Re: I'm confused (again)
quote: "There is a non-trivial difference. First, you can be compelled to hand over your encryption keys, but it requires a court order (not a huge hurdle, admittedly). And second, at least you know that you're being so required."
I linked Section 49 of the Act, have a quick read of it.
Here is the mentioned Schedule 2 authorisations which does mention a court order, but have a read of the specifics for data obtained under statutory powers but without a warrant where it clarifies that juducial oversight is not required:
(2)Subject to paragraph 6, where—
(a)the statutory power was exercised, or is likely to be exercised, by the police, SOCA, SCDEA, Her Majesty's Revenue and Customs or a member of Her Majesty’s forces, or
(b)the information was provided or disclosed, or is likely to be provided or disclosed, to the police, SOCA, SCDEA, Her Majesty's Revenue and Customs or a member of Her Majesty’s forces, or
(c)the information is in the possession of, or is likely to come into the possession of, the police, SOCA, SCDEA, Her Majesty's Revenue and Customs or a member of Her Majesty’s forces,
the police, SOCA, SCDEA, Her Majesty's Revenue and Customs or, as the case may be, members of Her Majesty’s forces have the appropriate permission in relation to the protected information, without any grant of permission under paragraph 1. (emphasis mine)
So the police, SOCA, SCDEA, HMRC agents and all armed forces employees do not need a court order to demand disclosure, if they have reason to believe the information is important in detecting crime (section 49 3 (b)) and they obtained the information through the use of a statutory power, such as the seizure of a mobile phone after you were involved in a road traffic incident.
So you get rear-ended on the road, police look around on your phone and find an area that requires a password to unlock, you are required by law to make available all information on your phone or face a 24 month custodial sentence (5 years if the case is "national security" or "child indecency" related). They simply need to justify in court that they had reason to believe that the information they could not access could help them "detect crime". It is an edge case, absolutely, but it is also demonstrably completely legal for the police to do that should they wish to.
I categorically do not like the idea that I can be forced (under pain of custodial sentence and lasting criminal record) to make demonstrably unrelated (and innocuous) private information available when I have committed no crime, and there is no warrant for the procurement of said information. On a scale of Utopian to Oppressive, this is already crossing the line in the wrong direction, in my opinion.