Privacy dossier: Britse regering breekt in email

[Hein van Meeteren]

REPLY TO: D66 at nic.surfnet.nl

Uit de New York Times:

July 19, 2000

British Authorities May Get Wide Power to Decode E-Mail
By SARAH LYALL
LONDON, July 18 --

As the Clinton administration formally enters the debate about law
enforcement surveillance in   cyberspace, the British government is
about to enact a law that would give the authorities       here broad
powers to intercept and decode e-mail messages and other communications
between companies, organizations and individuals.

The measure, which goes further than the American plan unveiled on
Monday in Washington, would make Britain the only Western democracy
where the government could require anyone using the Internet to turn
over the keys to decoding e-mails messages nd other data.

Such a measure would be an important tool for the government because
data is increasingly being encrypted for reasons of  security and
privacy. Despite a barrage of criticism from all sides, the bill is
likely to become law as it passes through its final stage in the House
of Lords and returns to the House of Commons next week because the Labor
government, which offered the plan, holds a wide majority in Parliament.

Government officials maintain that the measure is essential if law
enforcement agencies are to combat the sophisticated modern crime that
is enhanced by access to the Internet, including pedophilia, drug
smuggling, money laundering, terrorism and trafficking in refugees.

"The powers in the bill are necessary and proportionate to the threat
posed by 21st century criminals, no more, no less," Charles Clarke, the
Home Office official in charge of the bill,    said last week.

But the measure has had a rocky time in Parliament, where lawmakers have
vehemently objected to several provisions, including one that would give
the government new powers to require Internet service providers to
install "black box" surveillance systems that would sort and send a
range of data and e-mail to a monitoring center controlled by the
domestic security service, M.I.5.

Such systems are also being used in the United States by the Federal
Bureau of Investigation, where the technology is known as Carnivore
because it is able to extract the "meat" quickly      from vast
quantities of e-mail messages and other communications between
computers.

But one major difference in the British measure is that the authorities
here would be able to require companies to install and maintain the
black boxes at their own expense and according to technological
specifications set out by the government.

In addition, to justify such surveillance, the authorities would not be
obligated to take elaborate steps to persuade an independent arbiter
like a court that a crime had probably been   committed.

In contrast to the United States, Britain has a tradition of unfettered
and often uncontested intrusion by the authorities into citizens'
privacy,

In the United States, the F.B.I. must first obtain a search warrant
before using the Carnivore technology, which is then installed and
maintained by the bureau.

Under the British plan, failure to turn over a decryption key or to
convert encrypted data or messages into plain text could result in a
two-year prison sentence. Although many nations are   considering
similar bills to deal with encrypted data, only Singapore and Malaysia
have so far enacted them.

The legislation would allow the British government to tap into and
monitor electronic communication for a host of reasons, including to
protect national security, to "safeguard the country's well-being," and
to prevent and detect serious crime. That last, far-reaching category
might include, for instance, "a large number of persons in pursuit of a
common purpose."

The measure would not require traditional warrants signed by judges.

Instead, warrants for e-mail surveillance would have to be signed by the
home secretary, who controls a range of domestic and legal matters.
Other officials, including high-ranking police  officers, would be
empowered to approve requests for encryption keys.

The effect of this part of the bill "can justifiably be described as
mass surveillance of Internet activities without judicial warrant or
adequate oversight," according to a report prepared for the British
Chambers of Commerce by a team of professors at the London School of
Economics and University College London.

Opponents of the measure in Britain represent an extraordinarily diverse
interests, ranging from trade unions and Amnesty International to
representatives of big business and newspapers across the political
spectrum. Not only does the bill violate basic civil liberties, they
argue, but it would also impose onerous costs on Internet service
providers, subject them to anti-competitive  restraints, and drive
business out of Britain.

"This is Big Brother government realizing that unless they get their act
together, technology is going to make them impotent by allowing
individuals to bypass the regulations, and the spies, of he state," said
Ian Angell, professor of information systems at the London School of
Economics and a consultant on the recent report.

