Legal compulsion and crypto

[David Swarbrick]

In message <memo.19980704082801.13571A@hcorn.compulink.co.uk>, Peter
Sommer <hcorn@cix.co.uk> writes
>This is what English law has to say about seizure of computer evidence:
>
>Police and Criminal Evidence Act, 1984, s 19:
>
>The section as whole deals with powers of seizure in general;  subsection
>4 says:
>
>(4) The constable may require any information which is contained in
>a computer and is accessible from the premises [ie premises identified in
>the warrant under which the seizure is taking place] to be produced in a
>form in which it can be taken away and in which it is visible and legible
>if he has reasonable grounds for believing -
> (a) that -
>    (i) it is evidence in relation to an offence which he is investigating
>or any other offence; or
>    (ii) it has been obtained in consequence of the commission of an
>offence;
>  and
>  (b) that it is necessary to do so in order to prevent it being
>concealed, lost, tampered with or destroyed
>
>
>The main thought behind the sub-section appears to be overcome the
>practical problems of law enforcement personnel faced with a large
>non-portable computer system where the data is held on media which they
>are unable immediately to read. 

>A number of us have been concerned for some time that PACE s 19(4) could
>be extended to cover crypto.

I do not think it need be extended. Cryptographers do not like to admit
that their arcane science is merely the other end of a continuum with
the ASCII alphabet, but giving full respect to its sophistication, it is
part of that continuum.

I believe the section was intended to prevent the provision of an
irritating ASCII dump. I doing so, it said 'thou shalt decrypt', and
when doing so it provided for no (ok, never thought of any) distinction
of superiority of encryption systems. It applies to the most
sophisticated encryption as simply as it does to ASCII or binary code.

Just as an ordinary user would not be able to print out anything
sensible from an executable file, or DLL, he may not be able to decrypt
a file. If so he risks standing before a magistrate and explaining
himself.

>  It depends partly on what is meant by
>"visible and legible": you could argue

... yes, you could argue. The point is not settled, but I would myself
put zero money on such an argument persuading a judge.


>  But at that point you could say that
>s 19(4) was satisfied and that if Parliament wanted law enforcement to
>have more powers it should say so explicitly.  

It did. It said the plod is entitled to legible printout.

>A second argument would say
>that forcing some-one to reveal a key would amount to a breach of the
>right to silence.

There was some interesting material on this a few years ago in the
Australian submissions to an OECD conference - but I lost them. The
question (philosophical and interesting, but sligtly fatuous) is whether
this is a search or an interrogation.

>
>However I am not aware of any attempt to use s 19(4) to breach crypto,
>even though I have had a number of cases (indeed have some active ones
>now) in which defendants have had encrypted files and disks.  But I'd be
>very interested to hear of any relevant experiences from people on this
>list.

I have heard it suggested that defendants have dumbly done what has been
requested, but this is the merest of rumour upon rumour.

-- 
David Swarbrick, Solicitor. Brighouse, West Yorkshire.
Tel: +44(0)1484 722531 Fax: +44(0)484 716617 Pager 04325 349742
e-mail david@swarb.demon.co.uk
URL http://www.swarb.co.uk/swarbrick/ - home of the law-index to 8100+ cases
'damn fine webbery"