What the hell is… the UK's RIP Bill

What's with all the fuss about the Blair Net Project?

  • alert
  • submit to reddit

High performance access to file storage

The UK Government's Regulatory Investigatory Powers (RIP) Bill goes before Select Committee in the House of Commons today and in a little more than six months it could be enshrined in law. But with 30 amendments tabled against it and an angry mob of opponents waiting to string it up, RIP has become better known for the widespread - and some might say kneejerk - reaction people have had to it, rather than for its aims and content.

Civil liberties groups, individual Net users and politicians from all the major UK parties are banding together to decry what is being labelled a Snoopers Charter. But just what is all the fuss about? The Blair administration has been slammed by many for its cronyism and control freakery, so is this just another example of Big Brother Blair wanting to watch over you at all times?

Growing pains

To become an accepted part of everyday life, and not just the place to go for cyberporn, e-fraud and to pick up your email, the Internet will have to appeal to a broader cross-section of the general public. Ecommerce, for example, will never thrive in a world where the majority of potential users and customers are too scared to part with their credit card details in case they get ripped off. The not-so-wired public need to feel confident about the Internet. This is all part of the natural evolution that all things go through when they achieve popularity. The days of the WWW Wild West are numbered.

So, what does the Bill propose and why are so many people objecting to it. The Bill describes itself as: "A Bill to make provision for and about the interception of communications, the acquisition and disclosure of data relating to communications, the carrying out of surveillance, the use of covert human intelligence sources and the acquisition of the means by which electronic data protected by encryption or passwords may be decrypted or accessed; to provide for the establishment of a tribunal with jurisdiction in relation to those matters, to entries on and interferences with property or with wireless telegraphy and to the carrying out of their functions by the Security Service, the Secret Intelligence Service and the Government Communications Headquarters; and for connected purposes."

Lots of spooky terms in there - "covert human intelligence sources" translates as spies - but in essence this is all about setting down a legal framework within which electronic communications are treated no differently from telephone tapping and intercepting mail (as in the paper stuff). Some people will throw their hands in the air at the very thought of any this but cracking down on the illegal use of the Internet by terrorists, perverts and organised criminals may be considered by many to be A Good Thing.

One size fits all

However, the Bill falls down - and in a big way - in the details. Or lack of them. It is vague on practicalities, and how permission to access private communication will be granted. ISPs will be obliged by law to have the facilities to log and monitor all the online activities of their users. But the Bill doesn't specify how this will be done.
And while there is talk of the Government reimbursing hardware costs with regard to monitoring, it doesn't make provision for the massive increase in overheads this will bring.

The Bill is also very vague in parts and can be interpreted in such a way that much of it becomes nonsensical. For example, it defines who will be covered by the Bill when it becomes law: "a person who provides a postal service, or b) a person who provides a public telecommunications service, or c) a person not falling within paragraph b) who has control of the whole or any part of a telecommunications system located wholly or partly in the UK."

ISPs, mobile phone companies, WAP service providers, news servers and so on all fall under the term "telecommunications service". Look at that definition again - it could mean anyone.

One of the Bill's fiercest critics is the organisation Stand. This is what Stand has to say on this point: "You're no longer using an ISP to connect to the Net. You're using the ISP's public telecommunication system."

The Bill also makes it an offence for you to be told that a surveillance warrant has ever been issued against you. That offence exists in perpetuity - there is no expiry date, you can never be told. And should anyone ever tell you they risk a prison sentence.

Someone to watch over me

Ah yes, you may be thinking, I live in a liberal democracy - the security forces can't just go round snooping on people willynilly. Well, guess again. Here's what the Bill says about surveillance warrants. There are four main justifications given by the bill for issuing a warrant:
a) national security interests,
b) to prevent or detect serious crime,
c) to safeguard the UK's economic well being
d) for the purpose, in circumstances appearing to the Secretary of State to be equivalent to those in which he would issue a warrant by virtue of paragraph (b), of giving effect to the provisions of any international mutual assistance agreement.

And there's a list as long as your arm of those people who can issue the warrant against you - from senior police officers to "any such other personas the Secretary of State may by order designate".

Reading between the lines, the Bill says that the Home Secretary can - for any reason - issue a warrant against anyone, and that anyone with the Home Secretary's permission can do likewise. Don't forget, you'll never know if information has been gathered about you, what it was used for and so on.

Taking Liberties

As it stands, reader Simon Batistoni writes , The RIP Bill contains one truly frightening basic assumption: if you have stored on your computer any form of encrypted message, you will be forced on request by the police to hand over the necessary keys t decrypt this data. If you do not have the keys, YOU MUST PROVE THAT YOU HAVE NEVER BEEN IN POSSESSION OF THEM, or you could be subject to a two-year jail term.

The principle of the police being able to view encrypted data, so that they can nail paedophiles, drug dealers, etc, has some genuine merits.

The flaw in this measure, however, is that the recipient/possessor of encrypted data is guilty, until proven innocent, something which destroys the entire foundation of our legal system. What's more, it is impossible to prove that you never had something.

As it stands, the measures in the Bill could be applied to a PGP-encrypted signature on an email, currently used by many as a reliable means of identity verification.

Theoretically, the innocent father of a suspect under
surveillance, who receives an email from his son containing the standard encrypted signature, could fall under the scope of this RIP Bill; he could be jailed for failing to reveal the contents of the encrypted data.

Ostriches need not apply

Small wonder that there is so much opposition to the Bill. There are many more examples of the above thinking running throughout the Bill, such as the loophole that could mean you have to keep tabs on yourself but can never let yourself know, otherwise you end up in prison. Stand has done a much more comprehensive job of examining RIP than The Register is able to do and its site is well worth a visit.

Don't be fooled into thinking that your Government will always have your best interests at heart, because that's not the way of Governments. But at the same time, don't assume that any attempt to regulate the Internet is an invasion of rights and freedoms - freedom without responsibility is, after all, little more than latent tyranny. We will all be affected by the RIP Bill when it becomes law - as it almost certainly will, in some form or another. So now is the time to find out a little more about it and decide where you stand, because in another six months it could all be too late. ®

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
prev story


Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.