Part 3 of RIPA – A Step Towards Lawlessness

I wrote the below letter to my MP because I oppose laws which potentially criminalise vast swathes of people, leaving open the possibility for the Police to selectively enforce the law. A society where everybody routinely breaks, or is unable to comply with the law and the state enforces the law arbitrarily is in my view a lawless society, something I would like to avoid in the UK.

Subject: Reject proposal to activate section 3 of RIPA

David Howarth (Cambridge MP),

I would like to urge you to ensure that the activation of part three of the Regulation of Investigatory Powers Act (RIPA) does not criminalise ordinary people who may not be aware that they use encryption in their daily lives and who may not know what an encryption key is – their information being automatically encrypted by software and appliances that they use.

I do not want a situation where the state can jail people simply for not being able to provide encryption keys. As many (most?) people would find it impossible to comply with a request to disclose encryption keys they have used I envisage this law could be used to jail people the state merely suspects or dislikes, which I view as an unacceptable situation.

Charles Clark as home secretary indicated that the law was to be used to jail those merely suspected of terrorism as this exchange from the Common’s home affairs committee on 21/March/06 :

Q329 Colin Burgon: The penalty under Part 3 of RIPA for failing to release an encryption key is two years. Do you think that is inadequate in the light of the fact that the suspect could be facing something like 20 years in prison on a terrorism charge? How do you balance that one out?

Mr Clarke: I do, and that is why we put the proposal in clause 15 on the Terrorism Bill to increase the maximum in national security cases to five years, for exactly the reason you imply, because the encryption key is so important that it needs to be seen as a very serious offence. Some might argue that five years is itself not long enough, but we are increasing it to five years for the reason that you have said.

I interpret that as saying – if we can’t prove the terrorism charge we’ll get them for not disclosing an encryption key.

In the same exchange Clarke said:

We will, I think within the next three months, be consulting publicly on a draft code of practice on Part 3 of RIPA and, after that public consultation, Parliament will be required to approve the statutory code.

(http://www.publications.parliament.uk/pa/cm200506/cmselect/cmhaff/uc910-iv/ uc91002.htm – Reference for the above)

I believe you can act on this by:

1. Doing what you can to ensure that the public consultation on a code of practice for using the powers in section 3 of RIPA which has been (sort of) promised actually occurs and is well publicised. (It is not yet listed: http://www.homeoffice.gov.uk/about-us/haveyoursay/current-consultations/)

2. Voting against the code of practice when it is put to parliament for its approval if it leaves open the possibility that individuals can be jailed just for not providing a requested encryption key.

3. Educating yourself on the use of encryption technology, and the extent to which it is pervading many elements of modern life.

The proposed law is also I believe potentially bad for the UK as a centre internet, information and banking industries, if companies can be forced to give up encryption keys they may well decide to base their operations elsewhere.

Related Link: “More then 600 people took part in a poll on ZDNet UK, which asked whether they supported the government’s plans. Nearly 90 percent said they opposed the idea, with eight percent saying they were unconvinced and just two percent backing the government.”

Please do not bother spending time and money replying to me, I am happy to have simply had the opportunity to make my opinion known to you.

Update: March 2008: I wrote to my MP on 05 June 2006, Section Three of the Regulation of Investigatory Powers Act (RIPA) came into force at the start in October 2007, and already the existence of the law is providing a licence for arms of the state to intimidate people – http://www.theregister.co.uk/2007/11/14/ripa_encryption_key_notice/.


6 responses to “Part 3 of RIPA – A Step Towards Lawlessness”

  1. I thought I’d just add the following to this article, as some readers were not aware of it:

    Section 49 notices [requiring the disclosure of encryption keys] may contain a provision requiring the person to whom the notice is given and every other person who becomes aware of it or of its contents to keep secret the giving of the notice, its contents and the things done to comply with it.

    http://security.homeoffice.gov.uk/ripa/encryption/faqs/

  2. Part III of RIPA is the law under which David Miranda, who was detained at Heathrow Airport while reportedly carrying reportedly encrypted information linked to Edward Snowden could be considered to be committing an offence if he fails to provide the UK state with the encryption keys to enable them to access the information. It has been reported :

    The memory sticks were encrypted, of course, and Miranda did not know the key. This didn’t stop the British authorities from repeatedly asking for the key, and from confiscating the memory sticks along with his other electronics.

  3. Dear Richard,

    Thank you for this article and the follow up comments, I was curious if you know how many people have been convicted and how many notices given since the law came into force in October 2007? I am wondering how many of these instances actually result in convictions. It would be great to get more details on the individual cases, I have no idea where (and if) we can find that at all.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.