Legislating the Internet – The nightmare has arrived

THE REGULATION OF INVESTIGATORY POWERS BILL, 2000

“Government is too secretive. Too many decisions are taken behind closed doors without proper consultation with the public. Government then rushes new laws through Parliament and bad legislation is passed. People want to be better informed about what government is up to, and be consulted more.”

-JACK STRAW, ET AL: NEW POLITICS, NEW BRITAIN: RESTORING TRUST IN THE WAY WE ARE GOVERNED

So you may ask, “what does this have to do with me ?”, “I don’t live in the UK so what does it matter ?”

To answer these questions you have to understand a small amount about United Kingdom politics, don’t worry, its only short. In 1997 the (New) Labour Party came to power with a landslide victory, which gave them a massive majority, and as such a carte blanch to enact whatever new laws they wished. Historically the British government has always had close links with many other major governments possibly most importantly the United States. This has happened no matter which parties happen to be in power in either country. This is frequently referred to as “The Special Relationship”. The UK membership of the EEC also means that close relations exist with most European governments.

As the Internet has evolved from a bare bones information exchange into a full-blooded commercial operation the type of people using it has changed. Where it was an archaic nightmare of obscure command line controls it is now a point and click, idiot friendly, environment. As this change has taken place then corporates have seen the chance of money making and have moved in. The new age is upon us, information is god, you must be online for this fantastic experience and BTW, don’t forget your credit card.

Where there is money then we have the roots for corruption. ‘Corruption’ might be classed as a strong word, some prefer ‘political lobbying’. Government sees something evolving very quickly that it cannot control and has no real say in running. It knows it must get control of this beast because the people cannot be trusted with something this powerful. If the people control the information systems of the future how is a government going to able to ensure you read the ‘correct’ opinions?

Well the British government has come up with some interesting ideas….

It happens all over the world, politicians say one thing to get elected and then encounter ‘difficulties’ when it comes to implementing them. We should have realised this early in New Labours reign when, during there pre-election, promising the world spree, we were promised a ‘Freedom of Information’ bill and ‘Open accessible Government’. Of course anybody can realise that neither of these things are good for government because it means letting the people actually know things. So what did we end up with ?. We now have a Freedom of Information bill that is so crippled that you can actually find out less now then you could before and we have the RIP bill.

The RIP or Regulation of Investigatory Powers Bill is a wide ranging proposal to monitor every piece of electronic traffic in the UK and if you have the temerity to use some sort of encryption then you have to give the government the key or face two years in jail. This means every phone call you make, every e-mail you send, every web page you visit, every fax you send every time you use an ATM machine can be logged. Just take a moment to think about this, try and get through a day and not make some sort of electronic traffic, its not easy for anybody and is totally impossible for anybody who leads a normal lifestyle.

Of course we are being told that this is good for us. The argument goes along the lines of ‘if we can read everything then we can catch all the bad guys’ but the ability for misuse of this information is so immense that new scenarios are being envisaged everyday.

Take a simple example, you use PGP to encrypt some of your mail, your hard disc dies, you fit another and generate a new key. If you cannot remember your old key when it is demanded by ‘an authorised official’ then you are into two years jail time. Also, contrary to normal UK law, you are assumed to be guilty and must prove your innocence. Oh, and don’t forget that if you have been convicted and happen to mention your going to appeal to anybody except your lawyer (even your wife or husband if the notice is under the secrecy clause) then 5 years can be added to your sentence.

So as an drug dealing international terrorist paedophile what do I do ?, I plead ignorance of my keys, and take two years jail, much better than a life sentence on each charge. As a business man who had PGP installed by the IT department on my laptop I might not even know the key but I will still get the same two years jail. As a housewife having an affair I might not want my love letters read by all and sundry but again I still get the same two years.

If this sounds bad consider some of the other aspects to this bill.

When can traffic data be obtained?

21. (2) (2) It is necessary on grounds falling within this subsection to obtain communications data if it is necessary-

(a) in the interests of national security;

(b) for the purpose of preventing or detecting crime or of preventing disorder;

(c) in the interests of the economic well-being of the United Kingdom;

(d) in the interests of public safety;

(e) for the purpose of protecting public health;

(f) for the purpose of assessing or collecting any tax, duty, levy or other imposition, contribution or charge payable to a government department;

(g) for the purpose, in an emergency, of preventing death or injury or any damage to a person’s physical or mental health, or of mitigating any injury or damage to a person’s physical or mental health;

or

(h) for any purpose (not falling within paragraphs (a) to (g)) which is specified for the purposes of this subsection by an order made by the Secretary of State.

In other words, almost any reason, or any suspected crime, is sufficient.

Who can obtain authorisation for obtaining traffic data? Any member of the following:

24. (1) In this Chapter- … “relevant public authority” means (subject to subsection (4)) any of the following-

(a) a police force;

(b) the National Criminal Intelligence Service;

(c) the National Crime Squad;

(d) the Commissioners of Customs and Excise and their department;

(e) any of the intelligence services;

(f) any such public authority not falling within paragraphs (a) to

(e) as may be specified for the purposes of this subsection by an order made by the Secretary of State.

Any government department, or any police officer, can require this information.

Also note section (f), the general get out clause that’s says anybody the government wants.

Who can request a surveillance warrant?

6. (2) Those persons are-

(a) the Director-General of the Security Service;

(b) the Chief of the Secret Intelligence Service;

(c) the Director of GCHQ;

(d) the Director General of the National Criminal Intelligence Service;

(e) the Commissioner of Police of the Metropolis;

(f) the Chief Constable of the Royal Ulster Constabulary;

(g) the chief constable of any police force maintained under or by virtue of section 1 of the Police (Scotland) Act 1967;

(h) the Commissioners of Customs and Excise;

(i) a Permanent Under-Secretary of State in the Ministry of Defence;(j) a person who, for the purposes of any international mutual assistance agreement, is the competent authority of a country or territory outside the United Kingdom;

Not forgetting:

(k) any such other person as the Secretary of State may by order designate for the purposes of this subsection.

Or in (j) not only is the UK government snooping on you but also anybody else in the world can get hold of this information.

Again in (k) we see the general get out clause.

Who has to make sure the government can collect all this data ?

2. (1) In this Act-

“public telecommunications service” means any telecommunications service which is offered or provided to, or to a substantial section of, the public in any one or more parts of the United Kingdom;

“public telecommunication system” means any such parts of a telecommunication system by means of which any public telecommunications service is provided as are located in the United Kingdom;

“telecommunications service” means any service that consists in the provision of access to, and of facilities for making use of, any telecommunication system (whether or not one provided by the person providing the service); and

“telecommunication system” means any system (including the apparatus comprised in it) which exists (whether wholly or partly in the United Kingdom or elsewhere) for the purpose of facilitating the transmission of communications by any means involving the use of electrical or electro-magnetic energy.

In other words, you’re no longer using an ISP to connect to the Net. You’re using the ISP’s public telecommunication system. And you’re not using Hotmail, or Hushmail, or Funmail, you’re using their public telecommunication service to read your mail. And the same probably goes for public news servers, WAP gateways, or – depending on how the judges call it, a Web hosting company or colocation centre. And even if this definition is defined more narrowly than our reading of the Bill, Section 11.(4) makes its requirements binding on:

11. (4)

(a) a person who provides a postal service,

(b) a person who provides a public telecommunications service, or

(c) a person not falling within paragraph b) who has control of the whole or any part of a telecommunication system located wholly or partly in the United Kingdom,

Which, frankly, could mean anyone with a phone.

What does the Bill require of these people? According to Section 11. (4), employees at companies offering a public telecommunications service (or a bloke with a phone) are now obliged to obey surveillance warrants, or face a maximum of two years in jail. According to Section 18. (2), employees also face five years imprisonment for revealing the contents, details or even the existence of a surveillance warrant.

Imagine this scenario – I pay the phone bill, my husband, son and daughter use the phone. According to (c) I will be forced to obey a surveillance warrant on my own family and if I even mention I am spying on them I could be liable for a five year jail term. Nice to see how our family orientated government likes to work.

All this seems like it should be more at home in the cold war or sounds like it has been modelled on the alleged Stasi internal espionage tactics in old East Germany.

Or are there better reasons?

The truth could be simple, its to catch the bad guys but doesn’t this seem a bit overkill especially when you consider that if serious crime is involved the police / security services already have most of these powers but are under strict control.

Government paranoia is nothing new anywhere in the world but if you were the government in power wouldn’t it be nice if you could intercept, unknown, all the traffic from your opposition parties?

To come back to original questions, “what does this have to do with me?”, “I don’t live in the UK so what does it matter ?”. What happens if this gets passed into law and other governments realise that if a ‘free, open democracy’ like the UK can get away with it. How long will it be before your government does the same thing either openly or just through stealth?. This sort of set-up knocks Echelon in a cocked hat. It is amongst other things the ultimate attempt to destroy privacy on the Internet. Do you really want to set up part of your multinational business in the UK knowing that every piece of e-mail is being monitored by the government?.

The depth that this legislation has to be misused is tremendous; don’t say you haven’t been warned.

References, Acknowledgements and Thanks

John Naughton, The Observer, FIPR: Foundation for Information Policy Research, Caspar Bowden, The Stand, The Register and the The Sunday Times.