FIPR and Justice Audit of Draft E-Commerce Bill




    Introduction and Summary

  1. We have been asked to consider the provisions of the Draft Electronic Communications Bill (Cm 4417, hereinafter "the draft Bill"), published by the Department of Trade and Industry in July 1999. This Joint Advice is sought to be used by those instructing us, Justice and the Foundation for Information Policy Research, to inform the consultation process initiated by the publication of the draft Bill and, in particular, to inform the debate about the compliance of the draft Bill with the provisions of the Human Rights Act 1998 and the Convention rights protected thereunder. We have been asked to pay particular attention to the "law-enforcement" provisions laid down in Part III of the draft Bill. The stated objective of these provisions is to ensure that there is "no overall reduction in the ability of the law enforcement, security and intelligence agencies to fight crime and threats to national security" (Cm 4417, page 34).
  2. The draft Bill seeks to address various issues arising out of the Government's expressed desire to make "the UK the best place in the world to do electronic business". These include:
    1. the regulation of the provision of cryptography services (Part I);
    2. regulating the use and recognition of electronic signatures (Part II);
    3. providing certain powers in relation to telecommunications licences (Part IV); and
    4. providing powers for the investigation of "protected electronic data" (Part III).
    It is this last aspect of the draft Bill which those instructing us are most concerned about.
  3. Section 19 of the Human Rights Act 1999 requires the Minister in charge of a Bill to make a statement about its compatibility with the Convention rights. The Secretary of State for Trade and Industry has stated (Cm 4417, page 35) that in his view the draft Bill is compatible with the European Convention of Human Rights ("ECHR"). For the reasons set out below, we have, however, concluded that there are serious concerns about the compliance of the draft Bill in its present form with the European Convention on Human Rights, in particular:
    1. The compliance of clauses 10 and 12 with the requirements of Article 6(1) ECHR (the right to a fair hearing) and Article 6(2) (presumption of innocence) (paragraphs 29 - 42 below); and
    2. The compliance of clauses 10 to 13 with the requirements of Article 8 (right to respect for one's private life and correspondence) (paragraphs 13 - 28 below).
    For the reasons given in paragraph 43 below, we also consider that the "secret" nature of some of the measures provided for by part III of the Act and the popularity of the internet and electronic commerce means that the category of potential "victims" under Article 34 of the Convention and section 7(7) of the Human Rights Act 1998 able to bring proceedings either in a domestic court or in the European Court of Human Rights ("the Strasbourg Court") is potentially very wide indeed.
  4. The Context

  5. In order to understand the full impact of the proposed legislation in relation to "protected electronic data" it is important to understand some of the underlying technical issues that arise in this context and, in particular, the use of "public key" encryption.
  6. Public key cryptography, such as that supplied by software called "Pretty Good Privacy" ("PGP"), operates according to the following principles:
    1. the user uses software to generate a key pair, one of which is the user's public key which is freely publish-able (and, usually, published) and the other is his private key, which is kept strictly secret in order to ensure the confidentiality of the communication and the security offered to those who wish to communicate with the user.
    2. the user publishes his public key, either on a web page, or on one of the public Internet repositories of public keys, or by sending it to people by electronic mail, or by handing it to them on a diskette. Recipients can store this public key on their computers for future use. The user likewise obtains the public keys of those with whom he wishes to correspond securely
    3. though the keys are associated mathematically, it is not possible, in practice, to use the public key in order to discover (or "break") the private key.
    4. furthermore, a message encrypted with the public key cannot be decrypted by that key, but only by the corresponding private key. (The keys are asymmetric)
    5. the same process can be applied to stored data.

