Interesting People mailing list archives
more on Can you be compelled to give a password? [was: PoliceBlotter: Laptop border searches OK'd]
From: David Farber <dave () farber net>
Date: Sat, 29 Jul 2006 09:34:05 -0400
Begin forwarded message: From: "Jonathan H. Care" <j.care () securitypractice com> Date: July 29, 2006 8:25:54 AM EDT To: bensons () neohaven net Cc: dave () farber netSubject: RE: [IP] more on Can you be compelled to give a password? [was: PoliceBlotter: Laptop border searches OK'd]
-----Original Message----- From: bensons () neohaven net [mailto:bensons () neohaven net] Sent: 29 July 2006 00:02 To: Jonathan H. Care Cc: dave () farber net Subject: Re: [IP] more on Can you be compelled to give a password? [was: PoliceBlotter: Laptop border searches OK'd] Jonathan- In the UK, what does it mean to be "required to do so by law enforcement"? If a traffic officer demands my password am I obliged to give it? I assume that a subpeona or some other due-process can "require" me, but I'm not sure where that line gets drawn in the US, UK, or elsewhere.
This is an interesting one. The original RIPA of 2000 earmarked specific officers and processes that would be required to demand disclosure of encryption keys (or passwords). Some five years after the original deployement of this legislation, the UK Home Office are now deploying RIPA Part III. Parts I and III of RIPA have been particularly controversial because they address the interception of communications, and government access to encryption keys respectively. In 2002, there was a backlash from Telco's and ISPs in the UK over the costs involved in complying with the Act. BT, Vodafone and lobby group Eurim called for more clarity on the costs involved in complying with the Act. Vodafone suggested that, even if the code does not go into detail on costs, it should mention the fact that the Government had agreed to provide a fair contribution. Eurim, meanwhile, said it wanted more information to be provided in the code on the potential costs of the technical upgrading that would be required to comply with the Act. In September 2003, Home Secretary David Blunkett announced wide-ranging extensions to the list of those entitled to see information collected under the RIPA. The list now includes jobcentres, local councils, and the Chief Inspector of Schools. Civil rights and privacy campaigners have dubbed these extensions a "snoopers' charter". Part 3 of RIPA is now being brought into effect by HMG. "The use of encryption is... proliferating," Liam Byrne, Home Office minister of state told Parliament last week. "Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of Part 3 of RIPA... which is not presently in force." Part 3 of RIPA gives the police powers to order the disclosure of encryption keys, or force suspects to decrypt encrypted data. Anyone who refuses to hand over a key to the police would face up to two years' imprisonment. Under current anti-terrorism legislation, terrorist suspects now face up to five years for withholding keys. If Part 3 is passed, financial institutions could be compelled to give up the encryption keys they use for banking transactions.
Cheers, -Benson
Kind Regards, Jonathan Care Director, The Security Practice Ltd. Tel: +44 (0)845 123 5413 Email: j.care () securitypractice com Skype: jonathancare ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Can you be compelled to give a password? [was: PoliceBlotter: Laptop border searches OK'd] David Farber (Jul 29)