A battle of wills between crime investigators and an alleged computer hacker – who has repeatedly refused to reveal the password to encrypted pieces of hardware – gave rise to an important ruling which helped to define the often tricky dividing line between the civil and criminal law.
Following the grant of a search warrant under the Computer Misuse Act 1990, officers of the National Crime Agency (NCA) had seized various computers from the man’s home. He was arrested but not charged with any offence. He refused to reveal the relevant password and was released on bail.
A criminal court later ordered him to disclose the password under the Regulation of Investigatory Powers Act 2000 (RIPA). However, the NCA did not enforce that order after the man claimed that he had no information to give. The NCA’s response was to launch civil proceedings against him and to seek a case management direction requiring him to disclose the password.
The man objected on the basis that such a direction would be an improper use of the court’s case management powers and would breach his human rights to privacy and peaceful enjoyment of his private possessions. In dismissing the NCA’s application, a judge found that the correct procedure to be followed was that contained within RIPA, which incorporates a number of human rights safeguards. The judge noted that the man had been directed to swear a witness statement, giving details of the contents of any hidden files, and that inferences could be drawn if he failed to comply with that.