Feeds

UK.gov closes wiretap loopholes after Phorm row

Race to avoid millions in fines

Next gen security for virtualised datacentres

The Home Office is scrambling to close loopholes in wiretapping law, revealed by the Phorm affair, ahead of a potentially costly court case against the European Commission.

It is proposing new powers that would punish even unintentional illegal interception by communications providers.

Officials in Brussels are suing the government following public complaints about BT's secret trials of Phorm's web interception and profiling technology, and about the failure of British authorities to take any action against either firm.

The government has now issued a consultation document proposing changes to the Regulation of Investigatory Powers Act (RIPA) that will mean customer consent for interception of their communications must be "freely given, specific and informed", in line with European law. RIPA currently allows interception where there is only "reasonable grounds for believing" consent is given.

The Commission's attention focused on this loophole after City of London Police declined to investigate the trials in 2008, saying "there would have been a level of implied consent from BT's customers in relation to the tests, as the aim was to enhance their products".

Despite police uninterest, the Crown Prosecution Service is considering criminal charges, following a private complaint. Legal experts, including from the Foundation for Information Policy Research, disputed the police claim there was "implied consent", particularly given internal BT documents obtained by The Register referred to the trials as "stealth" activity.

Further, informal advice written for BT by a Home Office official after the trials said user consent was required to make the system legal under RIPA. The CPS is due to report its decision on prosecution this month.

The European Commission's case against the government is however also based on the requirement under RIPA that for an offence to be committed, interception must be "intentional".

"EU law requires Members States to prohibit and to ensure sanctions against any unlawful interception regardless of whether committed intentionally or not," it said in September. There is no doubt the interception carried out by Phorm and BT was intentional, but the resulting controversy led Brussels to investigate related failings in UK privacy law.

The Home Office consultation proposes to create a new civil sanction against unintentional interception. The Interception of Communications Commissioner (IoCC), a former High Court judge who currently only regulates wiretapping by the intelligence agencies, would get new powers to act against ISPs and telephone operators.

Under the proposed regime, the IoCC would be able to fine firms guilty of unintentional wiretapping up to £10,000 and serve enforcement notices on them to stop.

Officials considered making all unauthorised interception a criminal offence, but rejected this option on grounds it would place a burden on the criminal justice system.

"This has significant advantages: it means that the process for dealing with the more minor cases of unintentional unlawful interception by providers can be allocated to a specialist body with statutory responsibility for oversight of this area," they wrote.

"This should make the enforcement process more streamlined and reduce the administrative burden on the police, the CPS and courts."

Intentional unlawful interception will remain a criminal offence under the proposed amendments to RIPA, punishable by a prison sentence of up to two years. This is the offence that prosecutors are considering charges under with respect to BT and Phorm's secret trials.

The Home Office document is available here. The unusually short consultation closes 7 December.

The haste is understandable. If the European Commission's case goes to the European Court of Justice in Luxembourg, and the government loses, the British taxpayer would face fines of millions of pounds per day until the legal loopholes are closed. ®

Boost IT visibility and business value

More from The Register

next story
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Canadian ISP Shaw falls over with 'routing' sickness
How sure are you of cloud computing now?
Don't call it throttling: Ericsson 'priority' tech gives users their own slice of spectrum
Actually it's a nifty trick - at least you'll pay for what you get
Three floats Jolla in Hong Kong: Says Sailfish is '3rd option'
Network throws hat into ring with Linux-powered handsets
Fifteen zero days found in hacker router comp romp
Four routers rooted in SOHOpelessly Broken challenge
New Sprint CEO says he will lower axe on staff – but prices come first
'Very disruptive' new rates to be revealed next week
PwC says US biz lagging in Internet of Things
Grass is greener in Asia, say the sensors
Ofcom sees RISE OF THE MACHINE-to-machine cell comms
Study spots 9% growth in IoT m2m mobile data connections
O2 vs Vodafone: Mobe firms grab for GCHQ, gov.uk security badge
No, the spooks love US best, say rival firms
Ancient pager tech SMS: It works, it's fab, but wow, get a load of that incoming SPAM
Networks' main issue: they don't know how it works, says expert
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.