Key disclosure law

Last updated

Key disclosure laws, also known as mandatory key disclosure, is legislation that requires individuals to surrender cryptographic keys to law enforcement. The purpose is to allow access to material for confiscation or digital forensics purposes and use it either as evidence in a court of law or to enforce national security interests. Similarly, mandatory decryption laws force owners of encrypted data to supply decrypted data to law enforcement. [1]

Contents

Nations vary widely in the specifics of how they implement key disclosure laws. Some, such as Australia, give law enforcement wide-ranging power to compel assistance in decrypting data from any party. Some, such as Belgium, concerned with self-incrimination, only allow law enforcement to compel assistance from non-suspects. Some require only specific third parties such as telecommunications carriers, certification providers, or maintainers of encryption services to provide assistance with decryption. In all cases, a warrant is generally required.

Theory and countermeasures

Mandatory decryption is technically a weaker requirement than key disclosure, since it is possible in some cryptosystems to prove that a message has been decrypted correctly without revealing the key. For example, using RSA public-key encryption, one can verify given the message (plaintext), the encrypted message (ciphertext), and the public key of the recipient that the message is correct by merely re-encrypting it and comparing the result to the encrypted message. Such a scheme is called undeniable, since once the government has validated the message they cannot deny that it is the correct decrypted message. [2]

As a countermeasure to key disclosure laws, some personal privacy products such as BestCrypt, FreeOTFE, and TrueCrypt have begun incorporating deniable encryption technology, which enable a single piece of encrypted data to be decrypted in two or more different ways, creating plausible deniability. [3] [4] Another alternative is steganography, which hides encrypted data inside of benign data so that it is more difficult to identify in the first place.

A problematic aspect of key disclosure is that it leads to a total compromise of all data encrypted using that key in the past or future; time-limited encryption schemes such as those of Desmedt et al. [2] allow decryption only for a limited time period.

Criticism and alternatives

Critics of key disclosure laws view them as compromising information privacy, [1] by revealing personal information that may not be pertinent to the crime under investigation, as well as violating the right against self-incrimination and more generally the right to silence, in nations which respect these rights. In some cases, it may be impossible to decrypt the data because the key has been lost, forgotten or revoked, or because the data is actually random data which cannot be effectively distinguished from encrypted data.

A proactive alternative to key disclosure law is key escrow law, where the government holds in escrow a copy of all cryptographic keys in use, but is only permitted to use them if an appropriate warrant is issued. Key escrow systems face difficult technical issues and are subject to many of the same criticisms as key disclosure law; they avoid some issues like lost keys, while introducing new issues such as the risk of accidental disclosure of large numbers of keys, theft of the keys by hackers or abuse of power by government employees with access to the keys. It would also be nearly impossible to prevent the government from secretly using the key database to aid mass surveillance efforts such as those exposed by Edward Snowden. [1] The ambiguous term key recovery is applied to both types of systems.

Legislation by nation

This list shows only nations where laws or cases are known about this topic.

Antigua and Barbuda

The Computer Misuse Bill, 2006, Article 21(5)(c), if enacted, would allow police with a warrant to demand and use decryption keys. Failure to comply may incur "a fine of fifteen thousand [East Caribbean] dollars" and/or "imprisonment for two years." [5]

Australia

The Cybercrime Act 2001 No. 161, Items 12 and 28 grant police with a magistrate's order the wide-ranging power to require "a specified person to provide any information or assistance that is reasonable and necessary to allow the officer to "access computer data that is "evidential material"; this is understood to include mandatory decryption. Failing to comply carries a penalty of 6 months' imprisonment. Electronic Frontiers Australia calls the provision "alarming" and "contrary to the common law privilege against self-incrimination." [6]

The Crimes Act 1914, 3LA(5) "A person commits an offence if the person fails to comply with the order. Penalty for contravention of this subsection: Imprisonment for 2 years." [7]

Belgium

The Loi du 28 novembre 2000 relative à la criminalité informatique (Law on computer crime of 28 November 2000), Article 9 allows a judge to order the authorities to search the computer systems and telecommunications providers to provide assistance to law enforcement, including mandatory decryption, and to keep their assistance secret; but this action cannot be taken against suspects or their families. [8] [9] Failure to comply is punishable by 6 months to 1 year in jail and/or a fine of 130 to 100,000 euros.

