Key disclosure law

Key disclosure laws, also known as mandatory key disclosure, are rules that require people to give special secret codes, called cryptographic keys, to law enforcement. These laws help police and investigators access hidden information stored on computers and devices. The goal is to use this information as evidence in court or to protect national security.

These laws work differently in different countries. For example, in Australia, law enforcement has broad powers to ask anyone to help unlock encrypted data. In Belgium, laws are more careful about self-incrimination, so they only ask people who are not suspects to help. Some countries only ask certain groups, like phone companies or internet service providers, to help with unlocking data. In all cases, law enforcement usually needs a special permission called a warrant to ask for this help.

The debate around key disclosure laws often centers on balancing the need for law enforcement to solve crimes and protect security with the right to keep personal information private. These laws raise important questions about privacy, freedom, and how societies protect both individual rights and public safety.

Theory and countermeasures

Mandatory decryption is a bit easier for computers to handle than key disclosure because sometimes you can prove a message was decrypted correctly without showing the secret key. For example, with a special kind of encryption called RSA, you can check if a message matches its encrypted form without revealing the key.

To protect privacy, some tools like BestCrypt, FreeOTFE, and TrueCrypt use a method called deniable encryption, which lets the same encrypted data appear in different ways so it’s harder to prove what it really is. Another trick is steganography, hiding secret data inside ordinary files. Some encryption methods also only work for a certain time, limiting how long the data can be accessed.

Criticism and alternatives

Some people criticize key disclosure laws because they believe these laws can harm information privacy. They worry that sharing personal keys might reveal information that isn’t really connected to any crime. They also think it goes against the right against self-incrimination and the general right to silence in countries that value these rights. Sometimes, it might not even be possible to unlock the data because the key was lost, forgotten, or the data looks like random information.

One suggested alternative is called key escrow law. In this system, the government keeps a copy of everyone’s keys safe but can only use them with special permission. While this can help with lost keys, it also brings new problems, like the chance of keys being accidentally revealed, stolen by hackers, or misused by government workers. There’s also concern that such a system could be used for secret monitoring, similar to what was revealed by Edward Snowden. The term “key recovery” is sometimes used to describe both key disclosure and key escrow systems.

Legislation by nation

This list shows nations where laws or cases exist about requiring individuals to give cryptographic keys to law enforcement.

In Antigua and Barbuda, a proposed law could allow police to demand decryption keys with a warrant. Not following this could lead to fines or imprisonment.

Australia has laws where police can ask for help to access encrypted data, with possible jail time for not following through.

Many other countries have different rules, some allowing demands for decryption keys under certain conditions, while others protect individuals from having to give away information that could incriminate themselves. For example, Canada and Germany have protections against self-incrimination, meaning people cannot be forced to give passwords or keys that could prove they committed a crime.

Some places, like France and Hong Kong, have stricter laws where not giving a key can lead to jail time or large fines. Other nations, such as Finland and Sweden, are still deciding or do not have specific laws about this issue.