BLACK BOXES ON EVERY ISP?

 “Conspiracy theorists must not be allowed to get away with the ridiculous notion that law enforcement would or even could monitor all emails” (John Abbott, Director General, National Criminal Intelligence Service) 

That's a Straw Man argument - who are the conspiracy theorists who allege this? No-one in FIPR has suggested that all e-mails could or would be monitored. However the combination of the ability to analyse patterns of association in where you go on the Net without a warrant is incredibly intrusive - almost like being able to mind-read a person, and the fact this could form the basis for obtaining a warrant to intercept (perhaps if you talk to "tagged" people or visit "tagged" sites) is Orwellian. Nothing in the RIP makes this unlawful.

 ·        The Bill does not require all internet service providers to “install a black box linked to the Security Service” which will monitor all internet traffic. This allegation is completely false. The Bill does not say it, the intercepting agencies are not asking for it, and reports of “black boxes” by the press are confused and inaccurate

Some journalists have probably said "all ISPs", but the point is that the Bill gives the Home Secretary power to require every ISP if policy changes in the future, "if it appears to him reasonable" - S.12(1)b. Who knows what the Agencies will ask for in future or what a future Home Secretary will be minded to give them - whatever happens, under RIP no further primary legislation will be needed.

·        The Bill treats interception of content (Chapter I of Part I) and the provision of communications data (Chapter II) quite separately. This is a crucial point, and one which is frequently overlooked.

Sure it treats them separately, because the Home Office isn't keen to deal with the implications that flow from the combination. The "black-boxes" (whatever you want to call them) as described in the Smith Report are technically capable of also collecting communication data. Suggest the Home Office is asked which Clause of the Bill, chapter and verse, would make it unlawful for them to be used to collect communications data directly (without even serving Notice on the ISP)?

Content

 ·        Clause 12 enables the Home Secretary to require individual communication service providers to maintain a reasonable intercept capability, by means of a notice. This notice must comply with a reasonable requirements document. Before publishing this document, there must be a consultation process involving all those the document is likely to affect; and the draft must be approved by both Houses of Parliament.

But the Home Secretary doesn't have to take a blind bit of notice of that consultation process, and technical secondary legislation will get poor scrutiny. The Government have twice refused an Opposition amendment (third time lucky on Monday 19th June ?) which would have created a "Technical Approvals Board" with teeth to vet unrealistic Home Office wish-lists, in spite of the fact that they promised in their consultation of July 99 "an independent body to provide impartial advice on how to balance the requirements of the Agencies and CSPs. This should help to ensure that any requirements are reasonable, proportionate and do not place CSPs at a disadvantage compared with their competitors" When industry made clear their distaste for the Home Office's candidate for the job - OFTEL - the idea was dropped. So much for consultation.

·        Until such a notice is received – which must fall within the terms of the requirements document – no service provider will have to do anything. Although the Law already provides for Public Telecommunications Operators to be required to maintain a basic intercept capability, only a minority are actually required to do so.

So that's the Home Office's idea of "levelling the playing field"! Who will have to comply, what are the criteria, when might they change, does it depend on the type of services you will offer....the Home Office can't say, because they don't know themselves.

·        Where, for example, an internet service provider does provide an intercept capability, any interception carried out by means of that capability will be done with the full knowledge of that provider. They will receive a copy of every warrant authorising interception.

Glad to hear that. But where in the bill (chapter-and-verse please) does it say it would be unlawful to intercept without serving the warrant on the ISP. Moreover the warrant that is served can be blank except for the name - omitting all specifics that identify the subscriber account. Curiously the government just rejected an amendment which would have rectified this anomaly, with a tremendously convincing dumb show of affecting to misunderstand its purpose

Communications Data

 ·        The Government has no plans whatsoever to require anyone to install any equipment for the provision of communications data.

Where have we heard the "no plans" formula before -  wasn't it Labour lambasting Tories for putting VAT on fuel a few years ago? But in any case, the Government doesn't need to to. The kit referred to in the Smith Report as the "passive" interception option - the "black-boxes" - will do very nicely thank you for both intercepting content and directly acquiring communications data - they see the entire flow of all data through the ISP.