Dear Lifehacker, I have read plenty of stories on how to encrypt my files on my hard drive, but how legal is it? Can the police fine me for not giving them access to my encrypted files or am I just worrying over nothing? Thanks, Encryption Guy
Cyber lock picture from Shutterstock
Dear Encryption Guy,
Choosing to encrypt your files is perfectly legal. However, if the police require access to your protected data and you decide not to cooperate, you can expect to land in some hot water.
Here’s what online rights group Electronic Frontiers Australia has to say in regards to the legalities of personal data encryption:
While encryption can be used freely within Australia, the Cybercrime Act 2001 includes provisions for law enforcement to compel the disclosure of encryption keys, passwords, and any other details necessary to obtain evidence in a protected or encrypted state.
[clear] [clear]
Penalties up to and including imprisonment can be imposed if a person does not comply with such an order. This reverses the situation prior to the introduction of the Act, whereby a user could refuse to provide encryption keys necessary to decrypt data if such an act would result in incriminating one’s self.
In other words, while there’s nothing stopping you from encrypting your data, it would be unwise to treat it like a get-out-of-jail-free card. That said, we’re not lawyers and we imagine any potential penalties would largely depend on the circumstances — you can read up on the Cybercrime Act 2001 here.
If there are any readers with appropriate legal chops reading this, feel free to chip in with some advice for Encryption Guy in the comments section below.
See also: Encryption 101: Understanding The Basics | How To Encrypt, Hide Your Entire Operating System From Prying Eyes | Hide Your Most Private Files In A Secret Encrypted Volume
Cheers
Lifehacker
Got your own question you want to put to Lifehacker? Send it using our contact tab on the right.
Comments
10 responses to “Ask LH: Is It Legal To Encrypt My Files?”
So the answer is to not only encrypt your data as you feel necessary, but to make sure your data doesn’t exist after you’re done with it. This isn’t always possible, but when it is, it should be a considered option.
That’s why you can create a hidden volume in Truecrypt.
Alternatively you can always try the “That thing? I forgot I had it. No idea what the password would be.”
IANAL so cannot say how well either method will work but the hidden volumes are meant to be indistinguishable from random data and thus impossible to prove the existence of it(there are other ways than static analysis of the outer volume as discussed at http://www.truecrypt.org/docs/hidden-volume-precautions).
It would be interesting to see how an “I forgot the password” claim would play out in the courts. Would you have to “prove” that you have forgotten or would they need to prove that you do know it?
http://www.cryptolaw.org/cls2.htm#aus
The “I forgot it” scenario in the courts would be quite interesting. If they are lying and get jailed for not revealing it and after a bit of time reveal it, I feel sorry for the poor soul who genuinely has forgotten it. I think the onus would be to prove that you know it, rather than you have to prove you don’t know it; though they’d be allowed to polygraph you etc. in an attempt to determine whether or not you do know it.
Also, the hidden volume in TrueCrypt is quite interesting. If they can’t prove that there is a hidden volume, then they can’t put you in jail or hold you for providing only one passwords hoping that there’s a second one.
Hidden volumes in TrueCrypt are fairly trivial for law enforcement to detect through statistical analysis. There are tools available to make this moderately automated.
You are required to hand over your password in this country or be held in contempt of court.
Generally, if the police have a reason to confiscate your data then they have been watching you for a while. They will already have captures of anything you do and anyone you speak to and a reasonable cause to expect they will find something.
So, that day they come to kick down your door and push you onto the floor because you are an avid collector of Simpson’s porn you know that your time as a sexual deviate is up and that to protect society from perverts who like four fingered yellow skin animated character you must give that password to your Marge stash up.
Someone has to think of the children.
SIMPSONS PORN?!
Ugh, there is no hope for humanity
You shouldn’t talk in absolutes when you don’t know what you’re talking about.
Polygraphs belong in Hollywood/Today Tonight. And what do you mean by “etc.”
There’s a maximum of six months in prison for refusing to divulge a password, which would be at the judges discretion.
I’m pretty sure polygraphs aren’t legal in Australia
Pretty sure they aren’t admissable in any court in Australia or the USA
I don’t like the idea of police or who ever forcing you to possibly incriminate yourself by asking you to decrypt your own personal files.
(NAL) But I would have thought (at least here in ‘Straya) that it would go something like this:
“Hello sir, we’d like to take a look in that locked shed at the end of your driveway”
“Do you have a warrant or court order detective ?”
“No.. we just want to have a look inside”
“Sorry mate… the footy’s on and I need to get back inside, my beer’s getting warm”
Same scenario applies to the digital world ?
Short of a court order/search warrant…. commonsense prevails… If I’ve got nothing to hide, and the police are not being dicks, I’d probably just open the shed and get them off my back.
Or decrypt the files/folder (MYSELF – not giving them the passphrase/keys). They look at what they want, then bugger off. I reencrypt the files. No harm done.
Or tell them “Sorry mate, I lost that key a couple months ago” Then police are free to break into the shed if they think they can, and feel justified. Same as they are free to try and brute-force decrypt a digital file in the absence of me giving them the password. If my “lock” is good enough, they will have a tough time. If a judge holds me in contempt for not giving the “key”… well at that point you probably have bigger issues if it’s gotten to that stage 😀
If was truly into nefarious things stored digitally that I did not want to be put in that position, then there are several plausible-deniability options that I’m sure any villain worth their sack-with-$$$-signs would be well on top of those.
The whole “I’ve got nothing to hide so I don’t care if my rights are trampled on” is a slippery slope in my opinion 🙂