Home Page | About Us | Press Enquiries| Reports | Policy Issues | News Items | Press Releases | Mailing Lists | Bookstore
Regulation of Investigatory Powers Bill
Briefing for the House of Commons Second Reading Debate
6 March, 2000
by Yaman Akdeniz,
Director, Cyber-Rights & Cyber-Liberties (UK)
Address: Faculty of Law, University of Leeds,
Leeds LS2 9JT
Tel: 0498 865116
(1) Cyber-Rights & Cyber-Liberties (UK) (http://www.cyber-rights.org), is a non profit civil liberties organisation that was founded with the aim of promoting free speech and privacy with regard to the Internet. Cyber-Rights & Cyber-Liberties (UK) did participate the regulatory progress of the UK Government through responses provided to various consultation papers published by the Department of Trade and Industry and by the Home Office. For various responses and papers see http://www.cyber-rights.org/reports/.
(2) We have so far made our comments in relation to Part I Interception of Communications of the Regulation of Investigatory Powers ("RIP") Bill through our response to the Interception of Communications in the UK: A Consultation Paper, June 1999, CM 4368. See http://www.cyber-rights.org/reports/ioca99-response.htm. Due to limited time for the preparation of this document, I shall not be commenting on Part I of the RIP Bill.
(3) I will try to concentrate on Part III of the RIP Bill which is entitled as the Investigation of Electronic Data Protected by Encryption Etc. Broadly, the Bill aims to enable law enforcement, security and intelligence agencies to require any person to provide a decryption key or the plain text of specified material in response to the service of a properly authorised written notice.
(4) It should be noted that with public key cryptography, a guilty party can use a random key to send a message to an innocent party for which the latter has never possessed any decryption key. If faced with a requirement to decrypt this message (section 47 - Disclosure of information in place of key), or to provide the decryption key (section 46 - Power to require disclosure of key), this innocent party would have to prove that they do not possess such a key. For all practical purposes such a proof would never be possible and it may never be possible to provide a defence under section 49(2)(a) and it would be enough for the prosecution to prove that the accused "is a person who has or has had possession of the key" under section 49(1)(b).
(5) Same scenario may be applied in a case in which the accused has changed his pair of encryption keys and has no longer have access to decryption keys required to decrypt the message in question.
(6) To impose such an impossible burden of proof on an accused (section 49 - Failure to comply with a notice) would amount to an infringement of the presumption of innocence embodied under article 6 of the European Convention on Human Rights. This would be contrary to the recently enacted Human Rights Act 1998 and would create a miscarriage of justice by seriously infringing the right to a fair trial because the accused may not be in a position to provide evidence at all.
(7) The right to a fair trial under article 6 of the European Convention of Human Rights incorporated by the Human Rights Act 1998 includes "the right of anyone charged with a criminal offence ... to remain silent and not to contribute to incriminating himself." (See Funke v. France (1993) 16 E.H.R.R. 297). The forced disclosure of documentation may not be considered as serious as the demand for personal testimony (see Saunders v. the United Kingdom, 17 December 1996, Reports 1996-VI, p. 2064, § 68 and compare Funke v. France, 25 February 1993, Series A no. 256-A, p. 22, § 44), but it can be personally incriminating as implying the admission of the existence and possession of keys.
(8) Furthermore, the European Court of Human Rights reiterates that the right of any "person charged" to remain silent and the right not to incriminate himself are generally recognised international standards which lie at the heart of the notion of a fair procedure under Article 6 of the European Convention on Human Rights. Their rationale lies, inter alia, in protecting the "person charged" against improper compulsion by the authorities and thereby contributing to the avoidance of miscarriages of justice and to the fulfilment of the aims of Article 6. (See the following judgments of the Court: Funke v. France, 25 February 1993, Series A no. 256-A, p. 22, § 44; John Murray v. the United Kingdom, 8 February 1996, Reports of Judgments and Decisions 1996-I, p. 49, § 45; and Saunders v. the United Kingdom, 17 December 1996, Reports 1996-VI, p. 2064, § 68; Serves v. France, 20 October, 1997, Reports 1997-VI). The burden of proof cannot be reversed for the suspect to provide the requested evidence or prove his/her innocence.
(9) The RIP Bill is complex in nature and with its current state, there remains serious problems with its compatibility with the Human Rights Act 1998. If enacted in its current form, it would only establish an intimidating environment for the legitimate use of encryption products by the UK citizens. Such legislation would no longer be compatible with the government policy to make Britain the best place for e-commerce and network development. The RIP Bill would be the first step towards the creation of a very hostile place for network development. We cannot support such proposals, which we believe would be a serious curtailment of important and well-established civil rights.