REGULATION OF INVESTIGATORY POWERS BILL

I am writing on behalf of the Operational Research Society as requested by its Council at its meeting on June 8^th. The Society is extremely concerned about the RIP Bill which is under discussion in parliament. The Society’s members include skilled mathematical and statistical analysts, some having considerable expertise in cryptography and others being designers and analysts of supply chains based on e-commerce. We agree that there is a need to protect national security and to limit the opportunities available to criminals on the Internet, but we do not think that the RIP Bill is the way to go about it.

Since the June Council meeting I have heard on the news media that interception of Internet transmissions will need the specific authority of the Home Secretary. Whilst this is welcome news, it does not go far enough. For reasons that I spell out below, we think it best that the RIP Bill be withdrawn.

We have four specific concerns.

We think it wrong to require the recipients of encrypted messages to hand over their decryption keys when required to do so by enforcement agencies. This will place business organisations, especially multi-national companies, in a very difficult position, since they will no longer be able to rely on the security of the their messaging systems. No other Western nation proposes such powers, which seem an invitation for these businesses to move their electronic bases elsewhere. It will also place in an impossible position those members of the Operational Research Society, especially consultants, who receive confidential data via the Internet and who are contractually obliged not to divulge their decryption keys.

We are astonished that a possible reason for requesting such keys might be a potential threat to the economic well-being of the UK. We simply cannot understand how this could be justified, given the nature of modern trade and business relationships and the need to engage with organisations around the world. This proposal will, it seems to us, greatly reduce the possibility that the UK will be a major player on the Internet and in e-commerce and may cause businesses to source their consultancy from outside the UK.

Thirdly, we are concerned about the civil liberties implications for recipients of encrypted messages. The proposals seem to us to suggest that such people will be regarded as guilty until proved innocent, and we find this very worrying indeed. We are not convinced by promises that such powers will not be used. If they will not be used, they should not be included in the Bill.

Finally, I am told that is rather simple to devise means of transmitting information via the Internet in ways that will render both sender and recipient untraceable, even without the use of encryption. Thus, the Bill may well prove ineffective in deterring the determined criminal and in protecting national security, whilst still threatening civil liberties and risking the UK’s future role in e-business. Thus, we believe that the RIP Bill should be withdrawn.

If the Society can be of help in improving a subsequent Bill, we would be delighted to do so.

Yours sincerely,

Professor Michael Pidd

President, Operational Research Society.