Cambodia

Cambodia promulgated its Law on Electronic Commerce on 2 November 2019, after passage through legislature and receiving consent from the monarch, becoming the last among ASEAN states to adopt a domestic law governing electronic commerce. [10] Article 43 of the statute prohibits any encryption of evidence in the form of data that could lead to an indictment, or any evidence in an electronic system that relates to an offense. [11] This statutory obligation may imply that authorities could order decryption of any data implicated in an investigation. [12] While remaining untested in courts, this obligation actively contradicts an accused person's procedural right against self-incrimination as provided under Article 143 of the Code of Criminal Procedure. [13]

Canada

In Canada key disclosure is covered under the Canadian Charter of Rights and Freedoms section 11(c) which states "any person charged with an offence has the right not to be compelled to be a witness in proceedings against that person in respect of the offence;" [14] and protects the rights of individuals that are both citizens and non-citizens of Canada as long as they are physically present in Canada. [15]

In a 2010 Quebec Court of Appeal case the court stated that a password compelled from an individual by law enforcement "is inadmissible and that renders the subsequent seizure of the data unreasonable. In short, even had the seizure been preceded by judicial authorization, the law will not allow an order to be joined compelling the respondent to self-incriminate." [16]

In a 2019 Ontario court case (R v. Shergill), the defendant was initially ordered to provide the password to unlock his phone. However, the judge concluded that providing a password would be tantamount to self-incrimination by testifying against oneself. As a result, the defendant was not compelled to provide his password. [17]

Czech Republic

In the Czech Republic there is no law specifying obligation to issue keys or passwords. [18] Law provides protecting against self-incrimination, including lack of penalization for refusing to answer any question which would enable law enforcement agencies to obtain access to potential evidence, which could be used against testifying person. [19]

Finland

The Coercive Measures Act (Pakkokeinolaki) 2011/806 section 8 paragraph 23 [20] requires the system owner, its administrator, or a specified person to surrender the necessary "passwords and other such information" in order to provide access to information stored on an information system. The suspect and some other persons specified in section 7 paragraph 3 that cannot otherwise be called as witnesses are exempt from this requirement.

France

Loi no 2001-1062 du 15 novembre 2001 relative à la sécurité quotidienne, article 30 (Law #2001-1062 of 15 November 2001 on Community Safety) allows a judge or prosecutor to compel any qualified person to decrypt or surrender keys to make available any information encountered in the course of an investigation. Failure to comply incurs three years of jail time and a fine of €45,000; if the compliance would have prevented or mitigated a crime, the penalty increases to five years of jail time and €75,000. [21]

Germany

The German Code of Criminal Procedure grants a suspect the right to deny cooperation in an investigation that may lead to incriminating information to be revealed about themselves. For private usage is no legal basis that would compel a suspect to hand over any kind of cryptographic key due to this nemo tenetur principle. [22]

There are different laws (tax, crime, etc.) stating that companies must ensure this data is readable by the government. This includes the need to disclose the keys or unencrypted content as and when required.

Iceland

In Iceland there is no law specifying obligation to issue keys or passwords.[ citation needed ]

India

Section 69 of the Information Technology Act, as amended by the Information Technology (Amendment) Act, 2008, empowers the central and state governments to compel assistance from any "subscriber or intermediary or any person in charge of the computer resource" in decrypting information. [23] [24] Failure to comply is punishable by up to seven years' imprisonment and/or a fine.

