« Consultation Questions para 11 | Main | The Consultation Process paras 20 to 23 »

Additional Consultation Questions paras 12 to 19

Additional Consultation Questions

12. Although not part of the code itself, the Government has undertaken to Parliament, in the context of consulting on the code, to invite views on whether the penalty of two years imprisonment, in section 53 of RIPA, for knowingly failing to comply with a requirement to disclose protected electronic information in an intelligible form or to disclose a key to that information should be extended in cases related directly or indirectly to offences involving the possession of indecent images or pseudo-indecent images of children.

13. There are a number of cases where protected electronic information has frustrated investigations of offenders convicted of possession of indecent images or prevented the prosecution of suspects or identification of victims.

  • Suspect charged with possession of a collection of images including extreme level 4 images (penetrative adult abuse) of babies and some level 5 images (sadism and bestiality). Encrypted files were seized that the police cannot access, giving rise to concern they may contain worse material.
  • Suspect charged with possession of a huge amount of level 1 images (erotic posing with no sexual activity). These images were protected insecurely and were made intelligible. Other data remains encrypted and unintelligible.
  • Three individuals were convicted for possession and making of indecent images. All were in possession of encrypted data to which they claimed to have forgotten their passwords. That protected data and the imagery contained in it remains unintelligible.

  • Mr A was convicted of attempting to procure a child aged 10 for sex and sentenced to three years imprisonment. He was in possession of encrypted files that remain unintelligible.
  • Mr B was suspected of possession of indecent images. He was found to be in possession of 27 encrypted disks, none of which could be opened.
  • Two individuals possessed a set of encrypted disks. Only a few of these could be accessed. They were sentenced on the basis of these. The rest remain unopened.

14. In cases such as these, implementation of Part III will provide an ability to prosecute offenders who fail to comply with a lawful disclosure requirement in relation to their protected information.

15. However an offender who may face up to ten years imprisonment for possession of indecent images or pseudo-images, if their protected information is rendered intelligible, may readily accept a sentence of two years imprisonment for failing to disclose protected information or the key to that information.

16. Recognising the seriousness of knowingly failing to comply with a disclosure required in the interests of national security, where a terrorist or terrorist suspect might accept up to two years imprisonment rather than disclose their protected information, section 15 of the Terrorism Act 2006 has amended section 53 to make the appropriate maximum penalty five years in that instance.

17. The Government would therefore welcome views on whether a person found guilty of an offence under section 53 should be liable to an appropriate maximum term of more than two years where:

  • (i) that person has been previously convicted of an offence contrary to section 1 of the Protection of Children Act 1978 or section 160 of the Criminal Justice Act 1978, or
  • (ii) the apparatus or device containing the protected information contains an indecent photograph or pseudo-photograph of a child, or
  • (iii) the apparatus or device containing the protected information has come into possession of any person together with other apparatus or a device which contains an indecent photograph or pseudo-photograph of a child, or
  • (iv) the court is satisfied that the protected information is likely to contain an indecent photograph or pseudo-photograph of a child (on the basis, for example, of evidence from a witness);

18. Where, in those specific circumstances, the person found guilty of the section 53 offence could show that the protected information did not contain an indecent photograph or pseudo-photograph of a child they could be liable to no more than a maximum term of two years.

19. Your comments and views are therefore invited on the following questions:

  • (v). Do you consider that a person guilty of an offence under section 53 of RIPA should be liable to an appropriate maximum sentence of more than two years in the circumstances described in paragraph 17? If not, please say why?
  • (vi). What maximum sentence in excess of two years imprisonment would you consider to be appropriate in those circumstances, if you think it would be, and why?

Posted by wtwu on June 12, 2006 5:36 PM |

Comments

It is peculiar to see the criticisms that we and others made before RIPA became law, about how paedophiles or terrorists would not be likley to divulge any incriminating evidence from an encrypted file, as they already face stiffer penalties, now being presented to us by the Home Office via this Consulatation document as some sort of justification or changing the law !

Remember that Part III of RIPA has lain dormant on the statute books since 2000.

There is simply no evidence to show that the existing 2 year maximum prison penalty either works or does not work.

If there had been 6 years of convictions under this law, with dozens or hundreds of people in prison, about whom there was a reasonable suspicion that a large percentage of them might be sucessfully hiding vital evidence through encryption, which could not be found in any other way forensically or through witnesses etc., then perhaps it might be time to review the penalties.

Instead, what has happened is that the completely undefined concept of a "national security investigation" has been rubberstamped into law, which increases the penalty in such cases to a maximum of 5 years in prison.

This still suffers from the same problems, as the 2 years penalty, in that evidence which might show "acts preparatory to terrorism" is punishable by a life sentence, by virtue of the same Terrorism Act 2006 which introduced this 5 years in prison "national security investigation" penalty.

The Labour Government seems to be in a complete mess even over the minimum parole periods for "life sentences", but it is hard to see how a real terrorist, with a real plan or conspiracy, would not be satisfied with a maximum 5 year sentence, as opposed to a life sentence.

Nowhere in the Terrorism Act 2006 or in this RIPA Consultation document or Code of Practice is there any definition of what exactly constitutes a "national security investigation".

Surely this should be spelt out in this RIPA Part III consultation docuument ?

Is it only investigations where the Disclosure Notice for Encrypted Data or Keys is requested by the Security Service MI5 or the Secret Service MI6 or by GCHQ, , or the Counter Terrorism branch of the Metropolitan Police ?

What about dual criminality cases, perhaps those investigated by the Serious Organised Crime Agency e.g. an internet based credit card fraud, where some, but not all of the proceeds may or may not be destined for foreign countries, and some, but not all of the money may or may not end up in the hands of terrorist sympathisers, who may or may not actually indirectly fund terrorist activities ?

Is that a "national security investigation" or not ?

How can it be just to decide on circumstantial evidence of witnesses that a person might have , say, child porn images stored in an encrypterd file ?

If there are witnesses or other financial evidence that this is likely then surely a court can decide to convict or aquit someone without ever decrypting the data files ?

Remember that encrypted child porn images are of no use to anybody and pose no danger of "moral corruption".

How can you arbitararily determine whether a block of random looking bits and bytes actually contains any encrypted data at all, and if it does, that it only contains "illegal" or incriminating data, and not entirely innocent, yet still private and confidential data or correspondence, according to Article 8 of the European Convention on Human Rights ?

http://www.spy.org.uk/article8.htm

The examples cited in italics above, in order to justify the claim that there is a real problem, are far too vague. If these are the only examples that the Home Office can come up with in over 6 years, then they are far too rare to justify a change in the law.

Remember the offical reports by the RIPA Commissioners , the previous Interception of Communications Commissioner Sir
Swinton Thomas, and the previous Intelligence Services Commissioner Lord Brown of Eaton-under-Heywood both included this identical paragraph in their latest reports:

"However, the use of information security and encryption products by terrorist and criminal suspects is not, as I understand, as widespread as had been expected when RIPA was approved by Parliament in the year 2000. Equally the Government's investment in the National Technical Assistance Centre - a Home Office managed facility to undertake complex data processing - is enabling law enforcement agencies to understand, as far as necessary, protected electronic data."

So what exactly is the justification for further increasing the penalties under Part III of RIPA ?

Posted by: wtwu | June 15, 2006 8:44 PM