Tuesday 10 May 2016 11:42 am

UK security services fail in legal bid to get hacker Lauri Love to hand over passwords for encrypted device via "back door"

The UK's security services have failed in their bid to force a hacker to hand over passwords which would give them access to encrypted information held on his computer, in what's been called a landmark case.

A judge has ruled today against the National Crime Agency (NCA), which was seeking the passwords as part of a civil case brought by Lauri Love for the return of the computes and hard drives which had been seized.

No charges were brought against Love after the NCA investigated him in 2013, but he is fighting extradition to the US where he faces charges of hacking into the computers of the Federal Reserve.

Love's legal team had argued that the NCA's attempt to get hold of the passwords would be a blow to privacy and amounted to a "power grab" pursuing information via the back door, rather than the established method.

The NCA claims screenshots grabbed before the devices were locked down by the encryption showed information from Nasa, the US military and the department of energy.  

The judge at Westminster Magistrates Court today denied the NCA's application and said the information should have been pursued under the Regulatory Powers Act (Ripa) which governs surveillance and investigations by public bodies.

"The case management powers of the court are not to be used to circumvent specific legislation that has been passed in order to deal with the disclosure sought," the judge ruled.

"Mr Love is very pleased with the decision of District Judge Tempia today not to grant the direction requested by the NCA. This was clearly the right outcome," said Love's lawyer, Karen Todner.

"The case raised important issues of principle in relation to the right to respect for private life and right to enjoyment of property and the use of the court’s case management powers. A decision in the NCA’s favour would have set a worrying precedent for future investigations of this nature and the protection of these important human rights."

"The NCA first served a RIPA Notice on Mr Love in February 2014 but took no further action to continue it after he did not comply. Over two years later, by seeking a direction from the Court for Mr Love to disclose the encryption keys and passwords, the NCA were clearly attempting to circumvent the proper statutory mechanisms put in place by Parliament for the investigation of encrypted data and the important safeguards tied in with these. The District Judge rightly saw through this approach and found in Mr Love’s favour."

The ruling follows the high profile case in which the FBI pursued Apple in the courts in the US for access to information on an encrypted iPhone and both cases highlight the growing tensions between privacy and security.

The NCA could not comment on the case, which is ongoing. The next court date is set for July.