UK terror law reviewer calls for expanded police powers to imprison people who refuse to hand over passwords
Cops should be exempted from regulatory safeguards, says lawyer
The UK's Government Reviewer of Terrorism Laws is again advising the removal of legal safeguards around a controversial law that allows people to be jailed if they refuse police demands for forced decryption of their devices.
In what appears to be a recurring theme, Jonathan Hall QC said police should be able to threaten people arrested under terror laws with five years in prison if they don't hand over passwords on demand.
By recommending the creation of a new crime of failing to co-operate with police under the law, Hall would be calling for cops to operate with fewer controls on their behaviour if they wanted to search a terror suspect's phone.
We need to make it even easier for UK terror cops to rummage about in folks' phones, says govt lawyerREAD MORE
Section 49 of the Regulation of Investigatory Powers Act (RIPA) allows police to demand the password for any device they "lawfully" acquire from a criminal suspect or witness. Refusal carries a two-year prison sentence, or five years in a "national security" case. These demands can be signed off by a district judge sitting in a magistrates' court.
However, Hall described the judicial permission requirement as being "in no way suited to high pressure terrorism investigations" and went on to say in his annual report [PDF, 220 pages]: "There would be merit in considering a special power to compel passwords even if only following arrest under section 41 Terrorism Act 2000."
The government reviewer went on to describe the position of GCHQ's National Technical Assistance Centre (NTAC) as a "gatekeeper role" that introduced "unpredictability and delay". The controversial unit moved from the Home Office to GCHQ in 2006, and could not be considered independent of government.
The expanded police powers Hall has called for would, he said, "be a natural fit between the judicial supervision that already exists through warrants of further detention after 48 hours up to a maximum of 14 days, and the consideration of whether permission should be granted to administer an encryption notice, because so much of pre-charge detention under Schedule 8 Terrorism Act 2000 is made necessary by the demands of digital analysis."
'Independent' gov law reviewer wants users preemptively identified before they're 'allowed' to use encryptionREAD MORE
Hall also appeared to have taken police claims about how widely they used their considerable powers at face value with no further challenge: "I have been unable to obtain any statistics for the use of the power in the context of terrorism investigations. However, what I have picked up anecdotally from a number of different sources, is that the use of section 49 by CT Police is likely to be rare indeed."
Hall's predecessor Max Hill QC similarly advocated for less oversight and more police powers. Hill spent just a year in the role before landing the plum job of Director of Public Prosecutions.
While we don't know whether Hall intends following in Hill's footsteps, there's little doubt that he'll have won allies and admirers within the law enforcement community. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Let's Encrypt
- Palo Alto Networks
- Trusted Platform Module
- Zero trust