E-mails may trap ISPs in web of intrigue
By Siobhan Chapman
(IDG) -- Internet service providers (ISPs) may be forced to assist in criminal investigations and face more incidents of data surveillance if proposed changes to the laws on e-mail interception by Australian law enforcement agencies proceed.
Proposed amendments to the Telecommunications Interception Legislation Bill will open the scope for enforcement agencies to intercept undelivered e-mails stored on an ISP's server.
Under the current regime, ISPs are obliged to provide information to assist federal and state law enforcement agencies when both an interception warrant and a search warrant are issued.
Irene Graham, executive director of online privacy advocacy body Electronic Frontiers Australia (EFA), said if the bill gets passed as it stands in draft form, law enforcement agencies will need only a search warrant to demand an ISP disclose the contents and substance of e-mail messages that are stored on their systems.
Representatives of various law enforcement agencies, including the Australian Federal Police and the Australian Security Intelligence Organization, along with Frontiers and other industry representatives, met with a Senate Committee last week to discuss the proposed changes, as part of a three-day hearing on legislation relating to security and terrorism.
At the hearing, various agencies voiced concerns that a lack of understanding of technical specifications in the legislation, regarding the delivery and the storing of e-mailed communications, has frustrated police investigations in the past.
The issue centers on the different legislation covering delayed access or stored e-mail, compared to legislation covering delivered e-mail communication.
The current Telecommunications Interception Act protects all communications that are in passage over a telecommunications system, including e-mail and SMS (Short Message Service), and requires both an interception warrant and a search warrant.
Once an e-mail is downloaded onto a person's computer, it is deemed to have ceased its passage over the telecommunications system and is protected by other legislation.
At the moment, when an agency approaches an ISP with a search warrant, the ISP cannot differentiate between e-mails that are opened and unopened, so the ISP can deny access to data until the agency presents an interception warrant as well.
"The government proposes to remove the existing protections for undelivered e-mails. Presumably the problem, if there really is one, could also be solved by amending the Telecommunications Interception Act so that an interception warrant could be used for both undelivered and delivered e-mails. But that option would not give anywhere near as many agencies anywhere near as much power to invade the privacy of Internet users," Graham said.
"We think the proposed amendments are unclear but in view of existing law, we now think the intent of the proposed law is definitely to give less protection to the privacy of e-mail than currently exists. That is, e-mail in transit will have far less protection in transit than does a telephone call. So much for 'technology-neutral' laws that the government loves to talk about," she said.
"ISPs will be likely to receive a significantly larger number of 'requests' from a much larger range of enforcement agencies. And, given the proposed law does not explain what exactly is meant by a new term, 'stored communication', ISPs may find themselves at risk of infringing the existing Telecommunications Interception Act whilst trying to comply with search warrants."
Sources within the ISP industry, who did not wish to be named, also expressed concern over how this increased obligation to help criminal investigations will impact on their administrative overheads.
Simon Hackett, managing director at ISP Internode said there is a potential for collateral damage on top of extra administration costs and additional workload for ISPs if this legislation passes.
"The ISP sector continues to try to survive a tendency to add legislation that isn't necessarily useful or necessary," he said. "When somebody pops in with search warrant, then the concern is to try to ensure this doesn't cause operational problems to the ISP. If a search warrant is used there is a set of risks, and an ISP could be impacted negatively by that. For instance, there is a potential for collateral damage for ISPs."
Hackett added there is an onus on the government to educate the ISPs that will have to act on the legislation.
Gayle Hill, special consul at law agency Freehills, said: "It is prudent for ISPs to read carefully the terms of any warrant. Read very carefully what you are obliged to expose and to whom you're going to expose it."
Feds enlist ISPs in terrorist probe
September 13, 2001
Forensic tools may play role in investigation
September 12, 2001
RELATED IDG.net STORIES:
Privacy, money issues delay new FCC wiretapping rules
'Patriot Act' aids law enforcement
U.K. bill seeks compulsory data retention by ISPs
Corporates sign up for computer forensics training
Ashcroft has plans for antiterrorism tools
ISPs oppose Minnesota Web privacy bill
Internet providers band together to form interest group
Analysts: Ask ISPs for DOS protection
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
TECHNOLOGY TOP STORIES:
Report: SUVs pose danger to cars
New telemarketer tool trumps TeleZapper
Terra Lycos logs $2.2B loss
AOL to offer song downloads
Microsoft seeks fiscal fountain of youth
|Back to the top|