Why the 'Wire-tap Bill' musn't rest in peace

It was an era of typewriters, fax machines and a cursory interest - at best - in something called the personal computer. It was an era when the Internet remained the plaything of the US military and West Coast academics an era of telecoms monopolies and a time before email, PDAs and mobiles.

A lifetime in communications terms, yet 1985 was the last year the UK forged any meaningful legislation concerning the investigation of the dubious activities of the criminal underworld over the 'wires'.

It's about time the Interception of Communications Act was updated, but there remain severe doubts whether the Regulation of Investigatory Powers (RIP) Bill - which received its second reading in the House of Commons yesterday - is a worthy successor.

The Bill has three main goals: it outlines what constitutes acceptable interception of communications, it deals with intrusive investigation techniques, and it tackles the thorny issues of when it is legitimate to decrypt sensitive information sent across the Internet.

According Home Secretary, Jack Straw, "None of the law enforcement activities specified in the Bill are new. Covert surveillance by police and other law enforcement officers is as old as policing itself so too is the use of informants, agents and undercover officers."

Yet the fact that these techniques are being applied to new technology alters their application. Consider encryption. The Bill requires anyone caught with coded material for which they do not provide a decryption key to prove that they have legitimately lost that key. If they cannot do this, it will be assumed they are in breach of the law and will face up to two years in prison.

This is an improvement on the previous proposal to force all companies to place keys in the hand of a third party. The government realised that if it had any chance of getting the Electronic Communications Bill through Parliament, it would need to remove this contentious section.

But if Labour hoped to avoid confrontation by tacking encryption, albeit in a toned down form, to this new Bill, it had better think again.

By placing the onus on a company or individual to prove they don't hold encryption key contravenes basic civil rights. It reverses the burden of proof in criminal cases and as such is fundamentally unjust.

The other major concern about this Bill is the cost of implementation. Demon Internet estimates it will take £1m a year to put in place effective interception technology, adding up to 15 per cent to its operating costs. The Home Office has hinted it will share the burden, a position dismissed as politicking by some who believe that without definite promises, Internet Service Providers (ISPs) could discover they have a nasty bill to pay once this Bill becomes an act.

And it's not just ISPs who will suffer. The Bill addresses for the first time interception on private networks, from hotel switchboards to company networks. That could mean IT departments up and down the country are hit. Clarity is urgently needed.

The Bill now enters committee stage, which is the biggest chance the legislation has of being altered. Silicon.com will be lobbying hard to ensure company and industry concerns are heard, and to make sure we don't have to wait another 15 years before we get some meaningful legislation.

See also -
Opposition hits back at Labour's 'Snooping Bill' http://www.silicon.com/a36157
'Snooping Bill' slammed over privacy issues http://www.silicon.com/a36138
Home Office RIP Bill under fire from critics http://www.silicon.com/a35672
Official Home Office RIP site http://www.homeoffice.gov.uk/oicd/ripbill.htm