CHAPTER 8: COMPARISONS – OTHER FORMS OF SURVEILLANCE
for example in the interests of national security or in certain cases for the prevention
and detection of crime.
8.28.
When material within those databases is aggregated, it becomes a powerful tool in
the hands of security and intelligence agencies or investigators searching for suspect
behaviour. One such system is HMRC’s Connect database, described as a “hightech analysis system” which allows, when combined with a “wide range of data
sources”, the identification of “evasion at the touch of a button”.30
8.29.
Big Data sets are also the basis for “rules based targeting”. This technique involves
the “washing” of relevant data against intelligence-led rules so as to identify
passengers with a profile similar to those of known terrorists travelling on routes of
concern. I have expressed the view elsewhere that this technique is an entirely useful
and rational one for identifying travellers whom it may be appropriate to question, and
if necessary to search, under the Terrorism Act 2000 Schedule 7.31
Enforced decryption
8.30.
Where a device has been lawfully seized for examination and contains encrypted
materials, the relevant authority can demand that the decryption key is handed over
to enable all content to be examined.32 This power, activated only in 2007, is highly
intrusive but not covert. Any public authority that obtains unreadable material in the
course of an investigation may seek the keys if it is necessary and proportionate to
do so, but must first seek the concurrence of NTAC. Authority is given by a circuit
judge for law enforcement agencies and by the Secretary of State for the agencies, 33
and the practice is overseen by the relevant Commissioners.34
8.31.
Enforced decryption represents a possible way around the secure encryption of
modern devices such as smart phones. However, as was pointed out to me,
somebody whose device contains evidence which would be liable to convict him for
serious criminality if it could be read might prefer to accept a relatively low prison
sentence for refusal to hand over the encryption key. Enforced decryption was
required 76 times in 2013-14, with two convictions in the same period for failure to
comply.35 I have previously drawn attention to the anomalous fact that the Code of
Practice governing police port operations under the Terrorism Act Schedule 7 purports
to permit them to demand the encryption key without reference to similar procedures
or safeguards.36
30
31
32
33
34
35
36
https://www.gov.uk/government/policies/reducing-tax-evasion-and-avoidance/supportingpages/preventing-tax-evasion.
D. Anderson, The Terrorism Acts in 2013, (July 2014), Annex 2, para 19.
RIPA s49.
See RIPA Schedule 2.
See RIPA s59(2), which grants the ISCommr the power to oversee the exercise by the intelligence
services of all their powers in RIPA Part III, and RIPA s57(2)(c) which grants IOCC the power to
oversee the exercise of RIPA Part II powers.
OSC Annual Report, September 2014, 4.13.
D. Anderson, The Terrorism Acts in 2013, July 2014, Annex 2 para 33.
146