Saturday, 19 January 2008

Crypto laws

MoD to be quizzed over lost data (BBC News, Saturday, 19 January 2008)

The RIP Act Part III came into effect in October 2007. One of the implications is that one can be convicted to a two-year jail sentence for failure to hand over the key to encrypted data in ones possession. If there is a suspicion of involvement in terrorism (whether corroborated by evidence or not), the sentence is up to five years.

As to a judge unwillingness to hand over a key is indistinguishable from inability to hand over a key (passwords are forgotten all the time), this basically means anyone can be jailed for having a bad memory. It is hard to think of a stronger discouragement from using encryption.

Is it a coincidence then that shortly after October 2007, there was a substantial increase in the number of leaks of unencrypted confidential data?

No comments: