RIPA could be challenged on human rights
Forcing encryption keys out of defendants a little iffy
The government's new powers to force the handover of encryption keys could be vulnerable to a legal challenge under the Human Rights Act's guarantee to a fair trial. People who refuse keys or passwords face up to five years in jail.
The Regulation of Investigatory Powers Act (RIPA) was changed last autumn to allow police to force people to hand over passwords or keys to encrypted data. Refusal to do so is a criminal offence carrying a penalty of two years in jail, or up to five years if the issue concerns national security.
One criminal law specialist has told technology law podcast OUT-LAW Radio that the law could be challenged under the Human Rights Act, though he also warned that such a challenge could fail under legal tests set out by the European Court of Justice (ECJ).
In the UK people under arrest have a right to remain silent, which could be used as a reason not to tell police a password. That right is not absolute, though, and defendants would have to rely on the Human Rights Act-enshrined right to a fair trial, according to Jonathan Rogers, a criminal law academic at UCL in London.
"Article 6 [of the Human Rights Act] provides us all with the right to a fair trial both in civil and criminal proceedings, it gives various rights such as the right to a lawyer, the right to be able to understand the language, the right to be able to examine any witnesses against you," said Rogers. "There aren't any words addressing the principle of self-incrimination, but the European Court read in those words to the text many years ago, which of course gives them more flexibility in later on interpreting them."
Last year a British man, a Mr O'Halloran, attempted to use that defence for his refusal to tell police who was driving a car caught on camera speeding. He lost at the ECJ because he failed tests set down by that court.
It said that courts should decide whether or not to force someone to disclose information which might be self-incriminating they should assess what the nature of the compulsion to disclose is, the number of safeguards which exist and the use to which the information might be put.
In O'Halloran's case it was decided that he should be made to disclose the information, but this would not always be the case. Rogers said that the seriousness of the compulsion to disclose, and the harsh penalty of going to jail, might sway judges in other cases not to force disclosure.
On the other hand, he said, the fact that an investigation has to be well-advanced and has to be sanctioned by a senior police officer before keys can be demanded could weigh in the police's favour.
"Safeguards would include whether the investigation has been authorised at a senior level and whether there is already some evidence against the defendant in the first place," he said. "Obviously the more evidence against the defendant, the more reasonable it is to expect him to cooperate with the inquiry."
Human rights law lecturer Colm O'Cinneide, also of UCL, said that while the reasons for introducing such a law seemed reasonable in the face of an increased terrorist threat, there was cause for privacy concern as surveillance law mounts up.
"It certainly raises lingering concerns, a certain unease in general about the gradual erosion of our privacy," he said. "The law doesn't necessarily provide very strong protection in this area and the government, investigative authorities and the police are amassing quite a lot of power. You are ending up at the end of the day with very broad surveillance powers."
William Malcolm, an privacy law specialist at Pinsent Masons, the law firm behind OUT-LAW.COM, said that the RIPA legislation itself provides protection for privacy.
"The whole purpose of the Regulation of Investigatory Powers framework is to place on a statutory footing, on a transparent footing, the way in which law enforcement agencies and national security agencies access these materials," he said. "Why? Because by having that level of transparency we can ensure the protection of people's rights."
Copyright © 2008, OUT-LAW.com
OUT-LAW.COM is part of international law firm Pinsent Masons.
Sponsored: Network DDoS protection