Ireland

Section 7(4)(b) of the Criminal Justice (Offences Relating to Information Systems) Act 2017 allows a member of the Garda Síochána or other persons as deemed necessary (via a search warrant issued by a judge of the District Court (Section 7(1))) to demand the disclosure of a password to operate a computer and any decryption keys required to access the information contained therein. [25]

7(4) A member acting under the authority of a search warrant under this section may—

(a) operate any computer at the place that is being searched or cause any such computer to be operated by a person accompanying the member for that purpose, and

(b) require any person at that place who appears to the member to have lawful access to the information in any such computer—

(i) to give to the member any password necessary to operate it and any encryption key or code necessary to unencrypt the information accessible by the computer, immediate data destruction

(ii) otherwise to enable the member to examine the information accessible by the computer in a form in which the information is visible and legible, or

(iii) to produce the information in a form in which it can be removed and in which it is, or can be made, visible and legible.

New Zealand

As of 2016 New Zealand Customs was seeking power to compel key disclosure. [26] Although New Zealand may not have a key disclosure law, they have since enforced penalties against travelers unwilling to unlock mobile devices when compelled to do so by officials. [27]

Poland

In relatively few known cases in which police or prosecutor requested cryptographic keys from those formally accused and these requests were not fulfilled, no further consequences were imposed on the accused. There's no specific law in this matter, as e.g. in the UK. It is generally assumed that the Polish Criminal Procedure Code (Kodeks Postępowania Karnego Dz.U. 1997 nr 89 poz. 555.) provides means of protecting against self-incrimination, including lack of penalization for refusing to answer any question which would enable law enforcement agencies to obtain access to potential evidence, which could be used against testifying person. [28]

South Africa

Under the RICA Act of 2002, refusal to disclose a cryptographic key in one's possession could result in a fine up to ZAR 2 million or up to 10 years' imprisonment. This requires a judge to issue a decryption direction to a person believed to hold the key.[ citation needed ] The constitutional court deemed the RICA Act to be unconstitutional in 2021

Spain

Spain's Criminal Procedure Law grants suspects rights against self-incrimination, [29] and this would prevent the suspect from being compelled to reveal passwords. [30] However, a judge may order third parties to collaborate with any criminal investigation, including revealing decryption keys, where possible. [31]

Sweden

There are currently no laws that force the disclosure of cryptographic keys. However, there is legislation proposed on the basis that the Council of Europe has already adopted a convention on cyber-crime related to this issue. The proposed legislation would allow police to require an individual to disclose information, such as passwords and cryptographic keys, during searches. The proposal has been introduced to make it easier for police and prosecutors. The proposal has been criticized by the Swedish Data Protection Authority. [32] [33]

Switzerland

In Switzerland there is no law specifying obligation to issue keys or passwords. [34]

The Netherlands

Article 125k of the Wetboek van Strafvordering allows investigators with a warrant to access information carriers and networked systems. The same article allows the district attorney and similar officers of the court to order persons who know how to access those systems to share their knowledge in the investigation, including any knowledge of encryption of data on information carriers. However, such an order may not be given to the suspect under investigation. [35]

United Kingdom

The Regulation of Investigatory Powers Act 2000 (RIPA), Part III, activated by ministerial order in October 2007, [36] requires persons to decrypt information and/or supply keys to government representatives to decrypt information without a court order. Failure to disclose carries a maximum penalty of two years in jail, or five years in the cases of national security or child indecency. The provision was first used against animal rights activists in November 2007, [37] and at least three people have been prosecuted and convicted for refusing to surrender their encryption keys, [38] one of whom was sentenced to 13 months' imprisonment. [39] Even politicians responsible for the law have voiced concerns that its broad application may be problematic. [40]

In 2017, schedule 7 of the Terrorism Act 2000 was used to charge Muhammad Rabbani with "wilfully obstructing or seeking to frustrate a search examination" after allegedly refusing to disclose passwords. [41] He was later convicted. [42]

In 2018, Stephen-Alan Nicholson, the prime suspect in a murder case, was charged with refusing to provide his Facebook password to police. [43]

United States

The Fifth Amendment to the United States Constitution protects witnesses from being forced to incriminate themselves, and there is currently no law regarding key disclosure in the United States. [44] However, the federal case In re Boucher may be influential as case law. In this case, a man's laptop was inspected by customs agents and child pornography was discovered. The device was seized and powered-down, at which point disk encryption technology made the evidence unavailable. The judge held that it was a foregone conclusion that the content exists since it had already been seen by the customs agents, Boucher's encryption password "adds little or nothing to the sum total of the Government's information about the existence and location of files that may contain incriminating information." [45] [46]

In another case, a district court judge ordered a Colorado woman to decrypt her laptop so prosecutors can use the files against her in a criminal case: "I conclude that the Fifth Amendment is not implicated by requiring production of the unencrypted contents of the Toshiba Satellite M305 laptop computer," Colorado U.S. District Judge Robert Blackburn ruled on January 23, 2012. [47] In Commonwealth v. Gelfgatt, [48] the court ordered a suspect to decrypt his computer, citing exception to Fifth Amendment can be invoked because "an act of production does not involve testimonial communication where the facts conveyed already are known to the government...". [49]

However, in United States v. Doe, the United States Court of Appeals for the Eleventh Circuit ruled on 24 February 2012 that forcing the decryption of one's laptop violates the Fifth Amendment. [50] [51]

The Federal Bureau of Investigation may also issue national security letters that require the disclosure of keys for investigative purposes. [52] One company, Lavabit, chose to shut down rather than surrender its master private keys due to the government wanting to spy on Edward Snowden's emails.

Since the summer of 2015, cases have been fought between major tech companies such as Apple over the regulation of encryption with government agencies asking for access to private encrypted information for law enforcement purposes. A technical report was written and published by MIT Computer Science and Artificial Intelligence Laboratory, where Ronald Rivest, an inventor of RSA, and Harold Abelson, a computer science professor at MIT with others, explain the technical difficulties, including security issues that arise from the regulation of encryption or by making a key available to a third party for purposes of decrypting any possible encrypted information. The report lists scenarios and raises questions for policy makers. It also asks for more technical details if the request for regulating encryption is to be pursued further. [53]

In 2019, the Pennsylvania Supreme Court, in a ruling that only controls for that state's law, held that a suspect in a child pornography case could not be compelled to reveal his password, despite telling the police "We both know what's on there." [54]

See also

Related Research Articles

<span class="mw-page-title-main">Encryption</span> Process of converting plaintext to ciphertext

In cryptography, encryption is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Despite its goal, encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key can be different sizes and varieties, but in all cases, the strength of the encryption relies on the security of the key being maintained. A key's security strength is dependent on its algorithm, the size of the key, the generation of the key, and the process of key exchange.

<span class="mw-page-title-main">Ciphertext</span> Encrypted information

In cryptography, ciphertext or cyphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext that is unreadable by a human or computer without the proper cipher to decrypt it. This process prevents the loss of sensitive information via hacking. Decryption, the inverse of encryption, is the process of turning ciphertext into readable plaintext. Ciphertext is not to be confused with codetext because the latter is a result of a code, not a cipher.

Hushmail is an encrypted proprietary web-based email service offering PGP-encrypted e-mail and vanity domain service. Hushmail uses OpenPGP standards. If public encryption keys are available to both recipient and sender, Hushmail can convey authenticated, encrypted messages in both directions. For recipients for whom no public key is available, Hushmail will allow a message to be encrypted by a password and stored for pickup by the recipient, or the message can be sent in cleartext. In July 2016, the company launched an iOS app that offers end-to-end encryption and full integration with the webmail settings. The company is located in Vancouver, British Columbia, Canada.

<span class="mw-page-title-main">Key exchange</span> Cryptographic method

Key exchange is a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm.

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

In cryptography and steganography, plausibly deniable encryption describes encryption techniques where the existence of an encrypted file or message is deniable in the sense that an adversary cannot prove that the plaintext data exists.

End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one else, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse. End-to-end encryption is intended to prevent data being read or secretly modified, other than by the true sender and recipient(s). The messages are encrypted by the sender but the third party does not have a means to decrypt them, and stores them encrypted. The recipients retrieve the encrypted data and decrypt it themselves. Because no third parties can decipher the data being communicated or stored, for example, companies that provide end-to-end encryption are unable to hand over texts of their customers' messages to the authorities.

