Initial password prosecutions in UK
Between the 1st of April 2008 and 31st March 2009, the first prison sentences were imposed because the accused refused to surrender passwords or cryptographic keys. This disclosure appears in the annual report of the Chief Surveillance Commissioner to the Prime Minister and Scottish Ministers. Two people were sentenced on the basis of powers which came into operation in October 2007 when part three of the Regulation of Investigatory Powers Act (RIPA) 2000 was brought into law. The law allows enforcement agencies to prosecute when a person does not reveal, upon request, passwords and encryption keys, with a threat of up to five years in prison.
Details about the crimes and whether these are two separate criminal acts are not shown in the report. Overall, the report says that 26 applications for section 49 RIPA powers were made, with 17 obtaining permission from a judge to proceed. Of the 17, 15 notices were served. Eleven individuals failed to comply with these orders, which resulted in seven charges being brought and the two convictions. The report says that the types of crimes under investigation in these cases were "counter terrorism, child indecency and domestic extremism".