The government has revived plans to give the police
powers to demand encryption keys from individuals and
businesses.
Home office minister Liam Byrne told parliament that the Home
Office intended to enforce measures in the Regulation of
Investigatory Powers (RIP) Act that require disclosure.
“Encryption products are more widely available and are
integrated as security features in standard operating systems, so
the government has concluded that the time is now right to
implement the provisions of part 3 of the RIP Act,” Byrne told the
Commons.
The move has raised concerns among some security specialists,
who fear it will pose practical difficulties for banks and other
businesses that use encrypted communications.
Peter Sommer of the London School of Economics said the
proposals would be impractical for businesses that rely on
temporary session keys to transmit data, unless they redesigned
their systems to record and store all the keys. “Banks would have
to set up complex infrastructure to comply,” he said.
The RIP Act introduced statutory powers to force disclosure of
encryption keys when it was introduced in 2000, but ministers have
delayed the regulations and code of practice needed to implement
the powers.