Monday, 17 August 2009

Convictions for failure to give up passwords / decryption keys

Under part III of RIPA (s. 49 notably)  the police can (with NTAC permission) demand private passwords or decryption keys to encrypted electronic data if they reasonably believe it's necessary to prevent or detect crime. (There are other, broader grounds. See generally Home Office page on Part III.)

The Annual Report of the Chief Surveillance Commissioner to the Prime Minister and to Scottish Ministers for 2008-2009, 21 July 2009, by Sir Christopher Rose, noted in para 4.11 (p.12) that 2 people had been convicted of failing to comply with s.49 notices - the first known convictions under this law, breach of which is punishable by jail and fines.

It was reported by e.g. The Register and Heise. It's not known exactly what crimes were under investigation; from the report they must have been one of "counter terrorism, child indecency and domestic extremism".

After the Court of Appeal's ruling in S & Anor, R v [2008] EWCA Crim 2177 (09 October 2008) it's not possible to refuse to hand over your password or key on the basis of the human right to protection against self-incrimination. And it's not considered an abuse of process to mount a prosecution under s.49.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.