(Dieser Artikel ist auch in deutscher Sprache verfügbar)

Two persons were denied by the court the right to silence in relation to the encryption key they were asked to reveal to the police.

The men had brought as argument to the court that handing over the encrypted key for the data in their computers would mean forcing them to incriminate themselves. Defendants have a right to silence and to refuse to divulge information that could be used as evidence against them.

The Court of Appeal however considered that an encryption password is not incriminating information in itself and that the key as well as the information in the computers existed independently from the men just like any key to a drawer and its content.

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The controversial Part 3 of the Regulation of Investigatory Powers Act (RIPA) in UK is in force starting with 1 October 2007. This new regulation gives the power to police forces to ask for the disclosure of encryption keys, or force suspects to decrypt encrypted data.

RIPA was adopted in 2000, but Part 3 was not in force until last year when the UK government has started a public consultation on its enforcement. Despite the negative comments received from the security experts and the major concerns that the adoption of such a measure will push businesses outside UK, the authorities decided to uphold their initial position and to apply the law starting with 1 October 2007.

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The Scrambling for Safety 8 focused on the UK Home Office consultations over plans to give the police powers to require the production of decryption keys and of plaintext. The Home Office produced a draft code of practice on government access to "communications data" - phone numbers and e-mail addresses contacted, web sites visited, locations of mobile phones etc.

About 100 representatives of the Government, industry, academia and civil society discussed privacy and security issues related to these consultations.

The police representatives used the event to defend their draft. They considered the encryption was used more and more to hide evidences and argued that these new provisions might be used only in connection with other

The UK Home Office is planning to implement Part 3 of the Regulation of Investigatory Powers Act (RIPA). That would allow the police forces to ask for the disclosure of encryption keys, or force suspects to decrypt encrypted data.

RIPA was promoted in 2000, but until now the officials have not implement Part 3. There were still voices that considered that parts I and III of the Act should be reviewed to consider whether the Act was effective in meeting its aims. However, until now, the Act has remained in its initial form .

The Home Office have indicated that a consultation will be launched on the 5th June. It is expected that this will say that the Part 3 is needed to fight against an increased usage of encryption by criminals, paedophiles, and terrorists.

The Home Office minister of state, Liam Byrne, told Parliament last week

The Czech Lower House recently approved of a law introducing a new Penal Code, including a ratification of the Cybercrime convention.

The original version, prepared by the Ministry of Justice, contained a provision that would criminalise hacking and cracking IT systems, but due to misguided and very unclear wording it also criminalised legitimate activities such a cryptography, IT security testing etcetera.

The vagueness of the new law would have posed a serious threat of arbitrary criminalisation of legitimate activities and legal uncertainty in general.

Together with a coalition of crypto-analysts, EDRI-observer IuRe was successful in suggesting amendments of the proposal, basing it more literally on the text of the Convention.

The Senate still has to approve of the law, but nobody expects any challenges to the revised and improved provision.

The Dutch minister of Justice Donner has answered parliamentary questions about the introduction of a commercially available crypto-GSM.

The Cryptophone was developed in the Netherlands and is sold through a German company. The device is a combined GSM and organiser running Windows Pocket PC. The Cryptophone uses open-source software that encrypts the call when connecting to another device of its kind. The phone should make it impossible for any third-party, including the phone company and police, to listen in to the call.

The Dutch Christian-Democrat Member of Parliament Haersma-Buma asked government to forbid the phones, since they can make it impossible for police to use the information from a wiretapped mobile phone call. Dutch police relies heavily on phone interception with an estimated 12.000 phone taps per year. This number is higher then in any other European country or even the US (not counting the unknown number of taps by any intelligence service).

On 14 January 2004 the Dutch scientist Bert Jaap Koops, working for the information law department of the University of Tilburg, released an update of his extensive Crypto Law Survey, a unique collection of worldwide resources about cryptography and the law. The new version contains updates about the legal situation of cryptography in 6 European countries:

 - Belgium (current state of Program Act)
 - Italy (radio-amateur law)
 - Lithuania (export and import controls, no domestic law)
 - Netherlands (no TTP law)
 - Spain (new Telecommunications Act)
 - Switzerland (radio-traffic law)

Crypto Law Survey, version 22.0 (14.01.2004)
http://rechten.uvt.nl/koops/cryptolaw/

Koops' thesis on 'The Crypto Controversy' is now also available online full-text in PDF. The Crypto Controversy gives an overview of the crypto problems for law-enforcement and their 'solutions'.

The presentation of a crypto mobile telephone has stirred some controversy in the Netherlands. The Cryptophone has been developed in the Netherlands and is sold through a German company. The device is a combined GSM and organiser running Windows Pocket PC. The software encrypts the call when connecting to another Cryptophone. The Cryptophone should make it impossible for any third-party, including the phone company and police, to listen to the call.

The Dutch christian-democrat Member of Parliament Haersma-Buma has asked the Dutch government if there is a possibility of forbidding the phones, since they can make it impossible for police to use the information from a wiretapped mobile phone call. Dutch police relies heavily on phone interception with an estimated 12.000 phone taps per year. This number is

A proposal to modify the Spanish telecommunication law threatens the free use of cryptography.

The current General Law of Telecommunications (Ley General de Telecomunicaciones (LGT) already puts some restrictions on the use of cryptography. The second part of article 52 ('Cifrado en las redes y servicios de telecomunicaciones', that is, network encryption and telecommunication services) says:

"Encryption is a security instrument for information. Among its conditions of use, when it is used to protect the confidentiality of information, an obligation may be imposed to notify either a General Administration State authority or a public one of the algorithms or any other encryption procedure used, in order to control it according to the law. This obligation will affect developers that include encryption in their equipment or software, the operators that include it in networks or in specific services and users that make use of it."

France has started the process of implementing the European Directive on Electronic Commerce. The draft text of the Digital Economy Law ("Loi relative à l'économie numérique" or LEN in French) deals with ISP liability, electronic contracts and unsolicited commercial emails, cryptography, cybercrime, and satellite systems. Among them, the most controversial provisions are those concerning cryptography, cybercrime and ISP liability.

Cryptography

Providers of cryptography services should provide upon request decryption keys to authorised agents named by the Prime Minister. The penalty for not complying with this obligation is a 2 years jail sentence and a fine of EUR 30,000. When a crime or offence is suspected, the public prosecutor or a judge may ask any expert to decrypt data. If the incurred penalty exceeds a 2 years prison sentence, military staff may be asked for help. In that case, the decryption method and process would be kept secret, making it very difficult for defence lawyers to question the outcome. The last provision states that anyone having access to decryption keys should provide them. The keys should be provided upon judicial request when cryptography is used for commission, preparation, or facilitation of a suspected crime or offence. The penalty is very high again: a jail sentence of 3 years and a fine of EUR 45,000.