What is it?
The Regulation of Investigatory Powers Bill (RIP) was introduced to the House of Commons on 9 February 2000.
According to the Home Office, the RIP is intended to assist law enforcement agencies in their fight against serious crime by bringing the law concerning surveillance and covert policing up to date with recent technological advances. Critics maintain it is legally deficient, constituting a breach of the provisions of the European Convention on Human Rights, and too onerous to be workable. IT managers who fail to comply with the provisions of RIP could face prosecution.
The RIP breaks down into five areas:
What is at stake?
Under clause 46 of the RIP, any person with the "appropriate permission" (defined as written permission from a circuit judge), can require someone who has, or has had, a decryption key, to provide that key or the plain text of specified material. Failure to comply is a criminal offence punishable by up to two years' imprisonment and/or an unlimited fine.
How will it work?
The detailed decryption provisions under the RIP that may impact on the IT industry are:
What will it mean to you?
Legal objections to the decryption provisions relate principally to placing the burden of proof on a defendant who claims to have lost the key as this is contrary to the criminal law principle of "innocent until proven guilty". For this reason it is questionable whether the provision as drafted will survive the enactment, later this year, of the Human Rights Act.
Nonetheless, powers of Web tapping with criminal sanction for non-compliance are an imminent reality. In the short term, IT managers and directors would be well advised to consider an internal audit of the use of encryption keys, and a review of user policy.
For further details contact Jeanette Hardwood at Dibb Lupton Alsop on 0161 235 4339