A 19-year old from Liverpool has been incarcerated for refusing to reveal his password. His computer was protected with data encryption, and under UK laws (RIPA, specifically), it’s a crime not to produce the password to encrypted information under a court order.
Odd Story All Around
The teenager/man (the BBC article equivocates, referring to the person as a man and as a teenager. I guess pigeonholing a 19-year old is kinda hard) was originally arrested for something or other related to “child sexual exploitation.” Makes one wonder, why wasn’t he jailed for that? I mean, if they arrested him, it was because they had evidence, no?
Another odd detail is that the police know it’s a 50-character password. How do they know that? Did the teenager/man tell them this? If so, why? Was this guy bragging he could remember a 50-character password? Or perhaps taunting the police? A 50-character password would be pretty impossible to break in this particular lifetime.
The story raises more questions than it answers.
Regulation of Investigatory Powers Act (RIPA)
I’ve already covered RIPA on this blog before. (Why RIPA is controversial)
Like then, I must raise the issue of whether this makes sense. And, it doesn’t. I mean, there must have been something that prompted the authorities to go after this guy. The arrest charge of child exploitation is not a light one. And now the guy gets 16 weeks in jail for not revealing a password? What about all the other stuff the authorities collected to make the arrest?
I guess you could say, “well, the evidence is in the computer, so that’s why they need the password, stooopid!”
I would argue, “well, something must have prompted the authorities to go after this guy and arrest him, and then try to look into his computer, so why can’t they use whatever prompted them in the first place?” I mean, you’ve arrested a guy on grounds of having child porn (I’m assuming it from the story; what else could it be, though?) but you’re jailing him over a password.
Isn’t that like jailing a highway serial killer for hitchhiking?
At Preston Crown Court, Drage [ the teenager/man] pleaded not guilty to failing to disclose an encryption key – an offence covered by the Regulation of Investigatory Powers Act 2000.
At his trial in September a jury took less than 15 minutes to find him guilty of the offence and following social enquiry reports Drage has been sentenced to 16 weeks in a Young Offenders Institution.[clicklancanshire.com]
This story is so sad. How does one plead not guilty to not revealing a password? You either do it or you don’t.
The silver-lining in the cloud? This pretty much confirms the fact that encryption software does work. That it is hard to break or crack it. You’d be surprised at how many people claim otherwise as an argument for not using encryption.