Investigation of encryption protected electronic data under RIPA 2000
Investigation of encryption protected electronic data under RIPA 2000

The following Corporate Crime guidance note provides comprehensive and up to date legal information covering:

  • Investigation of encryption protected electronic data under RIPA 2000
  • Investigation of encrypted electronic data
  • When does the power to demand an encryption key arise?
  • Who can give authority for an encryption key demand?
  • Power to demand disclosure of an encryption key
  • Enforcement of disclosure notice

The Investigatory Powers Act 2016 (IPA 2016) overhauled the legal framework governing the use of covert surveillance by public bodies, a framework which is largely, but not exclusively, set out by the Regulation of Investigatory Powers Act 2000 (RIPA 2000). See Practice Note: The Investigatory Powers Act 2016—an introductory guide.

While significant parts of RIPA 2000 have been, and progressively will be, repealed and replaced by IPA 2016, the provisions in RIPA 2000, Pt III which relate to the power of public bodies to issue notices to decrypt encrypted information or to provide decryption keys remain in force, albeit amended by IPA 2016.

Investigation of encrypted electronic data

RIPA 2000, Pt III regulates the investigation by a public authority of electronic data which is protected by encryption. The provisions are supplemented by a Code of Practice which is admissible in evidence in criminal and civil proceedings.

There are a range of means by which businesses, individuals and criminals can secure and protect their electronic data and to maintain the privacy of their electronic communications. The protection of electronic data can be achieved in various ways, including, at a basic level, a password which gives access to the data in an intelligible form. More complex applications use cryptography to protect access to the data and to put the data itself into a form that is