New UK legislation aimed at fighting terrorism and organised crime and which grants the police enhanced powers to decrypt files for use as evidence – could compromise data confidentiality and security.

That is the warning issued by nCipher plc, the London Stock Exchange-listed encryption specialist that protects critical data for many of the world’s top organisations.

Part III of the Regulation of Investigatory Powers Act (RIPA) 2000, due to take effect in the next few months, will allow law enforcement officers to gain access to those encryption keys needed for decrypting data that could be vital in relation to a conviction.

“That opens up a host of management problems,” suggested Dr Nicko van Someren, nCipher’s chief technology officer. “Company executives will have to disclose encryption keys without opening up security holes, or face up to five years in prison, while law enforcement officers face legal action themselves if they fail to adequately secure evidentiary keys and this leads to any loss of data. It’s pretty clear that sophisticated key management systems will be needed to avoid any possibility of the misuse of disclosed keys, or breaches of the Data Protection laws.”

Source

SMT