House of Commons
Session 2008-09
Publications on the internet
Other Bills before Parliament
protectionofchildren.html">Bill Home Page

Protection Of Children


These notes refer to the Protection of Children (Encrypted Material) Bill as introduced in the House of Commons on 21 January 2009 [Bill 18]





1.     These Explanatory Notes relate to the Protection of Children (Encrypted Material) Bill as introduced in the House of Commons on 21 January 2009. They have been prepared by Sir Paul Beresford, the Member in charge of the Bill, in order to assist the reader of the Bill and to help inform debate on it. They do not form part of the Bill and have not been endorsed by Parliament.

2.     The Notes need to be read in conjunction with the Bill. They are not, and are not meant to be, a comprehensive description of the Bill. So where a clause or part of a clause does not seem to require any explanation or comment, none is given.


3.     This Bill is designed to give greater protection to children by raising the penalty for failing to provide the “key” to encrypted data to the police when requested. It also makes the offence of refusing to provide the key subject to notification requirements when the provisions of this Bill apply.

4.     Part 3 of the Regulation of Investigatory Powers Act 2000 allows the police to request the “key” to encrypted data or request that it is provided to them unprotected. The offence, as drafted, carries a maximum sentence of two years’ imprisonment although section 15 of the Terrorism Act 2006 amended the Act to provide for a higher penalty where the material was likely to involve terrorist material.

5.     Law enforcement agencies have become increasingly concerned that encryption is being used to hide indecent photographs of children. Encryption programs are becoming more readily available and, for example, the latest version of Microsoft Vista includes the ability to encrypt data.

Bill 18—EN     54/4


Clause 1: Amendment of Penalty

6.     Whilst a person refusing to provide the “key” would commit an offence under section 53, there is concern that offenders will not do so. If they are aware that the protected data contains indecent photographs of children then there is no incentive to disclose the key. By not doing so, they are liable for a maximum sentence of two years’ imprisonment. However if they do disclose the data then they are liable for a maximum sentence of either five years’ imprisonment (possession of an indecent photograph of a child: section 160, Criminal Justice Act 1988) or 10 years’ imprisonment (making an indecent photograph of a child: section 1, Protection of Children Act 1978). The Sentencing Guidelines Council recommend that even where section 1 is used, the ordinary maximum should be five years ? the duration provided in this Bill.

7.     The higher penalty would apply in one of three defined circumstances:

        a)     where the offender has been previously convicted of a “relevant sexual offence” (see paragraph 8 below).

        b)     where the offender is currently in possession of an indecent photograph of a child although he has not yet been prosecuted for it. This is designed to cater for situations where, for example, the computer has, alongside the protected data, an unencrypted file containing an indecent photograph of a child or where other media in his possession contains such photographs.

        c)     where the court is satisfied on the balance of probabilities that the protected data is likely to include an indecent photograph of a child. This would cover situations where the police can prove that the offender is likely to be involved in child pornography (for example, search engine terms, emails, intelligence). Using the civil (rather than criminal standard) is not problematic because the offence is refusing to hand over the key or unencrypted data. It is this which amounts to the offence and requires proof beyond all reasonable doubt. As this provision does not create a separate offence, the civil standard is compliant with domestic and human rights legislation.

8.     “Relevant sexual offence” is an offence relating to indecent photographs of children, namely:

        a)     section 1, Protection of Children Act 1978 (the principal legislation in this area).

        b)     section 160, Criminal Justice Act 1988 (possession of indecent photographs).

        c)     section 170, Customs and Excise Management Act 1979 (importation of indecent photographs) but only where it is an indecent photograph that has been imported (and not drugs, for example).

        d)     sections 48-50, Sexual Offences Act 2003 (abuse of a child through prostitution or pornography) but only where it involved pornography (and not prostitution).

These offences have been chosen because they show a propensity to use indecent photographs of children and make it more likely that the protected data (which the offender is refusing to provide) contains indecent photographs of children.

9.     This Bill does not provide for any new criminal offence. The offence is refusing to hand over encrypted data and if the suspect complies then the provisions of this Bill are not triggered. In the recent Court of Appeal decision in R v S and A [2008] EWCA Crim 2177 it was held that section 53 does not infringe any fundamental human right. Sir Igor Judge P. (now Lord Judge CJ) stated:

    The material which really matters is lawfully in the hands of the police. Without the key it is unreadable. That is all. The process of making it readable should not alter it other than putting it into an unencrypted and intelligible form that it was in prior to encryption; the material in the possession of the police will simply be revealed for what it is. To enable the otherwise unreadable to be read is a legitimate objective which deals with a recognised problem of encryption. The key or password is, as we have explained, a fact. It does not constitute an admission of guilt. Only knowledge of it may be incriminating. The purpose of the statute is to regulate the use of encrypted material, and to impose limitations on the circumstances in which it may be used..In the end the requirement to disclose extends no further than the provision of the key or password or access to the information. No further questions arise. The notice is in very simple form (at [25]).

This is relevant to this Bill: the disclosure of the key is separate from whether the data itself breaches any laws.

Clause 2: Notification Requirements

10.     This clause provides that where a person breaches section 53 in the circumstances outlined above they become subject to the notification requirements under Part 2 of the Sexual Offences Act 2003. The courts have consistently stated that the notification requirements are not a penalty and so their imposition in these circumstances does not make the measures more punitive.

Clause 3: Commencement

11.     This Bill will come into force three months after Royal Assent. The three months allows for the police, Crown Prosecution Service and judiciary to become aware of its provisions.

Bill Home page  
House of Commons home page Houses of Parliament home page House of Lords home page search page enquiries ordering index

© Parliamentary copyright 2009
Prepared: 13 March 2009