  7. Apart from the use of "public key" encryption, such as described in outline above, it is important also to understand the use of "session" keys. The effectiveness of cryptographic algorithms depends on computations with very large numbers, and these can be time-consuming if large amounts of material are to be encrypted. The known symmetric algorithms are very much faster than the known asymmetric algorithms. Encryption software would be unacceptably slow if it used only asymmetric algorithms.
  8. In order to avoid such delay in encryption, software normally (automatically) combines two types of algorithm:
    1. when plain text is encrypted, the software first generates a random key;
    2. it then encrypts the plain text under that key using a fast symmetric algorithm; and
    3. then it encrypts the random key under the recipient's public key, using an asymmetric algorithm.
    4. finally the encrypted random key ("session key") is added to the beginning of the ciphertext; it is generated specially for a particular encryption "session", and then not used again.
    5. when the recipient decrypts the message, the software first locates the encrypted session key, and decrypts it using the recipient's private key and the asymmetric algorithm. It then uses the decrypted session key and the fast symmetric algorithm to decrypt the bulk of the message.

  9. The process outlined above means there are three ways of giving a third party access to encrypted information:
    1. providing a copy of the decrypted plain text;
    2. providing the ciphertext and a copy of the decrypted session key, thereby enabling the third party to decrypt the message using the session key and the symmetric algorithm; or
    3. providing the third party with the recipient's private key, which the third party can use in the same way as the recipient.

  10. The first two methods ensure that what is disclosed to the third party is only the content of the targeted communication, although the second method provides added security that the plain text seen is actually the decrypted message. But the third method compromises the whole security of electronic communications to that recipient by giving access to all his or her communications past, present and future. As the Consultation Document recognises under the heading "Regulatory Impact Assessment" (Cm. 4417, page 34):
    "... where a notice specifies that a key be handed over, the individual/business served with a written notice may decide that their security has been compromised and may incur considerable costs in implementing new security systems or changing the keys of other trading partners, customers and associates.
  11. Access to and the storage of the private key is of fundamental importance both in relation to encrypted communications and encrypted stored data (which does not require the complex methods of public/private key cryptography but can be decrypted simply by using a single private key). In practice, the private key is generally stored on the user's computer protected by a password. The need for security requires that any password be as difficult to discover as possible while the need to remember the password means that the more complex the password the more likely a user is to forget it (without writing it down, which in itself, compromises security). The likelihood that a password, and therefore access to the private key, is forgotten is relatively high, as anyone who has ever forgotten the PIN number for his or her debit card can confirm.
  12. In the context of the draft Bill, however, it is important to remember that once a password is forgotten the user will have no access to any stored data, or any communications received (past or present).
  13. Part III of the draft Bill

  14. In this section we examine the concerns raised by Part III of the draft Bill. Part III, which is concerned with the investigation of protected electronic data, contains the "law-enforcement" provisions the objective of which is to ensure that the criminal use of encryption does not undermine the effectiveness of existing powers of interception, search and seizure.
  15. Disclosure of Keys and Article 8 of the Convention

  16. Part III of the Draft Bill creates a power to require the disclosure of keys to protected information. It also makes provision for offences for failure to disclose and tipping-off third parties that a notice to disclose has been given. Part II uses the terms "disclosure of" "a key" (e.g. clauses 10(4), 11(1)(a), 11(3), 12(1)), "the key" (e.g. clauses 10(2), 11(2)(b)) 12(2), and "any key" (e.g. clauses 10(3), 10(5)) which suggests that the Bill contemplates that disclosure of the private key, i.e. the widest of the three means of disclosure listed in paragraph 8 above will be the rule rather than the exception. This is also supported by the wording of clause 10(1)(a)-(b) which apply to "any protected information" that "is likely to come into the possession of any person" by the exercise of a statutory power to search, detain, inspect, intercept communications as well as information that has already come into the possession of that person. This, however, will have the inevitable consequence of compromising the affected individual's whole security and privacy apparatus. The broad power enables the open-ended interception of encrypted information, something which is only possible if
    1. the law enforcement agency is in possession of the private key, since by definition there is not yet a relevant "session" and "session key"; and
    2. the fact that the key has been compromised is not disclosed to possible correspondents.

