A new law has come into force in the UK that can virtually obliterate online and mobile privacy. Under new provisions in Part III of the Regulation of Investigative Powers Act 2000 (RIPA), people who encrypt data must hand over the encryption key to police if they’re asked, or make the data intelligible. That provision was in the original act, but at the time so little data was encrypted that it was never activated – until now. Refusal to comply can bring a jail sentence of between two and five years, the longer term occurring if the refusal is part of a terrorism investigation. Additionally, telecoms companies now have to keep a log of all voice and text messages sent and received for the next year, as of October 1. Although the government has given assurances that the powers will only be invoked when necessary, and that the act complies with the European Convention on Human Rights, and that anyone who objects to a request can take it to the Investigatory Powers Tribunal. A Home Office spokesman told vnunet.com, “The measures in Part III are intended to ensure that the ability of public authorities to protect the public and the effectiveness of their other statutory powers are not undermined by the use of technologies to protect electronic information." Unsurprisingly, civil libertarians have criticized the provision, not only as an infringement on privacy, but that it will probably have little effect.