from the see-smoke,-presume-arson dept
British hacker Lauri Love stands accused of causing "millions of dollars" in damages to US government computers -- charges he's been facing for more than two years. These charges originate in the US, but it's the UK that's been trying to get Love to give up his encryption keys for the past couple of years.
Under RIPA (Regulation of Investigatory Powers Act of 2000), the UK government can charge Love with "failure to cooperate" by refusing to comply with the order to decrypt files. To date it has not done so, despite Love blowing off its demands since the middle of February 2014.
The only charges Love is facing have been levied by the US Department of Justice. He has fought extradition for the past couple of years and the UK government has yet to make any progress on that front. However, UK law enforcement has stepped up its efforts to force Love to turn over passwords and keys. J.M. Porup at Ars Technica has seen a copy of the request and has more details.
In the NCA's submission to the court, which Ars has seen a copy of, the government demanded that Love turn over the passwords and encryption keys to his confiscated devices. The devices in question include a Samsung laptop, a Fujitsu Siemens laptop, a Compaq computer tower, an SD card, and a Western Digital hard drive. The NCA in particular wants Love to decrypt TrueCrypt files on the SD card and external drive.This seems like a very severe demand from the National Crime Authority, considering it still hasn't -- despite two years and two arrests -- seen fit to bring criminal charges against Love. This is also its second attempt -- one using a separate legal authority (not RIPA Section 49, as was used earlier) -- to compel Love to comply with its demands.
Meanwhile, Love is (logically) suing the UK government for the return of his devices.
Love's argument in his civil case is that if the police aren't going to charge him with a crime, they should return his property. "The problem is that the NCA are effectively arguing that any information that cannot be read and comprehended by the police has a presumption of guilt," Love told Ars in an e-mailed statement.As Love points out, equating encryption with guilt has severe ramifications for anyone who uses it.
"This has clear and troubling implications for groups that handle sensitive communications or other data—journalists, advocates, activists and whistleblowers, and members of the legal profession.The NCA claims it wants Love to decrypt his devices so he can prove his ownership of any information or data found on them -- which allegedly includes pirated film and documents obtained (without permission) for US government websites. Love sees this as nothing more than the NCA trying to help out its American counterparts by using the UK's more permissive laws to obtain information about Love's hacking activities. And, it must be pointed out again -- the NCA wants to force the uncharged Love to crack open his devices so it can find something to charge him with.
"An executive body of the state is saying that any information to which they are not privy... cannot be owned and kept securely but instead confiscated and access denied," Love added. "This is a fundamental reversal of rights and the potential for abuse is alarming."
Maybe there's something incriminating stored on Love's computers. Maybe not. But either way, UK law enforcement is working backwards from a presumption of guilt. And it's basing this all on things it can't see. This belief system is similar to that held by many law enforcement agencies, which have spent much of the last few months claiming an encrypted phone is a "guilty" phone in front of judges, Congress and to members of the media.