|Editions | myCNN | Video | Audio | Headline News Brief | Feedback||
U.K. e-mail snooping bill passed
LONDON (IDG) -- The surveillance bill granting the U.K. government sweeping powers to access e-mail and other encrypted Internet communications passed its final vote in the House of Commons on Wednesday and is set to become law on October 5.
Among other provisions, the Regulation of Investigatory Powers (RIP) bill requires ISPs (Internet service providers) in the U.K. to track all data traffic passing through their computers and route it to the Government Technical Assistance Center (GTAC). The GTAC is being established in the London headquarters of the U.K. security service, MI5 -- the equivalent to the Federal Bureau of Investigation (FBI) in the U.S.
The House of Commons, which had already passed the RIP bill earlier in the year, voted to approve amendments added by the House of Lords on July 13. Mainly as a formality, the bill must now be signed by the Queen to receive its official passage into law with what is known as the Royal Assent.
Some U.K. ISPs and civil rights organizations have argued that the amendments are mainly cosmetic and do not adequately address the "Big Brother" powers granted to the U.K. government to access e-mail and other electronic data without a warrant.
Under the provisions of the RIP bill, the U.K. government -- specifically the Home Office and its head, the Home Secretary (a post currently held by Jack Straw) -- can demand encryption keys to any and all data communications, with a prison sentence of two years for those who do not comply with the order.
Furthermore, if a company official is asked to surrender an encryption key to the government, that individual is barred by law from telling anyone -- including their employer, be it senior management or security staff -- that they have done so. Guidelines for this "tipping-off" offense, as it is known, could leave an international company completely unaware that what it assumes is secure company data may be under investigation by MI5. Those violating the tipping-off offense can face up to five years in prison.
While U.K. employees are protected against the consequences of passing encryption keys or encrypted data to the government, that protection does not extend outside the U.K. to other jurisdictions, such as that of the parent company.
Civil liberties organizations are worried that the government's e-mail interception bill would grossly encroach on privacy, while businesses fear the law will force e-commerce companies to move operations to other countries, such as Ireland, which do not have such restrictions.
And ISPs in the U.K. are concerned that the cost of establishing the technology required by the RIP bill would be crippling. Some ISPs in the U.K., including PSINet, have said they will be forced by the RIP bill to move their operations out of the U.K. altogether.
On June 16, the House of Lords received an open letter signed by 50 organizations, asking that the bill be further amended or scrapped altogether. The letter, which in part reads: "We are deeply concerned that the bill will inhibit the development of the Internet and e-commerce," includes Esther Dyson, Consumers International and Amnesty International as signers.
The amendments added by the House of Lords -- while not changing any of the major provisions in the RIP law -- give the government the discretion to allow companies to turn over printed text rather than encryption keys. Furthermore, as with telephone wire taps, the Home Secretary must now personally approve in writing all interception warrants as well as financial compensation for ISPs required install monitoring equipment.
During Wednesday's debate in the House of Commons, Home Office minister Charles Clarke argued that the RIP bill will not harm e-commerce in the U.K. and that the law suffers primarily from a perception problem, caused mainly by alarmist reports in the media.
"Given the comments made in the overseas media, we must explain clearly what the Bill is and is not, and why we do not believe it poses a threat to e-commerce in Britain; on the contrary, it will help to achieve the government's aim of a strong and secure e-commerce economy, to which we are all committed," Clarke said to the House of Commons
Clarke stressed that "propaganda is needed" to re-educate the public about the provisions of the bill and asked the House with help in promoting "the interests of this country's businesses when the time comes."
The British Broadcasting Corp. has estimated that implementing the RIP bill will cost companies 46 billion pounds (US$69.9 billion) over five years, a claim that Jack Straw vehemently denied in a letter sent to the Financial Times on June 14 and posted on the Home Office Web site.
Some opponents of the RIP bill are pointing out that the technology provided for in the bill is already out of date and fairly simple to circumvent.
In an article for New Scientist magazine, Internet security experts Ian Brown, from the University College London, and Brian Gladman, a former employee for the Ministry of Defence, asserted that people (including criminals) can easily avoid the "black box." All users have to do is set up their own mail servers over which they then use prepaid mobile phones or free, anonymous Internet accounts.
"The powers for interception and for the seizure of encryption keys are technically inept," Brown and Glandman said.
The pair also pointed out that "it is very unlikely that the Government will install interception equipment at the many small ISPs since the overall costs of doing this will be high and the gains involved will be very limited. It is very likely that any interception capability will be at larger ISPs and this means that using a small ISP can reduce the likelihood that email is vulnerable to interception."
U.K. pulls back on cybersnoop bill
RELATED IDG.net STORIES:
U.K. government pulls back on cybersnoop bill
The Home Office
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.