Menu
UK court declines to force alleged British hacker to decrypt his data

UK court declines to force alleged British hacker to decrypt his data

A judge tells the National Crime Agency to use the proper procedure if it wants the suspect's password

The U.K.'s National Crime Agency (NCA) failed in its attempt to use what critics described as a legal backdoor to force a suspected hacker to provide the decryption key for data on multiple devices.

Lauri Love, 31, was arrested by U.K. authorities in 2013 under suspicion of hacking into computers belonging to multiple U.S. government agencies including NASA, the FBI, the Federal Reserve, and the Army.

Love is the subject of separate indictments in courts in New Jersey, New York, and Virginia and faces extradition to the U.S. An extradition hearing is scheduled for the end of June.

When Love was arrested in 2013, the U.K. police also seized electronic equipment from his home, including two laptops, a hard disk drive, and an SD card. Love was later released, and the NCA decided not to press any charges in the U.K., but kept some of his devices holding encrypted data.

Love wants those devices back and has filed a civil application under the U.K.'s Police (Property) Act 1897 to recover them. During his application's pre-trial proceedings, the NCA asked the judge to use the court's "good case management" powers to direct Love to provide the encryption key or password for the data stored on three hardware devices.

In the U.K., police have the power to request passwords and decryption keys from suspects under section 49 of Part III of the Regulation of Investigatory Powers Act 2000 (RIPA). Failure to comply with such requests can be prosecuted and carries a prison sentence. However, RIPA also has safeguards, including human rights ones, for recipients of section 49 notices.

In fact, the NCA did serve a RIPA notice on Love in February 2014 requesting that he provide the password to decrypt the data. Love declined, saying that he had no information to give, and the NCA decided not to enforce the notice.

District Judge Nina Tempia declined the NCA's new request.

"After reading the papers and hearing from the parties, I am not granting the application because in order to obtain the information sought the correct procedure to be used, as the NCA did two and a half years ago, is under section 49 RIPA, with the inherent [Human Rights Act] safeguards incorporated therein," Tempia, of the Magistrate's Court, said in her ruling on Tuesday.

The case is important because had the judge accepted the NCA's request to order Love to produce the decryption key, it would have set a dangerous precedent, allowing police in the U.K. to bypass the few protections that exist for suspects to protect their passwords, some privacy advocates said.

"By requesting a direction as part of the civil application, the National Crime Agency is seeking to sidestep the RIPA scheme and effectively circumvent ... safeguards and the protections of the Code of Practice," legal journalist David Allen Green said in a blog post.

The ruling has no direct bearing on Love's extradition proceedings but might complicate the efforts of U.S. prosecutors if they counted on the NCA recovering evidence from Love's devices.

There's a parallel case in the U.S., where the FBI tried to force Apple to decrypt a seized iPhone using the provisions of a 1789 law called the All Writs Act. Critics argued the law was not intended to be used in this way.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments