Monday, October 13, 2008

Court of Appeal rules no defence for refusing to hand over encryption keys

The Court of Appeal has ruled that someone refusing to hand over decryption keys, having been served with a s49 Regulation of Investigatory Powers Act (RIPA) notice, can be prosecuted (under RIPA s 53), notwithstanding the protections which exist in the UK against self incrimination.

Caspar Bowden and FIPR repeatedly warned that this would be the case when RIPA was being considered by parliament but I think this is the first case where a definitive Appeal Court ruling has been made, (appealing the decision of Judge Martin Stephens QC at the Central Criminal Court in June this year). The ruling, made by Mr Justice Penry-Davey and Mr Justice Simon, is available in full at BAILII and the case is S & Anor, R. v [2008] EWCA Crim 2177 (09 October 2008). The whole thing hinges on the right to avoid self incrimination not being an absolute right - a number of exceptions are quoted in the decision - and the appellants being terrorist suspects, whose application to avoid handing over the decryption keys, according to the judges, proceeded on the assumption that what would be uncovered in the decryption would indeed be incriminating evidence. In addition there was no question of the keys being extracted by torture ("inhuman or degrading treatment") which would 'give rise to the exercise of the court's jurisdiction, under section 78 of the Police and Criminal Evidence Act 1984, to refuse to allow evidence to be given by the prosecution when the circumstances in which it was obtained undermined the fairness of the proceedings.'

The decision is quite short and accessible. The key parts being:

"2. During 2007 H was made the subject of a control order under the Prevention of Terrorism Act 2005. The order obliged him to live and remain in Leicestershire, and not to leave his home address without the consent of the Secretary of State for the Home Department. The present appellants are alleged to have conspired together, and with H and others, to breach that order. The objective of the conspiracy was to assist H to abscond from his address in Leicester and to convey him to a new, secret address in Sheffield. On 9 September 2007 S collected H and drove him there. Shortly after their arrival in Sheffield the police entered the premises.

3. H was found in one room, and S in another. S was alone in the same room as a computer. The key to an encrypted file appeared to have been partially entered. He was arrested, and when interviewed, made no comment. In the meantime his home address in London was searched. The search revealed computer material. Various documents had been deleted from the computer hard drives, but when retrieved, they provided the basis for charges against S under section 58 of the Terrorism Act 2000, that is, possessing documents or records of information of kind likely to be useful to a terrorist or potential terrorist. However without the encryption keys for the encrypted files present on the computer hard drives, and indeed the full key for encrypted file on the laptop on which the encryption key appeared to have been already partially entered in Sheffield, the encrypted files could not be accessed and their contents examined.

4. A was also arrested on 9 September. Computer material was later seized from his address by the police. One of the discs seized has an encrypted area. Without the encryption key access cannot be gained to it.

5. Both appellants were charged on 10th September 2007 with conspiracy to breach the control order imposed on H In December 2007 S was arrested while in custody, and following an interview in which he declined to answer any questions, he was charged with offences under section 58 of the 2000 Act. While subject to these charges, on 16 January 2008, S was served with two notices under section 53 of RIPA, and a similar notice was served on A on 15 March 2008.

6. The first notice served on S immediately identified the purpose, the "investigation of protected electronic information", and after explaining that the notice imposed a legal obligation, failure to comply with which was an offence, it continued:

"Disclosure requirement

… I hereby require you to disclose a key or any supporting information to make information intelligible

the information to which this notice relates is:

the full encryption key in order to access the encrypted volume of the laptop computer that is exhibited as exhibit AM/1 under file path: C:\Documents and Settings\Administrator\My Documents\My Videos, within a file called Ronin.wma. This was found in the room where you were arrested at 386 Abbeydale Road, Sheffield".

7. The reason for the notice was explained, with particulars given of the precise circumstances in which the interests of national security and the prevention or detection of crime were said to arise.

8. The notice then described how

"disclosure can be verbal or written provided the information is sufficient to unlock the encryption, and that the person to whom the notice is given may select which of any relevant keys or combination of keys should be disclosed provided the information is put into intelligible form."

The remaining notices were in identical terms, appropriate to the electronic information identified in them.

9. Neither S nor A complied with the notices. Their position was that the notices which compelled them to disclose the passwords or "keys" to the encrypted computer files were incompatible with the privilege against self-incrimination. Their refusal formed the basis of the counts in the indictment which Judge Stephens was invited to stay on the basis that "the requirement to provide information to the police under Part III of RIPA constituted an impermissible infringement of the …privilege against self-incrimination" and contravened article 6 of the European Convention of Human Rights. In a careful ruling Judge Stephens rejected the applications. Applications for leave to appeal against his decision were referred to the full court by the Registrar of Criminal Appeals. After full argument leave was granted but the appeals dismissed...

20. On analysis, the key which provides access to protected data, like the data itself, exists separately from each appellant's "will". Even if it is true that each created his own key, once created, the key to the data, remains independent of the appellant's "will" even when it is retained only in his memory, at any rate until it is changed. If investigating officers were able to identify the key from a different source (say, for example, from the records of the shop where the equipment was purchased) no one would argue that the key was not distinct from the equipment which was to be accessed, and indeed the individual who owned the equipment and knew the key to it. Again, if the arresting officers had arrived at the premises in Sheffield immediately after S had completed the process of accessing his own equipment enabling them to identify the key, the key itself would have been a piece of information existing, at this point, independently of S himself and would have been immediately available to the police for their use in the investigation. In this sense the key to the computer equipment is no different to the key to a locked drawer. The contents of the drawer exist independently of the suspect: so does the key to it. The contents may or may not be incriminating: the key is neutral. In the present cases the prosecution is in possession of the drawer: it cannot however gain access to the contents. The lock cannot be broken or picked, and the drawer itself cannot be damaged without destroying the contents.

21. As it happens, in the present cases, the only persons who know how to access the data to which access is being sought are the appellants themselves. Assuming, as for present purposes we have, that the computers contain material which may incriminate each appellant, whether by lending weight to the Crown's case against them on the remaining counts in the indictment, or providing a basis for further criminal charges whether contrary to the Terrorism Act or otherwise, disclosure by them of the keys would tend to make material available to the prosecution which would incriminate them. Non-disclosure would altogether prevent the incriminating material from coming to light. In short, the notice issued under section 49 of RIPA requires the appellants, under threat of criminal proceedings for non-compliance, to speak or write or otherwise convey sufficient information to the police to enable them to access the contents of their computers. The actual answers, that is to say the product of the appellants' minds could not, of themselves, be incriminating. The keys themselves simply open the locked drawer, revealing its contents. In much the same way that a blood or urine sample provided by a car driver is a fact independent of the driver, which may or may not reveal that his alcohol level exceeds the permitted maximum, whether the appellants' computers contain incriminating material or not, the keys to them are and remain an independent fact. If however, as for present purposes we are assuming, they contain incriminating material, the fact of the appellants' knowledge of the keys may itself become an incriminating fact. For example, to know the key to a computer in your possession which contains indecent images of children may itself tend to support the prosecution case that you were knowingly in possession of such material. This was the approach adopted in Re Boucher, a decision of the District Court in Vermont [2007] WL 4246473, where the reasoning acknowledged that some "acts of production" such as fingerprints, blood samples or voice recordings would not attract the privilege against self-incrimination.

22. Mr Ryder highlighted the decision of the Grand Chamber of the Court in Jalloh v Germany (2007) 44 EHRR 32 where it was recently asserted that even evidence which may properly be described as "independent of the will of the suspect" which has been obtained by inhuman or degrading treatment may constitute a breach of the entitlement to a fair trial. In this jurisdiction such an issue would be likely to give rise to the exercise of the court's jurisdiction, under section 78 of the Police and Criminal Evidence Act 1984, to refuse to allow evidence to be given by the prosecution when the circumstances in which it was obtained undermined the fairness of the proceedings. In making such a decision, the court would no doubt attend very closely to any circumstances amounting to oppression as defined in section 76 of the 1984 Act, or inhuman or degrading treatment to which the suspect was subjected, and if such circumstances were found, would step in to protect the defendant's entitlement to a fair trial. When an examination of the jurisprudence of the European Court into the principles relating to self-incrimination and the fairness of any subsequent trial is conducted, this common law discretionary power, which long pre-dated its incorporation into statute, should not be minimised.

23. Mr Ryder suggested that the protection provided by section 78 did not arise at this stage in the argument: it could only arise for consideration at trial after the appellant had been forced to incriminate himself. In our judgment, however, as Lord Bingham explained in Brown v Stott, the jurisprudence of the European Court is directed at the overall fairness of the trial and Jalloh should be seen as a decision which maintains the same principle. Evidence obtained by ill-treatment of the kind to which Jalloh was subjected may, and normally would be excluded. That is precisely why the common law rule, now embodied in section 78, exists. In this context, Jalloh is no more than an illustration of precisely the same point.

