In its first nine years, the foundation's most notable successes in improving legislation and policy have included:
- Regulation of Investigatory Powers (RIP) Act 2000
The Act governs interception of communications and acquisition of traffic data, bugging, and the use of informants; compels disclosure of passwords and decryption keys, and establishes a complaints Tribunal and oversight Commissioners.
As the Bill passed through Parliament, the foundation successfully promoted amendments which:
- Prevented surveillance of web browsing without a warrant ('Big Browser' amendment for traffic data)
- Ensured that those who lose keys or forget passwords would be presumed innocent
- Removed corporate criminal liability for inability to decrypt ('key escrow by intimidation')
- Raised the authorisation level for access to passwords and decryption keys to Chief Constable
- Transferred open ended costs of deploying 'black boxes' from ISPs to the Home Office
- Provided the Interception Commissioner with a right to a technical audit trail for oversight
The foundation achieved this primarily by careful lobbying underpinned by rigorous research. It was the most cited authority in Parliament, and the Director acted as an adviser in the chamber during several House of Lords debates.
It also discovered that a new 'override certificate' permits GCHQ to trawl through all Internet communications inside the UK.
At the same time, working with minimal resources, the foundation succeeded in improving public understanding of the issues at stake with numerous appearances on national TV and radio, and constant and active briefing of trade and national news journalists. The hundreds of articles on the Bill arising directly from the foundation's work included 17 leader articles in national news and trade press.
- Export Control Act 2002
FIPR persuaded Conservative, Liberal Democrat and crossbench peers in the
House of Lord to insert section 8 of the Export Control Act, which creates an
exemption for scientific research. The Act was brought in at US request,
rejected by the DTI Select Committee in 1998 (after FIPR lobbying), then
pushed through Brussels by the UK as a European Regulation, and finally
introduced in 2001. Its effect was to extend export controls from physical
goods to intangibles. A side-effect would have been to make scientific
communications and collaborations subject to expert licensing whenever the
subject matter or the instruments in use appeared on the dual-use list. This
would have put UK science and technology at a significant disadvantage.
As more and more information policy issues are settled in Europe rather than at
the level of national parliaments, FIPR was a founder member of European
Digital Rights (EDRI) which was formed to lobby on information policy issues at the European level.
FIPR drove its establishment in 2002 and paid half of the first year's running
costs. EDRI is an association of currently 25 privacy and civil rights
organisations from 16 different countries in Europe.
- EU IPR Enforcement Directive
In 2003--4 the EU attempted to introduce an IPR Enforcement Directive that
would, among other things, have forced all Member States to criminalise patent
infringement. This was sought at the behest of the drug industry, which wanted
to stop generic drugmakers sheltering distributors from lawsuits by giving
them indemnities against civil damages for infringement. It would also have
made life much harder for the software industry and for free software
FIPR, working with EDRI, assembled an alliance in Brussels consisting of the
free software movement, consumers' associations, the supermarkets, the generic
drugmakers, the car-parts industry and the telcos, and got this directive
amended at the committee stage. The alliance that we put together is still
working, and opposing further attempts at encroachment by the IP lobby.
- Copyright policy
Following its success in the IP Enforcement Directive campaign, FIPR worked
with EDRI to devise a policy on copyright to which a large number of
European NGOs subscribed. This emerged from a conference FIPR sponsored at
Cambridge and has influenced much copyright policy work since.
- Central surveillance of medical and children's records
FIPR has been a critic of attempts by the UK government to centralise medical
records, school data, social work files and police intelligence. FIPR wrote a
report "Children's Databases -- Safety and Privacy" for the Information
Commissioner surveying these projects. It concluded that a number of the
proposed uses were unsafe, and some were contrary to European law. FIPR has
also been involved in the debate over the NHS National Programme for IT;
Advisory Council member Martyn Thomas is a prominent member of the 'Gang of 23'
academics who have called for a review of the project (see:
http://editthis.info/nhs_it_info/Main_Page) while FIPR's Chair Ross Anderson is
currently a Special Adviser to a House of Commons Health Committee inquiry into the
Electronic Patient Record.
See: FIPR's evidence to the Select Committee Inquiry.
Other successes include:
- Private Security Industry Act 2001: the foundation established that IT security consultants were not under threat of licensing at a future date.
- Health and Social Care Act 2001: the foundation drew attention to ethical issues surrounding the use of identifiable data for research, and averted expropriation of anonymised data.
- Anti Terrorism Crime and Security Act 2001: the foundation introduced safeguards against the use of mass-surveillance powers for minor purposes.
In its pursuit of information about the development of the Department of Trade and Industry's cryptography policy the foundation broke new ground. Persevering with requests for documents under the Code of Practice on Open Government (the only mechanism available until the Freedom of Information Act comes into effect), in December 1999 the foundation had a complaint partially upheld by the Parliamentary Commissioner for Administration.