BLACK BOXES
ON EVERY ISP?
“Conspiracy theorists must not be allowed to get away with the ridiculous notion that law enforcement would or even could monitor all emails” (John Abbott, Director General, National Criminal Intelligence Service)
That's
a Straw Man argument - who are the conspiracy theorists who allege this? No-one
in FIPR has suggested that all e-mails could or would be monitored. However the
combination of the ability to analyse patterns of association in where you go on
the Net without a warrant is incredibly intrusive - almost like being able to
mind-read a person, and the fact this could form the basis for obtaining a
warrant to intercept (perhaps if you talk to "tagged" people or visit
"tagged" sites) is Orwellian. Nothing in the RIP makes this
unlawful.
· The Bill does not require all internet service providers to “install a black box linked to the Security Service” which will monitor all internet traffic. This allegation is completely false. The Bill does not say it, the intercepting agencies are not asking for it, and reports of “black boxes” by the press are confused and inaccurate
Some journalists have probably said "all ISPs", but the point is that the Bill gives the Home Secretary power to require every ISP if policy changes in the future, "if it appears to him reasonable" - S.12(1)b. Who knows what the Agencies will ask for in future or what a future Home Secretary will be minded to give them - whatever happens, under RIP no further primary legislation will be needed.
·
The
Bill treats interception
of content
(Chapter I of Part I) and the
provision of communications
data
(Chapter II) quite separately. This is a crucial point, and one which is
frequently overlooked.
Sure it treats them separately, because the Home Office isn't keen to deal with the implications that flow from the combination. The "black-boxes" (whatever you want to call them) as described in the Smith Report are technically capable of also collecting communication data. Suggest the Home Office is asked which Clause of the Bill, chapter and verse, would make it unlawful for them to be used to collect communications data directly (without even serving Notice on the ISP)?
·
Clause
12 enables the Home Secretary to require individual communication service
providers to maintain a reasonable intercept capability, by means of a notice.
This notice must comply with a reasonable requirements document. Before
publishing this document, there must be a consultation process involving all
those the document is likely to affect; and the draft must be approved by
both Houses of Parliament.
But
the Home Secretary doesn't have to take a blind bit of notice of that
consultation process, and technical secondary legislation will get poor
scrutiny. The Government have twice refused an Opposition amendment (third time
lucky on Monday 19th June ?) which would have created a "Technical
Approvals Board" with teeth to vet unrealistic Home Office wish-lists, in
spite of the fact that they promised in their consultation
of July 99 "an
independent body to provide impartial advice on how to balance the requirements
of the Agencies and CSPs. This should help to ensure that any requirements are
reasonable, proportionate and do not place CSPs at a disadvantage compared with
their competitors"
·
Until
such a notice is received – which must fall within the terms of the
requirements document – no service provider will have to do anything. Although
the Law already provides for Public Telecommunications Operators to be required
to maintain a basic intercept capability, only a minority are actually required
to do so.
So that's the Home Office's idea of "levelling the playing field"! Who will have to comply, what are the criteria, when might they change, does it depend on the type of services you will offer....the Home Office can't say, because they don't know themselves.
·
Where,
for example, an internet service provider does provide an intercept
capability, any interception carried out by means of that capability will be
done with the full knowledge of that provider. They will receive a copy of every
warrant authorising interception.
Glad to hear that. But where in the bill (chapter-and-verse please) does it say it would be unlawful to intercept without serving the warrant on the ISP. Moreover the warrant that is served can be blank except for the name - omitting all specifics that identify the subscriber account. Curiously the government just rejected an amendment which would have rectified this anomaly, with a tremendously convincing dumb show of affecting to misunderstand its purpose.
· The Government has no plans whatsoever to require anyone to install any equipment for the provision of communications data.
Where have we heard the "no plans" formula before - wasn't it Labour lambasting Tories for putting VAT on fuel a few years ago? But in any case, the Government doesn't need to to. The kit referred to in the Smith Report as the "passive" interception option - the "black-boxes" - will do very nicely thank you for both intercepting content and directly acquiring communications data - they see the entire flow of all data through the ISP.