A British court on Tuesday rejected an attempt by security agents to force an alleged hacker to hand over his encryption keys.
Thirty-one-year-old Lauri Love has been accused by U.S. authorities of hacking into U.S. government networks between 2012 and 2013, including those of the Department of Defense, the Environmental Protection Agency, the Department of Energy, and NASA.
In October 2013, the U.K.’s equivalent of the FBI, the National Crime Agency, raided Love’s home and seized his computers and hard drives. But some of the devices contained encrypted data, meaning the agency could not access it.
Initially the British authorities served Love with an order under Section 49 of the U.K’s controversial Regulation of Investigatory Powers Act, which demanded that he hand over his passwords to open encrypted files stored on the devices. He declined to comply, and the National Crime Agency did not push the issue; Love was not charged with an offense under any British laws.
However, when Love recently launched a civil case seeking the return of his computers and storage devices, the agency renewed its encryption demand, and attempted to turn the civil proceedings around on him by using them as new means to get a judge to order Love to disclose his passwords and encryption keys. Investigators refused to return Love’s computers and hard drives on the basis that they claimed the devices could contain data that he did not have legitimate “ownership” of – for instance, hacked files. The authorities stated that if Love wanted to get his devices back, he would have to first turn over his passwords and show what was contained on them.
As The Intercept previously reported, civil liberties campaigners were alarmed by this development, because it seemed to be an effort to bypass the normal procedure under the Regulation of Investigatory Powers Act, which includes safeguards against abuse. The campaigners feared that, if successful, the case would set a new precedent that could have had implications for journalists, activists, and others who need to guard confidential information, potentially making it easier in the future for British police and security agencies to gain access to, or to seize and retain, encrypted material.
On Tuesday, at Westminster Magistrates’ Court in London, judge Nina Tempia ruled in Love’s favor. Tempia said that she was “not persuaded” by the National Crime Agency’s argument that Love should be compelled to disclose his passwords and encryption keys to prove his ownership of the data. She also took a swipe at the agency’s attempt to “circumvent” the Regulation of Investigatory Powers Act, which she described as the “specific legislation that has been passed in order to deal with the disclosure sought.”
Karen Todner, Love’s attorney, welcomed the decision. “The case raised important issues of principle in relation to the right to respect for private life and right to enjoyment of property and the use of the Court’s case management powers,” Todner said in a statement. A ruling in the authorities’ favor, she added, “would have set a worrying precedent for future investigations of this nature and the protection of these important human rights.”
A spokeswoman for the National Crime Agency declined to comment, citing an ongoing investigation and judicial proceedings.
It has not yet been determined whether Love will be able to get his seized devices back. The next hearing in his civil case has been set for July. Moreover, the U.S. Justice Department is actively seeking Love’s extradition on hacking charges.
Love, who has been diagnosed with Asperger’s syndrome, argues that he would not get a fair trial in the U.S., where his legal team says he could face a sentence of up to 99 years in prison. He has vowed to fight the extradition and says, whatever happens, he won’t give up his encryption keys. “There will be no decryption,” he declared Tuesday, standing outside the courtroom following the judgment.
“If they’d ruled in the other way it would have been very concerning for anyone who has to store sensitive information, especially people with obligations to clients, people under their care in terms of their confidentiality,” he said.
Love, who turned up late for the hearing wearing a black suit jacket, white shirt and sneakers, was pleased with the outcome. “It’s a victory,” he said, “it’s an avoidance of a disaster.”
What happened to ‘innocent until proven guilty’? Every aspect of this story seems to go directly against this fundamental principle. Including the USA’s attempt to extradite him.
Even if he were proven to have hacked the American systems from outside the USA, there is no justification to extradite him as he isn’t a US citizen. He could be tried in the UK.
‘Innocent until proven guilty’ is thrown out the window with the justification of “national security”.
If the US wants to extradite him, they can do almost whatever they want to twist their own laws to suit their purposes.
in England you’re guilty until proven innocent
They took the equipment from him, burden of proof is not on him to prove what they took is indeed his. I’m glad the judge saw this as more simple than the prosecutor would have hoped. Finding any other way would open the door to gross abuse of power.
It is pretty fucking sad when Cameron’s Britain does better than the U.S. – in particular, I mean Francis Rawls:
http://www.nytimes.com/2016/05/06/technology/former-officer-is-jailed-months-without-charges-over-encrypted-drives.html?_r=0
Now here we are talking about a former cop, who has never committed a crime in his life, who could spend life in jail for forgetting a password.
At least that ‘s the theory. On the other hand, he was a cop in Philadelphia, and I don’t think you have to be a psychic to guess what’s on those drives has absolutely nothing to do with kiddie porn! Snitches get stitches! Some folks on that hard drive who probably talked to this cop about the Mafia or the cartels or something have gotten an extra seven months to life, thanks to Rawls sitting in solitary confinement that long, but sooner or later they seem bound to go the way of all flesh.
In case you think this represents some recent lurch away from an otherwise long-held commitment to the proscription of punishment without trial, I’ll just leave this here…
Beatty H Chadwick.; case citation where the BlackRobes said it was absolutely fine to do so, because it’s always been that way : 302 F.3d 107 (3d Cir. 2002), which cites a very similar case from 1911 (Gompers) 221 U.S. 418 (1911) where the Supreme BlackRobes said it was OK to imprison a man without trial… and under stare decisis an abhorrent decision by a court is canonical until it is overturned by an equal or higher court.
So don’t misunderstand the situation: the tax-feeding lackies in black robes will always read the ‘law’ in the most expansive way for the government… being imprisoned is not ‘punishment’ if it happens before trial, it’s ‘coercion’, which is a totally different thing. (In the same way, ‘due process’ now means “whatever process we think you’re due – maybe a meeting on a Tuesday where we decide to incinerate you from the sky with a drone or send one of our sociopaths to shoot you in the head.”
@Wnt –
WHAT??? Held on NO charges? What kind of justice system is this? They should either charge him or let him go.
Dangerous times when something like this happens.
Is the National Crime Agency more incompetent than the FBI? The FBI, in the recent Apple iPhone unlocking case, was smart enough to drop the case when it realized it wouldn’t get a favorable ruling. It’s important to pick and choose your battles to establish the right legal precedent. Then again, they don’t have to worry about constitutional constraints on government powers. Perhaps they only wished to shame Mr. Cameron and Ms. May into introducing new, more draconian laws that meet current Orwellian standards of best practice.
Then again, it’s possible the National Crime Agency simply wants Mr. Love to become complacent in the aftermath of the euphoria of a court victory. They may hope he’ll be less diligent in examining the circuit boards on his electronic devices to find the new surveillance chips they’ve installed.
It’s difficult, from across the pond, to know what’s really happening.
National Crime Agency’s argument that Love should be compelled to disclose his passwords and encryption keys to prove his ownership of the data.
Granted. One should not trespass. But the zeal by which these legal schmegals so willing violate laws makes one wonder who the real criminal minds are. LL goes exploring and gets into a system by picking a lock it seems. But really smart security persons would have welcomed him and asked for his help to harden their systems.
But no. Instead they get embarrassed and get all insulted at their stupidity for paying millions for systems from infamous for profit software companies which are knowingly and famously insecure, and go all ERDOGAN like a fire breathing dragon whose real goal is to terrorise the privacy of society and have the population wondering which of their employees is going to rob business information and sell it to pay some bills.
These security services and legal services have power – and now the kind of power that attracts individuals who will serve the corrupt corporate masters that finance and own their offices. Corporate facism is just around the bend.
Corporate fascism is here.
‘LL allegedly goes exploring.’