Cryptography and jailtime in SA

South Africans can face significant fines or imprisonment if they refuse a judge their password after being ordered to provide it

August 17, 2012
Go To Jail Monopoly

Withholding a password, or other secret key needed to decrypt data, after being instructed to provide it by a South African judge could result in severe penalties, Lance Michalson, an Information and Communications Technology (ICT) lawyer at Michalsons Attorneys, recently told MyBroadband.

The topic of key disclosure received some publicity recently when Pirate Party founder, Rick Falkvinge, wrote about it in his blog earlier this year.

According to Falkvinge, under UK law, a person can be sent to jail for refusing to give up encryption keys, regardless of whether you have them or not.

Falkvinge goes on to paint a dire picture of how a person can get five years in prison if it’s a terrorism or child porn investigation, and two years otherwise, just for having files the authorities think are encrypted.

South Africa has similar key disclosure laws, but according to Michalson, you must have or had possession of the decryption key before you’ll face a fine (up to R2m) or prison (for up to 10 years).

Lance Michalson

Lance Michalson

Michalson said that government has the dual-responsibility of promoting and facilitating the lawful use encryption by business and others, while making it as difficult as possible for criminals to exploit it for their own purposes.

“Investigations into criminal offences are often hampered by the discovery that material that might otherwise assist the investigation, or be used in evidence, has been encrypted,” Michalson wrote in an article on the firm’s website.

It is occasionally possible for law enforcement agencies to crack the encryption key, Michalson said, though this comes at considerable effort and expense.

This is also likely to become increasingly difficult, if not impossible, as technology develops, Michalson said.

Michalson explained that under RICA, one must apply to a judge for a “decryption direction”, in terms of which the holder of an encryption key is directed to disclose that key or provide decryption assistance in respect of encrypted information.

However, to get the direction in the first place, Michalson said that you have to produce sufficient evidence to the judge that there are reasonable grounds to believe that the decryption key holder is in possession of the encrypted information and the decryption key.

Law enforcement should (in theory) be able to identify the holder of the key if their details as a supplier of crypto software have been entered in the Department of Communications’ register of crypto suppliers. This is the link with the crypto registration provisions in the ECT Act, Michalson explained.

“In many instances, in practice, however, the supplier will not be able to provide the identity of the user of the crypto software,” Michalson said.

Strong encryption in SA: is it legal?

Hackers see unprotected data as fair game

Beware free public Wi-Fi: Kaspersky

BBM safe for now: Minister of Communications

Tags: cryptography, decryption, ECT Act, encryption, Headline, key disclosure, Lance Michalson, Pirate Party, rica, Rick Falkvinge, technology law

Free Email Newsletter:
Subscribe

Shutterstock is the image partner of MyBroadband – technology images can be found here

Join the conversation

Connect with MyBB

twitterfacebookandroidappleblackberrynewsletterfeed

Poll

What is your preferred mobile platform?

View Results

Loading ... Loading ...

More News

Facebook shuts down gift shop

facebook matrix logo

Facebook Inc will shut its 2-year-old Gifts shop as the world’s largest social network tests other ways to let consumers buy products on its website

YouTube Porsche road rage attacker in court

Road rage

A man arrested in connection with an alleged road rage attack in Fourways, Johannesburg, is expected to appear in the Randburg Magistrate’s Court

Krejcir laptops stolen from Pretoria Interpol

Hacker matrix code program cyber-criminal

Five laptops possibly containing sensitive information, including data on investigations into Radovan Krejcir, have been stolen from Interpol’s Pretoria offices

Find your keys, wallet with smartphone app

Smartphones Samsung Galaxy S5, Nokia Lumia 1020, iPhone 5s, BlackBerry z30

Finding misplaced keys, wallets, and purses could get easier with new apps that take the guess work out of trying to remember where they might be

Free MyBroadband Newsletter:
Subscribe
X
bool(true)