REGULATION OF INVESTIGATORY POWERS BILL
BRIEFING
FOR HOUSE OF LORDS SECOND READING DEBATE (Thurs 25th May)
see also RIP Information Centre at www.fipr.org/rip
FIPR
will be publishing proposals for specific amendments in time for the House of
Lords Committee stage. In Parliamentary debate and elsewhere the government has
referred to Codes of Practice which would address some of the criticisms
contained herein – however these will not be available even in draft until
immediately before Royal Assent, therefore we have not incorporated these
references into our analysis. This paper does not address Part.II of the Bill –
Covert Human Intelligence Sources.
Although telephone exchanges went digital in
the 1980s, to tap domestic calls a warrant must physically be served on the
telephone company – this maintains an important practical check on abuse. RIP
would allow access directly through an infrastructure of “black-boxes” linked
to a central surveillance centre (GTAC), without the knowledge of the Internet
provider – or (verifiably) of an Interception Commissioner.
RIP does greatly extend powers both in
practice and in principle:
·
Under
Pt.I Ch.II any public authority can obtain a list of websites browsed for very
broad purposes – and potentially in real-time via the GTAC monitoring centre - without
any ministerial or judicial warrant. The Govt. argues that this is analogous to
the present practice of obtaining logs of telephone numbers without a warrant.
FIPR argues that the Internet is rapidly becoming a universal conduit for
transactions and communications, and so access to “communications data” (i.e.
who-is-talking-to-whom and who-is-reading-what) needs safeguards commensurate
with access to content. The Data Protection Commissioner concurs.
·
Under
Part.III a new offence of failing to decrypt (i.e. unscramble) coded data is
created. The government argues that this can only arise where there is already
lawful authority to obtain the data. But powers to demand “keys” (or
passphrases) instead of the unscrambled data could have the effect “of
undermining the individual’s entire privacy and security apparatus” according
to an eminent Legal Opinion obtained by JUSTICE and FIPR.
Interception capability will progressively
decline whether or not RIP is enacted because the information economy requires
confidential communications – encryption is simply the name for technology that
provides transaction and data security on the open systems of the Internet. The
policy of key-escrow (depositing all keys in advance with agencies trusted by
government) failed because it can be trivially circumvented. The inescapable
conclusion is that law-enforcement will have to adapt its investigative methods
to cope, but RIP may bring the worst policy outcome because:
·
it
will actually exacerbate the problem by prematurely stimulating
counter-measures (e.g steganography – the concealment of encrypted data by
camouflage – and anonymity)
·
waste
money creating dangerous and unprecedented systems for domestic
mass-surveillance
·
it
puts anyone who takes steps to protect their privacy in cyberspace in legal
jeopardy
·
it
puts off the necessity for law-enforcement to grasp the nettle of developing
“forensic hacking” procedures and capabilities against suspect computers in
cases of serious crime.
·
Arguments that
Part.I is needed for HRA compliance are nugatory and for Part.III absurd. If
the key has been lost or the passphrase forgotten an innocent person must
shoulder the burden of proving this to the court (a logical impossibility) – in
violation of the European Convention of Human Rights. However, in spite of
accepting a Select Committee recommendation to explain their assertion of
compatibility, the government has declined to offer any substantial legal
argument to date.
·
The bill
represents the endgame of a policy shambles that has lasted four years (see
Chronology Appendix C), and is one of the outstanding historical failures of
civil service policy machinery of the past several decades.
After
a succession of closed meetings with the ISP industry (at which no agreement
could be reached on cost structures or capabilities), in January the Home
Office commissioned consultants from the Smith Group to “recommend the most
cost-effective method for interception at each type of ISP in a way that….
minimises the cost burden to Government and industry”. The terms of reference
presupposed – without justifying analysis - that interception by the ISP was
preferable to interception by telephone companies that own the wires (“local
loop”) running into the local exchange.
The
report[1]
proposed three solutions in roughly increasing magnitude of cost:
In
each case, the intercepted information will be relayed to a central
monitoring facility (GTAC - the Government Technical Assistance Centre) to
be housed in the MI5 building, across hardwired links from each ISP. The Home
Office appears not to have understood until very recently that in
packet-switching systems such as the Internet (as opposed to telephone systems)
it is only possible to tap anything by tapping everything. The
Smith Group acknowledge that for the “passive” solution,
“the
need to monitor all ISP traffic in order to identify selected subscribers
communications, implies the requirement for careful control and monitoring of
this technique. The level of auditing and scrutiny will need to be higher for
the passive approach than the other proposed solutions.”
They
further propose that economies of scale would result from government undertaking
the design of the black-boxes, leveraging off software already developed for
such purposes – presumably by GCHQ. FIPR believes that the design of an audit
trail proof against insider malfeasance (or excess zeal), is a formidably
difficult computer security problem - but the Smith Group is sanguine (without
justifying analysis) - two man-months work for a total cost of £17,000. In
practice, one of the primary checks against abuse of domestic telephone
tapping is the legal and practical necessity of involvement by the operating
company. But if ISPs are obliged to attach passive boxes to their networks,
they will be “out-of-the-loop” and have no inkling about their actual
operation. We see this also as cultural issue – throughout the past few years debate,
the government has persistently rebuffed independent expert opinion and seems
institutionally incapable of entertaining serious concerns about the dangers of
extending surveillance capabilities without corresponding oversight reforms. It
would take a revolution in attitudes, a public political commitment, and
presently unquantified investment to engineer reliable systems audit of the
passive solution.
The
“semi-active” solution immensely complicates upgrading and maintenance of ISP
systems, an area of intense present and future competition, and ties up the
most skilled network engineering staff. The resulting opportunity costs are not
considered by the report.
The
“active” solution involves fairly harmless alterations to the servers handling
e-mail accounts offered by the ISP, but misses all other protocols, including
popular “web-mail” services that allow e-mail access from any Web browser to
accounts maintained offshore – many of which offer end-to-end encryption. The
value of this option needs further study, as it would only catch the
communications of particularly stupid or careless criminals.
The
cost estimates are a snapshot – as the next wave of broadband e-commerce is
rolled out in 2001, with 3rd generation mobile Internet (UMTS) following in
2002, “semi-active” and “passive” interception equipment will need continual
upgrading and only the latest and most expensive equipment will be able to
filter the higher bandwidth enabled by the same equipment. The ISP industry is
most concerned about their liability for initial and ongoing capital costs –
but we would be even more concerned by the issue of verifiable oversight if the
government agreed to fund the entire program.
The
report also does not take into account the cost to the tax-payer of processing
and safeguarding the intercepted material, or answer the basic question of
whether interception will continue to be useful for law-enforcement as
encryption becomes widely used for personal and business applications.
At
Commons Third Reading, the government agreed to an affirmative resolution
procedure before imposing interception requirements on ISPs, but rejected a
revived Opposition amendment to create a Technical Approvals Board comprised of
industry experts who would vet Home Office interception wish-lists for cost and
feasibility. The Conservatives cited strong industry support (that government
had doubted in Committee) for the TAB from the Federation of the Electronics
Industry and Internet switching centre LINX, and referred to the Home Office's
own consultation paper of June 1999 which had promised
"an independent body to provide impartial advice on how
to balance the requirements of the Agencies and CSPs. This should help to
ensure that any requirements are reasonable, proportionate and do not place
CSPs at a disadvantage compared with their competitors"[2].
The
government glossed over this point in debate, saying only that ongoing consultations
with ISPs would suffice, although ISPA and LINX have recently criticised the
poor quality and infrequency of consultation in an open letter of protest to
e-Envoy Alex Allen[3].
The
government rejected estimates of a £30m price-tag on costs to ISPs of
installing and maintaining interception equipment, because it announced that it
did not envisage all ISPs being required to intercept – an admission that the
Home Office has now abandoned its original rationale of “levelling the playing
field”. The £30m figure was derived from the Smith Report figures combined with
a reasonable assumption that the largest 20 of the UK's 400 ISPs would have to
take up higher-cost options for blanket interception, whilst the reminder would
only install the cheaper “e-mail only” capability. Government also rejected
amendments that required ISPs to be compensated for interception costs (rather
than discretionary payments) and to report awards of such payments to
Parliament.
Communications
data means data carrying
address information that indicates “who-is-talking-to-whom” - for example logs
of telephone numbers. Designated officials in any public authority (S.24.2) may
authorise themselves to obtain directly, or require CSPs to provide, such data
for any of the broad purposes in S.21.2 (or other purposes created under
secondary powers). The Government has argued that “interception-and even
directed surveillance[4]-is
a much greater intrusion than the collection of communications data”[5],
and therefore much weaker controls are justified. The Data Protection
Commissioner disagrees saying, “access to traffic and billing data should also
be made subject to prior judicial scrutiny[6]”,
but the government rejects this approach on grounds also that “it would place
unacceptable strains on the court service.”
There are important new
arguments for requiring prior judicial authorisation for access to Internet
communications data. The
explosive growth of e-commerce, coupled with anticipated high penetration of
interactive digital television and third-generation mobile phones, means that
the Internet is on the verge of becoming a single conduit carrying
comprehensive transaction data tracing virtually every facet of private life,
which previously was scattered on separate utility, bank, credit-card, library,
and telecommunications billing computers, if indeed they were recorded at all.
The Home Office has made clear that it classes Internet audit trails, including
lists of e-mail correspondents and web sites browsed, as communications
data (rather than content). If, as seems likely, the Internet in time
subsumes both television and written information sources, under the RIP Bill it
will be lawful for any public authority to obtain comprehensive details of what
any person has read, watched, and who they have corresponded with, without a
ministerial or judicial warrant.
It
is relevant that a current de facto safeguard, that such data can only
be obtained by police request on presenting a data controller with satisfactory
evidence that a Data Protection Act (s.29) exemption applies, is abolished. If
the power of interception were implemented as envisaged by the Smith Report, it
would be both lawful and feasible for such communications data to be
obtained instantaneously, remotely, and secretly by the same apparatus:
the “black-boxes” installed at ISPs, linked to the GTAC monitoring centre.
Moreover,
rapid advances in computing power now permit warehousing and “traffic-analysis”
of unlimited quantities of communications data by automated tools[7]
that derive “friendship trees” and can detect patterns of association between
individuals and groups using sophisticated artificial intelligence programming.
This method can be considered as a “suspicion-engine” which can identify new
targets of investigation with complete generality – without any access to the
content of communications – but which could subsequently serve as the basis for
an interception warrant.
In
summary, the combination of:
can justifiably be regarded as the
emergence of a powerful new form of mass-surveillance.
It
should be emphasised that whilst GCHQ performs broad-spectrum processing of
both the content and traffic patterns of external
communications, mass-surveillance of domestic
communications is legally unprecedented in peacetime.
We
wish to emphasise that it is not our view that RIP was drafted with this
intention – however it is sobering to realise that proposals modestly billed as
“updating and modernising existing powers”, would in fact legitimise what an
extreme government might seek to achieve.
Encryption refers to the scrambling of computer
data with modern cipher systems (usually in software) that are effectively
uncrackable. The data concerned is protected using a mathematical procedure
that cannot be reversed by even the most powerful computers available unless a
special key is provided. After much policy wrangling over several years, the
United States has now dismantled strict export controls on encryption software,
because many applications of e-commerce are dependent on the confidentiality
and transaction security that only good encryption can provide (e.g.
mobile-phone banking, electronic cash, online share dealing). Individuals as
well as businesses have good reason to protect their privacy with encryption,
as without it Internet communications are as unprotected as correspondence on a
postcard.
Law-enforcement
will be unable to understand intercepted encrypted communications unless they
obtain the key. S.49 creates the offence of failing to comply with a decryption
notice that may be obtained by public authorities as diverse as local
trading standards officers and MI5, under a patchwork of authorisations
specified in Schedule.1 (see Appendix E diagram[8]).