"I'm a supporter of the police, and I believe they should be given
powers, but there has to be due process, and this bill doesn't provide
that," Mr. Angell said. "They'll be allowed to go on fishing
expeditions."

It is not yet clear how much the measure will cost. The government has
put aside 20 million pounds, or $30 million, to help businesses set up
the new technology, but as it stands now, Internet service providers
themselves would bear most of the costs of the "black boxes" themselves.
This provision is roughly akin to asking "manufacturers to pay for the
police cars   the Home Office provides to the police," said William
Roebuck, an executive on the legal advisory group at the E-Center, a
trade association that studies standards and practices in e-commerce.
The London School of Economics report estimated that the measure would
cost British business some 640 million pounds, or $960 million, over the
next five years, a figure that could rise to 46 billion, or $69 billion,
when opportunity costs and losses from the economy are included. But Mr.
Roebuck said it was impossible to tell what the final figure would be.

"If Internet service providers are made to take on board the costs, then
the costs will be put through to the consumer," he  said. "What's going
to happen is that companies are going to       reroute everything away
from the U.K. and take their business abroad."

Among the companies that have already said the measure would make them
reluctant to do business here is Poptel, one of Britain's oldest
Internet service providers. Poptel serves the nonncommercial sector --
charities, trade unions, lobbying organizations and the like -- and many
of its members have serious concerns about the bill's implications.

"There are a number of our users who come into quite egitimate conflict
with the government," said Shaun Fensom, Poptel's chairman, who said he
might transfer some of the company's operations offshore. "They are
concerned that the government could classify some of their legitimate
activity as being snoopable. My feeling is that they will want access to
at least some kind of secure e-mail facility."  Some critics are
charging that the measure has been sloppily and hastily drawn up to give
the government as broad latitude as possible.

"What this does is contravene a large number of fundamental rights in
the European convention on human rights and other international
standards, which include the right to privacy, the right to liberty, the
right to freedom of expression and the right to freedom of association,"
said Halya Gowan, a researcher at Amnesty International in London.  "As
a human rights organization, our work is based on the confidentiality of
statements we take from opponents of governments around the world who
are possibly victims of human rights violations by these governments,"
she said. "But  under this bill, we won't be able to guarantee
confidentiality anymore."

The measure, known as the Regulation of Investigatory Powers Bill, or
R.I.P., is an effort to extend a 1985 law setting out the government's
powers to intercept and monitor communications    across telephone lines
to a host of modern technologies, including e-mail, Web sites, pagers
and cell phones.  As it happens, said Mr. Roebuck of the E-Center, the
government has already quietly been doing many of the things it will now
be legally allowed to do. "They've already been doing  covert
surveillance, covertly intercepting e-mail," he said. "This gives them a
legal basis to do so." And the government agrees, in effect, saying it
is merely setting out in law the parameters for what it has been doing
informally anyway. "The bill is an important one which does not
substantially increase the powers available to the law enforcement and
security agencies but will make the U.K. a better and safer place to
live for all," Mr. Clarke told The Daily Telegraph.

Some groups say that although they disagree with the nuts and bolts of
the bill, they are encouraged that the government is, at last, trying to
establish a legal framework for its surveillance activities.

"Generally, people should welcome the bill because it provides some kind
of system of  accountability for interferences with privacy where there
hasn't been in the past," said John    Wadham, the director of Liberty,
a civil liberties group.

But that is not good enough, said Conor Gearty, a professor of human
rights law at King's College London. "The British authorities have a
history of engaging in activities outside the law which inflict on
people's privacy or otherwise affect their liberties, and then suddenly
saying that the time has come to bring the law into line with practice,"
he said.

**********
Dit bericht is verzonden via de informele D66 discussielijst (D66 at nic.surfnet.nl).
Aanmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SUBSCRIBE D66
Afmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SIGNOFF D66
Het on-line archief is te vinden op: http://listserv.surfnet.nl/archives/d66.html
**********