The current and future progress of technology has been and will be good for many things. However, Privacy is an issue now and will continue to be an issue. Listening in to calls, eavesdropping, hacking and snooping have become global industries and are no longer material from science fiction but technological facts.
In many cases there are real world legitimate reasons for maintaining and ensuring privacy from hackers and listeners. From the simple concerns of a private individual worried about identity theft or the collection of personal data for profit to global companies worried about trade secrets and leaking of negotiations. Corporate espionage is nothing new - 1980's IBM was the victim, 1997 Gillette trade secretes stolen by way of wire fraud, 1990's Kodak. More recently operation Night Dragon was hugely successful.
These legitimate concerns are shared with the not so legitimate. Terrorist operating globally or even locally will require a communications network that is capable of hiding operational ambitions. Many drugs cases in the UK have been proven by the evidence gathered from Mobile Phone Data.
There are essentially 2 types of encryption. The first is a device that has been built as an encrypted device. For example, some Encrypted telephone handsets cannot be used to make a voice call over a 4g or 5g network. They use a wifi signal rather than mobile networks and users are limited to text or picture messages. When the handset power is turned on, the device begins to encrypt. Resulting in the phone wiping everything unless a 15-character password is entered correctly.
Such devices do not record data in the same way a smart phone does. Proving location via cell site becomes very difficult if not impossible for the police.
It is clear that for Police officers and experts, this proves very frustrating as once the device is seized, there is one chance to extract it . Get it wrong, and the evidence is gone. Forever.
The second type of encryption is where software is applied to a device to encrypt the data held on the device. Any error in entering the password will render the potential evidence worthless.
Having an encrypted phone is perfectly legal in the UK.............for now. There has been discussion and debate over the issue since 2015. It was a pledge of the former prime minister, David Cameron that the UK would ban encryption.
The Regulation of Investigatory Powers Act (RIPA) has been around for over 10 years. It is an important piece of law for the police. It is used by the police investigating a variety of criminal offences and enables the police to compel a suspect to provide the password or key used to access a phone, computer or any service accessed through an electronic device.
Under S49 of RIPA, the police have the power to serve something called a RIPA notice. This Notice requires a suspect to provide or disclose a password, key or code allowing access to electronic data. The Police can serve a notice if:
Do you have to - It is a criminal offence not to. Should you ? Hmm.
The first thing to be aware of is the fact that failure to provide the Password, Key or Code is a separate criminal offence. Under s53 of RIPA, failure to provide the Password Key or Code carries a prison sentence.
In most cases, the term of imprisonment will be up to 2 years. This includes drugs cases. Where the substantive offence or allegation involves national security (terrorism) or Child indecency, the term of imprisonment is up to 5 years.
If the only way of proving that an individual is involved in a criminal offence is via evidence held on a device and that offence carries a likely term of imprisonment of 10 years. 2 years for refusing to give up the Password may make mathematical sense ?
With some devices, there is no password and the device itself is encrypted and even the owner would not be able to recover data from it. For example if a device is set to automatically wipe all data every 24 hours, there is nothing the owner could do to recover the data that has been erased.
In other cases, it is a defence for a suspect to show they are not in possession of the Password, Key or Code.
In the context of drugs cases, it is important to understand how the basic mechanics of the sentencing guidelines work. In all cases of sentencing for drugs offences, the Judge will have to determine the Offence Category. This is done by first determining the role that a person has played in the offence:
Secondly the Judge will determine which of the three Categories of harm the case falls into. This is by reference to the nature of the drug and the amounts involved.
2 recent cases, demonstrate that the use of an encrypted phone in drugs offences, will be seen as an indication of a level of sophistication and as such will push an individuals role up the ladder.
The Court of Appeal held that posession of the encrypted mobile telephones held by both defendants was demonstrative of the sophistication of the operation and held that it was right that they were to be regarded as being in a significant role for the purposes of sentencing.
The fact that the participants to the conspiracy used encrypted phones to communicate with each other showed a high level of sophistication.