Such notices may be served not only on suspects in a criminal investigation,
but also on innocent parties or major companies who happen to possess
information there is legal authority to obtain.
Although
such powers superficially appear to be a reasonable extension by analogy of
existing powers to require disclosure of information, on closer analysis they
turn out to be of little use if formulated to be compatible with the Human
Rights Act. The central difficulty arises from the fact that it is an
inevitable and frequent occurrence, even amongst computer professionals, that keys
(or equivalent pass-phrases) are genuinely lost, forgotten, or inadvertently or
intentionally destroyed.
The
offence is formally constructed so that a person is presumed guilty if properly
served with a notice with which they do not comply. There is a statutory
defence available which requires a person to demonstrate (on the balance of
probabilities) that they do not have possession of the key. This is a uniquely
severe reversal of the usual prosecution burden of proof – because the defence
must prove a negative - and was found to be incompatible with the European
Convention of Human Rights in a Legal Opinion[9]
obtained by FIPR and JUSTICE in 1999 and updated in March. The powers
originally proposed in the draft DTI Electronic Communications Bill were withdrawn,
but have been re-introduced essentially unchanged in this Home Office bill,
without clarification of why the Secretary of State now believes them to be
compatible with the Human Rights Act.
A
further practical difficulty with this approach is that the reverse-burden
defence will become discredited because a criminal wishing to suppress
evidence that would convict on a more serious charge, would prefer to take a
chance claiming forgetfulness - with a maximum 2 year penalty if they are
not believed. But for an innocent defendant, they must essentially prove to the
court that they are not lying, and can be convicted without need of other
incriminating or circumstantial evidence. The result is that the courts will
be unable rationally to distinguish between the innocent and guilty.
FIPR
believes that it would also be unsatisfactory to put the burden of proof
on the prosecution to show key possession; but this may be the least bad
solution. Proof beyond reasonable doubt of wilful withholding of a key could
only occur if the authorities knew for certain the location of the key. In most
operational circumstances, law enforcement agencies would then likely prefer to
copy the key covertly, so that surreptitious surveillance of data could
continue, or to commence a search with certain knowledge of the key. No other
country has enacted an explicit decryption power, and it appears that the UK is
the only country whose unwritten constitution allows such a reverse-burden even
to be attempted. On 18th May
the government tabled an amendment “clarifying” that a less severe
reverse-burden in the Terrorism Bill in fact amounted only to an evidential
rather than persuasive burden[10].
However the government has insisted on numerous occasions that in the RIP Bill
the defence must prove key non-possession on the balance of probabilities[11]
- although with puzzling allusions to this constituting a “lower” burden[12]
- but has declined to provide detailed argument about HRA compliance as
recommended by the Trade and Industry Select Committee[13].
It remains to be seen whether government
will attempt to maintain any vestige of intellectual consistency between these
blatantly contradictory positions.
Thus
the glaring flaw of the Part.III framework is that it not only fails to ensure
adequate punishment for the guilty, but it provides no reliable defence for the
innocent. When Simon Hughes MP intervened at Report to suggest it would be
reasonable to require the defence to explain the circumstances of key
non-possession if the accused were being
given the benefit of a reasonable doubt, instead of a 50:50 chance, the
Minister simply reasserted the correctness of his own view, without supporting
argument[14]. We list
some common circumstances of key non-possession in Appendix A.
The
view of most independent specialists in information security is that law
enforcement will of necessity have to develop advanced bugging technologies,
specifically designed to steal keys from targeted computers (under appropriate
authorisation – such as the Police Act 1997 Part.III). Various methods are well
understood and under development, particularly by the NSA and FBI in the United
States, including use of computer software “viruses” which exploit obscure
security weaknesses in commercial software.
The
secrecy condition (“tipping-off” - S.50) offence also has grave flaws, and is
not time-limited. An isolated individual could be prevented from
"tipping-off" himself (!) for reasons of "maintaining the
effectiveness...of investigatory techniques generally" (50.2). The
explicit generality of this exemption would permit its operation as a catch-all
gagging clause.
There
is also the practical issue that the duties on specified authorities (S.51) do
not mention adequate technical security requirements or costs of guarding or
transporting seized keys[15].
Estimating from the measures employed to guard official HMG key material
suggests either that these represent very substantial undeclared costs, or that
the safety and security of innocent key owners will sometimes be seriously
undermined[16].
The
government has amended S.70 (formerly S.69) to exempt company directors from
liability under Part.III - that is, they are no longer personally liable for
failure of their company to comply with a decryption notice - however it still leaves
individuals and company employees in the firing line. FIPR's diagnosis is that
government is attempting a strategy of “key escrow by intimidation” - we
surmise that government expects the jeopardy of reverse-burden to boost demand
artificially for key-escrow services.
It
is worth emphasising that new editions of Microsoft Windows now ship with
strong encryption built-in, and will henceforth be available to millions of
ordinary computer users who will lose or forget keys as easily and as often as
a cash-point PIN number.
The
government introduced an amendment that a key could be demanded instead of
plaintext only if it was believed there were “special circumstances”. The
word exceptional rather than special had been considered and rejected
(any suspect is by definition not to be trusted to supply the plaintext of
incriminating material), and recent assertions that access to “plain text –
rather than any key – will be sufficient in almost all cases”[17]
were not repeated. The meaning of “special circumstances” will not be defined
until the Code of Practice is available.
RIP
crosses significant technological and legal thresholds, in advance of any
informed public debate or understanding of the chilling effects on freedoms of
association and expression, and serious corrosion of fundamental civil
liberties.
RIP
assigns the Interception Commissioner rather than the Data Protection
Commissioner responsibility for oversight of access to communications data. Our
major concern is that the Interception Commissioner’s primary methodology to
date has been random sampling of warrant documentation for telecommunication
systems that require operator assistance to implement interception. We can
envisage no expedient technical means by which a Commissioner could
verifiably supervise the operation of remotely controlled interception
“black-boxes”. We reluctantly conclude that the construction of Part.I
constitutes an unsalvageably dangerous extension of powers, which should be
redrafted on a system of prior judicial approval, requiring the service
provider’s involvement in implementation as a necessary practical check.
Harry Cohen MP
made the following observation at Report :
"An official could
legitimately authorise collections of communications data and keep proper
records only for them subsequently to be used for another purpose. If that is
true, the relevant commissioner, who examined the authorisation process, would
not know of such disclosures; nor would the telecommunications operator or the
public. To put it bluntly, the whole
authorisation process and all the protections afforded by chapter II could be
reduced to a meaningless sham.”
At
Third Reading the government again rejected Opposition amendments to unify the
system of five Commissioners (excluding the DPC), but agreed instead to a
“unified secretariat” and the provision of an unspecified capacity to undertake
investigations, although the secretariat would operate on a “need-to-know”
basis.
We
have concerns also about the Intelligence and Security Committee’s oversight
role in such a complex area. The ISC published their approval of decryption
powers, without apparently inviting evidence from non-government experts, in
their most recent report. However comments by the Chair of the ISC during
Commons Second Reading reveal a significant misunderstanding of an issue
fundamental to the question of access to keys[18].
Moreover despite assurances that the ISC would follow the Bill’s progress, all members
were absent for Third Reading on official business.
1.
I
still keep that encrypted data on my hard-disk because although I forgot the
password several years ago, I might remember it suddenly (as one does), and it
contains important records.
2.
That's
a key from a key-server when I first tried encryption. I've forgotten the
password so can't "revoke” it (and it cannot otherwise be deleted from a
globally replicating network of key directories), and people still send me
things occasionally with it - which I can't read.
3.
I
just changed keys three days ago - I meant to record the passphrase in my
organizer but forgot it before I did
4.
