> imprisoned for failing to provide encryption keys
This scares me, because I have plenty of old devices I no longer know the passwords for. I don't think I'm alone - plenty of people forget passwords they don't use in years.
If the police came and searched my house, they could probably find some ancient laptop or phone from a decade ago, demand I unlock it, and then put me in prison forever when I cannot do do so.
Do SMART records contain enough information to prove that the laptop had not been used in years (assuming you had a suitably effective barrister to make use of this information)? RTC (clock) drift could also give a hint that the laptop had not been connected to a time server in a while.
Also (this may be of limited consolation) the officer who compels you to disclose the key must have some idea of what data it is protecting in order to satisfy RIPA 2000 s 51(5)(a):
> The matters to be taken into account in considering whether the requirement [for proportionality] of subsection (4)(b) is satisfied in the case of any direction shall include... the extent and nature of any protected information, in addition to the protected information in respect of which the disclosure requirement is imposed, to which the key is also a key
Wouldn't you be able to argue this in court for this rare case? With a phone that can be shown to be in use constantly it would be more difficult to prove you forgot
Yeah. We dealt with a case where a guy claimed to have forgotten his mobile phone pin.
But we voted to convict after I pointed out it was the phone he’d been using every day, for years, and was quite implausible, and convenient, to forget something like that right after being arrested and asked for it.
Possibly could have gone differently if they had said they changed their 15 letter password every two weeks, but really?
What if they changed their password right after being arrested, and then forgot? Immediately after changing your password does tend to be the time most people forget their passwords.
If you get changed with a RIPA password offence it’s almost certain going to Crown Court and an (expensive!) jury trial.
CPS won’t (as a matter of policy, and also can’t afford to waste time and money) spend time trying to prosecute a forgotten password for old laptop, unless it’s connected to some other serious, evidenced, allegations.
(I was on a jury in just this situation. Reasonable doubt is a high bar and prosecutors know this).
This scares me, because I have plenty of old devices I no longer know the passwords for. I don't think I'm alone - plenty of people forget passwords they don't use in years.
If the police came and searched my house, they could probably find some ancient laptop or phone from a decade ago, demand I unlock it, and then put me in prison forever when I cannot do do so.