Disk encryption software is a computer security software that protects the confidentiality of data stored on computer media by using disk encryption.

Cryptovirology refers to the study of cryptography use in malware, such as ransomware and asymmetric backdoors. Traditionally, cryptography and its applications are defensive in nature, and provide privacy, authentication, and security to users. Cryptovirology employs a twist on cryptography, showing that it can also be used offensively. It can be used to mount extortion based attacks that cause loss of access to information, loss of confidentiality, and information leakage, tasks which cryptography typically prevents.

Cryptography is the practice and study of encrypting information, or in other words, securing information from unauthorized access. There are many different cryptography laws in different nations. Some countries prohibit the export of cryptography software and/or encryption algorithms or cryptoanalysis methods. Some countries require decryption keys to be recoverable in case of a police investigation.

Disk encryption is a technology which protects information by converting it into code that cannot be deciphered easily by unauthorized people or processes. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage.

<i>In re Boucher</i>

In re Boucher, is a federal criminal case in Vermont, which was the first to directly address the question of whether investigators can compel a suspect to reveal their encryption passphrase or password, despite the U.S. Constitution's Fifth Amendment protection against self-incrimination. A magistrate judge held that producing the passphrase would constitute self-incrimination. In its submission on appeal to the District Court, the Government stated that it does not seek the password for the encrypted hard drive, but only sought to force Boucher to produce the contents of his encrypted hard drive in an unencrypted format by opening the drive before the grand jury. A District Court judge agreed with the government, holding that, given Boucher's initial cooperation in showing some of the content of his computer to border agents, producing the complete contents would not constitute self-incrimination.

<span class="mw-page-title-main">Cryptography</span> Practice and study of secure communication techniques

Cryptography, or cryptology, is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security are also central to cryptography. Practical applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.

The Content Scramble System (CSS) is a digital rights management (DRM) and encryption system employed on many commercially produced DVD-Video discs. CSS utilizes a proprietary 40-bit stream cipher algorithm. The system was introduced around 1996 and was first compromised in 1999.

The All Writs Act is a United States federal statute, codified at 28 U.S.C. § 1651, which authorizes the United States federal courts to "issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law". The act in its original form was part of the Judiciary Act of 1789. The current form of the act was first passed in 1911, and the act has been amended several times since then; it has not changed significantly in substance since 1789.

United States v. Fricosu, 841 F.Supp.2d 1232, is a federal criminal case in Colorado that addressed whether a person can be compelled to reveal his or her encryption passphrase or password, despite the U.S. Constitution's Fifth Amendment protection against self-incrimination. On January 23, 2012, judge Robert E. Blackburn held that under the All Writs Act, Fricosu is required to produce an unencrypted hard drive.

Database encryption can generally be defined as a process that uses an algorithm to transform data stored in a database into "cipher text" that is incomprehensible without first being decrypted. It can therefore be said that the purpose of database encryption is to protect the data stored in a database from being accessed by individuals with potentially "malicious" intentions. The act of encrypting a database also reduces the incentive for individuals to hack the aforementioned database as "meaningless" encrypted data adds extra steps for hackers to retrieve the data. There are multiple techniques and technologies available for database encryption, the most important of which will be detailed in this article.

<span class="mw-page-title-main">Crypto Wars</span> Attempts to limit access to strong cryptography

Attempts, unofficially dubbed the "Crypto Wars", have been made by the United States (US) and allied governments to limit the public's and foreign nations' access to cryptography strong enough to thwart decryption by national intelligence agencies, especially the National Security Agency (NSA).

