UK Hacktivist Lauri Love has been spared from having to hand over vital encryption keys at Westminster Magistrates’ Court on Tuesday. Nina Tempia, a UK district judge, has decided against granting the UK government permission to demand encryption keys from the alleged 31-year-old British hacker.
Lauri Love is accused of hacking the US army, various US government agencies and the Federal Reserve causing ‘millions of dollars worth of damage’, and was arrested in October of 2013 at which time his computer and external hard drives were also confiscated from his home in Suffolk.
In 2013, the UK’s version of the FBI – the National Crime Agency (NCA) – attempted to force Mr. Love (who is diagnosed with Asperger’s syndrome) to hand over his encryption keys with Section 49 of the U.K’s highly controversial RIPA legislation. Love refused, and at that time, it appeared that the NCA had resigned itself to not getting the encryption passwords it wanted.
The case itself surrounds accusations of Love’s involvement with the Anonymous hacker collective’s #OpLastResort. Love was allegedly involved in coordinating and carrying out attacks against the US Environmental Protection Agency, Department of Energy, Department of Defense, and NASA.
The British Asperger’s sufferer is also fighting extradition to the US, where his legal team fears he could face an unfair trial at the hands of the Department of Defence, and could land a conviction with a massive 99-year prison term!
In an attempt to regain his personal things (his laptop, encrypted hard drives, and a memory card), Love decided to enter into the process of suing the UK’s NCA. It is during that civil case that the NCA decided to renew its attempts to gain a court order forcing the accused hacker to hand over his encryption keys. In a document from that case (dated March of this year), those details are clearly visible. They include a request from NCA for Love to ‘provide the encryption key or password’ for access to his Samsung Laptop which was encrypted using TrueCrypt software.
If the NCA had been successful in that request, it would have meant that existing legislation which currently protects passwords in the UK would have been bypassed. Luckily for Mr. Love, however, a district judge decided on Tuesday to deny the request – finding it to be unlawful.
The outcome was a win for privacy campaigners, including Naomi Colvin from Courage Foundation, who had expressed grave concern that the case could have repercussions for other situations involving encryptions in the UK, including cases involving other activists and journalists.
‘His case fits into a pattern of political prosecutions of hacktivists and other truth tellers. From our work with some of our other beneficiaries — particularly Jeremy Hammond and Barrett Brown — we’re very familiar with the prosecutorial overreach, inflated damage figures, absurd sentencing, and discriminatory prison treatment, including frequent spells in solitary confinement, that is common in these kinds of cases.’ Commented Colvin (who has also been fundraising for Love’s case with the foundation).
Also commenting on the win, Love’s attorney Karen Todner had the following to say,
‘The NCA first served a RIPA Notice on Mr. Love in February 2014 but took no further action to continue it after he did not comply. Over two years later, by seeking a direction from the Court for Mr. Love to disclose the encryption keys and passwords, the NCA were clearly attempting to circumvent the proper statutory mechanisms put in place by Parliament for the investigation of encrypted data and the important safeguards tied in with these. The District Judge rightly saw through this approach and found in Mr. Love’s favour.
We continue to defend his extradition proceedings which are ongoing.’
UK’s Love Affair With Snooping
The UK is, of course, in the process of rushing through new legislation that seeks to allow UK government agencies to circumnavigate encryption for the sake of national security. Under the Snoopers Charter demanding encryption keys, and encryption backdoors could be made lawful. The Draft Communications Bill, in fact, would likely mean that Love could be tried as a domestic terrorist for not handing over the encryption keys (that under current legislation he has not been forced to reveal).
Despite the ongoing debate about the Snoopers Charter’s possible effect on encryption. It remains true that while GCHQ has its heart set on promoting encryption with backdoors such as the MIKEY-SAKE protocol, strong encryption like that used by Love will still be available.
Gunter Ollman, CSO of Vectra Networks, agrees that the UK government is out of touch if it believes that the Snoopers charter will deter serious cyber criminals from encrypting their drives,
‘At the end of the day, let’s take the worst-case scenario that this bill gets passed with its most powerful legal interception laws intact and eventually undermining the default encryption (and inclusion of backdoor functionality) of technology products sold in the UK. The reality is that criminals and any reasonably literate technological citizen will simply be able to download other third-party encryption tools (e.g. TOR) to make redundant those restrictions and snooping laws.’
The third party encryption that Love chose to use (TrueCrypt) is actually not being developed anymore. It was also found to have a critical flaw back in October of last year. A ‘fork’ of that software (with a team of international developers) called VeraCrypt, however, is still active and has already fixed the flaw discovered in TrueCrypt.
It is undeniable that while third party encryption of this kind is available (and newer more robust encryption is being developed all the time), the Snoopers charter will do little for national security. Instead helping only to subject the British general public to unjustifiable surveillance.
As for Lauri Love’s extradition hearing: It is scheduled for the 28th and 29th of June. So it will remain until later in the year to see if his defence attorneys can keep him in Britain, where he hopes only to be tried by UK courts.