After seven years in the political wilderness, the final and most controversial part of the Regulation of Investigatory Powers Act (RIPA) will come into force later this year, subject to Parliamentary approval. RIPA Part III is likely to become law on 1 October, in line with Home Secretary Jacqui Smith's vague assurances this month in the House of Commons that there would be "news on that soon".
The Home Office said in a statement: "The Government recognised concernsabout how Part III would work in practice, and decided not to implementPart III before Parliament had the opportunity to consider and approve acode of practice."
The revised code of practice restricts the scope of public authorities'powers to access encrypted material and introduces additional securityprovisions for both key materials and disclosed decrypted data. TheNational Technical Assistance Centre (NTAC) is to be the central contactpoint for law enforcement and public queries.
"The key here is ensuring that NTAC is well scrutinised and well fundedto build business trust," said Jamie Cowper, marketing manager at PGPCorporation. "How well RIPA III works with other pending legislationsuch as PCI and MiFID is potentially awkward, and might well lead tobusinesses having to cherry pick which legislation to conform to."
Part III has long been controversial, as it is the part of the Act thatallows the seizure of data, and previously of encryption keys, althoughthe latter has now been abandoned. Financial services and legal firmsare particularly concerned about accidental disclosure of confidentialmaterial during this process.
Robert Bond, partner and head of IP, technology and commercial law atSpeechly Bircham LLP said: "This code is a great improvement overprevious drafts, and large organisations should be able to work with it.However, companies further down the food chain will have problems, suchas having to meet the increased costs of these potentially invasiverequests."