By Mark Ward

Technology correspondent, BBC News website



The police want to get at encrypted files

The request for the keys is being made under the controversial Regulation of Investigatory Powers Act (RIPA).

Police analysing machines seized during raids on activists' homes carried out in May have asked for the keys.

The activists could face jail if they do not comply and snub a further formal request to hand over the keys.

Case law

In early November about 30 animal rights activists are understood to have received letters from the Crown Prosecution Service in Hampshire inviting them to provide passwords that will decrypt material held on seized computers.

The letter is the first stage of a process set out under RIPA which governs how the authorities handle requests to examine encrypted material.

Once a request has been issued the authorities can then issue what is known as a Section 49 notice demanding that a person turn the data into an "intelligible" form or, under Section 51 hand over keys.

Although much of RIPA came into force many years ago, the part governing the handing over of keys only passed in to law on 1 October 2007. This is why the CPS is only now asking for access to files on the seized machines.

Alongside a S49 notice, the authorities can also issue a Section 54 notice that prevents a person revealing that they are subject to this part of RIPA.

The PCs were seized in raids carried out in May 2007

The activist, who wished to remain anonymous, said that even if others disagreed with animal rights activists the use of the law had grave implications for personal privacy.

"Even if they hate our guts my personal view is that this is a matter where there's great issues of public interest that should be being talked about," they said.

The CPS declined to comment on the issuing of the letters and a spokesman said it could not comment on ongoing cases.

If those receiving the letters do not comply with the request or a formal S49 notice they can be imprisoned for up to two years.

Legal row

The section of RIPA that deals with decryption requests was controversial when it was drawn up and debated. Peers, academics and cryptographers called the proposals "flawed" when invited to comment on them by the Home Office.

Commentators pointed out that sSection III, which is aimed at serious criminals, such as paedophiles and terrorists, is flawed because those involved would much rather serve a few years for refusing to hand over keys than provide them and potentially incriminate themselves.

Others were simply likely to say that they had forgotten the complicated passphrase they used when encrypting material. Under certain circumstances RIPA allows this to be a plausible defence.

It is very likely, said David Harris, a barrister and technology lawyer, that activists will devise systems that legally circumvented the law.

Mr Harris foresees a time when activist groups prepared encrypted files that people could download to let them plausibly deny they have a key to unlock such data if it is found on their PC.

"These may become prevalent as a result of this case," he said.

Mr Harris said many people know of products readily available on the web, such as Truecrypt, that hid data and supplied a key to some of it while leaving the rest undetectable to the police.

In the event that there was doubt that a suspect did not possess a key, he said, it was up to the prosecution to demonstrate beyond a reasonable doubt that they could know the passphrase.

"They have quite a hurdle to overcome," he added