The England and Wales Court of Appeal Criminal Division has ruled that defendants cannot deny police an encryption key.


The ruling marks a change to the UK's Regulation of Investigatory Powers Act, which in part compels someone served under the act to divulge an encryption key used to scramble data on a PC's hard drive.


The ruling stems from a case where two suspects refused to give up encryption keys, arguing that disclosure was incompatible with the privilege against self incrimination. One of the suspects had been ordered not to move house without permission under a terrorism-prevention act. The man defied the order, and he and another man were arrested.


Police also seized encrypted material on a disc belonging to the first man, when the second man was arrested police saw he had partially entered an encryption key into a computer. In its ruling, the appeals court said an encryption key is no different than a physical key and exists separately from a person's will.


The court said: “The key to the computer equipment is no different to the key to a locked drawer. The contents of the drawer exist independently of the suspect; so does the key to it. The contents may or may not be incriminating: the key is neutral.”


Failure to provide a key could mean a two-year prison sentence or up to five years if the case involves national security.