A Dutch draft law that aims to introduce a decryption order that forces suspects to decrypt data on their computers could violate the European Convention on Human Rights (ECHR), said the Dutch Council for the Judiciary on Wednesday.
Several E.U. countries such as France, Belgium and the U.K. already have laws that compel individuals or companies to decrypt data requested by law enforcement authorities for investigations.
In the U.K for instance, failure to comply could mean a prison sentence of up to two years for cases not involving national security or five years for those that do. Refusing to give access to encrypted material if requested by a judge or another person with appropriate permission can be punished with a maximum jail sentence of one year and a fine in Belgium.
In France, punishment can be as high as three years in jail and a fine of €45,000 (US$59,000) if someone refuses to hand over the key to encrypted files that may have been used to prepare, aid or commit a crime. If it turns out the disclosure of the keys could have prevented a crime or diminish the effects of a crime, the punishment can go up to five years in jail and a €75,000 fine.
In the Netherlands, a similar law is being readied. Deliberately refusing to comply with a decryption order would be punishable by a maximum prison sentence of three years or a fine with a maximum of €19,500 should the law enter into force, according to the draft law's explanatory statement.
The Dutch government wants to introduce the decryption order because detection of computer crime is hampered by the use of encryption, especially in cases of child pornography, according to the document.
However, introducing a law that forces suspects to decrypt information could violate Article 6 of the ECHR, which states that a person doesn't have to incriminate oneself, said the Council for the Judiciary in a letter sent to the Minister of Safety and Justice dated July 4 and published on Wednesday.
While it is part of the Dutch Judiciary, the Council itself does not actually adjudicate legal matters. Instead, the Council is dedicated to ensuring that the courts of law can perform their duties effectively. It also represents the interests of the courts in the political arena as well as in administration and government, notably to the Minister of Security and Justice.
While the ministry maintains that the proposed law can operate within the boundaries of Article 6, the council is not sure that is possible.
A judge could conclude that the decryption order does violate Article 6 of the ECHR, which may have consequences for the usefulness of the evidence of the results of such an order, the Council said. The Council recommended reconsidering the relationship between the proposed decryption order and Article 6 of the ECHR and when doing so, to take a close look at a recent case, Chambaz v. Switzerland.
In that case, the European Court of Human Rights ruled last year that the right not to incriminate oneself and the right of access to evidence held by the prosecuting authorities were not respected when Yves Chambaz was fined several hundred thousand euros for refusing to produce all the documents requested in relation to his business dealings with a company and banks in a tax evasion case.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to firstname.lastname@example.org
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.