Letter to the Guardian by Director Caspar Bowden:

'Charles Clarke's view of the regulation of the investigatory powers bill's decryption powers (Letters, March 10) is "we will only prosecute if you're guilty". Internet users manage a plethora of passwords to protect email, files, and website registrations. Failure to produce any password required by any public authority for any official purpose (S.46.2.b.ii) means two years' jail. The court will convict if it believes you were lying about forgetting a password, or uncooperative in finding it.

No evidence is needed of involvement in a substantive crime. Moreover, a lifetime gagging clause prevents telling what happened on penalty of a further five years (S.50). The data protection act mandates data controllers to take adequate precautions including encryption, so they are in jeopardy either way.'