Menu
UK court declines to force alleged British hacker to decrypt his data

UK court declines to force alleged British hacker to decrypt his data

A judge tells the National Crime Agency to use the proper procedure if it wants the suspect's password

The U.K.'s National Crime Agency (NCA) failed in its attempt to use what critics described as a legal backdoor to force a suspected hacker to provide the decryption key for data on multiple devices.

Lauri Love, 31, was arrested by U.K. authorities in 2013 under suspicion of hacking into computers belonging to multiple U.S. government agencies including NASA, the FBI, the Federal Reserve, and the Army.

Love is the subject of separate indictments in courts in New Jersey, New York, and Virginia and faces extradition to the U.S. An extradition hearing is scheduled for the end of June.

When Love was arrested in 2013, the U.K. police also seized electronic equipment from his home, including two laptops, a hard disk drive, and an SD card. Love was later released, and the NCA decided not to press any charges in the U.K., but kept some of his devices holding encrypted data.

Love wants those devices back and has filed a civil application under the U.K.'s Police (Property) Act 1897 to recover them. During his application's pre-trial proceedings, the NCA asked the judge to use the court's "good case management" powers to direct Love to provide the encryption key or password for the data stored on three hardware devices.

In the U.K., police have the power to request passwords and decryption keys from suspects under section 49 of Part III of the Regulation of Investigatory Powers Act 2000 (RIPA). Failure to comply with such requests can be prosecuted and carries a prison sentence. However, RIPA also has safeguards, including human rights ones, for recipients of section 49 notices.

In fact, the NCA did serve a RIPA notice on Love in February 2014 requesting that he provide the password to decrypt the data. Love declined, saying that he had no information to give, and the NCA decided not to enforce the notice.

District Judge Nina Tempia declined the NCA's new request.

"After reading the papers and hearing from the parties, I am not granting the application because in order to obtain the information sought the correct procedure to be used, as the NCA did two and a half years ago, is under section 49 RIPA, with the inherent [Human Rights Act] safeguards incorporated therein," Tempia, of the Magistrate's Court, said in her ruling on Tuesday.

The case is important because had the judge accepted the NCA's request to order Love to produce the decryption key, it would have set a dangerous precedent, allowing police in the U.K. to bypass the few protections that exist for suspects to protect their passwords, some privacy advocates said.

"By requesting a direction as part of the civil application, the National Crime Agency is seeking to sidestep the RIPA scheme and effectively circumvent ... safeguards and the protections of the Code of Practice," legal journalist David Allen Green said in a blog post.

The ruling has no direct bearing on Love's extradition proceedings but might complicate the efforts of U.S. prosecutors if they counted on the NCA recovering evidence from Love's devices.

There's a parallel case in the U.S., where the FBI tried to force Apple to decrypt a seized iPhone using the provisions of a 1789 law called the All Writs Act. Critics argued the law was not intended to be used in this way.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments