Encryption law could mean jail time

Regulation of Investigatory Powers Act now carries up to five-year jail sentence if data or keys not handed over.

It is now a crime to refuse to decrypt almost any encrypted data requested by authorities as part of a criminal or terror investigation under new laws which have just come into effect in the UK.

Part 3, Section 49 of the Regulation of Investigatory Powers Act (RIPA) 2000, which includes provisions for decryption requirements that are applied differently based on the kind of investigation underway, was included when RIPA was first introduced, but not activated until now.

Failure to hand over either cryptographic keys or data in a decrypted form that resides in the UK on is hosted on UK servers and affects a police or military anti-terrorism investigation could now cost the data holder up to five years in prison. All other failures to comply can lead to a maximum two-year sentence.

But the law does not authorise the government to intercept encrypted materials in transit on the internet via the UK or to attempt to have them decrypted under the auspices of the jail time penalty.

The law has been criticised for giving authorities too much power to access sensitive data. A financial institution could find itself having to hand over information relating to financial transactions and customers in the event of an investigation to track the movement of terrorist funds, for example.

And the receipt of a Section 49 notice could result in encryption key holders being prevented from revealing their part in any investigation to anyone but their lawyer.

The Home Office however maintains the law is aimed at catching terrorists, pedophiles, and hardened criminals, who it said are familiar with using encryption to avoid discovery.

However, it has been suggested a pedophile may prefer five years in jail for withholding information rather than a potentially longer term for abuse charges.

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

Austin Energy warns of scammers soliciting payments in the wake of mass power outages
scams

Austin Energy warns of scammers soliciting payments in the wake of mass power outages

23 Feb 2021
Cyber security firm saw attacks rise by 20% during 2020
cyber security

Cyber security firm saw attacks rise by 20% during 2020

23 Feb 2021
What to look for in a secure cloud system
cloud security

What to look for in a secure cloud system

23 Feb 2021
Hackers turn to 'silent stealing' in bid to exploit home workers
scams

Hackers turn to 'silent stealing' in bid to exploit home workers

22 Feb 2021

Most Popular

Mysterious Silver Sparrow malware hits 30,000 macOS devices
malware

Mysterious Silver Sparrow malware hits 30,000 macOS devices

22 Feb 2021
IBM reportedly mulls sale of Watson Health business
mergers and acquisitions

IBM reportedly mulls sale of Watson Health business

22 Feb 2021
Microsoft to launch standalone Office 2021 suite
Microsoft Office

Microsoft to launch standalone Office 2021 suite

19 Feb 2021