Law Library Stacks

Back to Government Access to Encrypted Communications

I. Decryption at the Request of the Intelligence Services and Law Enforcement

The United Kingdom (UK) has had legislation in place since the early 2000s that enables specified high-ranking law enforcement and intelligence officials to serve a written notice on individuals and bodies that requires them to disclose lawfully held encrypted information in an intelligible form. [1] This notice provides a means for what is described as “enforced decryption.” [2]

To obtain a notice, the desired disclosure of information must be proportionate to what the requester is seeking to achieve and necessary in the interests of national security, for the purposes of preventing or detecting crime, or in the interests of the economic well-being of the UK. In addition, acquiring the information in an intelligible form without a notice must not be reasonably practicable. [3]

The notice must be in writing, describe the protected information to which it relates, specify the position of the person giving the notice, specify the position of the person who granted permission for the notice, and establish a time limit for compliance with the notice. The notice must also describe the disclosure that is required and the way that the disclosure should be made. [4] The penalty for failing to comply with a disclosure notice is up to two years’ imprisonment for regular cases or five years’ imprisonment in national security cases, upon conviction. [5] This term of imprisonment has been criticized as being insufficient on the grounds that, if an individual’s device contains encrypted information that could be used as evidence to convict him or her of a serious criminal offense, refusing to provide the encryption key in response to a notice carries a lesser sentence than the individual might otherwise receive. [6]

Redacted information in a report by the Intelligence and Security Committee of Parliament indicates that Government Communications Headquarters (GCHQ) has a program of work dedicated to unlocking encrypted communications, which requires no ministerial authorization. [7]

The program is provided for under the general power given to the GCHQ under section 3(1)(a) of the Intelligence Services Act, which states that the GCHQ may “monitor or interfere with electromagnetic, acoustic and other emissions and any equipment producing such emissions and … obtain and provide information derived from or related to such emissions or equipment and from encrypted material.” [8]

The Intelligence Services and Police may interfere with equipment (also known as “computer network exploitation”) to obtain communications, equipment data, and other information from equipment. The use of computer network exploitation varies from using someone’s login information to remotely and covertly installing software on a device. [9] The security and intelligence agencies may apply to the Secretary of State to obtain a warrant to use equipment interference if it is necessary in the interests of national security or the economic well-being of the UK, or to prevent and detect serious crime. [10]

Back to Top

II. Pending Investigatory Powers Bill

A draft Investigatory Powers Bill was published in the autumn of 2015 and consolidates and expands provisions relating to law enforcement’s access to encrypted information. [11]

A. Equipment Interference

The Bill would introduce specific procedures for law enforcement and intelligence services to undertake equipment interference to access individuals’ devices and computers to obtain data, such as communications via texts and email, and geolocation. Equipment interference could also be used to obtain otherwise encrypted data. [12] Clauses 88–90 of the Bill would provide law enforcement with the ability to apply for warrants for two equipment interference purposes:

  • Targeted equipment interference . This would authorize law enforcement to interfere with equipment to obtain communications, private information, or equipment data, as well as to disclose, monitor, and examine this material.

  • Targeted examination warrants . This would authorize the individual named in the warrant to examine material obtained under a bulk equipment interference warrant. Bulk equipment interference warrants are provided for in clauses 119–137 of the Bill and would apply only to individuals outside the UK.

Clauses 84–91 would authorize a senior law enforcement officer, with approval from a Judicial Commissioner, or the Secretary of State upon application from the intelligence services, to issue a warrant for equipment interference. Clause 84 provides that, for the intelligence services to obtain a warrant for equipment interference from the Secretary of State, the applicant would need to show that it is necessary

  • on the grounds of national security,

  • to prevent or detect serious crime, or

  • that it is in the interests of the economic well-being of the UK, and

  • that the warrant is proportionate.

Clause 89 of the Bill would authorize senior law enforcement officers to apply for a warrant to authorize equipment interference if necessary

  • for the purposes of preventing and detecting serious crime; or

  • to prevent death, injury, or damage to a person’s physical or mental health; and

  • that is a proportionate response.

The Bill would allow warrants to be granted to intercept equipment in cases where the targeted equipment interference is to obtain information subject to a legal privilege. There must be exceptional and compelling circumstances to justify the interception of such materials, however, and additional handling arrangements must be in place. [13] An individual who has a warrant would be able to serve a copy of it on anyone who may be able to assist him/her, including individuals outside the UK. [14] Clause 111 would “[place] a duty on telecommunications providers to assist with the implementation of equipment interference warrants.” [15]

Because of the sensitive nature of such warrants, the Bill would create a duty not to make unauthorized disclosures about the existence or details of both the warrant and any materials obtained under it, and clause 116 sets out a specific offense of the unauthorized disclosure of such information.

B. Notices Requiring Communication Service Providers to Facilitate Assistance

Clause 214 of the Bill would authorize the Secretary of State to introduce measures to facilitate compliance with the Bill in areas that include decryption of communications. Clause 217 would enable the Secretary of State to impose obligations on communication service providers through regulations, in the form of technical capability notices to facilitate assistance to warrants issued under specified parts of the Investigatory Powers Bill. Clause 213 provides that communication service providers would receive a contribution towards any costs they incurred to comply with the measure. Clause 189 provides that such obligations would include the removal of electronic protection applied by an operator, or any third party acting on their behalf, to any data or communications. When making these notices, the Secretary of State would be required to take into account the technical feasibility and cost of compliance.

C. Opposition to the Bill

These provisions have met considerable resistance both within the government and in private industry, who are concerned not only with the ability to access the communications that it appears the Bill requires, but also at the negative impact it could have on the UK’s technology industry. Recommendations from the committee reviewing the Bill notes that the government should make it explicit that, if the Bill is adopted, providers of “end-to-end encrypted communication or other un-decryptable communication services will not be expected to provide copies of those communications if it not practicable for them to do so.” [16] Concerns have been raised that the language used in this clause would result in the prohibition of end-to-end encryption in the UK, and review committees are urging the government to clarify the nature of the obligations that would be required under the Bill. The government has responded that a Code of Practice will contain further details as to the necessity and proportionality of imposing these requirements on communication service providers. [17]

The Bill is currently in draft form, which means it will be reviewed and subject to consultations before being formally introduced in the House of Commons. As the Bill contains some controversial provisions, it is uncertain when it will be formally introduced, or if introduced whether it will be enacted.

Back to Top

Prepared by Clare Feikert-Ahalt
Senior Foreign Law Specialist
May 2016

[1] Regulation of Investigatory Powers Act 2000, c. 23, § 49 & sched. 2, 2000/23, archived at

[2] David Anderson Q.C., A Question of Trust: Report of the Investigatory Powers Review ¶ 8.30 (June 2015), , archived at

[3] Regulation of Investigatory Powers Act 2000, c. 23, § 49.

[4] Id.

[5] Id. § 53.

[6] Anderson, supra note 2, ¶ 8.31.

[7] Intelligence and Security Committee of Parliament, Privacy and Security: A Modern and Transparent Legal Framework, 2014–15, H.C. 1075, ¶¶ 179–180, 20150312_ISC_P+S+Rpt(web).pdf, archived at

[8] Intelligence Services Act 1994, c. 13, § 3(1)(a),, archived at

[9] Id. §§ 5 & 7; Police Act 1997, c. 50, § 93,, archived at https://perma. cc/ 2QW2-LZTX.

[10] Intelligence Services Act 1994, § 3(2).

[11] Draft Investigatory Powers Bill 2015, 2015–16 Cm. 9152, available at publications/draft-investigatory-powers-bill , archived at

[12] House of Commons Library, Investigatory Powers Bill, Mar. 11, 2016, Briefing Paper No. 7518, , archived at LP5A-964S.

[13] Draft Investigatory Powers Bill 2015, cl. 100.

[14] Id. cls. 109–110.

[15] House of Commons Library, supra note 12, at 43.

[16] Id. at 71.

[17] Id. at 42.

Back to Top

Last Updated: 12/30/2020