The Law Shop is now closed. Please click here to find out more.

Encryption and the law

Encryption is vital for data security and privacy. However, concerns over the privacy which it provides could lead to future legal restrictions.

What is encryption?

Encryption is a process designed to prevent unauthorised parties from accessing data that they should not be accessing.

When data is encrypted, it is scrambled to be become unreadable or unusable. Once data has been encrypted, it can only be accessed by using the correct encryption key (such as a password) to unscramble it.

What is it used for?

Encryption is used in many different contexts, both online and offline. Here are some of the more common ways you are likely to have encountered encryption.

Protecting your phone, computer or another data storage device

Having a portable computation device like a laptop or a phone can be a double-edged sword – you can use them wherever you go, but this also makes it more likely that they will be lost or stolen.

This could spell disaster for you – for example, if your phone is connected to your email account, anyone who accesses the phone will be able to access your email account.

This is where data encryption can help you. By encrypting all of the data on your device, you can prevent anyone else from accessing it – the only way they will be able to unencrypt the device is by erasing all of the data.

Encryption is commonly used on modern smartphones – the device will encrypt the data when you lock it, and the data is decrypted when you unlock the device (usually by entering a password or a pattern on the screen). This encryption can protect the device when it is plugged into another device, meaning that another individual could not access your data by downloading it onto their computer.

You can encrypt data on your laptop or computer too, whether you want to encrypt individual files or an entire hard drive. Note that just putting a password to log in to Windows will not keep your data safe.

If you only have a few files that you want to keep safe on your laptop, it is probably best to just encrypt those – encrypting an entire hard drive will make it much more difficult to retrieve data if the drive becomes corrupted.

Alternatively, if you need to transport sensitive data, you can put it on to an external drive (such as a USB stick) and encrypt that.

Bear in mind that encrypting your data can be dangerous if you are not good at remembering passwords or passcodes – fail to remember the code, and the data is gone. Some devices will wipe data automatically after a certain number of failed attempts.

End-to-end encryption

When data is transmitted through end-to-end encryption (E2EE), it is encrypted before it is sent, and is only decrypted when it reaches the intended recipient.

This is used to make sure that communications from one device to another can’t be accessed or read by another party. This means that if you send someone a message (to their phone, for example), it can only be read on that phone, and no one else can see it (including the service provider).

This kind of encryption has a number of uses – it is used by some instant messaging apps (such as WhatsApp or iMessage) and by video telephony app FaceTime. Some email services also use end-to-end encryption, a strong selling point for those who want to keep their emails away from prying eyes.

However, E2EE is not completely infallible. If a device sending or receiving a message has been compromised, the message may be read before it is encrypted or after it is decrypted.

If you want to use a service which utilises end-to-end encryption, you should research it first – some services which claim to offer encryption and protection are not quite as secure as you might think.

Online shopping and browsing

Encryption is also used to keep your personal data (such as your address and credit card details) safe when you are buying things online.

This is done through a protocol known as HTTPS – this encrypts data which is transmitted between your device and the website.

HTTPS isn’t just used for online shopping – it can be used to secure information sent through contact forms, and any other information you might input into the site. Law on the Web uses HTTPS on all of its pages.

What is the law on encryption?

The government has made it clear that they do not care for encryption, saying that its use prevents security services in preventing terrorism.

However, simply banning encryption would be completely impractical, given its many legitimate and essential uses (not to mention the objections many people have to the notion of security services having access to that much private information).

Court orders to give up passwords

Under the Regulation of Investigatory Powers Act 2000 (RIPA), police or security services can apply for a court order to force an individual to provide access to encrypted information, either by providing the decrypted information or providing the key itself.

For example, if police wanted access to data on your phone and you refuse to unlock it, they can apply to a court to force you to unlock it for them.

Failure to comply could see you charged with the offence of failure to disclose key to protected information, punishable with a maximum sentence of two years in prison.

Why would end-to-end encryption be banned?

In 2015, Prime Minister David Cameron expressed his belief that end-to-end encryption should be banned, saying that it created a “safe space” through which terrorists could communicate, asking “In our country, do we want to allow a means of communication between people…that we cannot read?”

If such a ban were put in place, it would effectively ban apps such as WhatsApp or iMessage, unless they introduced a backdoor for security services to use or simply removed the encryption altogether.

Critics pointed out that introducing a backdoor to these encrypted services would make them more vulnerable to being intercepted by criminals.

Others have warned that putting restrictions on encryption would make companies who use encryption in their business less willing to bring their business to the UK.

It’s difficult to say whether a ban on encryption would really be workable, but it is clear that some kind of accord will need to be reached before this matter is decided.

Other legal topics that may interest you