24. In our judgment the correct analysis is that the privilege against self-incrimination may be engaged by a requirement of disclosure of knowledge of the means of access to protected data under compulsion of law. If Judge Stephens ruling treated this knowledge as identical to the key to it, we respectfully disagree. But where, in the end, would this take the appellants? It is noteworthy that, although the detailed arguments purported to address the means of access to what would otherwise be protected data, the reality is that it is the contents of the equipment containing that data, lawfully in the possession of the police, which the argument is designed to protect from disclosure and possible use in the course of a prosecution, rather than the keys to it. In short, although the appellants' knowledge of the means of access to the data may engage the privilege against self-incrimination, it would only do so if the data itself – which undoubtedly exists independently of the will of the appellants and to which the privilege against self-incrimination does not apply – contains incriminating material. If that data was neutral or innocent, the knowledge of the means of access to it would similarly be either neutral or innocent. On the other hand, if the material were, as we have assumed, incriminatory, it would be open to the trial judge to exclude evidence of the means by which the prosecution gained access to it. Accordingly the extent to which the privilege against self-incrimination may be engaged is indeed very limited.

25. In these appeals the question which arises, if the privilege is engaged at all, is whether the interference with it is proportionate and permissible. A number of issues are clear and stark. The material which really matters is lawfully in the hands of the police. Without the key it is unreadable. That is all. The process of making it readable should not alter it other than putting it into an unencrypted and intelligible form that it was in prior to encryption; the material in the possession of the police will simply be revealed for what it is. To enable the otherwise unreadable to be read is a legitimate objective which deals with a recognised problem of encryption. The key or password is, as we have explained, a fact. It does not constitute an admission of guilt. Only knowledge of it may be incriminating. The purpose of the statute is to regulate the use of encrypted material, and to impose limitations on the circumstances in which it may be used. The requirement for information is based on the interests of national security and the prevention and detection of crime, and is expressly subject to a proportionality test and judicial oversight. In the end the requirement to disclose extends no further than the provision of the key or password or access to the information. No further questions arise. The notice is in very simple form. Procedural safeguards and limitations on the circumstances in which this notice may be served are addressed in a comprehensive structure, and in relation to any subsequent trial, the powers under section 78 of the 1984 Act to exclude evidence in relation, first, to the underlying material, second, the key or means of access to it, and third, an individual defendant's knowledge of the key or means of access, remain. Neither the process, nor any subsequent trial can realistically be stigmatised as unfair.

26. In these circumstances we can find no basis for interfering with Judge Stephens' indication of how he would have exercised his discretion if, contrary to his view, an issue of self-incrimination arose. In the circumstances of this particular case his conclusion was obviously correct. Furthermore, by way of emphasis, we can see no possible ground for a successful application that the prosecution under section 53 of RIPA should be stopped as an abuse of process.

27. By way of footnote: if the self-incrimination argument was taken as a matter of principle on the basis of legal advice to the appellants, and they choose, now, to disclose the relevant key, although long out of time, we suspect that the prosecution would be disinclined to proceed with the appropriate counts in the indictment, or if they chose to do so, that the judge would take a merciful view when addressing sentence, at any rate if the protected data turned out to be innocent or simply neutral. "

There are all kinds of interesting questions triggered by the judgment. I wonder, for example, why the court felt the need to mount such a robust defence of RIPA itself? (In paragraph 29. they say the act is clear, has all kinds of safeguards and was created precisely to deal with the kind of circumstances that arose in this case). It will be interesting also to see if the appellants now agree to hand over the keys or suffer the consequences - up to 5 years in prison.

Update: Spyblog makes an important point about the case in the light of s58 of the Terrorism Act 2000.

"The Court of Appeal takes the view that simply handing over your encryption key is not an admission of guilt, and that if the de-crypted material is innocent, then you have nothing to fear.

If the encrypted material was something which was hard to misinterpret e.g. a simple financial transaction, we might agree,

However, we disagree, when the encrypted material, as in this case, will be potentially misinterpreted according to the subjective interpretation and prejudices of police officers and prosecutors, in this case under the "thought crime" Terrorism Act 2000 section 58 collection of information which has the catch all wording:

(a) he collects or makes a record of information of a kind likely to be useful to a person committing or preparing an act of terrorism,

This also goes for any encrypted data which may or may not be considered "obscene" in the opinion of a particular police constable."

No comments: