Charged for failing to comply with a Section 49 Notice (RIPA Part 3)

Nicholas Bohm ukcrypto at chiark.greenend.org.uk
Thu, 22 May 2008 14:39:16 +0100 

sean lock wrote:
> Hi, I have been charged for failing to comply with a Section 49 notice. 
> I declined to divulge my passphrase at my first interview in August 
> 2006. Twenty-one  months later, and when Part 3 of the RIPA act was in 
> force, requiring the disclosure of encryption keys, I was served with a 
> Section 49 Notice. This was impossible for me to comply with as it had 
> been 20 months since I last used my passphrase and as a result, I have 
> forgotten the passphrase simply because I have not used it in such a 
> long time.
> 
> I personally consider this an abuse of process as I am at a distinct 
> disadvantaged considering 20 months have alapsed and only now, I am 
> expected to recall the passphrase. Whereas if I was served with the 
> notice in more efficient manner, remembering the passphrase is very 
> likely. I would be grateful if anyone can assist me with any help. My 
> email is jaffy1229@yahoo.co.uk

It's not an abuse of process in the legal sense, but the circumstances 
of delay help to make plausible a defence under section 53, i.e. a 
defence that the key was not effectively in your possession when the 
section 49 notice was served because you had by then forgotten the 
passphrase and could not use or provide the key.

An alternative approach, perhaps now out of time, is to provide the 
encrypted key and wait for a further s 49 notice demanding the 
passphrase for access to it. Non-compliance with that notice is more 
straight-forwardly subject to the defence of having forgotten the 
passphrase.

Either way, if you submit sufficient evidence to raise the issue of 
forgetting the passphrase by way of defence, then it is for the 
prosecution to prove beyond reasonable doubt that you haven't forgotten 
it.  A formal statement from you describing the circumstances (i.e. date 
of last use, your passphrase policy to show how forgettable your 
passphrases are, reasons why you haven't needed to use the key for 20 
months, other relevant circumstances) would seem sufficient evidence to 
throw the burden of proof on to the prosecution. They could try to find 
evidence that you had recently used the key (e.g. that you had replied 
to a message encrypted using the corresponding public key); but short of 
that, it isn't an easy burden of proof for the prosecution to discharge.

But you could still do with a clued-up criminal lawyer. Try talking to 
Liberty.

Nicholas
-- 
Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK

Phone  01279 870285    (+44 1279 870285)
Mobile  07715 419728    (+44 7715 419728)

PGP public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF