29 October 2001
Recent reports suggest that the attacks on the World Trade Center and the Pentagon may have been planned using encryption technology. The terrorists may have hidden maps and photographs of their targets and posted instructions of their activities on sports chat rooms, pornographic bulletin boards and other websites by the use of sophisticated web-encryption techniques.
This has provoked fresh debate surrounding the extent to which public authorities may police the internet and demand the disclosure of the mathematical codes required to decrypt encrypted messages. Of particular interest is the extent to which such increased powers are being justified by the perceived need to maintain public safety.
In responding to the attacks, the US Department of Justice submitted the proposed Anti-Terrorism Act (ATA) to Congress, for which it is urging rapid approval. The ATA would expand the US government's legal powers to conduct electronic surveillance. But civil liberty groups are unhappy. They say that the new proposals diminish the freedom and privacy of US citizens and that the legislation should be debated very carefully. There are also calls for the implementation of mandatory key escrow systems, which would require the mandatory disclosure of private encryption keys to trusted third parties, who hold the keys 'in escrow' for release to law enforcement authorities.
There are concerns in the UK that the Home Office may follow the lead of the US Congress and try to resurrect the key escrow debate. The Regulation of Investigatory Powers Act 2000 (RIPA) does not legislate for the mandatory delivery of keys to trusted third parties. Instead, Part III of RIPA grants powers to public authorities to require the disclosure of private encryption keys or decrypted text in certain circumstances. Disclosure may be required where it is necessary to prevent or detect crime or if it is in the interests of either national security or the economic well-being of the UK.
When RIPA was being debated, there were arguments stating that surrendering private encryption keys to third parties exacerbates, not alleviates, the potential for crime and information terrorism. Furthermore, industry argued that mandating the introduction of key escrow would impair significantly the confidence of individuals and businesses in the confidentiality of their electronic transactions. Although the Home Office has said it will not change its stance on this matter, the recent events in the US could trigger the need for further debate before Part III is implemented later this year.
One of the main objectives behind RIPA was to bring UK law in line with the requirements of the European Convention on Human Rights (ECHR). The terrorist attacks last month could cause a shift in UK public policy, giving public authorities increased powers of surveillance. This could compromise rights granted under the ECHR to the detriment of the individual.
Difficult times lie ahead. Governments may struggle to convince their citizens that the protection of society itself holds greater importance than protecting the freedom and rights of individuals.
Unfortunately, exceptional events may have exceptional circumstances, but it is essential that a fine balance be maintained between public and private interests. This can only be achieved through constructive and sensible debate.
Related BriefingsSign up for briefing alerts
Related CPD/EventsSign up for CPD/Events alerts
MBL Seminars Limited