Feeds

RIPA could be challenged on human rights

Forcing encryption keys out of defendants a little iffy

3 Big data security analytics techniques

The government's new powers to force the handover of encryption keys could be vulnerable to a legal challenge under the Human Rights Act's guarantee to a fair trial. People who refuse keys or passwords face up to five years in jail.

The Regulation of Investigatory Powers Act (RIPA) was changed last autumn to allow police to force people to hand over passwords or keys to encrypted data. Refusal to do so is a criminal offence carrying a penalty of two years in jail, or up to five years if the issue concerns national security.

One criminal law specialist has told technology law podcast OUT-LAW Radio that the law could be challenged under the Human Rights Act, though he also warned that such a challenge could fail under legal tests set out by the European Court of Justice (ECJ).

In the UK people under arrest have a right to remain silent, which could be used as a reason not to tell police a password. That right is not absolute, though, and defendants would have to rely on the Human Rights Act-enshrined right to a fair trial, according to Jonathan Rogers, a criminal law academic at UCL in London.

"Article 6 [of the Human Rights Act] provides us all with the right to a fair trial both in civil and criminal proceedings, it gives various rights such as the right to a lawyer, the right to be able to understand the language, the right to be able to examine any witnesses against you," said Rogers. "There aren't any words addressing the principle of self-incrimination, but the European Court read in those words to the text many years ago, which of course gives them more flexibility in later on interpreting them."

Last year a British man, a Mr O'Halloran, attempted to use that defence for his refusal to tell police who was driving a car caught on camera speeding. He lost at the ECJ because he failed tests set down by that court.

It said that courts should decide whether or not to force someone to disclose information which might be self-incriminating they should assess what the nature of the compulsion to disclose is, the number of safeguards which exist and the use to which the information might be put.

In O'Halloran's case it was decided that he should be made to disclose the information, but this would not always be the case. Rogers said that the seriousness of the compulsion to disclose, and the harsh penalty of going to jail, might sway judges in other cases not to force disclosure.

On the other hand, he said, the fact that an investigation has to be well-advanced and has to be sanctioned by a senior police officer before keys can be demanded could weigh in the police's favour.

"Safeguards would include whether the investigation has been authorised at a senior level and whether there is already some evidence against the defendant in the first place," he said. "Obviously the more evidence against the defendant, the more reasonable it is to expect him to cooperate with the inquiry."

Human rights law lecturer Colm O'Cinneide, also of UCL, said that while the reasons for introducing such a law seemed reasonable in the face of an increased terrorist threat, there was cause for privacy concern as surveillance law mounts up.

"It certainly raises lingering concerns, a certain unease in general about the gradual erosion of our privacy," he said. "The law doesn't necessarily provide very strong protection in this area and the government, investigative authorities and the police are amassing quite a lot of power. You are ending up at the end of the day with very broad surveillance powers."

William Malcolm, an privacy law specialist at Pinsent Masons, the law firm behind OUT-LAW.COM, said that the RIPA legislation itself provides protection for privacy.

"The whole purpose of the Regulation of Investigatory Powers framework is to place on a statutory footing, on a transparent footing, the way in which law enforcement agencies and national security agencies access these materials," he said. "Why? Because by having that level of transparency we can ensure the protection of people's rights."

Copyright © 2008, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

SANS - Survey on application security programs

More from The Register

next story
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
APPLE FAILS to ditch class action suit over ebook PRICE-FIX fiasco
Do not pass go, do cough (up to) $840m in damages
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.