[This information is now archived]
The Regulation of Investigatory Powers
Bill has been introduced to provide a framework for the
interception of telecommunications traffic, including
information contained in emails, web pages, e-commerce
transactions and other forms of Internet communication.
The Bill repeals the Interception of Communications Act
1985, and is intended to ensure that the interception
of data traffic is compatible with Human Rights legislation.
How does it affect me?
The Bill has some far-reaching provisions
to allow Government agencies to intercept traffic, to
demand its decryption, and to prosecute those who do not
co-operate with any investigation. These provisions may
be incompatible with the European Convention on Human
Rights, could prove very damaging to e-commerce and high-tech
business, and allow widespread invasion of privacy by
Government agencies. Internet Service Providers may face
higher startup and running costs, and innocent people
could find themselves in court or facing a long prison
sentence. The same provisions which may send the innocent
to prison could allow the real crooks to serve shorter
sentences, so the Bill could be ineffective at protecting
UK citizens from criminal activity.
Decryption of Information
Strong encryption has become the cornerstone
of e-commerce and confidential communication on-line.
Used correctly, such encryption techniques guarantee that
sensitive commercial or personal data will not fall into
the wrong hands: without it, privacy and safe e-commerce
on the Internet are impossible.
The Bill contains a clause which requires
you to decrypt your data on-demand, or prove you cannot
do so. You may be required to prove that you have lost
or forgotten your password - failure to do so could mean
a two year prison sentence. Article 6 of the European
Convention on Human Rights provides that a person should
not be required to prove innocence, and the presumption
of innocence is a long-standing principle of our criminal
justice system. Despite repeated questioning and public
concern, Government ministers have never been able to
say how a person may prove they have forgotten a password.
The "Get-Out-Of-Jail" Card
The provisions which may send innocent
people to prison for two years will also enable real crooks
to be released early. If such a person uses encrypted
communications to coordinate, for example, a drug-smuggling
operation or terrorist campaign, the prospect of a lighter
sentence for failure to decrypt emails and other files
will seem a small price to pay compared to life imprisonment
for the more serious offence. Again, ministers have continued
to ignore this point in the light of increasing public
concern.
Data Trawling
The wording of the Bill provides that
just about any Government agency can intercept data traffic
for the fulfillment of "any statutory duty". Although
warrants to monitor so-called "internal" traffic will
need to specify who and what is to be monitored, there
are no such provisions for "external" traffic. Since Internet
traffic is routed regardless of international boundaries,
your communications could be intercepted at any time -
and don't forget those severe penalties if you fail to
decrypt your private data.
If you access information on an overseas
website, receive an email from a colleague in another
country, or use a web-based messaging service like Hotmail
or ICQ (where the servers are located in the US), your
private information could be monitored by any Government
agency for any purpose. Since it is also an offence for
anyone involved in such monitoring to reveal that it has
taken place (even years after the conclusion of an investigation,
regardless of its outcome) it is highly unlikely that
you will ever know.
Extra ISP Costs
The Government propose that Internet
Service Providers (ISPs) should install equipment to allow
monitoring of 15% of their data traffic. The initial costs
will be met by UK tax-payers, but the running costs (of
between �20,000 to �250,000) will be met by the ISP. Given
that many ISPs operate on slender margins in a highly
competitive market, the burden could prove too great for
many of them. Since the Government professes to be in
favour of e-commerce and high-tech business, it should
be doing all it can to help these businesses, rather than
introducing the equivalent of a new tax which could break
them.
The data monitoring requirement could
apply to more than just ISPs, though. The Bill contains
a broad definition of "telecommunications provider" which
could mean that a person carrying a mobile phone or a
pager is a provider, and should, therefore, be able to
monitor all communications through that device. If you
operate a website, email server, or any other service
which uses telecoms, you could be deemed to be a provider
and required to foot the bill for the monitoring equipment.
This will be good news for overseas ISPs (since it is
just as easy to purchase webspace from them as from a
UK provider) but more bad news for ISPs and Internet hosting
companies here.
What Can I Do?
The Bill has already passed its third
reading in the House of Commons, without amendment. It
will go to the Lords before the end of May, and there
is a chance that the Liberal Democrats and Conservative
representatives in the Lords can amend the legislation
(the Government do not have an overall majority in the
Lords, and both other parties are concerned about the
provisions in the Bill).
Write to your MP and express your concerns.
Tell your MP how this could affect your business, how
it will increase your costs, and how it will hinder the
growth of e-commerce in the UK -- and assist our overseas
competitors. You may have concerns over the civil liberties
aspects of the Bill: it could criminalise the innocent
and flies in the face of accepted legal principles, that
you should not be required to prove your innocence. Point
out that law enforcement agencies need real powers to
defeat crime without giving them the means for mass invasion
of privacy and interception of data traffic. Point out
that now is make-or-break time for e-commerce in the UK,
and this Bill could have very damaging and long-lasting
effects.
The more MPs are aware of this, the
more likely it is that the Lords will be motivated to
oppose and amend the legislation. The Bill is set to become
law by October, and it will have very serious, tangible
and damaging implications for high-tech business in the
UK. |