In most developed countries, regular people have the right to encrypt their devices and refuse to disclose their password to the authorities. Unfortunately, residents of the UK are not so lucky. According to Section 49 of the Regulation of Investigatory Powers Act (2000), individuals can be compelled to disclose a password. This rightfully horrifies the privacy-minded, but it does not render the encryption of personal devices pointless.

Anecdotal reports from residents of the UK indicate that the confiscation and inspection of digital devices is routine, even for the most trivial of cases that would not obviously involve a computer. One need not be suspected of hacking, downloading criminalized images of children, or operating a major drug trafficking ring. Upon seizing devices, investigators have more or less free rein to comb through whatever data is not protected by encryption. There is a reasonable chance that they could find things they weren't even looking for, leading to legal trouble or extreme embarrassment.

Despite the existence of RIPA, encrypting one's device still helps to protect suspects against digital fishing expeditions. There is a specific process required to force an individual to disclose those password, and as such there is no legal liability for refusing to disclose one's password to the police following a simple request to do so. In such cases, the answer should always be no, for the same reasons that requests to take devices without a warrant should always be declined. If a RIPA Warning Form is provided during an interview, the answer should still be no. To compel a suspect to disclose their password to the authorities, the police must apply to a court for as RIPA Notice, and the process is not simple. If you are issued with such a notice, you still have the option to refuse or challenge the notice. Do not allow the police to intimidate you into making a hasty decision.

Of course, should you use a hidden container to encrypt your most sensitive and embarrassing data, a RIPA notice would not even be an issue. Software like VeraCrypt and BestCrypt allows you to hide an encrypted container within a decoy encrypted container. You would simply fill a regular encrypted container with data you may plausibly wish to protect, and then store the data you really wish to hide in the hidden container. You would hand over the password to the regular container, thus complying with the demand for the password to the encrypted container. There would be no way to prove the existence of a hidden container, even under forensic investigation, as it looks exactly the same as free space inside a regular container.

Even under the UK's oppressive legal landscape, it is always better for British residents to encrypt their data and cooperate only to the legally required minimum at each stage of the process.