Feeds

RIPA could be challenged on human rights

Forcing encryption keys out of defendants a little iffy

Internet Security Threat Report 2014

The government's new powers to force the handover of encryption keys could be vulnerable to a legal challenge under the Human Rights Act's guarantee to a fair trial. People who refuse keys or passwords face up to five years in jail.

The Regulation of Investigatory Powers Act (RIPA) was changed last autumn to allow police to force people to hand over passwords or keys to encrypted data. Refusal to do so is a criminal offence carrying a penalty of two years in jail, or up to five years if the issue concerns national security.

One criminal law specialist has told technology law podcast OUT-LAW Radio that the law could be challenged under the Human Rights Act, though he also warned that such a challenge could fail under legal tests set out by the European Court of Justice (ECJ).

In the UK people under arrest have a right to remain silent, which could be used as a reason not to tell police a password. That right is not absolute, though, and defendants would have to rely on the Human Rights Act-enshrined right to a fair trial, according to Jonathan Rogers, a criminal law academic at UCL in London.

"Article 6 [of the Human Rights Act] provides us all with the right to a fair trial both in civil and criminal proceedings, it gives various rights such as the right to a lawyer, the right to be able to understand the language, the right to be able to examine any witnesses against you," said Rogers. "There aren't any words addressing the principle of self-incrimination, but the European Court read in those words to the text many years ago, which of course gives them more flexibility in later on interpreting them."

Last year a British man, a Mr O'Halloran, attempted to use that defence for his refusal to tell police who was driving a car caught on camera speeding. He lost at the ECJ because he failed tests set down by that court.

It said that courts should decide whether or not to force someone to disclose information which might be self-incriminating they should assess what the nature of the compulsion to disclose is, the number of safeguards which exist and the use to which the information might be put.

In O'Halloran's case it was decided that he should be made to disclose the information, but this would not always be the case. Rogers said that the seriousness of the compulsion to disclose, and the harsh penalty of going to jail, might sway judges in other cases not to force disclosure.

On the other hand, he said, the fact that an investigation has to be well-advanced and has to be sanctioned by a senior police officer before keys can be demanded could weigh in the police's favour.

"Safeguards would include whether the investigation has been authorised at a senior level and whether there is already some evidence against the defendant in the first place," he said. "Obviously the more evidence against the defendant, the more reasonable it is to expect him to cooperate with the inquiry."

Human rights law lecturer Colm O'Cinneide, also of UCL, said that while the reasons for introducing such a law seemed reasonable in the face of an increased terrorist threat, there was cause for privacy concern as surveillance law mounts up.

"It certainly raises lingering concerns, a certain unease in general about the gradual erosion of our privacy," he said. "The law doesn't necessarily provide very strong protection in this area and the government, investigative authorities and the police are amassing quite a lot of power. You are ending up at the end of the day with very broad surveillance powers."

William Malcolm, an privacy law specialist at Pinsent Masons, the law firm behind OUT-LAW.COM, said that the RIPA legislation itself provides protection for privacy.

"The whole purpose of the Regulation of Investigatory Powers framework is to place on a statutory footing, on a transparent footing, the way in which law enforcement agencies and national security agencies access these materials," he said. "Why? Because by having that level of transparency we can ensure the protection of people's rights."

Copyright © 2008, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Bladerunner sequel might actually be good. Harrison Ford is in it
Go ahead, you're all clear, kid... Sorry, wrong film
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
Euro Parliament VOTES to BREAK UP GOOGLE. Er, OK then
It CANNA do it, captain.They DON'T have the POWER!
Forget Hillary, HP's ex CARLY FIORINA 'wants to be next US Prez'
Former CEO has political ambitions again, according to Washington DC sources
prev story

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.