Why you should care about the RIP Act

With police officers poised to get the power to seize encryption keys, how will this affect you and your business?
Written by Graeme Wearden, Contributor

The RIP Act, eh? Sounds a bit deadly.
You may be more accurate than you think. The Regulation of Investigatory Powers Act, to give it its full name, gives the police and the security services the right to intercept our communications data.

Scary stuff indeed. But wasn't there a big scandal about this a while ago?
That's right. RIPA, as it's affectionately known by some, was passed in October 2000, in the face of widespread opposition that nearly brought the bill down.

So why is it in the news today? Is it terrorist-related?
You're on the right lines. What's new is that the Government is now proposing to activate Part III of RIPA, which has been gathering dust on the statute book for the last six years. Part III gives police the right, in some circumstances, to force a suspect to decrypt their data or hand over an encryption key.

Why do they want such a power?
They say that terrorists and child abusers are increasingly using encryption tools to hide data. One police officer said this week that computers are piling up around the country because they can't be cracked, and suspects are walking free.

But could the powers also be used against businesses?
Some experts believe so. They predict that there could be a rush to move encryption keys out of UK jurisdiction.

Suppose I can't find my encryption key, or never had it?
Failure to supply a key is an offence under section 53 of the Act.

So would I get a slap on the wrist?
You'd be lucky. Brace yourself for two years imprisonment, or up to five if you're suspected of terrorism or paedophilia offences.

All sounds a bit draconian. Still, we live in dangerous and disturbing times. Does anyone oppose activating Part 3 of RIPA?
Plenty of people. The Foundation for Information Policy Research (FIPR) organised an open meeting in London on Monday to debate the issues. Security experts, academics and members of the House of Lords all raised objections.

What have they found to object to? Anything serious?
Oh yes. It's not clear how the police would actually bring a prosecution for failing to hand over a key. The defendant would have to give a good reason for not complying with an order; perhaps he has simply forgotten where he put the key, or perhaps he never had it and the data belongs to someone else. It's then up to the prosecution to prove that the defendant is lying — and how do you prove someone hasn't forgotten something?

There's also an argument that the Bad Guys will be able to get round the law. Caspar Bowden, a long-time opponent of RIPA, believes you could simply claim that a virus had eaten your key.

Or they could use a tool such as TrueCrypt, which will create an encrypted storage volume that can't be detected.

But isn't the Government paying attention?
Simon Watkin of the Home Office attended the FIPR meeting. He's drafted a Code of Practice that will underpin the Part 3, and is currently seeking views on it. He argued that the police and security services need these powers, and will use them responsibly.

But Richard Clayton of Cambridge University is concerned that it's too easy for someone to deliberately abuse RIPA's powers to obtain personal information. He also wasn't too impressed that the Home Office couldn't spell 'program'.

So how can I influence things?
If you have a time machine in the basement, then you could go back to 2000 and lobby MPs to vote against the RIP Act. If not, your only hope is to take part in the consultation, by downloading the Code of Practice from the Home Office Web site.

Editorial standards