptop border searches OK'd]

In the UK, it is a crime under the Regulation of Investigatory Powers
Act 2000 not to disclose a password, encryption key, session key, or
plaintext when required to do so by law enforcement. This applies both
to end parties in the communication, and intermediates (such as
telecommunication companies).

Note that some people have been known to perform a risk assessment, and
have elected the milder penalty associated with refusal to disclose,
rather than face the harsher penalties that come with conviction of the
crime that led to them being the target of investigation.

I have a feeling the the Police and Justice bill 2006 has some further
measures planned in this direction, but can't cite references at the
moment.

> Seems there might be some 'self-incriminatory' arguments here.
> Perhaps even an "unreasonable search" argument.  But IANAL.

Kind Regards,
Jonathan Care
Director, The Security Practice Ltd.
Tel: +44 (0)845 123 5413
Email: j.care () securitypractice com
Skype: jonathancare


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/