« Recommended Listening | Main | Iain Dale as a Hooker? With me as sloppy seconds? »

Don't tell them your PIN, Pike.

UK police can now force you to reveal decryption keys | The Register

The Regulation of Investigatory Powers Act (RIPA) has had a clause activated which allows a person to be compelled to reveal a decryption key. Refusal can earn someone a five-year jail term.
The measure has been criticised by civil liberties activists and security experts who say that the move erodes privacy and could lead a person to be forced to incriminate themselves.

It is also controversial because a decryption key is often a long password – something that might be forgotten. An accused person might pretend to have forgotten the password; or he might genuinely have forgotten it but struggle to convince a court to believe him.

Controversially, someone who receives a Section 49 notice can be prevented from telling anyone apart from their lawyer that they have received such a notice.

Five years for forgetting a password? I'm stuffed, I can't even recall my PIN without my sooper secret system and even then, despite using the same one for 25 years, sometimes I'm left gormless at the ATM trying to recall how many days there are in February and March with the queue growing impatiently restless behind me.


I would not give them this data as a matter of principle. Soon, no honourable Englishman will be able to remain out of jail. Maybe that's the Government's plan? To leave all the scum on the outside, while ensuring that decent people are safely behind bars? It might work better than current Home Office policy, which leaves us all on the outside, coping with each other while the police lurk behind their Health & Safety officers.

So you're skint every leap year?

It's slightly worse than that.

I can send you an encrypted file and when it is found on your system, even after you have deleted it as spam, you still face your five years for failing to decrypt it.

So it's less about forgetting a key and more about not decrypting a key.

So much for innocent until proven guilty. We are all guilty.

I have encrypted information on my computer and I make no attempt to hide that fact. None of the information is illegal but I don't want the police rifling through it. What I am doing is going to a lot of the websites I am registered at and activating the forgotten password links on a regular basis and retaining the information on the computer so that is it ever comes to a time I have to hand over decrytpion keys I can say 'I have forgotten it' and have the evidence of such forgetfulness on the computer.

Post a comment