  17. Only when one looks at section 11(3) does it become clear that there is in effect a presumption that disclosure in "intelligible form" is authorised unless the author of the section 10 notice has directed that it may only be complied with by "disclosure of the key itself". A number of points arise. First, the structure of the draft Bill does not identify the true position clearly; i.e. that absent a specific direction disclosure of the key itself is not necessary. Secondly, by contrast with the position of the notice itself, there is no express requirement for a "direction" under clause 11(3) that the key itself be disclosed to be either in writing or given in a way that produces a record of it having been given (compare clause 10(3) in relation to the section 10 notice). Thirdly, the discretionary power to require the disclosure of the private key itself as opposed to the information in an intelligible form or the session key is stated in a broad and unlimited manner. There are no indications as to the circumstances in which a key will be required. The safeguards in clause 15, in particular the "reasonable and proportionate" requirement in clause 15(2)(b) only apply to the uses to which a disclosed key is put after disclosure, not to the circumstances in which the power to order disclosure must be exercised. We consider that the breadth of the unstructured discretion conferred and the absence of any requirements of form raise problems with regard to compliance with the right in Article 8 of the Convention to respect for private life and correspondence.
  18. Privacy and clause 10

  19. Even though there is, as yet, no case law of the Court relating specifically to emails, it is clear that, in principle, any communication, be it via the telephone (including email) or otherwise is protected by Article 8 ECHR, and in particular the right to respect for private life and correspondence: see e.g. Kopp v Switzerland (1999) 27 EHRR 91. The interception of such communications, accordingly, constitutes a breach of Article 8(1) which needs to be justified under Article 8(2), by being:-
    1. in accordance with the law;
    2. necessary in a democratic society; and
    3. in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

  20. Although we consider that the Strasbourg Court would be very likely to find that the provisions of the draft Bill fulfilled the requirement under (c) above, i.e. pursued a legitimate aim, it is far from clear that the draft Bill would comply with the other two requirements. In order to be "in accordance with the law" it is not sufficient for a measure to be based upon statute. In Kopp's case the Court held that the following additional requirements apply:

    "... it also refers to the quality of the law in question, requiring that it should be accessible to the person concerned, who must moreover be able to foresee its consequences for him, and compatible with the rule of law.

    The Court reiterates in that connection that Article 8(2) requires the law in question to be 'compatible with the rule of law'. In the context of secret measures of surveillance or interception of communications by public authorities, because of the lack of public scrutiny and the risk of misuse of power, the domestic law must provide some protection to the individual against arbitrary interference with Article 8 rights. Thus, the domestic law must be sufficiently clear in its terms to give citizens an adequate indication as to the circumstances in and conditions on which public authorities are empowered to resort to any such secret measures." (paras. 55 and 64)

  21. Having reviewed the detail of the underlying Swiss law, the Court held:

    "... tapping and other forms of interception of telephone conversations constitute a serious interference with private life and correspondence and must accordingly be based on a "law" that is particularly precise. It is essential to have clear, detailed rules on the subject, especially as the technology available for use is continually becoming more sophisticated (see Kruslin v France (1990) 12 EHRR 547 and Huvig v France (1990) 12 EHRR 528, para. 33, and para. 32, respectively).

    In that connection, the Court by no means seeks to minimise the value of some of the safeguards built into the law, such as the requirement at the relevant stage of the proceedings that the prosecuting authorities' telephone-tapping order must be approved by the President of the Indictment Division, who is an independent judge, or the fact that the applicant was officially informed that his telephone calls had been intercepted.

    However, the Court discerns a contradiction between the clear text of legislation which protects legal professional privilege when a lawyer is being monitored as a third party and the practice followed in the present case. Even though the case-law has established the principle, which is moreover generally accepted, that legal professional privilege covers only the relationship between a lawyer and his clients, the law does not clearly state how, under what conditions and by whom the distinction is to be drawn between matters specifically connected with a lawyer's work under instructions from a party to proceedings and those relating to activity other than that of counsel.

    Above all, in practice, it is, to say the least, astonishing that this task should be assigned to an official of the Post Office's legal department, who is a member of the executive, without supervision by an independent judge, especially in this sensitive area of the confidential relations between a lawyer and his clients, which directly concern the rights of the defence.

