RESTRICTED Part III Regulation of Investigatory Powers Act 2000 Sec 49 Notice Process Investigation of Protected Electronic Information RESTRICTED RESTRICTED Introduction The purpose of this document is to provide an overview and guidance for the Investigation of Protected Electronic Information (PEI). Part III of the Regulation of Investigatory Powers Act 2000 (RIPA), provides a statutory framework enabling public authorities to require PEI, which they have obtained lawfully or are likely to obtain lawfully, to be put into an intelligible form. It also enables them to acquire the means to gain access to protected information and to acquire the means to put the information into an intelligible form. This guide can be read in conjunction with the Home Office ‘Investigation of Protected Electronic Information Code of Practice’. The use of this legislation is only appropriate for the investigation when the offences meet the serious crime criteria;   In that a person, having attained the age of 21 years, with no previous convictions could, upon conviction for the offences, reasonably expect to receive a term of imprisonment of 3 or more Or the conduct involves the use of violence, resulting in substantial financial gain or is conduct by a large number of persons in pursuit of a common purpose. (Serious and Organised Crime) When an item has been seized lawfully, investigators should always ask for any key or passwords used to access any protected information. Protected Information means any electronic data which, without a key to the data cannot, or cannot readily:   Be accessed, or Be put into an intelligible form A key to data means any key, code, password, algorithm or other data, the use of which, by itself or with other key:   Allows protected electronic data to be accessed, or Facilitates putting protected electronic data into an intelligible form Possession of a key by a person can include circumstances where the key is in their own possession e.g. suspect, or in the possession of:   An employee or other individual under their control, or A trusted third party or other service provider and the person has an immediate right of access to it or to have it transmitted or otherwise supplied to him. RESTRICTED 2 RESTRICTED Management of Productions When seizing productions, any passwords or keys used, should be asked for. Under no circumstances should any questions be asked at the time of seizure regarding the content of the device or file. There should be a specific reason for the item seized to be examined, for example, the SIO must have reason to suspect that there is data which is of evidential value on the device or file. The productions must be examined by Police Scotland digital forensic investigators who will confirm if an item seized is encrypted or contains encrypted data. If they are unable to overcome this encryption, they may recommend that the SIO refers the case to the National Technical Assistance Centre (NTAC). Such recommendation may also be made by a member of the Crown Office & Procurator Fiscal Service (COPFS). NTAC can be contacted on ***Redacted under Section 30 (c) NTAC must be furnished with all relevant information and background to the investigation and allowed a sufficiency of time to examine the items. If initial examination by NTAC proves unsuccessful in gaining access to the information on the device or file, they may invite the SIO to make an Application for Permission in order to serve a Section 49 Notice on the suspect or other relevant person who has access to the key. Application for Permission to Serve Section 49 Notice All applications under this provision are governed by NTAC who are the national gatekeepers for this process. NTAC will contact the SIO by email and will provide an Application for Permission form. These forms are only issued on a case by case basis by NTAC. Under no circumstances should the blank forms be retained as a ‘template’. An Application for Permission to serve a Section 49 Notice must include the background to the investigation including the details of the person on whom the Notice it so be served, the applicants details, the operational objectives and the operation name to which the application relates. The application must also specify the files or devices protected by encryption being submitted, including description, model and serial numbers if available. Necessity A notice may be given where an investigator reasonably believes that disclosure of the protected information is necessary: RESTRICTED 3 RESTRICTED     in the interests of national security for the purpose of preventing or detecting crime in the interests of the economic well being of the United Kingdom, or for the purpose of securing the effective exercise or proper performance by any public authority of any statutory power or statutory duty In most case submitted by Police Scotland, the application will relate to the necessity for necessity for prevention and detection of crime. Proportionality There should also be a record of proportionality – i.e. the applicant should justify why it is needed to go to these extensive lengths to access the content, detailing the seriousness of the crime. The case for proportionality should also document     That the password/key has been asked for What is suspected/considered to be found in the contents What steps have been taken What has been considered and the reason why it was not done. The applicant should record that efforts to obtain the protected information in an intelligible form have failed. The applicant must be able to demonstrate they have asked for the key and that the Forensic Investigators have exhausted all options. The form should be sent to the Central Authorities Bureau (CAB) for quality assurance and acknowledged by a Force Authorising Officer (AO) prior to being submitted to NTAC. Completed applications will only be accepted by NTAC from a CAB SPOC. The Application for Permission will be considered by NTAC and if approved, will be allocated a Unique Reference Number and returned to the applicant with a blank Section 49 Notice. The Application for Permission form, on being returned from NTAC, should thereafter be signed by a Force AO. Once signed, the applicant can thereafter make representation to a Sheriff. Consultation should be made with COPFS at the earliest opportunity. Through communication and subsequent arrangement via the Procurator Fiscal, the applicant will then make representation with the approved Application for Permission form to a Sheriff. The Application for Permission, if granted, will be signed by a Sheriff. RESTRICTED 4 RESTRICTED The Section 49 Notice will be completed by the applicant in conjunction with the CAB and AO. This will set out the time period allowed for the key to be provided. This time period can be between 1 & 28 days, although it is usually appropriate to allow between 5 & 10 days, to allow the recipient to seek legal advice. The Section 49 Notice can then be served on the named person. The signed Application for Permission and a copy of the Section 49 Notice should be lodged with the CAB. Compliance With a Notice If the key/password is provided, the Police Scotland digital forensic examiners will attempt decryption and inform NTAC and the SIO of any result. Failure to Comply With a Notice If the key is not provided within the allotted time set out by the applicant, or where a key is provided but is not correct, the offence is complete. Where a person given a Section 49 Notice knowingly fails to make the disclosure required, they commit an offence under section 53 of the Act. On conviction on indictment on cases of National Security or child indecency a maximum of 5 years imprisonment may be served (other cases, 2 years). On summary conviction they may be liable to a maximum six-month term of imprisonment or a fine not exceeding the statutory maximum or both. The SIO must ensure early communication with COPFS, CAB & NTAC once the offence has been committed. Applications for Section 49 Notices are subject to examination during Office of Surveillance Commissioners (OSC) annual inspections. Contacts ***Redacted under Section 30 (c) RESTRICTED 5