Tech Liberty NZ Defending civil liberties in the digital age

Updated: Jailing People for Remaining Silent

Posted on November 25, 2009

The new Search and Surveillance Bill includes provisions to force people who own and manage computer systems to give full access to those systems. This includes the obligation to give up passwords to enable the authorities to access encrypted information.

Of course, this assumes that the person involved actually has the password. It's quite common for someone running a system to not be able to break the encryption used by other users to secure their data. Will the courts understand that? And even if they understand that, will they believe it?

The United Kingdom has passed a similar law and has now jailed someone for refusing to give up passwords to encrypted data. It won't be a surprise to anyone that the first victim of a law that was designed to protect the people from terrorists and other serious dangers turns out to be a science hobbyist who appears to be no threat to anyone. This case is at least relatively simple - there is no doubt that the man does have the passwords, but he has chosen to maintain his right to silence even though the law has tried to remove that right.

The same provision in New Zealand's Search and Surveillance Bill is in direct contravention of the right to remain silent. You normally have the right not to answer questions from the police, and the right to choose not to testify in your defence in court. This right came into English law in the late 1600s after the abuses of the Star Chamber.

I believe that this clause is wrong in principle and unenforceable in practice. As such, it should be removed from the Search and Surveillance Bill before it comes law.

Update

Stephen Bell notified me that New Zealand passed the Counter Terrorism Bill in 2003 which already gave the Police powers to compel people to reveal passwords (he wrote about it at the time).

This bill added clause 198b to the Summary Proceedings Act 1957. This gives the power to compel the owner or someone responsible for a computer system to provide access to the information on it. The language in the Search and Surveillance Bill is obviously taken from this clause.

Of course, in the Summary Proceedings Act (1957) only a judge, magistrate or court register could grant a search warrant, and they could only grant them to a Police officer. The Search and Surveillance Bill allows the Attorney General to appoint anyone as being able to issue a search warrant, and they can be issued to members of a very large number of organisations.

The Law Foundation has done a useful analysis (PDF) of the conflict between this power and the common law principle that people do not have to incriminate themselves. Their conclusion is that such a power should be limited to the most serious matters such as counter-terrorism.

Posted by Thomas Beagle

Comments (1) Trackbacks (0)
  1. I read more and more news stories of the UK’s blatant disregard for human rights everyday. Cameras everywhere in public; mass collection of emails, phone calls and all Internet traffic; outlawing of encryption; newspapers forbidden to report on Parliament by the courts; weakened right to silence; the list goes on and on. They really are becoming Airstrip One. Of course it’s all to stop terrorists, paedophiles, Goldstein, chavs and whatever other boogeyman they can think of that week. I hope New Zealand doesn’t follow. Also, how does the Counter Terrorism Bill recommend the thought-police best “compel” you to give them your passwords if imprisonment doesn’t work? Do they simulate drowning a la waterboarding, or simply beat your feet with rubber hoses? Passwords today, most private thoughts tomorrow.


Trackbacks are disabled.