TMCnet - World's Largest Communications and Technology Community




Tracey S. Roth

Dot Com Commerce

Managing Editor, CUSTOMER INTER@CTION Solutions

[January 31, 2001]

Who's Been Snooping In MY Inbox?

If you ever read the London Times, you'll know that there are a few things currently taking a beating in the British press. Most recently is Peter Mandelson, former Northern Ireland Secretary, for alleged misconduct; most famously is millions of British cows who may or may not be feeling very well; and in the high-tech sector, and most appropriate to this column, there is the Regulation of Investigatory Powers (RIP) Bill, a wide-ranging piece of legislation implemented to track criminal activity on the Internet. The RIP Bill (whose acronym provides generous fodder for the notoriously large-typed and alliterative British tabloid headlines) was passed in July of last year and, apparently, has enjoyed a level of popularity in the U.K. formerly reserved only for fish milkshakes.

The gist of the legislation, which was spun off as a separate bill from the already-passed Electronic Communications Bill, is as follows. In order to prosecute criminal activity conducted via the Internet, British law enforcement agencies can demand interception of electronic communications that pass under the lintels of U.K.-based Internet service providers and businesses, allow surveillance of e-mail suspected to reveal criminal activity, use informants, and decrypt coded e-mail. Some ISPs may be required to install a "black box" that will allow for interception of all Internet traffic through that ISP. All organizations may be required to decrypt contentious information and provide the government with full access to any and all electronic communication. (An earlier version of the bill was modifieda first draft would have required businesses to turn over their encryption processes lock, stock and barrel, rather than the modified version, which requires them to decode certain communications on a case-by-case basis.)

It's not quite as alarming as it sounds, despite the moderate level of media-inspired hysteria it launched. Notice use of the words "can demand access" and "may be required." The British government has stressed the law has not been implemented so low-level government agents can sit at their desks and monitor titillating e-mails exchanged between friends about their weekends. However, it still poses some interesting problems for U.K.-based businesses.

It's a hard issue to approach without sounding like a script for an episode of The X-Files. ("You've SEEN the e-mails, Scully, what do you THINK the Home Office is doing with them? Papering their bird cages?") The British government's official line is that the RIP Bill is just another arm of its right to tap the phone calls of suspected criminals. The U.S. government, obviously, does this too, provided they have a warrant to do so. (Helloooooo, FBI.) Supporters of the U.K. bill point out that monitoring can only be undertaken with a warrant signed and sealed personally by the Home Secretary, Mr. Jack Straw, or by someone who sits very close to him. In other words, if a warrant gets signed to come after your electronic communications, chances are you've been very, very bad and deserve it. Any interception warrants must be authorized by an independent Commissioner, who must be either a sitting judge or a former judge. A great deal of the misunderstanding and junk-press-spawned hysteria seems to have derived from the assumption that a warrant is not needed. It is.

In a nutshell, unless you're buying plutonium from Azerbaijan via e-mail, chances are pretty good the British government won't have its fingers in your e-mail inbox, nor will the men in black show up on your doorstep.

But you never can tell, can you?

Opponents of the law, which include organizations such as Amnesty International, most U.K.-based Internet service providers and businesses who deal in sensitive information (such as financial institutions), not to mention the British public in general, have been vocal and emphatic. The public objects to the invasion of privacy, the banks object to the possibility of having to turn over private consumer data, and the Internet service providers, who will likely take the lion's share of the burden, are wondering about their future viability in the U.K. Many ISPs have begun making not-so-idle comments about moving their operations off-shore to avoid having to comply with the law. In most cases, the financial responsibility to install "reasonable interception capabilities" (when notified by the government to do so) will fall on the ISP.

But the biggest problem seems to be a lack of communication between the ISPs and those policing the intercepts. An article in Wired News reported that enforcement of the law by less-than-well trained local police forces are inspiring a spate of stupid, time-wasting questions on the part of the police to Internet service providers, who now find themselves in the position of having to educate the police on the basics of Internet 101. Ridiculous demands by law enforcement officers, from asking ISPs to check their records to see if suspected criminals have accounts with them, to demanding information on users of other ISPs, some of them in other countries, have prompted many ISPs to throw up their hands in disgust and make even louder grumbles about moving to friendlier e-commerce shores.

For those of us removed from the law by national borders, it provides an interesting litmus test. (Although U.S.-based companies that do business in the U.K. need to be aware that the law does apply to their communications that flow into and out of the U.K.) Although the U.S. government has assured us that the FBI's infamous Carnivore system is less far-reaching than the U.K. law, no one has quite come clean about exactly what Carnivore is, so it's hard to make a comparison. We have been told that the "black box" approach of the RIP Bill is counter to the Fourth Amendment of the Constitution prohibiting unlawful searches and seizures, and that "Carnivore chews all the data on the network, but it only actually eats the information authorized by a court order" (hence its charming name), in the manner of an electronic wire tap, but after that, it's anybody's guess. I can't come down too hard on the U.K. law by comparison, for the process has supposedly been fully disclosed, unlike with Carnivore. The old adage about the devil you know and the devil you don't know springs to mind.

In the meantime, let's enjoy reading the Web postings of the conspiracy theorists on both sides of the Atlantic, and look forward to the day that either the RIP Bill or Carnivore become the topics of either a John Grisham novel, a major Hollywood film extravaganza, or both.

The author, who reminds readers to avoid purchasing plutonium from Azerbaijan over the Internet, may be contacted at tschelmetic@tmcnet.com.

Like what you've read? Go to past Dot Com Commerce columns.
Click here for an e-mail reminder every time this column is published.

Technology Marketing Corporation

2 Trap Falls Road Suite 106, Shelton, CT 06484 USA
Ph: +1-203-852-6800, 800-243-6002

General comments: tmc@tmcnet.com.
Comments about this site: webmaster@tmcnet.com.


© 2021 Technology Marketing Corporation. All rights reserved | Privacy Policy