I have read about the Snooper's Charter here in the UK. If my ISP is logging all my web traffic, it makes me want to use a VPN. Some of the news stories said that encryption might be illegal or be required to be lowered somehow. So, is it illegal to use a VPN in the UK?

Question asked 5 months ago by Random Googler (email hidden)

Using a VPN in the UK is perfectly legal, at the time of writing. This is a great question because, as you've noticed, some of the news stories have been misleading over the last few weeks.

I'm not a solicitor or legal eagle! But here is my understanding of current UK law.

The Snooper's Charter became legally enforceable in November 2016 but it has no provisions for banning encryption or cryptography. Even using the strongest possible ciphers on your VPN is still legal in the UK.

Spokespersons for the UK government have given us mixed messages about their intentions for cryptography. Some have said that the government has no intention to hamper or limit secure connections over the Internet or weaken encryption (as this could have disastrous consequences for legitimate users). Others have hinted that encryption has no place in modern society! Wow. But these are decisions which have yet to be made.

If you are arrested for a crime, you may be required to hand over cryptographic keys and passphrases. If you don't comply then that too would be illegal. These provisions have been law for several years. It may include your VPN keys and password, assuming law enforcement has access to your logged VPN packets, which is doubtful. ISPs simply don't have the hardware or desire to retain that amount of information.

The Snooper's Charter, however, does grant intelligence agencies the legal right to interfere with your equipment. This could mean gaining unauthorised access to your computer or router to disable or circumvent your encryption, or gain access to your cryptographic keys without your knowledge. The Snowden files demonstrated that they have malware and exploit toolkits to achieve this, but general understanding at the moment is that this is for specific cases only, not part of a mass surveillance program.

So for general protection a VPN is ideal and legal to use in the UK. I would recommend a secure VPN or privacy VPN as a matter of personal preference, but any good VPN or homebrew OpenVPN server will be enough to avoid dragnet surveillance from UK ISPs.

Answered by Xander (staff)