NCA's bid to get Lauri Love US hack case passwords thrown out

A bid by the National Crime Agency to force an alleged cyber hacker to hand over encrypted computer passwords has been thrown out by a judge.

The US is attempting to extradite Lauri Love, 31, on charges of hacking into the US Army, Nasa and US Federal Reserve networks.

The agency (NCA) seized the computers during a raid at Mr Love’s home in Stradishall, Suffolk, in October 2013.

A call to hand over passwords was rejected by a district judge.

Delivering her judgment at London’s Westminster Magistrates’ Court, District Judge Nina Tempia said the NCA should have used the normal police powers rather than a civil action to obtain the information.

“I’m not granting the application because, to obtain the information sought, the correct procedure to use – as the NCA did two-and-a-half years ago – is RIPA (Regulation of Investigatory Powers Act) and the inherent safeguards incorporated thereafter,” she said.

She added the powers of the court should not be used to “circumnavigate” existing laws and the safeguards.


Chris Baraniuk, technology reporter

Law enforcement agencies continue to pursue their latest public enemy number one: encryption.

Very simply, encryption means that data is converted to illegible code that can only be unscrambled when the correct “key” is used.

Often, even tech companies can’t read the data on encrypted devices used by their customers.

Recently, the FBI sought to compel Apple into helping the bureau gain access to an iPhone used by one of the San Bernardino killers.

Although they had the backing of the US courts, Apple refused – and agents had to find a way into the handset themselves.

In Lauri Love’s case, the UK’s National Crime Agency (NCA) hoped to access computer equipment by forcing Mr Love to give up the key, but this request has not been approved by the district judge.

As journalist David Allen Green noted in a blog, such approval would have allowed the NCA to “sidestep” the Regulation of Investigatory Powers Act.

Privacy campaigners have already praised the decision – but the authorities’ longer battle over encryption technologies is unlikely to end here.

Speaking outside court following the ruling, Mr Love said he was “happy” with the result and accused the NCA of trying to undermine protections safeguarding individuals’ property.

He said: “It is a victory, although it is a more an avoidance of disaster.

“It retains the status quo, which means there has to be safeguards before you force people to undermine their security.”

‘Power grab’

Mr Love is accused of stealing “massive quantities” of sensitive data resulting in millions of dollars of losses and his lawyers say he faces up to 99 years in prison in the US if he is found guilty.

After the raid, no charges were brought in Britain against Love, but the NCA wanted him to hand over his passwords so officers can check the data before all the electronics were returned.

Mr Love’s team says the application, if granted, would be a significant blow to privacy and amounts to a “power grab” by the security services.