Disclosing Encryption Keys and IP Addresses

Slaw is Canada's online legal magazine

• CanCourts on Twitter

• Canadian blawgs
search

• TOROG

• Tjaden LLM Thesis

• Quick referrers

• CanLII bookmarklets

• Quix

• Canadian journals'
TOCs

October 18, 2008

John Gregory

Disclosing Encryption Keys and IP Addresses

European courts have had something to say lately about whether disclosing encryption keys would amount to self-incrimination, and whether disclosing an IP address involved an undue disclosure of personal information.

An English court (R. v. S and A [2008] EWCA Crim 2177) held that compulsory disclosure of an encryption key was not improper. Out-Law.com has the story:

"In this sense the key to the computer equipment is no different to the key to a locked drawer," said the judge. "The contents of the drawer exist independently of the suspect: so does the key to it. The contents may or may not be incriminating: the key is neutral. In the present cases the prosecution is in possession of the drawer: it cannot however gain access to the contents. The lock cannot be broken or picked, and the drawer itself cannot be damaged without destroying the contents."

Mr Justice Penry-Davey did concede, though, that if the computers were found to contain incriminating material then the fact that the two men knew what the passwords were could itself become incriminating evidence. The fact of their knowledge of the password, and not the password itself, could incriminate them.

The Court said that there was a balance between the rights of the two men not to incriminate and the needs of society to be protected, and that the systems in place held that balance.

A German court (30.09.2008 AG, Munich – English translation) held that storing (not disclosing) IP addresses alone did not violate privacy laws. Again, Out-Law.com has the story:

Search engine companies and other web publishing operations store IP addresses in a bid to identify users and their usage patterns. Privacy activists have argued that IP addresses should count as personal data under data protection legislation. Publishers have claimed that while IP addresses can be personal data, they are not always necessarily so.

In a provisional ruling, the district court of Munich has said that when stored by an internet publisher, IP addresses are not personal data under the country's Privacy Act because the information cannot be easily used to determine a person's identity.

The issue has never been tested in a UK court but the view of the German court is consistent with guidance published last year by the UK's Information Commissioner.

The Article 29 Working Party, the committee of Europe's privacy watchdogs, has said that IP addresses should be treated as personal data by ISPs and search engines, even if they are not always personal data.

[Note this limit to the ruling: The ruling said that an internet service provider (ISP) could not tell a third party who was using a particular IP address at a particular time without a legal basis. ISPs generally do not give out such information except when ordered to do so by a court.]

Are these cases right? Do they depend on particular legislation in the relevant countries, to the extent that there are no lessons to be learned here?

Should Canada have something like the UK's Regulatory Investigation Procedure Act (RIPE) that requires disclosures of encryption keys on pain of criminal sanction?

Can law enforcement officials here, or ISPs, take comfort from the reasoning in Germany when they seek disclosure of, or choose to disclose, IP addresses of people suspected of crimes (or who might be doing things of interest to the police)?

John D. Gregory is an Ontario lawyer called in 1977, with a special interest in what happens to the law when you take the paper away. He works in civil justice law reform at the Ministry of the Attorney General, but his Slawian opinions are not necessarily those of the Ministry.
[click on the author's name for more information]

Respond: make a comment

More: in Administration of Slaw or Substantive Law or ulc_ecomm_list | from John Gregory

Comments are closed.

searching comments Slawtips case summaries TalkLaw/ParLoi noted on Slaw categories SlawNET

the count:
8219 posts | 11403 comments

[get this search box for your site]

SlawTips

Use join.me to Get on the Same Page Across the Web
Wednesday, February 8

When you need to collaborate on a document displayed on your screen, it’s great to have a colleague from down the hall come into your office and look over your … »»

Technology

Top 10 Financial Errors: #8 Always Assume More Risk Than Needed
Friday, February 3

You should assess whether you can accept the financial risks associated with taking the matter, just as clients will assess whether they can (and will) pay your fee. Spend time at the beginning of the. […] »»

Practice

Seeing New Federal Legislation
Wednesday, February 1

Today’s Tip is a simple reminder to view by “latest activity date”. The Parliament is back in session and those Slaw Tips readers for whom monitoring legislation is a regular … »»

Research

noted on Slaw

Statistics Canada, The Daily, Women in Canada

Available online today are four new chapters of the publication Women in Canada: A Gender-based Statistical Report, which explores the socio-demographic and economic circumstances of Canadian women in general.
Library Boy: Library of Parliament Legislative Summary of Bill on Adding New House of Commons Seats

The bill amends the Constitution Act, 1867 by readjusting the number of members and the representation of the provinces in the House of Commons.
Judges out of touch on privacy issues, says Ontario privacy czar
Ars Technica: Law & Disorder: Startup hopes to hack the immigration system with a floating incubator

Blueseed plans to buy a ship and turn it into a floating incubator anchored in international waters off the coast of California.
An open letter to Canadian journalists - CAJ

Under Prime Minister Stephen Harper, the flow of information out of Ottawa has slowed to a trickle.
EXCESS COPYRIGHT: Fair Dealing Cases in the Supreme Court of Canada - December 6 and 7, 2011 - Links to Factums
Ontario Commissioner Issues Significant Order on Custody or Control of University Records « All About Information

"…the IPC has exclusive jurisdiction to decide whether a record is in the custody or control of a university in the context of an access request…"
Library Boy: Library of Parliament Legislative Summary of Bill To Abolish Firearms Registry
Federation of Law Societies of Canada

John J.L. Hunter, Q.C. of Vancouver has been elected President for 2011-2012
Results of BC CBA Survey on Supreme Court Civil Rules [PDF]

Detailed results from 321 members.

MLB Selected Case Summaries

These summaries of selected recent cases are provided each week to Slaw by Maritime Law Book.
More information.

McGowan v. Bank of Nova Scotia 2011 PECA 20

Banks and Banking - Liability of banks to third parties - Negligence - General

The plaintiffs were the former shareholders of a company that failed. They sued the defendant bank alleging that it breached its contract with the company and the plaintiffs and breached a duty ...
Jones v. Tsige 2012 ONCA 32

Actions - Cause of action - General principles - New or extended cause of action - Opening of floodgates

The plaintiff and defendant worked at different branches of the same bank. The defendant’s common-law husband was the plaintiff’s ex-husband. Over a four year period, the defendant ...
Canadian Society of Immigration Consultants v. Canada (Minister of Citizenship and Immigration) 2011 FC 1435

Aliens - Definitions and general principles - Immigration consultants

The Canadian Society of Immigration Consultants (CSIC) had been designated as the sole regulatory body of immigration consultants in Canada from 2004 until June 2011. On June 30, 2011, Bill C-35 came into force, which significantly amended ...
R. v. Benson (A.J.) 2012 SKCA 4

Criminal Law - Sexual offences, public morals and disorderly conduct - Public morals - Obscenity - Possession of child pornography

The accused was convicted of making child pornography available and two counts of possession of child pornography (see [2010] Sask.R. Uned. 197). Subsequently, he was sentenced ...
R. v. Rowe (J.) 2011 ONCA 753

Criminal Law - Procedure - Charge or directions - Jury or judge alone - Directions regarding pleas or evidence of witnesses, co-accused and accomplices

Rowe was convicted by a jury of five offences. He appealed.

The Ontario Court of Appeal allowed ...
R. v. Parker (T.) 2011 ONCA 819

Narcotic Control - Offences - Possession - General

The accused wished to access marijuana for medicinal purposes but did not have an authorization to possess marijuana issued under the Marihuana Medical Access Regulations. He was notified that a package of marihuana addressed to him had been ...
R. v. McCrady (R.C.) 2011 ONCA 820

Narcotic Control - General - Legislation - Exemptions - Medicinal marijuana

McCrady, who had an application pending under the Marihuana Medical Access Regulations (MMAR) to possess and grow marijuana, was convicted of possession of marijuana (Controlled Drugs and Substances Act (CDSA), s. 4(1)). Hearn pleaded guilty ...
R. v. Maloney (S.W.) 2011 ONCA 821

Criminal Law - Sentence - Trafficking in hashish or marijuana (incl. possession for purposes of trafficking)

The accused pleaded guilty to one count of possession of marijuana for the purpose of trafficking. He was sentenced to 30 days’ imprisonment to be served intermittently and 11 months’ ...
Catalyst Paper Corp. v. North Cowichan (District) 2012 SCC 2

Municipal Law - Powers of municipalities - Particular powers - Imposition and collection of taxes or fees

Catalyst Paper Corp. operated a paper mill in the District of North Cowichan. Catalyst objected to the tax rate that it paid compared to residential ratepayers. In 2009, the ...

The re-development
of Slaw is assisted by
a grant from the
Law Foundation of Ontario

TalkLaw/ParLoi

This is a listing of a few upcoming events in Canada of interest to lawyers, law students, legal librarians, and others involved in the practice of law.

Clicking on any event in the list below will give you access to more information and to links allowing you to see the full entry and to add the event to your own calendar.

Click this link for a fuller version of the TalkLaw/ParLoi calendar of events and for instructions as to how to add events and calendars to your own calendar.

SlawNET

These are the great blogs run by our contributors. We recommend them to you.

Avoid A Claim Blog

Clio Blog

Connie Crosby

Connection | A Crosby Group Consulting Blog

eLegal Canton

First Reference Inc.

House of Butter

Law Firm Web Strategy

Law is Cool

Library Boy

Off the Shelf

Quebec Labour Law - Droit du travail au Québec

Thoughtful Legal Management

Vancouver Law Librarian Blog



Slaw is Canada's online legal magazine	• about Slaw • our contributors • our columnists • by date • by category • by author • CanCourts on Twitter • Canadian blawgs search • TOROG • Tjaden LLM Thesis • Quick referrers • CanLII bookmarklets • Quix • Canadian journals' TOCs

HR Declaration Animated «« older \| newer »» Canada Bans BPA in Bottles October 18, 2008 John Gregory Disclosing Encryption Keys and IP Addresses European courts have had something to say lately about whether disclosing encryption keys would amount to self-incrimination, and whether disclosing an IP address involved an undue disclosure of personal information. An English court (R. v. S and A [2008] EWCA Crim 2177) held that compulsory disclosure of an encryption key was not improper. Out-Law.com has the story: "In this sense the key to the computer equipment is no different to the key to a locked drawer," said the judge. "The contents of the drawer exist independently of the suspect: so does the key to it. The contents may or may not be incriminating: the key is neutral. In the present cases the prosecution is in possession of the drawer: it cannot however gain access to the contents. The lock cannot be broken or picked, and the drawer itself cannot be damaged without destroying the contents." Mr Justice Penry-Davey did concede, though, that if the computers were found to contain incriminating material then the fact that the two men knew what the passwords were could itself become incriminating evidence. The fact of their knowledge of the password, and not the password itself, could incriminate them. The Court said that there was a balance between the rights of the two men not to incriminate and the needs of society to be protected, and that the systems in place held that balance. A German court (30.09.2008 AG, Munich – English translation) held that storing (not disclosing) IP addresses alone did not violate privacy laws. Again, Out-Law.com has the story: Search engine companies and other web publishing operations store IP addresses in a bid to identify users and their usage patterns. Privacy activists have argued that IP addresses should count as personal data under data protection legislation. Publishers have claimed that while IP addresses can be personal data, they are not always necessarily so. In a provisional ruling, the district court of Munich has said that when stored by an internet publisher, IP addresses are not personal data under the country's Privacy Act because the information cannot be easily used to determine a person's identity. The issue has never been tested in a UK court but the view of the German court is consistent with guidance published last year by the UK's Information Commissioner. The Article 29 Working Party, the committee of Europe's privacy watchdogs, has said that IP addresses should be treated as personal data by ISPs and search engines, even if they are not always personal data. [Note this limit to the ruling: The ruling said that an internet service provider (ISP) could not tell a third party who was using a particular IP address at a particular time without a legal basis. ISPs generally do not give out such information except when ordered to do so by a court.] Are these cases right? Do they depend on particular legislation in the relevant countries, to the extent that there are no lessons to be learned here? Should Canada have something like the UK's Regulatory Investigation Procedure Act (RIPE) that requires disclosures of encryption keys on pain of criminal sanction? Can law enforcement officials here, or ISPs, take comfort from the reasoning in Germany when they seek disclosure of, or choose to disclose, IP addresses of people suspected of crimes (or who might be doing things of interest to the police)? John D. Gregory is an Ontario lawyer called in 1977, with a special interest in what happens to the law when you take the paper away. He works in civil justice law reform at the Ministry of the Attorney General, but his Slawian opinions are not necessarily those of the Ministry. [click on the author's name for more information] Respond: make a comment Share: Email \| Save as PDF \| Print \| Bookmark & Share \| \| More: in Administration of Slaw or Substantive Law or ulc_ecomm_list \| from John Gregory Comments are closed.		searching comments Slawtips case summaries TalkLaw/ParLoi noted on Slaw categories SlawNET search Slaw: the count: 8219 posts \| 11403 comments Slaw's canadian law blogs search: [get this search box for your site] recent comments David Cheifetz on Collateral Damage: Innocent Users Impacted MegaUpload Takedown Shaunna Mireau on Collateral Damage: Innocent Users Impacted MegaUpload Takedown David Cheifetz on 2008 Costs of Crime Report Published David Cheifetz on 2008 Costs of Crime Report Published Edward Prutschi on 2008 Costs of Crime Report Published bob on Is There a Fraudster in Your Office? m. diane kindree on Queen's Counsel Appointments Patrick McKenna on The Myth of the Visionary Managing Partner Evan Brown on Collateral Damage: Innocent Users Impacted MegaUpload Takedown John N. Davis on Queen's Counsel Appointments John Gregory on Queen's Counsel Appointments John N. Davis on Queen's Counsel Appointments Simon Fodden on The Courts and Social Media Edwin Jones on Internet Access as a Human Right John G on The Courts and Social Media SlawTips Use join.me to Get on the Same Page Across the Web Wednesday, February 8 When you need to collaborate on a document displayed on your screen, it’s great to have a colleague from down the hall come into your office and look over your … »» Technology Top 10 Financial Errors: #8 Always Assume More Risk Than Needed Friday, February 3 You should assess whether you can accept the financial risks associated with taking the matter, just as clients will assess whether they can (and will) pay your fee. Spend time at the beginning of the. […] »» Practice Seeing New Federal Legislation Wednesday, February 1 Today’s Tip is a simple reminder to view by “latest activity date”. The Parliament is back in session and those Slaw Tips readers for whom monitoring legislation is a regular … »» Research noted on Slaw Statistics Canada, The Daily, Women in Canada Available online today are four new chapters of the publication Women in Canada: A Gender-based Statistical Report, which explores the socio-demographic and economic circumstances of Canadian women in general. Library Boy: Library of Parliament Legislative Summary of Bill on Adding New House of Commons Seats The bill amends the Constitution Act, 1867 by readjusting the number of members and the representation of the provinces in the House of Commons. Judges out of touch on privacy issues, says Ontario privacy czar Ars Technica: Law & Disorder: Startup hopes to hack the immigration system with a floating incubator Blueseed plans to buy a ship and turn it into a floating incubator anchored in international waters off the coast of California. An open letter to Canadian journalists - CAJ Under Prime Minister Stephen Harper, the flow of information out of Ottawa has slowed to a trickle. EXCESS COPYRIGHT: Fair Dealing Cases in the Supreme Court of Canada - December 6 and 7, 2011 - Links to Factums Ontario Commissioner Issues Significant Order on Custody or Control of University Records « All About Information "…the IPC has exclusive jurisdiction to decide whether a record is in the custody or control of a university in the context of an access request…" Library Boy: Library of Parliament Legislative Summary of Bill To Abolish Firearms Registry Federation of Law Societies of Canada John J.L. Hunter, Q.C. of Vancouver has been elected President for 2011-2012 Results of BC CBA Survey on Supreme Court Civil Rules [PDF] Detailed results from 321 members. MLB Selected Case Summaries These summaries of selected recent cases are provided each week to Slaw by Maritime Law Book. More information. McGowan v. Bank of Nova Scotia 2011 PECA 20 Banks and Banking - Liability of banks to third parties - Negligence - General The plaintiffs were the former shareholders of a company that failed. They sued the defendant bank alleging that it breached its contract with the company and the plaintiffs and breached a duty ... Jones v. Tsige 2012 ONCA 32 Actions - Cause of action - General principles - New or extended cause of action - Opening of floodgates The plaintiff and defendant worked at different branches of the same bank. The defendant’s common-law husband was the plaintiff’s ex-husband. Over a four year period, the defendant ... Canadian Society of Immigration Consultants v. Canada (Minister of Citizenship and Immigration) 2011 FC 1435 Aliens - Definitions and general principles - Immigration consultants The Canadian Society of Immigration Consultants (CSIC) had been designated as the sole regulatory body of immigration consultants in Canada from 2004 