It is now a crime to refuse to decrypt almost any encrypted data requested by authorities as part of a criminal or terror investigation under new laws which have just come into effect in the UK.
Part 3, Section 49 of the Regulation of Investigatory Powers Act (RIPA) 2000, which includes provisions for decryption requirements that are applied differently based on the kind of investigation underway, was included when RIPA was first introduced, but not activated until now.
Failure to hand over either cryptographic keys or data in a decrypted form that resides in the UK on is hosted on UK servers and affects a police or military anti-terrorism investigation could now cost the data holder up to five years in prison. All other failures to comply can lead to a maximum two-year sentence.
But the law does not authorise the government to intercept encrypted materials in transit on the internet via the UK or to attempt to have them decrypted under the auspices of the jail time penalty.
The law has been criticised for giving authorities too much power to access sensitive data. A financial institution could find itself having to hand over information relating to financial transactions and customers in the event of an investigation to track the movement of terrorist funds, for example.
And the receipt of a Section 49 notice could result in encryption key holders being prevented from revealing their part in any investigation to anyone but their lawyer.
The Home Office however maintains the law is aimed at catching terrorists, pedophiles, and hardened criminals, who it said are familiar with using encryption to avoid discovery.
However, it has been suggested a pedophile may prefer five years in jail for withholding information rather than a potentially longer term for abuse charges.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
UK financial services firms are scrambling to comply with DORA regulationsNews Lack of prioritization and tight implementation schedules mean many aren’t compliant
-
What the US-China chip war means for the tech industryIn-depth With China and the West at loggerheads over semiconductors, how will this conflict reshape the tech supply chain?
-
Former TSB CIO fined £81,000 for botched IT migrationNews It’s the first penalty imposed on an individual involved in the infamous migration project
-
Microsoft, AWS face CMA probe amid competition concernsNews UK businesses could face higher fees and limited options due to hyperscaler dominance of the cloud market
-
Online Safety Bill: Why is Ofcom being thrown under the bus?Opinion The UK government has handed Ofcom an impossible mission, with the thinly spread regulator being set up to fail
-
Can regulation shape cryptocurrencies into useful business assets?In-depth Although the likes of Bitcoin may never stabilise, legitimising the crypto market could, in turn, pave the way for more widespread blockchain adoption
-
UK gov urged to ease "tremendous" and 'unfair' costs placed on mobile network operatorsNews Annual licence fees, Huawei removal costs, and social media network usage were all highlighted as detrimental to telco success
-
Labour plans overhaul of government's 'anti-innovation' approach to tech regulationNews Labour's shadow innovation minister blasts successive governments' "wholly inadequate" and "wrong-headed" approach to regulation
