Legal compulsion and self-incriminating passphrase

[Peter Sommer]

Having followed this thread for a while now, I think it remains the case
that the most obvious current route for law enforcement to compell release
of cryptographic keys is s 19(4) PACE.

When I first raised the possibility here last week I asked if anyone had
any experience of its being used for this purpose.  I said that, despite
having a number of past and current instructions involving encrypted
files, the CPS etc have not so far tried to use s 19(4).  I notice that no
one on this list is offering examples, just their own speculative
interpretations of the wording.

There is one further argument one could advance in court that compulsory
revelation of crypto keys should require explicit legislation:  the Police
Act 1997 introduced a number of additional formal powers in the form of
the "property warrants".  (People here will remember the justification
that these clauses - in Part III of the Act - were designed to regularise
what had been going on anyway).   That Act would have been the opportunity
to cover crypto material, and it wasn't taken,  though bugging etc is
included.   (This part of the Act is yet to come into force;  there seems
to be some difficulty in appointing the Commissioners who are supposed to
oversee everything).

Nevertheless I think we should be prepared for new legislation addressing
compulsory crypto;  law enforcement were always going to be lobbying for
it once it became clear that the "let's slip it into TTP proposals" plan
ran into trouble.

|---->   Peter Sommer   ------------------------------------------->|
|---->   hcorn@cix.co.uk   P.M.Sommer@lse.ac.uk  ------------------>|
|---->   Academic URL:  http://csrc.lse.ac.uk/csrc/pmscv.htm  ----->|
|---->   Commercial URL:  http://www.virtualcity.co.uk  ----------->|