Government's RIP Act revisions under fire

Changes to Part III of the 2000 Regulation of Investigatory Powers Act are due to come into effect on 1 October

The privacy of UK individuals and business remains under threat despite recent attempts to revise controversial legislation that allows authorities to decrypt files on suspects' computers, experts warned today.

The warning follows changes to Part III of the 2000 Regulation of Investigatory Powers (RIP) Act laid before Parliament on 18 June which are due to come into effect on 1 October.

These revisions are designed to protect the privacy of individuals and the commercial interests of businesses that hold sensitive encrypted information.

Original powers contained in Part III of the legislation were widely criticised by civil rights groups for their intrusive nature.

Businesses, particularly in the financial services sector, expressed concerns about data security and conflicts with data privacy rights.

"Managing encryption and encryption keys is a complex challenge in itself but having to disclose keys to a third party under these new powers has the potential to open up major security holes," warned Dr Nicko van Someren, chief technology officer at nCipher.

"However, the revisions in the new Code of Practice require the level of security for any disclosed key material to, at minimum, match the security that was accorded to it prior to disclosure.

"Furthermore, loss or damage arising from a failure to safeguard decrypted information may give rise to civil actions against the authorities and individual officers."

Robert Bond, head of intellectual property, technology and commercial law at Speechly Bircham LLP, said: "It remains to be seen whether these revisions to RIP Act legislation will be enough to prevent some financial institutions moving their headquarters out of the UK.

"But the revised restrictions on authorities to access keys without good cause and due notice are to be welcomed."