What powers do the police in England and Wales have when it comes to your phone, computer and social media passwords?
A suspected murderer has been sent to prison, but not for the crime he was arrested for.
Stephen Nicholson was instead jailed for refusing to share his Facebook password with police, which they claimed obstructed their investigation into the stabbing of 13-year-old Lucy McHugh.
Nicholson had argued that giving police access to his private Facebook messages could expose information relating to cannabis, but the judge described this excuse as “wholly inadequate”, considering the severity of the case.
The case once again draws attention to the Regulation Investigatory Powers Act (RIPA), which was introduced in 2000 to give police investigating a crime the power to compel people to disclose a password used to access a phone, computer or any service accessed through an electronic device.
Nicholson pleaded guilty to the RIPA charge, for which he received a 14 month jail term.
Originally intended as an anti-terror measure, London firm Saunders Law explains that it can be used for a much broader range of criminal offences.
“The police are able to request disclosure if the reason is to prevent or detect crime, if it’s in the interests of national security or if it is in the interests of the economic wellbeing of the UK,” the firm states on its website.
“This definition can be applied very widely to the extent that it can cover any crime, no matter how minor.”
Refusing to comply with RIPA can result in a maximum sentence of two years imprisonment, or five years in cases involving national security or child indecency.
It is not the first time someone has been jailed in the UK for failing to disclose a password. In 2010, Oliver Drage was sentenced to 16 weeks at a young offenders institution after he didn’t share a 50-character password with police investigating child sexual exploitation.
Detective Sergeant Neil Fowler form Lancashire police said at the time the custodial sentence demonstrated how serious the offence was.
“Computer systems are constantly advancing and the legislation used here was specifically brought in to deal with those who are using the internet to commit crime,” he said. “It sends a robust message out to those intent on trying to mask their online criminal activities that they will be taken before the courts with the ultimate sanction, as in this case, being a custodial sentence.”
Saunders Law explains that other laws can also be called upon to compel people to divulge their passwords, such as Schedule 7 of the Terrorism Act 2000.
As the firm points out, criminals may be wiser to not disclose a password and plead guilty to the RIPA offence, rather than face significantly more severe charges brought on by whatever the password-protected data reveals.
“There could be a completely disproportionate result if someone is imprisoned for not providing a password but not the crime they are originally under investigation for, of which they might be innocent,” the firm stated.