A US court has ruled that authorities cannot force people to incriminate themselves by divulging their encryption passwords.

This is in marked contrast to the UK, where the Regulation of Investigatory Powers Act (RIPA) makes it a crime to decline to hand over all your incriminating files if the police demand it. If the case doesn’t involve national security, you can be put in jail for two years. If it does, five years.

Of course, the authorities would only use that power if absolutely necessary to fight terrorism, right? Well, the first person to fall afoul of section III of RIPA was an animal rights protester. She claims she didn’t have any encrypted files.

Got any old encrypted e-mails for which you no longer have the key? The RIPA has no limit, they can demand keys for files years old. Lost or forgotten the key? Someone sent you something encrypted with the wrong key? Off to jail you go.

The Guardian reports:

A US court yesterday fired a shot across the bows of those one prosecutor described as “snake oil salesmen” by recommending that the man thought to be the eighth most prolific “spammer” in the world should be jailed for nine years.

Jeremy Jaynes, 30, of North Carolina, was found guilty, along with his sister, Jessica DeGroot, of sending out thousands of fraudulent emails which conned millions of dollars from unwitting victims.

Well, it’s a start.