It's
a perfect-forward-secrecy/ephemeral-key system that automatically
destroys/never-retains a decryption key.
5.
My
organizer "glitched" and I lost all the data in it, including
passphrases
6.
I
never wrote it down because I've never forgotten it before
7.
I
assumed that the manufacturer had a backdoor to get the data back
|
ISP
and CSP |
Internet
Service Provider (company providing connection to the Internet) and
Communications Service Provider (Home Office term for telephone company or
ISP). ISPs generally will NOT possess keys to customer communications
that are encrypted – they merely act as a conduit |
|
Encrypt/Decrypt |
The
process of scrambling/unscrambling information into a jumbled form, by means
of a mathematical cipher, which cannot be understood without a key |
|
Forensic
Hacking |
Most
computers leave tell-tale data in temporary files which remain even if the
computer is switched off. It is often possible to recover passwords and keys
by expert examination. It is also possible to circumvent encryption by exploiting
obscure security vulnerabilities in the operating system or using hardware or
software eavesdropping devices to steal keys. |
|
Key |
A
long number which acts like the combination of a lock with an astronomical number
of permutations. Keys are chosen to be sufficiently long that they cannot be
guessed by trial-and-error, even by the most powerful computers that can be
reasonably foreseen. |
|
Session Key |
A
key uniquely generated for each message. A session key can only decrypt a
single message |
|
Long-term key |
Used
to protect session keys. If a long-term key is revealed ALL messages
can be read |
|
Key escrow |
Policy
pursued by some governments from 1993 to ensure copies of all decryption keys
are deposited in advance with agencies (“third-parties”) trusted to release
them covertly under legal authority. Widely criticised as infeasible and
unenforceable, UK last to abandon in 1999. |
|
Key recovery |
Either: euphemism for key
escrow and/or: system which differs technically from key-escrow by
only enabling access to session-key of particular message (rather than
long-term key) |
|
Password/Passphrase |
Because
people cannot remember numbers with several hundred digits, keys are
themselves protected with encryption. A password, or preferably a pass phrase
that cannot be guessed by machine, is typed in every time to prepare the
actual key for use. |
|
Perfect
Forward Secrecy |
A
system that uses a different key with every exchange of messages between two
parties. Old keys are continually destroyed so past messages cannot be read
(unless otherwise preserved) |
|
Plaintext |
Data
in its original unscrambled form (may in fact be data representing
sound/pictures/voice) |
|
Steganography |
Ways
of camouflaging encrypted data, by hiding in a mass of other data derived
from a real-world “signal” that contains some “noise”, such as
sound/pictures/voice/video. |
|
Steganographic
File System |
A
computer filing system where data cannot be accessed or even its existence
proved without a key, because encrypted files are undetectably embedded
in camouflaging random data |
|
July
1995 |
Labour
Party “Communicating Britain’s Future” rejects key-escrow |
|
10
Jun 1996 |
DTI
paper on “regulatory intent concerning use of encryption on open networks”. |
|
17
Mar 1997 |
DTI
Consultation “Licensing of Trusted Third Parties for the Provision of
Encryption Services” |
|
19
May 1997 |
|
|
27
Apr 1998 |
DTI
“Secure Electronic Commerce Statement” – Labour endorses “voluntary”
key-escrow |
|
29
May 1998 |
|
|
19
Oct 1998 |
Second
DTI consultation paper postponed |
|
24
Nov 1998 |
Queen’s
Speech announces “Electronic Commerce Bill” |
|
3
Dec 1998 |
Trade
and Industry Select Committee announces inquiry into E-Commerce |
|
19
Jan 1999 |
France
abandons key escrow |
|
4
Mar 1999 |
PIU
study announced at No.10 meeting for industry leaders: “key-escrow not the
answer” |
|
5
Mar 1999 |
DTI
Consultation “Building Confidence In Electronic Commerce” |
|
23
Mar 1999 |
Scrambling for Safety 3: first
public discussion of encryption policy by Home Office |
|
1
Apr 1999 |
26
day response period of DTI Consultation ends: FIPR accumulates submissions on
website |
|
19
May 1999 |
T&I
Sel.Ctee Report “Building Confidence In Electronic Commerce: The Government's
Proposals” |
|
26
May 1999 |
Cabinet
Office Performance and Innovation Unit Report, “Encryption and Law
Enforcement” |
|
22
Jun 1999 |
Home
Office Consultation “Interception of Communications in the United Kingdom” |
|
8
Jul 1999 |
Conservatives
refuse to allow introduction of Bill under “carry-over” procedure this
session |
|
23
Jul 1999 |
Draft
“Electronic Communications Bill” published |
|
23
Sep 1999 |
|
|
7
Oct 1999 |
FIPR/JUSTICE
Human Rights Audit of decryption powers in Part.III draft E-Comms Bill
published |
|
26
Oct 1999 |
T&I
Sel Ctee report published – recommends Govt. publish detailed analysis of HRA
compatibility |
|
17
Nov 1999 |
Queen’s
Speech confirms separation of decryption powers from E-Comms Bill |
|
20
Jan 2000 |
Govt.
