The government has revived plans to give the police powers to demand encryption keys from individuals and businesses.
Home office minister Liam Byrne told parliament that the Home Office intended to enforce measures in the Regulation of Investigatory Powers (RIP) Act that require disclosure.
“Encryption products are more widely available and are integrated as security features in standard operating systems, so the government has concluded that the time is now right to implement the provisions of part 3 of the RIP Act,” Byrne told the Commons.
The move has raised concerns among some security specialists, who fear it will pose practical difficulties for banks and other businesses that use encrypted communications.
Peter Sommer of the London School of Economics said the proposals would be impractical for businesses that rely on temporary session keys to transmit data, unless they redesigned their systems to record and store all the keys. “Banks would have to set up complex infrastructure to comply,” he said.
The RIP Act introduced statutory powers to force disclosure of encryption keys when it was introduced in 2000, but ministers have delayed the regulations and code of practice needed to implement the powers.