Law Stack Exchange
Law Stack Exchange

Questions tagged [encryption]

71 questions
54
votes
3 answers

Would open source programs that use encryption be illegal under this draft of the "Compliance with Court Orders Act of 2016"

The U.S. congress has a draft for a bill that would require companies to fetch information from a device when requested by a court. A consequence of this is that many types of security technology become illegal for any company subject to U.S.…
Christopher King
  • 1,754
  • 3
  • 16
  • 21
22
votes
1 answer

Am I obligated to decrypt lots of data for GDPR requests?

I am providing a B2B service where customer data of businesses are stored in an SQL table. As I never need to query for this personal data, the data at rest there is asymmetrically encrypted with the associated businesses public key. Since the…
dmuensterer
  • 323
  • 2
  • 7
15
votes
2 answers

Does GDPR apply if my web app stores personal data on the user's phone only?

My web app stores personal data about the user, but on the user's phone only (HTML5 Local Storage). The data is never touched by any server or database. I can't see the data. My server can't see the data. I do not store it anywhere outside of the…
Chris
  • 253
  • 2
  • 6
9
votes
1 answer

Can law enforcement legally force someone to unlock a device themselves in the US?

We're all likely aware of the big Apple vs FBI case where the FBI wants to force Apple to open a back door in its encryption on iPhones, and we'll soon discover what the law will decide on that, but it got me thinking: Obviously a subject could…
CuriousWebDeveloper
  • 321
  • 1
  • 4
8
votes
2 answers

If police get a search warrant, does it have any limitations? Must the person turn over all passwords?

I'm not sure how to phrase this question and I guess it depends on circumstances. Say the police suspect you of building a bomb and a judge issues a warrant. To what extent can they search you and your belongings? Can they search your entire…
JakeP
  • 327
  • 2
  • 6
8
votes
1 answer

Is throw-away-the-key-encryption allowed under GDPR?

Article 15 of the GDPR says: The data subject shall have the right to obtain [...] personal data [if it is being "processed"] Article 4 says that "processing" includes storage. Therefore, all stored personal data should be available upon…
Matt Thomas
  • 183
  • 5
8
votes
2 answers

Does an Internet Service Provider rewriting TCP traffic to prevent SSL/TLS constitute wiretap?

Context: I rent two dedicated servers from a hosting provider, one on a yearly basisis, the other monthly. The Terms of Service and AUP state clearly that they are not to access the server or data contained within without a work authorization or…
Tyzoid
  • 185
  • 6
7
votes
2 answers

If a company actively and knowingly displays user passwords to their staff, is it breaking GDPR laws?

I used to work for a company, where they have a team of moderators, who actively monitor which accounts are scammers etc. To monitor this they can find links between user accounts via a users password, so they are able to see all user passwords in…
Tom
  • 73
  • 3
7
votes
1 answer

Can tech companies wishing to prevent secret backdoors discriminate in hiring against Australians?

Australia has passed a law which apparently requires tech workers to develop backdoors which can defeat a company's encryption and security features, without informing their employer, if ordered to do so (and it is now a crime if they refuse, or…
WBT
  • 5,076
  • 2
  • 32
  • 61
7
votes
1 answer

Can you be legally compelled to disclose your password in a criminal investigation?

Let's say you use encryption on your computer, and you've been arrested. The police believe there is evidence on your computer, and have seized the computer via a warrant. The police cannot extract any information because your hard drive is…
user13525
4
votes
2 answers

Can a company be sued for storing plain-text passwords?

Even if most of the developers nowadays understand the necessity of encryption, a consequent amount of websites still store the user's password as plain-text. It can be easy to spot : just asking for a password recovery and see if they send back…
MedAl
  • 150
  • 1
  • 8
4
votes
1 answer

Can I be compelled by law to decrypt information in UK?

Is there any law currently in place within the UK that can force someone to decrypt information? Either by forcing them to supply the password/key or forcing them to provide the information in an unencrypted format. For example I am communicating…
Terry
  • 510
  • 4
  • 17
4
votes
1 answer

Is it legal to make encryption breaking technology public?

Much of our critical infrastructure relies on encryption as the bedrock of its security. Encryption, however, is a practically a "very hard" mathematical problem that will take eternity to solve with current technology. Let us say someone using the…
Ugam Kamat
  • 195
  • 5
4
votes
2 answers

Is brute forcing the password of an encrypted file legal?

A person I know sent me an encrypted .zip archive and I do not know what data is inside. Is it legal to break the password and open the archive, for example, by using a brute force algorithm? The algorithm may need a long time, but it will reveal…
pschill
  • 157
  • 3
4
votes
3 answers

Are encryption apps (iOS) exempt from US Export Regulations if released to the US App Store only?

Note: The original question in iTunes Connect regarding exemptions has since been changed to reflect recent changes made to their FAQ as follows: Does your app meet any of the following: (a) Qualifies for one or more exemptions provided under…
Matt Borja
  • 179
  • 1
  • 1
  • 9
1
2 3 4 5