until June 2011. On June 30, 2011, Bill C-35 came into force, which significantly amended ... R. v. Benson (A.J.) 2012 SKCA 4 Criminal Law - Sexual offences, public morals and disorderly conduct - Public morals - Obscenity - Possession of child pornography The accused was convicted of making child pornography available and two counts of possession of child pornography (see [2010] Sask.R. Uned. 197). Subsequently, he was sentenced ... R. v. Rowe (J.) 2011 ONCA 753 Criminal Law - Procedure - Charge or directions - Jury or judge alone - Directions regarding pleas or evidence of witnesses, co-accused and accomplices Rowe was convicted by a jury of five offences. He appealed. The Ontario Court of Appeal allowed ... R. v. Parker (T.) 2011 ONCA 819 Narcotic Control - Offences - Possession - General The accused wished to access marijuana for medicinal purposes but did not have an authorization to possess marijuana issued under the Marihuana Medical Access Regulations. He was notified that a package of marihuana addressed to him had been ... R. v. McCrady (R.C.) 2011 ONCA 820 Narcotic Control - General - Legislation - Exemptions - Medicinal marijuana McCrady, who had an application pending under the Marihuana Medical Access Regulations (MMAR) to possess and grow marijuana, was convicted of possession of marijuana (Controlled Drugs and Substances Act (CDSA), s. 4(1)). Hearn pleaded guilty ... R. v. Maloney (S.W.) 2011 ONCA 821 Criminal Law - Sentence - Trafficking in hashish or marijuana (incl. possession for purposes of trafficking) The accused pleaded guilty to one count of possession of marijuana for the purpose of trafficking. He was sentenced to 30 days’ imprisonment to be served intermittently and 11 months’ ... Catalyst Paper Corp. v. North Cowichan (District) 2012 SCC 2 Municipal Law - Powers of municipalities - Particular powers - Imposition and collection of taxes or fees Catalyst Paper Corp. operated a paper mill in the District of North Cowichan. Catalyst objected to the tax rate that it paid compared to residential ratepayers. In 2009, the ... The re-development of Slaw is assisted by a grant from the Law Foundation of Ontario TalkLaw/ParLoi This is a listing of a few upcoming events in Canada of interest to lawyers, law students, legal librarians, and others involved in the practice of law. Clicking on any event in the list below will give you access to more information and to links allowing you to see the full entry and to add the event to your own calendar. Click this link for a fuller version of the TalkLaw/ParLoi calendar of events and for instructions as to how to add events and calendars to your own calendar. categories Administration of Slaw Announcements Columns: Book Review Columns: Dispute Resolution Columns: e-Discovery Columns: Justice Issues Columns: Legal Information Columns: Legal Marketing Columns: Legal Publishing Columns: Legal Technology Columns: Outsourcing Columns: Practice of Law Education & Training Education & Training: CLE/PD Education & Training: Law Schools Firm Guest Blogger Hot on CanLII Legal Information Legal Information: Information Management Legal Information: Libraries & Research Legal Information: Publishing Miscellaneous Practice of Law Practice of Law: Future of Practice Practice of Law: Marketing Practice of Law: Practice Management Reading Reading: Recommended Reading: You might like… Slaw Retweets Slaw RSS Site News Substantive Law Substantive Law: Foreign Law Substantive Law: Judicial Decisions Substantive Law: Legislation Technology Technology: Internet Technology: Office Technology ulc_ecomm_list SlawNET These are the great blogs run by our contributors. We recommend them to you. Avoid A Claim Blog Clio Blog Connie Crosby Connection \| A Crosby Group Consulting Blog eLegal Canton First Reference Inc. House of Butter Law Firm Web Strategy Law is Cool Library Boy Off the Shelf Quebec Labour Law - Droit du travail au Québec Thoughtful Legal Management Vancouver Law Librarian Blog
more columns on: · e-discovery · justice issues · legal information · legal marketing · legal publishing · legal technology · outsourcing · practice of law	· about Slaw · about our contributors · about our columnists · archives by date · archives by category · archives by author · contact us · subscribe with RSS · subscribe by email · subscribe by topic/author · follow us on twitter © copyright information · 15 prior posts · 30 prior posts · 50 prior posts	member login

Disclosing Encryption Keys and IP Addresses

SlawTips

Use join.me to Get on the Same Page Across the Web Wednesday, February 8

Top 10 Financial Errors: #8 Always Assume More Risk Than Needed Friday, February 3

Seeing New Federal Legislation Wednesday, February 1

Use join.me to Get on the Same Page Across the Web
Wednesday, February 8

Top 10 Financial Errors: #8 Always Assume More Risk Than Needed
Friday, February 3

Seeing New Federal Legislation
Wednesday, February 1