References

  1. 1 2 3 Ranger, Steve (24 March 2015). "The undercover war on your internet secrets: How online surveillance cracked our trust in the web". TechRepublic. Archived from the original on 2016-06-12. Retrieved 2016-06-12.
  2. 1 2 Desmedt, Yvo and Burmester, Mike and Seberry, Jennifer. Equitability in Retroactive Data Confiscation versus Proactive Key Escrow. Florida State University Department of Computer Science 206 Love Building FL 32306-4530 Tallahassee USA. Lecture Notes in Computer Science: Public Key Cryptography, pp.277-286. 2001. (Postscript), (Postscript 2) Archived 2017-08-30 at the Wayback Machine
  3. Plausible Deniability
  4. TrueCrypt - Hidden Volume
  5. "Antigua and Barbuda: The Computer Misuse Bill, 2006" (PDF). Archived from the original (PDF) on 2011-07-06. Retrieved 2010-11-09.
  6. Electronic Frontiers Australia. Privacy Laws in Australia: Security / Cybercrime. Retrieved 2010 November 8.
  7. AG. "Crimes Act 1914". www.comlaw.gov.au. Retrieved 2016-04-30.
  8. Loi du 28 novembre 2000 relative à la criminalité informatique: Article 9. 2000 November 28. Retrieved 2010 November 9. (The investigating judge may order any appropriate person to put the computer system into operation himself or, as the case may be, to search for, make available, copy, render inaccessible or remove the relevant data stored, processed or transmitted by that system, in the form he has requested. Such persons shall be obliged to comply with such requests to the extent of their ability.)
  9. Code d'instruction criminelle. Livre II, titre I, Art. 156. 1808 November 19. Retrieved 2010 November 9. (in French)
  10. Cohen, Jay; Bunthan, Pichrotanak (2020-03-02). "What Cambodia's New Law on Electronic Commerce Means for Business". Lexology. Retrieved 2021-07-22.
  11. "Law on Electronic Commerce (Khmer)" (PDF). Office of the Council of Ministers (Cambodia). Retrieved 22 July 2021.
  12. Cohen, Jay (2020-08-17). "Cambodia - Data Protection Overview". DataGuidance. Retrieved 2021-07-22.
  13. "Cambodia Annotated Code of Criminal Procedure | OHCHR". cambodia.ohchr.org. Retrieved 2021-07-22.
  14. Your Guide to the Canadian Charter of Rights and Freedoms. Government of Canada. Last modified 2017 October 24. Retrieved 2018 January 29.
  15. Singh Case. The Canadian Encyclopedia. Last modified 2017 August 6. Retrieved 2018 January 29.
  16. R. c. Boudreau-Fontaine, 2010 QCCA 1108 (CanLII). Quebec Court of Appeal. 2010 June 9. Retrieved 2018 January 29.
  17. "COMMENTARY: Can Canadian courts force you to reveal your password? The jury is still out". Global News. Retrieved 2020-05-23.
  18. "Zákaz donucování k sebeobviňování" (in Czech). Retrieved 2016-05-06.
  19. "VÝJIMKY Z POVINNOSTI VYPOVÍDAT JAKO SVĚDEK V TRESTNÍM ŘÍZENÍ" (in Czech). Retrieved 2016-05-06.
  20. "Coercive Measures Act (Pakkokeinolaki)" (in Finnish). Retrieved 2016-04-30.
  21. Articles 30–31, loi no 2001-1062 du 15 novembre 2001 relative à la sécurité quotidienne (in French)
  22. Government Access to Encrypted Communications: Germany. 2016 October 01. Retrieved 2017 December 6.
  23. Information Technology (Amended) Act, 2008 (PDF); Government of India – Ministry of Law, Justice and Company Affairs (Legislative Department); XI (69) pp. 27–8.
  24. Paper – 6 : Information Systems Control and Audit Archived 2012-07-11 at the Wayback Machine (PDF) 10 pp. 42–3. Study Material - Final (New) The Institute of Chartered Accountants of India.
  25. (eISB), electronic Irish Statute Book. "Search warrant". www.irishstatutebook.ie. Retrieved 2018-03-23.
  26. "Customs downplays password plan". Stuff. 19 March 2015. Retrieved 2016-04-30.
  27. Graham-Mclay, Charlotte (2 October 2018). "Fork Over Passwords or Pay the Price, New Zealand Tells Travelers". The New York Times. Retrieved 2019-12-24.
