What the hell is… the UK's RIP Bill
What's with all the fuss about the Blair Net Project?
The UK Government's Regulatory Investigatory Powers (RIP) Bill goes before Select Committee in the House of Commons today and in a little more than six months it could be enshrined in law. But with 30 amendments tabled against it and an angry mob of opponents waiting to string it up, RIP has become better known for the widespread - and some might say kneejerk - reaction people have had to it, rather than for its aims and content.
Civil liberties groups, individual Net users and politicians from all the major UK parties are banding together to decry what is being labelled a Snoopers Charter. But just what is all the fuss about? The Blair administration has been slammed by many for its cronyism and control freakery, so is this just another example of Big Brother Blair wanting to watch over you at all times?
To become an accepted part of everyday life, and not just the place to go for cyberporn, e-fraud and to pick up your email, the Internet will have to appeal to a broader cross-section of the general public. Ecommerce, for example, will never thrive in a world where the majority of potential users and customers are too scared to part with their credit card details in case they get ripped off. The not-so-wired public need to feel confident about the Internet. This is all part of the natural evolution that all things go through when they achieve popularity. The days of the WWW Wild West are numbered.
So, what does the Bill propose and why are so many people objecting to it. The Bill describes itself as: "A Bill to make provision for and about the interception of communications, the acquisition and disclosure of data relating to communications, the carrying out of surveillance, the use of covert human intelligence sources and the acquisition of the means by which electronic data protected by encryption or passwords may be decrypted or accessed; to provide for the establishment of a tribunal with jurisdiction in relation to those matters, to entries on and interferences with property or with wireless telegraphy and to the carrying out of their functions by the Security Service, the Secret Intelligence Service and the Government Communications Headquarters; and for connected purposes."
Lots of spooky terms in there - "covert human intelligence sources" translates as spies - but in essence this is all about setting down a legal framework within which electronic communications are treated no differently from telephone tapping and intercepting mail (as in the paper stuff). Some people will throw their hands in the air at the very thought of any this but cracking down on the illegal use of the Internet by terrorists, perverts and organised criminals may be considered by many to be A Good Thing.
One size fits all
However, the Bill falls down - and in a big way - in the details. Or lack of them. It is vague on practicalities, and how permission to access private communication will be granted. ISPs will be obliged by law to have the facilities to log and monitor all the online activities of their users. But the Bill doesn't specify how this will be done.
And while there is talk of the Government reimbursing hardware costs with regard to monitoring, it doesn't make provision for the massive increase in overheads this will bring.
The Bill is also very vague in parts and can be interpreted in such a way that much of it becomes nonsensical. For example, it defines who will be covered by the Bill when it becomes law: "a person who provides a postal service, or b) a person who provides a public telecommunications service, or c) a person not falling within paragraph b) who has control of the whole or any part of a telecommunications system located wholly or partly in the UK."
ISPs, mobile phone companies, WAP service providers, news servers and so on all fall under the term "telecommunications service". Look at that definition again - it could mean anyone.
One of the Bill's fiercest critics is the organisation Stand. This is what Stand has to say on this point: "You're no longer using an ISP to connect to the Net. You're using the ISP's public telecommunication system."
The Bill also makes it an offence for you to be told that a surveillance warrant has ever been issued against you. That offence exists in perpetuity - there is no expiry date, you can never be told. And should anyone ever tell you they risk a prison sentence.
Someone to watch over me
Ah yes, you may be thinking, I live in a liberal democracy - the security forces can't just go round snooping on people willynilly. Well, guess again. Here's what the Bill says about surveillance warrants. There are four main justifications given by the bill for issuing a warrant:
a) national security interests,
b) to prevent or detect serious crime,
c) to safeguard the UK's economic well being
d) for the purpose, in circumstances appearing to the Secretary of State to be equivalent to those in which he would issue a warrant by virtue of paragraph (b), of giving effect to the provisions of any international mutual assistance agreement.
And there's a list as long as your arm of those people who can issue the warrant against you - from senior police officers to "any such other personas the Secretary of State may by order designate".
Reading between the lines, the Bill says that the Home Secretary can - for any reason - issue a warrant against anyone, and that anyone with the Home Secretary's permission can do likewise. Don't forget, you'll never know if information has been gathered about you, what it was used for and so on.
As it stands, reader Simon Batistoni writes , The RIP Bill contains one truly frightening basic assumption: if you have stored on your computer any form of encrypted message, you will be forced on request by the police to hand over the necessary keys t decrypt this data. If you do not have the keys, YOU MUST PROVE THAT YOU HAVE NEVER BEEN IN POSSESSION OF THEM, or you could be subject to a two-year jail term.
The principle of the police being able to view encrypted data, so that they can nail paedophiles, drug dealers, etc, has some genuine merits.
The flaw in this measure, however, is that the recipient/possessor of encrypted data is guilty, until proven innocent, something which destroys the entire foundation of our legal system. What's more, it is impossible to prove that you never had something.
As it stands, the measures in the Bill could be applied to a PGP-encrypted signature on an email, currently used by many as a reliable means of identity verification.
Theoretically, the innocent father of a suspect under
surveillance, who receives an email from his son containing the standard encrypted signature, could fall under the scope of this RIP Bill; he could be jailed for failing to reveal the contents of the encrypted data.
Ostriches need not apply
Small wonder that there is so much opposition to the Bill. There are many more examples of the above thinking running throughout the Bill, such as the loophole that could mean you have to keep tabs on yourself but can never let yourself know, otherwise you end up in prison. Stand has done a much more comprehensive job of examining RIP than The Register is able to do and its site is well worth a visit.
Don't be fooled into thinking that your Government will always have your best interests at heart, because that's not the way of Governments. But at the same time, don't assume that any attempt to regulate the Internet is an invasion of rights and freedoms - freedom without responsibility is, after all, little more than latent tyranny. We will all be affected by the RIP Bill when it becomes law - as it almost certainly will, in some form or another. So now is the time to find out a little more about it and decide where you stand, because in another six months it could all be too late. ®
Sponsored: Becoming a Pragmatic Security Leader