UK government loses bid to force alleged hacker to hand over passwords

Lauri Love is accused of hacking into US government agencies.

The UK government has lost its bid to force an alleged hacker to hand over his passwords, which law enforcement hoped to use to gain evidence used to incriminate him.

Lauri Love, 31, is accused of hacking into US space agency NASA and the US Federal Reserve and stealing vast sums of data. He faces extradition to the US, where his lawyers say he could serve upwards of 100 years in prison.

US government pushed tech firms to hand over source code

If source code gets into the wrong hands, the damage would be incalculable.

Read More

The National Crime Agency, the British equivalent of the FBI, seized Love's computers in late 2013. It later asked the courts to force Love to turn over the passwords used to decrypt the computer's hard drives.

But a district judge said the National Crime Agency should have used ordinary police powers to compel Love to turn over his passwords -- a provision granted by police under British law.

"I'm not granting the application because, to obtain the information sought, the correct procedure to use is [the Regulation of Investigatory Powers Act] and the inherent safeguards incorporated thereafter," said Judge Nina Tempia, according to a transcript obtained by the BBC News.

RIPA allows police to prosecute a person if they hinder a criminal investigation by not disclosing a password to an encryption method, which may later be used against them.

Legal commentator David Allen Green said in a blog post on Tuesday that the National Crime Agency should "not try to get round" the RIPA safeguards.

Tempia said the courts should not be used to "circumnavigate" existing laws.

"It's a victory, although it is a more an avoidance of disaster," Love told reporters outside of the court. "It retains the status quo, which means there has to be safeguards before you force people to undermine their security."

"Instead, the National Crime Agency are asking the courts to construct an civil law 'backdoor' for obtaining encryption keys (and encrypted data) outside the statutory scheme of RIPA," he said.