    In short, Swiss law, whether written or unwritten, does not indicate with sufficient clarity the scope and manner of exercise of the authorities' discretion in the matter. Consequently, Mr. Kopp, as a lawyer, did not enjoy the minimum degree of protection required by the rule of law in a democratic society. There has therefore been a breach of Article 8." (Paras. 72 to 75, emphasis added)

  22. Similar reasoning can be found in Malone v UK (1985) 7 EHRR 14, paras. 67-68 and Halford v UK (1997) 24 EHRR 523, para. 49. The reasoning in these cases and in Kopp's case applies mutatis mutandis to the procedures under clause 10.
  23. Privacy and clause 13

  24. Clause 13 relates to a section 10 notices containing a requirement that the addressee of the notice and any person becoming aware of its existence or content must "keep secret the giving of the notice, its contents and the things done in pursuance of it." Disclosure of any of this information in contravention of this requirement constitutes a criminal offence. Subsections (4) and (5) provide for defences in relation to:
    1. disclosure made by or to a professional legal adviser in connection with the giving of advice where the person by whom or to whom it was made was the client; or
    2. disclosure by a legal adviser in contemplation or connection with any proceedings before a court or tribunal.
    These defences do not, however, apply where disclosure is made "with a view to furthering any criminal purpose" (sub-section 6).
  25. The reasoning in Kopp's case and the other cases mentioned in paragraph 18 above applies with even more force, to those section 10 notices which are covered by clause 13, in particular as Mr. Kopp was not intercepted as a suspect but as a third party. Especially where the private key is handed over, the law enforcement agencies will be able to decrypt and read any message received by the addressee of the notice, irrespective of whether it is covered by legal professional privilege or not. Only once a message has been read will it be clear whether the material contained therein is privileged in any way or not. There is nothing in the draft Bill that provides for supervision by an independent judge in relation to the decryption of intercepted material.
  26. The problem of foreseeability is even greater where the addressee of the section 10 notice is not permitted (under threat of criminal sanction) to tell anybody that his security has been compromised. Anybody who uses to internet to send email messages (unencrypted) knows the medium is insecure and his message is liable to be intercepted and read. However, encryption is used exactly to avoid this by providing privacy and security of communication. The use of public key encryption means that there is a potentially vast pool of potential "victims" of interception who rely on the "apparent" security of the public key offered with no way of foreseeing when and how their communications could be intercepted and read.
  27. In its judgment in Valenzuela Contreras v Spain (Judgment of 30 June 1998, to be reported in November (1999) 28 EHRR) the Court again reviewed its existing case-law on interception of communications and stated:

    "The Kruslin and Huvig judgments mention the following minimum safeguards that should be set out in the statute in order to avoid abuses of power: a definition of the categories of people liable to have their telephones tapped by judicial order, the nature of the offences which may give rise to such an order, a limit on the duration of telephone tapping, the procedure for drawing up the summary reports containing intercepted conversations, the precautions to be taken in order to communicate the recordings intact and in their entirety for possible inspection by the judge and by the defence and the circumstances in which recordings may or must be erased or the tapes destroyed, in particular where an accused has been discharged by an investigating judge or acquitted by a court (loc. cit. Para. 35, and para. 34, respectively)." (Para. 46(iv))

  28. Again, none of these safeguards are specified in the draft Bill and even though some of these may be provided for by the legislation providing for the original warrant, those relating to the supervision of the interception will not be so provided. That legislation will only address the question of the intercepted communication in the format before decryption; the power to decrypt (without safeguards as to supervision of its conduct) is only granted by the draft Bill.
  29. The only case in which the Court has held that the safeguards provided were sufficient is that of Klass v Germany 2 EHRR 214. In that case, decided in 1978, the relevant legislation provided for:
    1. Surveillance could be ordered only on written application giving reasons, and such an application could be made only by the head, or his substitute, of certain services;
    2. the decision thereon must be taken by a Federal Minister empowered for the purpose by the Chancellor or, where appropriate, by the supreme Land authority
    3. the competent Minister in practice and except in urgent cases sought the prior consent of the parliamentary Commission charged with supervising the law
    4. the measures in question remained in force for a maximum of three months and may be renewed only on fresh application;
    5. the measures were immediately discontinued once the required conditions had ceased to exist or the measures themselves were no longer necessary;
    6. knowledge and documents thereby obtained could not be used for other ends; and
    7. documents had to be destroyed as soon as they were no longer needed to achieve the required purpose;
    8. initial control of the implementation was carried out by an official qualified for judicial office. This official examined the information obtained before transmitting to the competent services such information as may be used in accordance with the Act and is relevant to the purpose of the measure;
    9. he destroys any other intelligence that may have been gathered;
    10. while recourse to the courts in respect of the ordering and implementation of measures of surveillance was excluded, subsequent control or review was provided by two bodies appointed by the Parliament, namely, the Parliamentary Board and the G 10 Commission.
    11. the competent Minister had to report, at least once every six months, to the Parliamentary Board consisting of five Members of Parliament;
    12. in addition, once a month the Minister had to provide the G 10 Commission with an account of the measures he has ordered.
    13. the G10 Commission decided, ex officio or on application by a person believing himself to be under surveillance, on both the legality of and the necessity for the measures in question; if it declared any measures to be illegal or unnecessary, the Minister had to terminate them immediately. The Commission members were appointed for the current term of the Parliament.
    14. If the person concerned was notified, after the measures had been discontinued, that he has been subject to surveillance, several legal remedies against the interference with his rights became available to him:
      1. an action for a declaration, i.e. a review by an administrative court of the legality of the application to him of the surveillance measure and its conformity with the law;
      2. an action for damages in a civil court if he had been prejudiced;
      3. An action for the destruction or, if appropriate, restitution of documents; and
      4. as a last resort, apply to the Federal Constitutional Court for a ruling as to whether there has been a breach of the Basic Law.

  30. The safeguards provided in clause 15 of the draft Bill come nowhere near those approved by the Court in Klass; no provision is made for independent judicial control over the application of the section 10 notice and the use of the information thereafter. This is left to the highest ranking official in the respective law enforcement agency or the Secretary of State in relation to MI5 and MI6.
  31. Furthermore, the Commissioner and Tribunal envisaged under the Bill will only be empowered to review those parts of the operation of this scheme which requires the permission of the Secretary of State; this leaves the vast majority of persons "with the appropriate permission" outside their jurisdiction.
  32. The issue of damages is of particular relevance because, as the Regulatory Impact Assessment recognises, there are substantial costs in seeking to restore the integrity of a whole security system compromised by the application of a section 10 notice. Furthermore, the loss caused by such interception to a party providing ECommerce services (and therefore relying on the integrity of their security system), for example, loss of good will which is crucial in such a relatively new industry and which is difficult to quantify, is potentially very significant indeed.
  33. In relation to the procedure before the Tribunal, the Government appears to have taken on board the criticisms made by the Court of Human Rights in relation to judicial review in national security cases and alternative "wise men" procedures, expressed in Chahal v United Kingdom (1997) 23 EHRR 413. Subject to the detailed procedure rules, there is no obvious issue under Article 6 or 13 that could arise. It is, however, surprising to see that the draft Bill provides for an appeal to the Court of Appeal. Though a right of appeal is to be welcomed, it is surprising that the draft Bill makes no provision for the conditions of the appeal (such as e.g. hearing in private) and the role of the special representative before the Court of Appeal (by definition his/her submissions would have to be in private); the current CPR do not make provision for such proceedings.
  34. Failure to comply with a clause 10 notice and Article 6 of the Convention

  35. The power to issue a notice to disclose one's key under clause 10 is triggered when it "appears" to one of the person listed in Schedule 1 that a key is "in the possession" of the person to whom the notice will be addressed (and it cannot reasonably be obtained without a notice under section 10). Clause 12(1) makes it an offence if an addressee of the section 10 notice "fails to comply, in accordance with any section 10 notice, with any requirement of that notice to disclose a key to protected information". On the face of clause 12, it appears that it is, therefore, for the prosecution to prove, beyond reasonable doubt, that:
    1. a section 10 notice was served; and
    2. the accused has failed to comply with the notice.
    Both of these elements are part of the actus reus.
  36. The prosecution does not, however, have to prove e.g. that the addressee of the notice was, in fact, in possession of the key. Clause 12(2) makes it a defence for an individual to prove that:
    1. the key was not in his possession between the giving of the notice and the time given for disclosure of the key; but
    2. he disclosed all such information in his possession enabling the law enforcement agencies to obtain possession of the key.

  37. It is important to note that clause 12(2) does not relate to a subsidiary matter but to the central element in the offence, possession of the key. Moreover, what a person charged has to prove is a negative; that the key was not in his or her possession. As we have indicated in paragraph 5 above, the private key takes the form of electronic data stored on a computer protected by a password. It is extremely easy e.g. to forget the password that gives access to the key (if one had it in the first place) but it is virtually impossible to prove that one has forgotten the password or, even, that the relevant data string is not on one's hard-disk or on any floppy disk. As it is presently drafted, under clause 12 a person served with a section 10 notice could be convicted of an offence if he could not prove that he did not have the key in the first place or that he still did not have access to it at the time disclosure was required. It is worth noting at this stage that the Draft Bill, as a whole, does not appear to contemplate the scenarios in which there is either no protected information in the possession of the recipient of a section 10 notice or in which there is in fact no key in that person's possession (and possibly never was). No safeguards whatsoever are made available for such cases.
  38. We consider that, as presently drafted, section 12 is likely to be held to infringe the right in Article 6(1) of the Convention to a fair hearing and the presumption of innocence in Article 6(2). In summary we consider:
    1. although the disclosure of the private key, in itself, is not usually incriminating, the key and the information decrypted with it may later be deployed in a criminal trial against the accused: section 10 notices are therefore covered by the privilege against self-incrimination.
    2. the operation of clause 12(2) may well constitute a reverse burden of proof and thus violate the presumption of innocence afforded by the Convention to those charged with a criminal offence.

  39. The first question is whether the disclosure of the private key is covered by the privilege against self-incrimination. Although disclosure of the key is not, in itself necessarily or even usually incriminating, it may be: e.g. where revealing the key indicates that the person had knowledge of the contents of the encrypted information, which itself may establish guilt. In any event, the cases discussed below, in particular Saunders v UK (1997) 23 EHRR 313, show that the right not to incriminate oneself extends beyond directly incriminating statements and includes evidence which appears on its face to be of a non-incriminating nature but which is later deployed in support of the prosecution case.
  40. Guidance as to the conformity of clause 12 with the requirements of article 6 can be obtained from Funke v France (1993) 16 EHRR 297. That case concerned a person who had been convicted of a criminal offence for his refusal to disclose documents. The Strasbourg Court held:

    "The Court notes that the customs secured Mr. Funke's conviction in order to obtain certain documents which they believed must exist, although they were not certain of the fact. Being unable or unwilling to procure them by some other means, they attempted to compel the applicant himself to provide the evidence of offences he had allegedly committed. The special features of customs law cannot justify such an infringement of the right of anyone 'charged with a criminal offence', within the autonomous meaning of this expression in Article 6, to remain silent and not to contribute to incriminating himself.

    There has accordingly been a breach of Article 6(1).

    The foregoing conclusion makes it unnecessary for the Court to ascertain whether Mr. Funke's conviction also contravened the principle of presumption of innocence." (paras. 44-45)

  41. This case is exactly in point because under clause 12 the addressee of a section 10 notice would be convicted for his failure to produce a document that would incriminate him or her, but of whose existence the law enforcement agencies cannot be certain and where it no more than "appears" to them that the addressee could decrypt it. There is, therefore, on the face of clause 12(1) a breach of an individual's right to "remain silent and not to contribute to incriminating himself" under Article 6(1) of the Convention.
  42. In Murray v United Kingdom (1996) 22 EHRR 29, para. 45 the Court reiterated that:

    "Although not specifically mentioned in Article 6 of the Convention, there can be no doubt that the right to remain silent under police questioning and the privilege against self-incrimination are generally recognised international standards which lie at the heart of the notion of a fair procedure under Article 6 (see the Funke judgment cited above, loc. cit.). By providing the accused with protection against improper compulsion by the authorities these immunities contribute to avoiding miscarriages of justice and to securing the aims of Article 6."

  43. In Saunders v United Kingdom (1997) 23 EHRR 313 Mr. Saunders was compelled by a statutory power to give evidence to DTI inspectors, and the evidence was later used in his criminal trial. The Court stated that:

    "As commonly understood in the legal systems of the Contracting Parties to the Convention and elsewhere, [the privilege against self-incrimination] does not extend to the use in criminal proceedings of material which may be obtained from the accused through the use of compulsory powers but which has an existence independent of the will of the suspect such as, inter alia, documents acquired pursuant to a warrant, breath, blood and urine samples and bodily tissue for the purpose of DNA testing." (Para. 69)

    The powers under clause 10 are not, however, designed to obtain information which has an existence independent of the will of the addressee, such as documents; that information is already in (or is likely to come into) the possession of the law enforcement agencies, albeit in an encrypted form. The power under clause 10 is designed to obtain the private decryption key, which is very much in the mind of the suspect (at least via the password), to enable them to read a document they already hold (or are likely to hold). Any analogy with real evidence such as documents, blood or urine samples or undeveloped film is, in our view, inappropriate.
  44. In Saunders's case the Court went on to state:

    "In any event, bearing in mind the concept of fairness in Article 6, the right not to incriminate oneself cannot reasonably be confined to statements of admission of wrongdoing or to remarks which are directly incriminating. Testimony obtained under compulsion which appears on its face to be of a non-incriminating nature - such as exculpatory remarks or mere information on questions of fact - may later be deployed in criminal proceedings in support of the prosecution case, for example to contradict or cast doubt upon other statements of the accused or evidence given by him during the trial or to otherwise undermine his credibility. Where the credibility of an accused must be assessed by a jury the use of such testimony may be especially harmful. It follows that what is of the essence in this context is the use to which evidence obtained under compulsion is put in the course of the criminal trial."(para. 71, emphasis added)

    Furthermore, the Court did:

    " ... not accept the Government's argument that the complexity of corporate fraud and the vital public interest in the investigation of such fraud and the punishment of those responsible could justify such a marked departure as that which occurred in the present case from one of the basic principles of a fair procedure. Like the Commission, it considers that the general requirements of fairness contained in Article 6, including the right not to incriminate oneself, apply to criminal proceedings in respect of all types of criminal offences without distinction from the most simple to the most complex. The public interest cannot be invoked to justify the use of answers compulsorily obtained in a non-judicial investigation to incriminate the accused during the trial proceedings." (Para. 74, emphasis added)

  45. For the reasons set out above,
    1. the exclusion to the application of the privilege against self-incrimination, does not apply in the context of seeking disclosure of a private key;
    2. though the disclosure of the private key, in itself, is not necessarily or even usually incriminating, the key and the information decrypted with it will later be deployed in a criminal trial against the accused: section 10 notices are therefore covered by the privilege against self-incrimination;
    3. the technical complexity of encryption and the internet, or public interest, cannot be used to justify a departure from the requirements of Article 6(1) to a fair trial.

  46. Turning to the issue of the presumption of innocence, the offence under clause 12 resembles to some extent the offences considered by the Divisional Court in R v DPP, ex parte Kebilene [1999] 3 WLR 175, and the Supreme Court of Canada in R v Whyte (1988) 51 DLR 4th 481. In ex parte Kebilene, one of the offences charged was that of "without lawful authority or reasonable excuse [having] in his possession a quantity of books which contain information which is of such a nature as is likely to be useful to terrorists in planning or carrying out an act of terrorism". As Lord Bingham CJ held, this required the prosecution to prove the collection or possession of information, "in itself innocent" (p. 190D), but the defendant had the burden of proving lawful authority or reasonable excuse. Lord Bingham CJ stated:

    "A defendant who chooses not to give or call evidence may be convicted without mens rea of the offence being proved against him.

    It seems to me that on their face both sections [under consideration] undermine, in a blatant and obvious way, the presumption of innocence.

    Under section 16A a defendant could be convicted even if the jury entertained a reasonable doubt whether he knew that the items were in his premises and whether he had the items for a terrorist purpose. Under section 16B a defendant could be convicted even if the jury entertained a reasonable doubt whether the information had been collected or was possessed for any terrorist purpose. In both sections the presumption of innocence is violated." (page 190F to H)

  47. In Reg v Whyte (1988) 51 DLR (4th) 481, the Supreme Court of Canada considered a provision providing that where it is proved that a person charged with drunken driving occupied the seat ordinarily occupied by the driver he was to be deemed to have had the care or control of the vehicle unless he established that he did not enter the vehicle for the purpose of setting it in motion. It was held that this violated the presumption of innocence. Chief Justice Dickson, delivering the judgment of the court, stated:

    "The real concern is not whether the accused must disprove an element or prove an excuse, but that an accused may be convicted while a reasonable doubt exists. When that possibility exists, there is a breach of the presumption of innocence. The exact characterisation of a factor as an essential element, a collateral factor, an excuse, or a defence should not affect the analysis of the presumption of innocence. It is the final effect of a provision on the verdict that is decisive. If an accused is required to prove some fact on the balance of probabilities to avoid conviction, the provision violates the presumption of innocence because it permits a conviction in spite of a reasonable doubt in the mind of the trier of fact as to the guilt of the accused." (page 493, emphasis added)

    This statement was approved by Lord Bingham CJ in ex parte Kebilene.
  48. The reasoning in these statements applies mutatis mutandis to the offence established under clause 12 in respect of notices served under clause 10. Any addressee could be convicted of an offence under clause 12 while the jury had a reasonable doubt about whether, in fact, he had the key in the first place (or still had access to the key at the time disclosure was required). In ex parte Kebilene the DPP appealed to the House of Lords and the outcome of this appeal is awaited, but we consider the statements of principle by Lord Bingham and the Supreme Court of Canada to be strong indications that the provisions of clause 12 are likely to be held to violate the presumption of innocence in Article 6(2) of the Convention.
  49. The scope for challenging the Part III measures

  50. We consider the "secret" nature of some of the measures provided for by Part III of the Daft Bill and the popularity of the internet and electronic commerce means that the category of potential "victims" under Article 34 of the Convention and section 7(7) of the Human Rights Act 1998 able to bring proceedings either in a domestic court or in the European Court of Human Rights ("the Strasbourg Court") is potentially very wide indeed. It is also important to note that, according to the case-law of the Strasbourg Court, the "victim" test under Article 34 ECHR and section 7(7) is wider than it would otherwise be. As the Court held in Klass v Germany 2 EHRR 214 para 33:

    "a law may by itself violate the rights of an individual if the individual is directly affected by the law in the absence of any specific measure of implementation."

    Accordingly, in order to be able to complain to a domestic court or to the Court in Strasbourg, an individual or a company would only have to show that it was either:- Furthermore, as any such potential violation of human rights would be based on primary legislation, certainly until the Human Rights Act enters into force, there would be no effective domestic remedy that could be exhausted and therefore any potential complainant could bring a case against the United Kingdom government directly before the Court in Strasbourg.

  51. Conclusion

  52. For the reasons set out above, the draft Bill raises some serious concerns under Article 6(1) and (2) and Article 8 ECHR, which may well be the subject of an early challenge on the basis that the "victim" definition in relation to secret surveillance measures is somewhat relaxed.

Jack Beatson QC and Tim Eicke
Essex Court Chambers
24 Lincoln's Inn Fields
London WC2A 3ED

7 October 1999


Go to FIPR front page.

Go to FIPR E-Comm99 Draft Bill Review page.

Go to FIPR Interception of Communications Information Centre.

Go to FIPR Electronic Commerce Policy Information Centre.

The Foundation for Information Policy Research is registered in England and Wales under the Companies Act 1985 as a private company limited by guarantee (No.3574631). Application for charitable status is in progress.

Document created in HTML on October 19, 1999.