Intelligence agencies ignore security powers

Law requiring companies to hand over encryption keys not yet used by intelligence services

GCHQ has not yet forced firms to hand over encryption keys

A controversial law that requires encryption keys to be handed over to authorities has not been used by any of the three main intelligence agencies.

Part III of the Regulation of Investigatory Powers Act came into force in October 2007 and gives authorities the power to require firms to hand over encryption keys.

But a report from the Intelligence Services Commissioner ­ who oversees the work of MI5, MI6 and GCHQ ­ said: “There has been no exercise or performance of powers and duties under Part III for me to review.”

Businesses raised concerns over the government’s poor track record of keeping valuable information, resulting in safeguards which may have made the law difficult to enforce, said Peter Sommer, security expert at the London School of Economics.

“The code of practice took a long time to agree and there are now a lot of hoops that have to be jumped through,” said Sommer.

Following the pressure from business, the government wanted to ensure law enforcement agencies could only access relevant information.

Drafting the law and introducing a workable code of practice was difficult because it needed to apply to home and business-based technology.

Approval for a Section 49 notice ­ the requirement to hand over an encryption key ­ can only be given by senior officers, and they can be appealed.

Notices can be served by police as well as the intelligence services.

Last November animal rights campaigners became the first to be hit with Section 49 notices by the Crown Prosecution Service, and faced two years in prison if they failed to comply.