Feeds

RIPA could be challenged on human rights

Forcing encryption keys out of defendants a little iffy

Internet Security Threat Report 2014

The government's new powers to force the handover of encryption keys could be vulnerable to a legal challenge under the Human Rights Act's guarantee to a fair trial. People who refuse keys or passwords face up to five years in jail.

The Regulation of Investigatory Powers Act (RIPA) was changed last autumn to allow police to force people to hand over passwords or keys to encrypted data. Refusal to do so is a criminal offence carrying a penalty of two years in jail, or up to five years if the issue concerns national security.

One criminal law specialist has told technology law podcast OUT-LAW Radio that the law could be challenged under the Human Rights Act, though he also warned that such a challenge could fail under legal tests set out by the European Court of Justice (ECJ).

In the UK people under arrest have a right to remain silent, which could be used as a reason not to tell police a password. That right is not absolute, though, and defendants would have to rely on the Human Rights Act-enshrined right to a fair trial, according to Jonathan Rogers, a criminal law academic at UCL in London.

"Article 6 [of the Human Rights Act] provides us all with the right to a fair trial both in civil and criminal proceedings, it gives various rights such as the right to a lawyer, the right to be able to understand the language, the right to be able to examine any witnesses against you," said Rogers. "There aren't any words addressing the principle of self-incrimination, but the European Court read in those words to the text many years ago, which of course gives them more flexibility in later on interpreting them."

Last year a British man, a Mr O'Halloran, attempted to use that defence for his refusal to tell police who was driving a car caught on camera speeding. He lost at the ECJ because he failed tests set down by that court.

It said that courts should decide whether or not to force someone to disclose information which might be self-incriminating they should assess what the nature of the compulsion to disclose is, the number of safeguards which exist and the use to which the information might be put.

In O'Halloran's case it was decided that he should be made to disclose the information, but this would not always be the case. Rogers said that the seriousness of the compulsion to disclose, and the harsh penalty of going to jail, might sway judges in other cases not to force disclosure.

On the other hand, he said, the fact that an investigation has to be well-advanced and has to be sanctioned by a senior police officer before keys can be demanded could weigh in the police's favour.

"Safeguards would include whether the investigation has been authorised at a senior level and whether there is already some evidence against the defendant in the first place," he said. "Obviously the more evidence against the defendant, the more reasonable it is to expect him to cooperate with the inquiry."

Human rights law lecturer Colm O'Cinneide, also of UCL, said that while the reasons for introducing such a law seemed reasonable in the face of an increased terrorist threat, there was cause for privacy concern as surveillance law mounts up.

"It certainly raises lingering concerns, a certain unease in general about the gradual erosion of our privacy," he said. "The law doesn't necessarily provide very strong protection in this area and the government, investigative authorities and the police are amassing quite a lot of power. You are ending up at the end of the day with very broad surveillance powers."

William Malcolm, an privacy law specialist at Pinsent Masons, the law firm behind OUT-LAW.COM, said that the RIPA legislation itself provides protection for privacy.

"The whole purpose of the Regulation of Investigatory Powers framework is to place on a statutory footing, on a transparent footing, the way in which law enforcement agencies and national security agencies access these materials," he said. "Why? Because by having that level of transparency we can ensure the protection of people's rights."

Copyright © 2008, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Providing a secure and efficient Helpdesk

More from The Register

next story
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Spies, avert eyes! Tim Berners-Lee demands a UK digital bill of rights
Lobbies tetchy MPs 'to end indiscriminate online surveillance'
How the FLAC do I tell MP3s from lossless audio?
Can you hear the difference? Can anyone?
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.