Two UK residents imprisoned for password offenses

David Heath
Friday, 14 August 2009 09:36

IT Policy - Government Tech Policy

Refuse to give Police your password?  In the UK, you'll go directly to gaol.

Recently, the Chief Surveillance Commissioner tabled his Annual Report to the UK Prime Minister and Scottish Ministers related to covert activity by all public authorities (excluding intelligence organisations) in the United Kingdom for the period 1st April 2008 to 31st March 2009.

In the section of the document related to 'Encryption,' the Chief Commissioner, Sir Christopher Rose, wrote "My Commissioners and Inspectors attended a briefing by the National Technical Assistance Centre (NTAC) regarding the processes and procedures for the investigation of protected electronic information. During the period of this report, NTAC approved 26 applications for the service of a notice under s.49 of RIPA Part III.  Of these 17 went on to obtain permission from a Judge. No permissions were refused and 15 Notices were served.  Eleven individuals failed to comply resulting in seven charges and two convictions. The types of crime under investigation were: counter terrorism, child indecency and domestic extremism."

In other words, during this period, two people were sent to gaol for refusing to reveal a password or encryption key, which MIGHT have covered evidence of child indecency or terrorism.

This gaoling was based on the Regulation of Investigatory Powers Act (RIPA) 2000 which provides for sentences of up to five years for refusal, upon authorised request, to provide passwords or encryption keys.

One can only assume that if the material you refuse to expose would attract a greater sentence, this may-well be a good deal to take.