[This information is now archived]

The Regulation of Investigatory Powers Bill has been introduced to provide a framework for the interception of telecommunications traffic, including information contained in emails, web pages, e-commerce transactions and other forms of Internet communication. The Bill repeals the Interception of Communications Act 1985, and is intended to ensure that the interception of data traffic is compatible with Human Rights legislation.

How does it affect me?

The Bill has some far-reaching provisions to allow Government agencies to intercept traffic, to demand its decryption, and to prosecute those who do not co-operate with any investigation. These provisions may be incompatible with the European Convention on Human Rights, could prove very damaging to e-commerce and high-tech business, and allow widespread invasion of privacy by Government agencies. Internet Service Providers may face higher startup and running costs, and innocent people could find themselves in court or facing a long prison sentence. The same provisions which may send the innocent to prison could allow the real crooks to serve shorter sentences, so the Bill could be ineffective at protecting UK citizens from criminal activity.

Decryption of Information

Strong encryption has become the cornerstone of e-commerce and confidential communication on-line. Used correctly, such encryption techniques guarantee that sensitive commercial or personal data will not fall into the wrong hands: without it, privacy and safe e-commerce on the Internet are impossible.

The Bill contains a clause which requires you to decrypt your data on-demand, or prove you cannot do so. You may be required to prove that you have lost or forgotten your password - failure to do so could mean a two year prison sentence. Article 6 of the European Convention on Human Rights provides that a person should not be required to prove innocence, and the presumption of innocence is a long-standing principle of our criminal justice system. Despite repeated questioning and public concern, Government ministers have never been able to say how a person may prove they have forgotten a password.

The "Get-Out-Of-Jail" Card

The provisions which may send innocent people to prison for two years will also enable real crooks to be released early. If such a person uses encrypted communications to coordinate, for example, a drug-smuggling operation or terrorist campaign, the prospect of a lighter sentence for failure to decrypt emails and other files will seem a small price to pay compared to life imprisonment for the more serious offence. Again, ministers have continued to ignore this point in the light of increasing public concern.

Data Trawling

The wording of the Bill provides that just about any Government agency can intercept data traffic for the fulfillment of "any statutory duty". Although warrants to monitor so-called "internal" traffic will need to specify who and what is to be monitored, there are no such provisions for "external" traffic. Since Internet traffic is routed regardless of international boundaries, your communications could be intercepted at any time - and don't forget those severe penalties if you fail to decrypt your private data.

If you access information on an overseas website, receive an email from a colleague in another country, or use a web-based messaging service like Hotmail or ICQ (where the servers are located in the US), your private information could be monitored by any Government agency for any purpose. Since it is also an offence for anyone involved in such monitoring to reveal that it has taken place (even years after the conclusion of an investigation, regardless of its outcome) it is highly unlikely that you will ever know.

Extra ISP Costs

The Government propose that Internet Service Providers (ISPs) should install equipment to allow monitoring of 15% of their data traffic. The initial costs will be met by UK tax-payers, but the running costs (of between �20,000 to �250,000) will be met by the ISP. Given that many ISPs operate on slender margins in a highly competitive market, the burden could prove too great for many of them. Since the Government professes to be in favour of e-commerce and high-tech business, it should be doing all it can to help these businesses, rather than introducing the equivalent of a new tax which could break them.

The data monitoring requirement could apply to more than just ISPs, though. The Bill contains a broad definition of "telecommunications provider" which could mean that a person carrying a mobile phone or a pager is a provider, and should, therefore, be able to monitor all communications through that device. If you operate a website, email server, or any other service which uses telecoms, you could be deemed to be a provider and required to foot the bill for the monitoring equipment. This will be good news for overseas ISPs (since it is just as easy to purchase webspace from them as from a UK provider) but more bad news for ISPs and Internet hosting companies here.

What Can I Do?

The Bill has already passed its third reading in the House of Commons, without amendment. It will go to the Lords before the end of May, and there is a chance that the Liberal Democrats and Conservative representatives in the Lords can amend the legislation (the Government do not have an overall majority in the Lords, and both other parties are concerned about the provisions in the Bill).

Write to your MP and express your concerns. Tell your MP how this could affect your business, how it will increase your costs, and how it will hinder the growth of e-commerce in the UK -- and assist our overseas competitors. You may have concerns over the civil liberties aspects of the Bill: it could criminalise the innocent and flies in the face of accepted legal principles, that you should not be required to prove your innocence. Point out that law enforcement agencies need real powers to defeat crime without giving them the means for mass invasion of privacy and interception of data traffic. Point out that now is make-or-break time for e-commerce in the UK, and this Bill could have very damaging and long-lasting effects.

The more MPs are aware of this, the more likely it is that the Lords will be motivated to oppose and amend the legislation. The Bill is set to become law by October, and it will have very serious, tangible and damaging implications for high-tech business in the UK.