  28. Webhosting.pl - W jaki sposób służby mogą uzyskać dostęp do zaszyfrowanych danych
  29. "BOE - Real Decreto de 14 de septiembre de 1882 por el que se aprueba la Ley de Enjuiciamiento Criminal, artículo 520". Boletín Oficial del Estado. 2020-11-20. Retrieved 2021-03-06.
  30. "La contraseña del móvil, el cómplice más leal del delincuente". La Vanguardia (in Spanish). 2017-06-18. Retrieved 2021-03-06.
  31. "BOE - Circular 5/2019, de 6 de marzo, de la Fiscal General del Estado, sobre registro de dispositivos y equipos informáticos". Boletín Oficial del Estado. 2019-03-22. Retrieved 2021-03-06.
  32. "DI kritiserar nya it-regler". Publikt (in Swedish). 2013-09-26. Retrieved 2016-04-30.
  33. "Remiss av betänkandet Europarådets konvention om it - relaterad brottslighet (SOU 2013:39)" (PDF) (in Swedish). Archived from the original (PDF) on 2014-05-22.
  34. "Global Partners Digital, select Switzerland in the drop down menu". gp-digital.org. Retrieved 2019-04-01.
  35. "wetten.nl - Regeling - Wetboek van Strafvordering - BWBR0001903". wetten.overheid.nl. Retrieved 2016-04-30.
  36. Kirk, Jeremy (October 1, 2007). "Contested UK encryption disclosure law takes effect". Washington Post. PC World. Retrieved 2009-01-05.
  37. Ward, Mark (2007-11-20). "Campaigners hit by decryption law". BBC News . Retrieved 2009-01-05.
  38. Oates, John (6 October 2010). "Youth jailed for not handing over encryption password". The Register .
  39. Williams, Christopher (24 November 2009). "UK jails schizophrenic for refusal to decrypt files". The Register .
  40. "How Refusing to Hand over Your Passwords Can Land You in Jail".
  41. "Cage director charged under Terrorism Act after failing to hand over passwords". The Guardian.
  42. "Man found guilty under UK terrorism laws after refusing to reveal passwords". Reuters. Archived from the original on June 4, 2019.
  43. "Suspect in Lucy McHugh murder remanded in custody for failing to provide Facebook password to detectives". Independent.co.uk . 31 July 2018.
  44. Varma, Corey (28 July 2015). "Encryption vs. Fifth Amendment". www.coreyvarma.com. Retrieved July 28, 2015.
  45. "In re Grand Jury Subpoena to Sebastien Boucher, Memorandum of Decision" (PDF). The Volokh Conspiracy. February 19, 2009. Archived from the original (PDF) on July 16, 2014. Retrieved 2009-08-29.
  46. McCullagh, Declan (December 14, 2007). "Judge: Man can't be forced to divulge encryption passphrase". CNET. Retrieved October 19, 2014.
  47. Kravets, David (January 23, 2012). "Judge Orders Defendant to Decrypt Laptop". WIRED.
  48. Commonwealth v. Gelfgatt (Report). Vol. 468. Supreme Judicial Court of Massachusetts. June 25, 2014. p. 512. Retrieved October 19, 2014.
  49. Farivar, Cyrus (June 26, 2014). "Massachusetts high court orders suspect to decrypt his computers". Ars Technica. Retrieved October 19, 2014.
  50. Hofmann, Marcia; Fakhoury, Hanni (February 24, 2012). "Appeals Court Upholds Constitutional Right Against Forced Decryption". Electronic Frontier Foundation. Retrieved October 19, 2014.
  51. Lee, Timothy B. (February 25, 2012). "Appeals court: Fifth Amendment protections can apply to encrypted hard drives". Ars Technica. Retrieved October 19, 2014.
  52. "Lavabit appeals contempt of court ruling surrounding handover of SSL keys". Naked Security. 2014-01-29. Retrieved 2016-04-30.
  53. Keys Under Doormats: Mandating insecurity by requiring government access to all data and communication (PDF). MIT Computer Science and Artificial Intelligence Laboratory (Technical report). 6 July 2015.
  54. Goodin, Dan (November 23, 2019). "Suspect can't be compelled to reveal "64-character" password, court rules". Ars Technica. Retrieved April 26, 2020.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.