Lauri Love’s trial: escaping thoughtcrime in the UK

United Kingdom (PI) – British hacker Lauri Love was back at the Westminster Magistrate Court on July 25th for the final court hearing of his legal fight against extradition to the US. If extradited, he would face a sentence of up to 99 years for having allegedly hacked into the US Army, the US Federal Reserve, the Federal Bureau of Investigation, NASA, and the Missile Defence Agency, as part of the Anonymous-led online protest #OpLastResort.

Love’s trial has raised important questions for the right to privacy in the UK. When he first got arrested, Love was served with Section 49 of the Regulation of Investigatory Powers Act (RIPA), which allows the police to demand the decryption of a hard drive, under certain circumstances. In order to demand decryption, the police have to prove the defendant can decrypt the requested material, that ordering such decryption is necessary and proportionate, and that there is no other less invasive way to obtain the material. Love had declined to decrypt his hard drive and the National Crime Agency (NCA) did not pursue the case.

However, Lauri Love brought a claim under the Police Property Act in order to retrieve his computers seized by the NCA. The NCA attempted to take advantage of the procedure to once again demand the decryption of his hard drives. But the NCA lost the case, as the judge considered this to be an attempt to circumvent the safeguards in RIPA.

Image Source: Pixabay.com

Image Source: Pixabay.com

Despite the safeguards, Section 49 of RIPA raises important questions worth bearing in mind. With the Fifth Amendment – the right to remain silent – the United States offers stronger protections against self-incrimination, despite frequent erosions into those safeguards. Cases of hard drive decryption in the US have been ruled by federal courts, and decisions have so far varied from one case to another. In Pennsylvania, US District Judge Mark Kearney had ruled in a case opposing insider trading suspects to the Security and Exchange Commission (SEC) that “the SEC is not seeking business records but Defendants’ personal thought processes.” The use of the Fifth Amendment to decline turning over passwords was in that case accepted.

With this context in mind, it is regrettable that the attempt by the British authorities to bring their mass surveillance and hacking activities within the rule of law through the IPB did not also address the serious issue around self-incrimination.

“Thoughtcrime” is one of the issues at stake with Section 49, indeed forcing decryption of a complete hard drive goes beyond interception of communications. A hard drive is where your thoughts are stored before you decide to erase them or to share them, therefore does that mean there can be no thoughts that the state cannot read?

While the police need to be able to investigate and get access to necessary evidence – the same way upon obtaining a warrant, a house can be searched – it is essential for the UK to take into account the unique nature of electronic devices and to ensure that proper legal and technical protections against self-incriminations are in place.

 

This report prepared by Eva Blum-Dumontet for Privacy International.