Menu
UK court declines to force alleged British hacker to decrypt his data

UK court declines to force alleged British hacker to decrypt his data

A judge tells the National Crime Agency to use the proper procedure if it wants the suspect's password

The U.K.'s National Crime Agency (NCA) failed in its attempt to use what critics described as a legal backdoor to force a suspected hacker to provide the decryption key for data on multiple devices.

Lauri Love, 31, was arrested by U.K. authorities in 2013 under suspicion of hacking into computers belonging to multiple U.S. government agencies including NASA, the FBI, the Federal Reserve, and the Army.

Love is the subject of separate indictments in courts in New Jersey, New York, and Virginia and faces extradition to the U.S. An extradition hearing is scheduled for the end of June.

When Love was arrested in 2013, the U.K. police also seized electronic equipment from his home, including two laptops, a hard disk drive, and an SD card. Love was later released, and the NCA decided not to press any charges in the U.K., but kept some of his devices holding encrypted data.

Love wants those devices back and has filed a civil application under the U.K.'s Police (Property) Act 1897 to recover them. During his application's pre-trial proceedings, the NCA asked the judge to use the court's "good case management" powers to direct Love to provide the encryption key or password for the data stored on three hardware devices.

In the U.K., police have the power to request passwords and decryption keys from suspects under section 49 of Part III of the Regulation of Investigatory Powers Act 2000 (RIPA). Failure to comply with such requests can be prosecuted and carries a prison sentence. However, RIPA also has safeguards, including human rights ones, for recipients of section 49 notices.

In fact, the NCA did serve a RIPA notice on Love in February 2014 requesting that he provide the password to decrypt the data. Love declined, saying that he had no information to give, and the NCA decided not to enforce the notice.

District Judge Nina Tempia declined the NCA's new request.

"After reading the papers and hearing from the parties, I am not granting the application because in order to obtain the information sought the correct procedure to be used, as the NCA did two and a half years ago, is under section 49 RIPA, with the inherent [Human Rights Act] safeguards incorporated therein," Tempia, of the Magistrate's Court, said in her ruling on Tuesday.

The case is important because had the judge accepted the NCA's request to order Love to produce the decryption key, it would have set a dangerous precedent, allowing police in the U.K. to bypass the few protections that exist for suspects to protect their passwords, some privacy advocates said.

"By requesting a direction as part of the civil application, the National Crime Agency is seeking to sidestep the RIPA scheme and effectively circumvent ... safeguards and the protections of the Code of Practice," legal journalist David Allen Green said in a blog post.

The ruling has no direct bearing on Love's extradition proceedings but might complicate the efforts of U.S. prosecutors if they counted on the NCA recovering evidence from Love's devices.

There's a parallel case in the U.S., where the FBI tried to force Apple to decrypt a seized iPhone using the provisions of a 1789 law called the All Writs Act. Critics argued the law was not intended to be used in this way.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments