Friday 13 September 2013

Regulation of investigatory powers act 2000

An investigation into people trafficking across European borders, a requirement to tap and listen in on the conversations of a known drug baron, intercepting emails within a paedophile ring, attempting to crack a terrorist’s encrypted drive containing plans for attacks. What does each of these scenarios have in common?

They all require the support of a legislative tool known as the Regulation of Investigatory Powers Act (RIPA).

The RIP Act, commonly referred to as RIPA, was introduced in the year 2000 in order to establish much needed protocols concerning communications data. The act covers interception, acquisition and disclosure of communications, surveillance and human intelligence sources as well as the investigation of electronic data protected by encryption. From a digital investigators point of view, the most relevant of these topics are information encryption and acquisition/disclosure issues.

Obtaining Communications Data

Section 22 with due authorisation and a warrant, any public authority can obtain communications data from a Communications Service Provider (CSP), such as T-Mobile or AOL. The definition of a public authority covers government bodies, the police, as well as local councils or enforcement departments such as Trading Standards.

Communications related data can may be seized by a requested by a public authority for several reasons or in different scenarios. The most immediate of these would be a threat to national security, public health, prevention of injury to a person’s mental or physical health and the prevention of a crime. However, the RIP Act also covers less serious circumstances where charges may need to be collected or assessed by government and for any issues relating to the general well-being of the United Kingdom economy. Authorisation will be valid for one month and no further data can be legally collected after this time period without further authorisation.

Collection and Investigation of Encrypted Data

Encrypted data can be a significant hurdle to digital forensics and can bring an investigation to a total standstill. In the event that encrypted documents, drives, e-mail, conversation logs or other forms of electronic media are discovered, procedures must be followed in accordance with RIPA.
Under section 49, a disclosure requirement must be imposed by an authorised personan authorised person must impose a disclosure requirement if suitable grounds for doing so are met. In terms of encrypted information, a disclosure requirement must be used when there reasonable belief or evidence to suggest that a person has the key to decrypt communications data. Again, threats to national security and crime can help provide further need for measures to decrypt protected information.

Disclosure requirements must describe the encrypted data for which the requirement has been created, on what grounds it has been issued, the time allowed to comply with the notice and information regarding the authorised person providing the notice. Total secrecy surrounding a disclosure notice must be adhered to under section 54 of the RIP Act. Any ‘tipping off’ can result in a person facing imprisonment or a fine.
If a person knowingly fails to comply with a disclosure requirement and does not provide the necessary authority with the key to encrypted data, that person may be subject to two years imprisonment or a fine under section 53 of RIPA. This is commonly a difficult area in digital evidence as encrypted communications may have the potential to imprison a suspect for more than the two years for not providing a key. Those who do not comply with the RIP Act when intercepting, obtaining or otherwise dealing with evidence will be liable to criminal or civil proceedings.

0 comments: