Consultation has begun on the introduction of a law that will allow the Police to force suspects to release the keys to decode encrypted communications.
Part Three of the Regulation of Investigatory Powers Act allows suspects to be thrown in the clink for two years if they refuse to hand over keys that would allow the decryption of dodgy-looking communications.
There are a number of problems with the proposed rules. Number one is the civil liberties issue - should the government have the right to access any of our private communications? Some would argue that the greater good of preventing terrorism and serious crime outweighs our right to privacy. However, the problem with the act is that it defines terrorism so widely as to basically include anybody protesting or campaigning on an issue that the Government does not agree with.
Number two is the enforcement of the proposed rules. How can you prove
that someone is witholding a key? If you were a suspect, why not just say you'd lost it? More to the point, many encryption standards use one-time keys that rotate, meaning that not even the original parties are able to decode the communication once it's finished. Modern encryption has moved far beyond the point at which it's a simple case of handing over a password to decrypt a series of communications.
The more general issue is the problems caused by the widespread availability to punters of encryption that is, to all intents and purposes, unbreakable. Is this a good thing? Whilst it provides privacy for citizens, it also provides cover to criminals. Should the Government be making strong crypto illegal? The problem with that is that it would prevent many institutions doing business in the UK - how could you persuade a bank not to use strong crypto on its multi-million-pound transactions?
There's a full write-up on the issue over at Cnet
. Have a read, then let us know what you think over in the forums.