replies to T&I Sel. Ctee – agrees to address specific criticisms |
|
6
Mar 2000 |
Second
Reading debate House of Commons |
|
20
Mar 2000 |
FIPR/JUSTICE
updated Human Rights Audit of RIP decryption powers published |
|
22
Mar 2000 |
|
|
20
Apr 2000 |
Smith
Group report for Home Office on implementation of Internet interception
published |
1.
Computer
Weekly 18/5/00: Minister in spat with Computer Weekly over RIP bill
2.
Network News 17/5/00: Government RIPs into
more controversy
3.
Business & Technology 12/5/00: ISPs
furious as snooping costs go through the roof
4.
Computing 11/5/00: Government forces through Net
spy bill
5.
Computing 11/5/00: They could be watching you too!
6.
ComputerWeekly
11/5/00: Firms move operations abroad to avoid RIP Bill
7. AP
10/5/2000: "Britain plans cyber-center to spy on the Internet
8.
Network News 10/5/00: RIP threat to e-mail privacy
9.
VNUnet
10/5/00: Snooping bill under attack again
10. CNN
TV report on RIP 10/5/00
11. ZDNet UK 9/5/00:
Cyber-snooping Bill through House of Commons
12. BBC
Online 8/5/00: Computer crime plan 'bad for business'
13. BBC
Radio 5 Nicky Campbell phone-in 8/5/00
14. BBC
TV Business Breakfast 8/5/00 07:45 - Max Foster reports on RIP Bill
15. BBC
Radio 4 'Broadcasting House' 7/5/00, Dan Damon
16. Sunday
Times 7/5/2000: "The net closes in"
17. Observer
7/5/2000: "Coming to a screen near you"
18. Silicon.Com
5/5/00: Behind the Headlines....criminals taking the RIP (video)
19. Independent
5/5/00: Freedom of information must mean just that
20. Christian
Science Monitor 5/5/00: UK moving to open all (e-)mail
21. NTK 5/5/00
22. Daily
Telegraph 4/5/00: Fool Britannia
23. Daily
Express 4/5/00: Where's the sense in Big Brother snooping on our e-mail?
24. The Register 4/5/00:
"RIP - Lib Dems wade into cyber rights debate"
25. Silicon.com
4/5/00: 'Snooping Bill' will not deter criminals, say experts
26. Computing 4/5/00: Critics launch
fresh attack on Net bill
27. Guardian
3/5/00: Francis Wheen: MI5's e-mail snoops
28. Financial
Times 3/5/00: LETTERS: Foreign investors will be scared off
29. Telepolis 2/5/00: Tony Geraghty - Irish War: British
Disease
30. Financial
Times 2/5/00: State surveillance plans are 'worrying leap in dark'
31. ZDNet 2/5/00: MI5 to
build new email and surfing surveillance centre
32. British Forces Broadcasting Service 2/5/00 11:15 - RIP interview with CB