UK government pulls back on cyber snoop bill

In the face of increasing pressure from privacy groups, business groups and Internet service providers, the UK government is backing away from the more controversial aspects of its email surveillance bill.

In the face of increasing pressure from privacy groups, business groups and Internet service providers (ISPs), the UK government is backing away from some of the more controversial aspects of its email surveillance bill currently under consideration in the House of Lords.

The Home Office, which proposed and is overseeing the Regulation of Investigatory Powers (RIP) bill on behalf of the government, will send amendments on the bill to the House of Lords early this week for discussion on Wednesday, a spokesman for the Home Office told the IDG News Service.

The bill, which has already passed the House of Commons, would give the UK government sweeping powers to access email and other encrypted Internet communications.

"Yes, we've been listening to suggestions being made by the British Chambers of Commerce (BCC) and others, and with the amendments, we are trying to offer reassurances to industry while trying to maintain the balance of the bill," the Home Office spokesman said.

The government spokesman denied that Home Secretary Jack Straw is attempting to avert a revolt in the House of Lords, or that the move is a significant change of tactics for the government.

"We've been making amendments to the bill throughout the process, as we do with any bill," he said.

The RIP bill -- to get a second reading by the House of Lords at the end of the month -- would require ISPs in the UK to track all data traffic passing through its computers and route it to the Government Technical Assistance Center (GTAC). The GTAC is being established in the London headquarters of the UK secret service office, MI5 -- the equivalent to the Federal Bureau of Investigation (FBI) in the US.

Under the provisions of the RIP bill, the UK government -- specifically the Home Office and its head, the Home Secretary -- can demand encryption keys to any and all data communications with a prison sentence of two years for those who do not comply with the order.

Furthermore, if a company official is asked to surrender an encryption key to the government, that individual is barred by law from telling anyone -- including their employer, be it senior management or security staff -- that they have done so. Guidelines for this "tipping off offence," as it is known, could leave an international company completely unaware that what it assumes is secure company data may be under investigation by MI5.

While UK employees are protected against the consequences of passing encryption keys or encrypted data to the government, that protection does not extend outside the UK to other jurisdictions, such as that of the parent company.

The RIP bill already has 229 amendments which must be addressed by the House of Lords, but the government's new amendments are meant to address the more controversial aspects of the bill, the Home Office spokesman said.

"We want to make the definitions clearer. For example, we can request a list of Web sites visited from an ISP, just as we can ask the telephone company for a record of a person's phone calls. But if we open up those URL and see how a person has interacted with that site, that is very different, and it has never been our intention to obtain that sort of data," the Home Office spokesman said.

The government is not looking to back down from those aspects of the RIP bill which are coming under attack but wishes to clear up any confusion that may be causing concern within the business community, he said.

"The 'tipping off offence' is not something we envision being used frequently or widely, but it is necessary. There are times when our investigations are covert. But we fully understand the importance of those keys, and it is more important to reassure business and industry that the keys will be kept very secure," the spokesman said.

Civil liberty organisations are worried that the government's email interception bill would grossly encroach on privacy, while businesses fear the law will force e-commerce companies to move operations to other countries, such as Ireland, which do not have such restrictions. And ISPs in the UK are concerned that the costs of establishing the technology required by the RIP bill would be crippling.

The BCC has estimated that implementing the RIP bill will cost industry £46 billion ($US69.9 billion) over five years, a claim that Jack Straw vehemently denied in a letter sent to the Financial Times on June 14 and posted on the Home Office Web site.

Join the newsletter!

Error: Please check your email address.
Show Comments
[]