We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

New RIP Act rules to speed up investigations

Contested encryption disclosure law takes effect

Law-enforcement agencies gained new powers today to compel individuals and businesses to decrypt data wanted by authorities for investigations.

The measure is in the third part of the RIPA (Regulation of Investigatory Powers Act), legislation passed in 2000 by the UK Parliament to give law enforcement new investigation powers with respect to evolving communication technologies.

The government contends law enforcement more frequently encounters encrypted data, which delays investigations. But RIPA Part III wasn't activated when the act was passed due to the less prevalent use of encryption.

But, as of today, those served with a 'Section 49' notice have to either make decryption keys available or put the data in an intelligible form for authorities. Failure to comply could mean a prison sentence of up to two years for cases not involving national security or five years for those that do.

A Section 49 request must first be approved by a judicial authority, chief of police, the customs and excise commissioner or a person ranking higher than a brigadier or equivalent. Authorities can also mandate that the recipient of a Section 49 request not tell anyone except their lawyer that they have received it.

Critics countered RIPA Part III could put corporate data at risk if mishandled by government officials, although the government wrote a code of practice concerning the handling of encryption keys.

Spy Blog, a website that comments on privacy and data security issues, called on the government to publish regular statistics on the number of Section 49 notices served. The site further called for feedback from organisations served with notices.

The Home Office addresses only one specific type of device and technology in its published guidance on RIPA Part III: the BlackBerry.

Emails sent to a BlackBerry are decrypted on the device, meaning neither BlackBerry-maker Research in Motion nor the wireless operator handling the data transfer are privy to the encryption keys, the Home Office guidance said.

If investigators want encrypted data, they will have to go directly to the device owner, the Home Office said. Also, RIPA Part III only applies to data stored in the UK, so encrypted data that transited through the UK would not fall under the legislation.

IDG UK Sites

Windows 10 for phones UK release date, price and new features: When will my phone get Windows 10?

IDG UK Sites

It's World Backup Day 2015! Don't wait another minute: back up now

IDG UK Sites

Get the free Adobe Comp CC iPad app for rapid layout design

IDG UK Sites

New 13-inch Retina MacBook Pro (early 2015, 2.7GHz) review: Just about the greatest upgrade any...