A British court on Tuesday rejected an attempt by security agents to force an alleged hacker to hand over his encryption keys.
Thirty-one-year-old Lauri Love has been accused by U.S. authorities of hacking into U.S. government networks between 2012 and 2013, including those of the Department of Defense, the Environmental Protection Agency, the Department of Energy, and NASA.
In October 2013, the U.K.’s equivalent of the FBI, the National Crime Agency, raided Love’s home and seized his computers and hard drives. But some of the devices contained encrypted data, meaning the agency could not access it.
Initially the British authorities served Love with an order under Section 49 of the U.K’s controversial Regulation of Investigatory Powers Act, which demanded that he hand over his passwords to open encrypted files stored on the devices. He declined to comply, and the National Crime Agency did not push the issue; Love was not charged with an offense under any British laws.
However, when Love recently launched a civil case seeking the return of his computers and storage devices, the agency renewed its encryption demand, and attempted to turn the civil proceedings around on him by using them as new means to get a judge to order Love to disclose his passwords and encryption keys. Investigators refused to return Love’s computers and hard drives on the basis that they claimed the devices could contain data that he did not have legitimate “ownership” of – for instance, hacked files. The authorities stated that if Love wanted to get his devices back, he would have to first turn over his passwords and show what was contained on them.