IT staff and computer users have been saved from provisions in climate change legislation that would have force them to release computer passwords and encryption keys even if they incriminated themselves.
The original version of the Climate Change Response Bill from mid-last year, still accessible last week in the “What’s New” section of the Climate Change Programme (CCP) website, included a provision to “seize any electronic storage medium for the purpose of recovering any erased or deleted data” and “demand from the occupier any other information that the inspector may reasonably require for the purpose of determining whether or not the regulations … have been complied with”.
The requirement to disclose information was specifically exempted from the protection against self-incrimination, New Zealand’s equivalent of the US Fifth Amendment.
The Law Commission last year said this provision should be retained in connection with protected digital evidence in respect of even serious crime (Assist police or they may hold up your IT: report). However in the act, passed late last year, the right not to self-incriminate has been restored and there is now no specific reference to uncovering “erased or deleted data”. This is replaced by a simple requirement to produce “any documents or business records (including electronic documents)” and supply “any other information that the inspector may reasonably require”.
The unusually strict provisions for search and seizure of records in the legislation were widely critcised during the bill’s passage through Parliament.