Posts Tagged Regulation of Investigatory Powers

You can’t kick in a digital door

The police’s handling of Oliver Drage is already a disaster in wider practical terms and can only get worse.

It has been all over the internet for the last couple of days so I’m sure most people reading this have already seen the story, but to summarise a teenager has been jailed for 16 weeks because he refused to hand over his passwords. He’s accused – and we have no idea what evidence the police have – of some sort of “child pornography” offence. The act under which he’s been charged, Regulation Of Investigatory Powers Act 2000, is one that really matters to me as it was my first engagement with national politics.

The handwritten reply I received when I wrote to me MP at the time to object to much of the act, whilst a nice touch, probably just indicates the level of technical sophistication of MPs voting on the bill back at the start of last decade. Jack Straw spoke of it in parliament at the time as a “significant step forward for the protection of human rights in this country“. I agree with every word of that, except “forward”.

Back to the case in point. Even if one believes Oliver Drage is probably guilty of the crime he’s accused of, we do have a principle in this country of innocent until proven guilty. The Americans go one step further with their 5th Amendment that you shouldn’t be expected to incriminate yourself, but that’s something that we seem to have dropped ourselves as a nation.

Lets use an obvious analogy of a high-quality safe. The government is sufficiently concerned about the advanced state of the Acme-brand safe-making industry that it passes legislation forcing people to reveal to the police the code to their safe, should they be asked.

The police suspect someone of being a rather unpleasant individual who they think they can send down for several years. As a result, they decide they need a copy of whatever is in the safe they quite likely possess, so they do the usual police trick of kicking down the door at 3am.

They find and take an Acme-brand safe and lock up the allegedly unpleasant individual. But the individual knows full well what is in the safe. It might be the documents the police think he has, which could see him sent down for many years, alongside his co-conspirators. Or it might be something entirely unrelated, such as the photos of himself with the Chief Superintendant’s partner or even just some pornography (No, not the kind involving children) that he’s worried the police won’t look too kindly on. Wisely, he decides to keep his mouth shut and ends up in the local nick for a mere few weeks.

Worse, perhaps he really has nothing to hide and doesn’t use the safe, so he’s forgotten the code. This doesn’t bother him as he can reset it if he ever needs to use the safe, but an Acme-brand safe will destroy the contents so the police are not too happy with this answer and lock him up for a bit to teach him a lesson.

The story gets out and sales of Acme-brand safes rocket amongst anyone who thinks they have something to hide as the police have effectively just branded them unbreakable. From now on, every time the police kick down a door they find an Acme-brand safe inside.

Except sales don’t need to rocket as many people own one of those Acme-brand safes right now. The laptop I’m typing this on right now is encrypted. All the laptops we build for customers where I work are encrypted. When I’m performing my other job which involves putting on a uniform, all the laptops I build are encrypted. If you’re reading this on a computer running “Windows 7 Ultimate”, then you can turn on encryption in just a few clicks.

But you’d better not try turning on encryption if you don’t need it, because if you forget the code then the police will think you’re guilty until proven innocent. There’s something fundamentally illiberal about that.

The trouble is, the fix to the initial problem probably wasn’t legislation and it certainly wasn’t this legislation: You can’t kick in a digital door and the moment you kick down someone’s physical door, you’ve quite possibly lost. Technology is still developing as well and self-destructing devices are now commercially available. Unfortunately, my run-ins with some of the ideas to come out of the Home Office suggest it’s the police they’ve been asking about what they should do, not the more technically-minded.

Ask a geek rather than a policeman how to get at someone’s information and you’ll get solutions more like the film Sneakers rather than you’re average episode of “Police, Camera, Action”. Little USB key loggers which attach to the back of the machine are not new technology and can be had for a few tens of pounds. Journalists and TV programs like “That’s Life” have been installing hidden cameras for years. Get your evidence, then kick in the door.

Spying on people isn’t very liberal, but it’s more liberal than locking people up with no evidence.

Update: I’ve just run across this article from the local paper which says:

Oliver Drage, 19, told the jury at Preston Crown Court he had “forgotten” the password, when officers investigating another offence asked him to surrender it. …
Drage’s computer was seized in May last year. But by December police still did not have access to it.

Can you remember a password to a computer you haven’t used for seven months? More worrying is the judge – and I hope she’s been quoted out of context – seems to have a presumption of guilt:

Judge Heather Lloyd said: “This was a deliberate flouting of a court order compounded by your continual denial of guilt.”

2 Comments

%d bloggers like this: