[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) FIPR News Release: Report on 3rd Reading of "Internet Snooping" Bill




------- Forwarded message follows -------
From:           	"Caspar Bowden" <cb@fipr.org>
To:             	"Ukcrypto \(E-mail\)" <ukcrypto@maillist.ox.ac.uk>,
	<cryptography@c2.net>,
	<eucrypto@fitug.de>,
	<cyber-rights-UK@cyber-rights.org>
Subject:        	FIPR News Release: Report on 3rd Reading of "Internet Snooping" Bill
Date sent:      	Tue, 9 May 2000 14:24:45 +0100
Send reply to:  	ukcrypto@maillist.ox.ac.uk


Web version at http://www.fipr.org/rip/PR3RHC.htm

News Release
Tue 9th May 2000
FOR IMMEDIATE USE

Contact:	Caspar Bowden
          (director of FIPR)
  +44 (0)20 7354 2333
  cb@fipr.org
   www.fipr.org/rip

================================================================= FIPR
report on Third Reading debate in House of Commons (8th May)
================================================================= *
Tories oppose Internet snooping Bill - challenge on costs and Human
Rights * Home Office renege on promise of consultative body on
interception
  capability
* Home Office abandon "level playing field" for all telcos/ISPs -
plans
  unknown
* Website logs are "communications data" - Big Browser Will Be
Watching You * Company directors exempted from Pt.III decryption
powers * Individuals and employees still presumed guilty until prove
key
  non-possession
* No Codes of Practice on view - Watchdog in Washington

As time ran out for the Third Reading of the Regulation of
Investigatory Powers Bill a mass of Government amendments were passed
as fast as the Speaker could read them out, but the Bill remains
deeply flawed and it will be for the Lords to attempt to sort out the
mess. Opposition speakers were reduced to urging changes "in another
place" as the Government's massive majority was used to steamroller
through a Bill that few MPs seem to understand.

In an unusual role-reversal of Party alignments on civil liberties,
the Conservatives opposed the Third Reading in a reasoned amendment
that harshly criticised the Internet snooping legislation for its "sad
inadequacy" on grounds of "repugnant" human rights incompatibility,
and uncompetitive burdens imposed on the UK's fledging e-economy. Home
Office Minister of State Charles Clarke MP reacted angrily, but the
LibDems unaccountably supported the Bill whilst levelling the same
objections to the infamous "reverse-burden-of-proof" clauses on the
possession of keys to unlock computer data.

Oliver Heald MP (Shadow Home Affairs) lambasted the government for
their refusal to provide any detailed justification for the assertion
that RIP is compatible with the Human Rights Act, despite previous
government assurances that such legal controversies would be fully
explored in parliamentary debate. The provision requiring a person who
has innocently lost an encryption key or forgotten a password to prove
this to a court on the "balance of probabilities" in order to
establish their defence, overturns the presumption of innocence
guaranteeing a fair trial under Article 6 of the European Convention
on Human Rights, according to a detailed Legal Opinion commissioned by
JUSTICE and FIPR. The government has refused an Open Government
request to disclose their legal advice, despite a Select Committee
recommendation that they should "publish a detailed analysis to
substantiate its confidence"1 and government later declaring
themselves willing to do so2. Simon Hughes MP (LibDem) mocked this,
saying "I have never understood why the Government are so reluctant to
disclose the advice, which, by definition, they claim must support
their case".

Notes for editors
------------------
1. Comprehensive background, briefing, reports on the RIP Bill,
including live links to more than 130 newspaper, radio, TV and Web
stories - is at the FIPR RIP Information Centre at www.fipr.org/rip

2. FIPR is an independent non-profit organisation that studies the
interaction between information technology and society, with special
reference to the Internet; we do not (directly or indirectly)
represent the interests of any trade-group. Our goal is to identify
technical developments with significant social impact, commission
research into public policy alternatives, and promote public
understanding and dialogue between technologists and policy-makers in
the UK and Europe. The Board of Trustees and Advisory Council
(http://www.fipr.org/trac.html) comprise some of the leading experts
in the UK.

Part.1 Chapter.1 - INTERCEPTION
MINOR CONCESSION BUT HOME OFFICE RENEGING ON TECHNICAL APPROVALS BOARD
======================================================================
= The government introduced amendments which would require a Commons
vote before imposing interception requirements on ISPs, but rejected a
revived Tory motion to create a Technical Approvals Board comprised of
industry experts who would vet Home Office interception wish-lists for
cost and feasibility. Heald made a powerful case, citing strong
industry support (that Clarke had doubted in Committee) for the TAB
from the Federation of the Electronics Industry (who said Heald had
"clearly won the argument") and Internet switching centre LINX ("we
had always assumed there would be one"). Heald referred to the Home
Office's own consultation paper of June 1999 which had promised "an
independent body to provide impartial advice on how to balance the
requirements of the Agencies and CSPs. This should help to ensure that
any requirements are reasonable, proportionate and do not place CSPs
at a disadvantage compared with their competitors"3. Glossing over
this, Clarke said only that ongoing consultations with ISPs would
suffice, although ISPA and LINX have recently criticised the poor
quality and infrequency of consultation in an open letter of protest
to e-Envoy Alex Allen4.

In a telling passage, Clarke said that those organisations already
subject to interception requirement - i.e. telecommunication companies
rather than ISPs - were opposed to a. When challenged whether the Home
Office would seek to canvass ISP opinion on this issue, Clarke
restated that he had received no requests on the matter and the
"process was an open one".

Clarke rejected the 30m price-tag on costs to ISPs of installing and
maintaining interception equipment, because he said he did not
envisage all ISPs being required to intercept - tantamount to an
admission that the Home Office has abandoned its rationale of
"levelling the playing field". The 30m figure was derived from the
report of the Home Office's own consultants5, making the assumption
that the largest 20 of the UK's 400 ISPs would have to take up
higher-cost options for blanket interception, whilst the reminder
would only install the cheaper "e-mail only" capability. Government
also rejected amendments that required ISPs to be compensated for
interception costs (rather than discretionary payments) and to report
awards of such payments to Parliament.

Part.1 Chapter.2 - COMMUNICATIONS ("TRAFFIC") DATA
Big Browser Will Be Watching You
================================
Harry Cohen MP asked for clarification that communications data, which
he pointed out could be requisitioned by thousands of designated
public authorities, could not later be used for other purposes such as
collection of council tax or vehicle excise. The reply was ambiguous,
Mr.Clarke referring only to data protection principles, declining to
comment on (DPA98 S.29) tax and customs exemptions which would
ostensibly allow inter-departmental fishing expeditions - but did
confirm that acquisition of communications data for national security
purposes was wholly exempt from controls. Mr.Cohen pointed out that
there was no audit trail for any secondary transfers of data, and
therefore the Commissioner would be unable to monitor its occurrence
or report abuse. Mr.Cohen also deplored the fact that the Data
Protection Commissioner had not been given the oversight role for
communications data, and referred to her comments on the RIP Bill as
"scathing"6. The Interception Commissioner now has this
responsibility, together with telephone tapping, e-mail interception,
and official access to all other types of communications data. Last
week the Home Office confirmed that logs of websites browsed are
considered communications data, and therefore no warrant is required
for any public authority to look at the Web browsing habits of any
citizen for any of the very broad purposes allowed (there are also
secondary powers to create further purposes not specified on the face
of the bill).

Part.3 - DECRYPTION POWERS - So it is key-escrow by intimidation
================================================================
After referring to the FIPR/JUSTICE opinion and describing as
"repugnant" the reverse-burden of proof defence requiring a 
demonstration of something logically impossible, Mr.Heald said that
RIP snapped the "golden thread of British justice" - that to be guilty
of a criminal offence a person must have a guilty mental intention -
'mens rea'.

Surprisingly Mr.Clarke amended S.69 to exempt company directors from
liability under Part.III - that is, they are no longer personally
liable for failure of their company to comply with a decryption
notice. This was the chief cause of FIPR's diagnosis of government
strategy as being that of "key escrow by intimidation" - however it
still leaves individuals and company employees in the firing line.

Mr.David Maclean MP gave an eloquent and forthright denunciation of
the S.49 offence, saying that it was simply unjust and wrong. When
replying on the crux issue of burden-of-proof, Mr.Clarke repeated
puzzling previous references to the defence only having to make its
case on the "lower" burden of the balance of probabilities -
suggesting that he understands "reverse-burden" to mean the defence
having to prove innocence beyond reasonable doubt (sic), a concept
unknown in any legal system. He re-iterated his position in Standing
Committee that the accused could explain what had happened to the key
or passphrase, and the court would take that into account. When Simon
Hughes MP intervened to point out that these would be excellent
arguments if the accused were being given the benefit of a reasonable
doubt, instead of a 50:50 chance, Mr.Clarke simply he did think
Mr.Hughes view was right.

Mr.Clarke also said he would consider increasing the prison sentence
for a S.49 offence if it appeared that serious criminals were
resorting to the cunning plan of claiming a bad memory (a subterfuge
which FIPR wrote repeatedly to the Home Office about more than two
years ago without receiving any reply).

The government introduced an amendment that a key could be demanded
instead of plaintext only if it was believed there were "special
circumstances", for example a suspect  - who by definition was not to
be trusted to supply the plaintext of incriminating material. The word
"exceptional" rather than "special" had been considered and rejected,
and Mr.Clarke did not repeat earlier assertions that access to keys
would only be necessary in a tiny minority of cases.

Part.4 - Oversight
Watchdog in Washington - Commissioners will operate on "need-to-know"
=====================================================================
The government again rejected Opposition amendments to unify the
system of five Commissioners (six including the DPC), but agreed
instead to a "unified secretariat" and the provision of an unspecified
capacity to undertake investigations, although the secretariat would
operate on a "need-to-know" basis. None of the Codes of Practice
arising from RIP were available, and the government promised only to
have drafts ready before the Bill became law. Absent from the debate
were all members of the Intelligence and Security Committee, the
parliamentary watchdog charged with oversight of Britain's spy
agencies, who were on an official visit to Washington on committee
business.

--
Caspar Bowden               Tel: +44(0)20 7354 2333
Director, Foundation for Information Policy Research
RIP Information Centre at:    www.fipr.org/rip#media




------- End of forwarded message -------