British Hacker Wins Court Battle Over Encryption Keys
By Ryan Gallagher
A British court on Tuesday rejected an attempt by security agents to force an alleged hacker to hand over his encryption keys.
Thirty-one-year-old Lauri Love has been accused by U.S. authorities of hacking into U.S. government networks between 2012 and 2013, including those of the Department of Defense, the Environmental Protection Agency, the Department of Energy, and NASA.
In October 2013, the U.K.’s equivalent of the FBI, the National Crime Agency, raided Love’s home and seized his computers and hard drives. But some of the devices contained encrypted data, meaning the agency could not access it.
Initially the British authorities served Love with an order under Section 49 of the U.K’s controversial Regulation of Investigatory Powers Act, which demanded that he hand over his passwords to open encrypted files stored on the devices. He declined to comply, and the National Crime Agency did not push the issue; Love was not charged with an offense under any British laws.
However, when Love recently launched a civil case seeking the return of his computers and storage devices, the agency renewed its encryption demand, and attempted to turn the civil proceedings around on him by using them as new means to get a judge to order Love to disclose his passwords and encryption keys. Investigators refused to return Love’s computers and hard drives on the basis that they claimed the devices could contain data that he did not have legitimate “ownership” of – for instance, hacked files. The authorities stated that if Love wanted to get his devices back, he would have to first turn over his passwords and show what was contained on them.
As The Intercept previously reported, civil liberties campaigners were alarmed by this development, because it seemed to be an effort to bypass the normal procedure under the Regulation of Investigatory Powers Act, which includes safeguards against abuse. The campaigners feared that, if successful, the case would set a new precedent that could have had implications for journalists, activists, and others who need to guard confidential information, potentially making it easier in the future for British police and security agencies to gain access to, or to seize and retain, encrypted material.
On Tuesday, at Westminster Magistrates’ Court in London, judge Nina Tempia ruled in Love’s favor. Tempia said that she was “not persuaded” by the National Crime Agency’s argument that Love should be compelled to disclose his passwords and encryption keys to prove his ownership of the data. She also took a swipe at the agency’s attempt to “circumvent” the Regulation of Investigatory Powers Act, which she described as the “specific legislation that has been passed in order to deal with the disclosure sought.”
Karen Todner, Love’s attorney, welcomed the decision. “The case raised important issues of principle in relation to the right to respect for private life and right to enjoyment of property and the use of the Court’s case management powers,” Todner said in a statement. A ruling in the authorities’ “favor would have set a worrying precedent for future investigations of this nature and the protection of these important human rights.”
A spokeswoman for the National Crime Agency declined to comment, citing an ongoing investigation and judicial proceedings.
It has not yet been determined whether Love will be able to get his seized devices back. The next hearing in his civil case has been set for July. Moreover, the U.S. Justice Department is still seeking Love’s extradition on hacking charges.
Love, who has been diagnosed with Asperger’s syndrome, argues that he would not get a fair trial in the U.S., where his legal team says he could face a sentence of up to 99 years in prison. He has vowed to fight the extradition and says, whatever happens, he won’t give up his encryption keys. “There will be no decryption,” he declared Tuesday, standing outside the courtroom following the judgment.
“If they’d ruled in the other way it would have been very concerning for anyone who has to store sensitive information, especially people with obligations to clients, people under their care in terms of their confidentiality,” he said.
Love, who turned up late for the hearing wearing a black suit jacket, white shirt and sneakers, was pleased with the outcome. “It’s a victory,” he said, “it’s an avoidance of a disaster.”
Sign up for The Intercept Newsletter here.
The post British Hacker Wins Court Battle Over Encryption Keys appeared first on The Intercept.
May 10, 2016 at 04:42PM
via The Intercept http://ift.tt/1XjpQNF