Feeds

RIPA could be challenged on human rights

Forcing encryption keys out of defendants a little iffy

Secure remote control for conventional and virtual desktops

The government's new powers to force the handover of encryption keys could be vulnerable to a legal challenge under the Human Rights Act's guarantee to a fair trial. People who refuse keys or passwords face up to five years in jail.

The Regulation of Investigatory Powers Act (RIPA) was changed last autumn to allow police to force people to hand over passwords or keys to encrypted data. Refusal to do so is a criminal offence carrying a penalty of two years in jail, or up to five years if the issue concerns national security.

One criminal law specialist has told technology law podcast OUT-LAW Radio that the law could be challenged under the Human Rights Act, though he also warned that such a challenge could fail under legal tests set out by the European Court of Justice (ECJ).

In the UK people under arrest have a right to remain silent, which could be used as a reason not to tell police a password. That right is not absolute, though, and defendants would have to rely on the Human Rights Act-enshrined right to a fair trial, according to Jonathan Rogers, a criminal law academic at UCL in London.

"Article 6 [of the Human Rights Act] provides us all with the right to a fair trial both in civil and criminal proceedings, it gives various rights such as the right to a lawyer, the right to be able to understand the language, the right to be able to examine any witnesses against you," said Rogers. "There aren't any words addressing the principle of self-incrimination, but the European Court read in those words to the text many years ago, which of course gives them more flexibility in later on interpreting them."

Last year a British man, a Mr O'Halloran, attempted to use that defence for his refusal to tell police who was driving a car caught on camera speeding. He lost at the ECJ because he failed tests set down by that court.

It said that courts should decide whether or not to force someone to disclose information which might be self-incriminating they should assess what the nature of the compulsion to disclose is, the number of safeguards which exist and the use to which the information might be put.

In O'Halloran's case it was decided that he should be made to disclose the information, but this would not always be the case. Rogers said that the seriousness of the compulsion to disclose, and the harsh penalty of going to jail, might sway judges in other cases not to force disclosure.

On the other hand, he said, the fact that an investigation has to be well-advanced and has to be sanctioned by a senior police officer before keys can be demanded could weigh in the police's favour.

"Safeguards would include whether the investigation has been authorised at a senior level and whether there is already some evidence against the defendant in the first place," he said. "Obviously the more evidence against the defendant, the more reasonable it is to expect him to cooperate with the inquiry."

Human rights law lecturer Colm O'Cinneide, also of UCL, said that while the reasons for introducing such a law seemed reasonable in the face of an increased terrorist threat, there was cause for privacy concern as surveillance law mounts up.

"It certainly raises lingering concerns, a certain unease in general about the gradual erosion of our privacy," he said. "The law doesn't necessarily provide very strong protection in this area and the government, investigative authorities and the police are amassing quite a lot of power. You are ending up at the end of the day with very broad surveillance powers."

William Malcolm, an privacy law specialist at Pinsent Masons, the law firm behind OUT-LAW.COM, said that the RIPA legislation itself provides protection for privacy.

"The whole purpose of the Regulation of Investigatory Powers framework is to place on a statutory footing, on a transparent footing, the way in which law enforcement agencies and national security agencies access these materials," he said. "Why? Because by having that level of transparency we can ensure the protection of people's rights."

Copyright © 2008, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Bono: Apple will sort out monetising music where the labels failed
Remastered so hard it would be difficult or impossible to master it again
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.