RIP: 'frailties' cause concern as the Bill makes its passage
through Parliament
What stage is the Bill at?Lord Bassam of Brighton put the Regulation of Investigatory
Powers (RIP) Bill before the House of Lords for its second reading
on 25 May. He attempted to allay the fears of businesses that
voiced objections to the new power for law enforcement, security
and intelligence agencies to demand that communication data be
decrypted.
Bassam told the House that the RIP Bill is intended to respond
to developments in modern technology and impose a regime that is
compatible with and regulated in accordance with the European
Convention of Human Rights. The goal of the RIP Bill is said to be
to make the UK the best and safest place in the world to carry out
e-commerce.
Several speakers pointed out the frailties of the Bill as it is
drafted and how it fails to meet its goals. There is a danger of
over-regulation in this area, which may prompt businesses to move
to more lenient jurisdictions. International agreement was called
for in what is, after all, an international area.
Where do the controversies lie?
There has been considerable controversy over the RIP Bill during
its passage through the House of Commons. This has focused on the
costs to operators of telecommunications systems in intercepting
and monitoring encrypted transmissions under an interception
warrant. The House of Lords called for details of the contributions
which will be made by the Government towards the cost of
compliance, prior to the passing of legislation.
The human rights issues are even more controversial and the
importance of preserving civil liberties was repeatedly stressed by
the House of Lords.
Lord Cope of Berkeley supported an amendment to list the
authorities who will be able to exercise the new powers, as
delegation of investigatory powers is inappropriate to law which
impacts on individuals and their human rights.
Lord McNally pointed out that there must be a balance between
the criminal threats posed by advances in technology and
over-intrusion. Lord Lucas stated that the principle of "innocent
until proven guilty" must be staunchly protected.
It seems that the RIP Bill will have a far from easy passage at
the committee stage, which is scheduled to take place shortly after
the summer recess.
What can you be doing now to prepare for the Bill?
IT directors and the IT industry should by now be preparing for
the Bill's implementation. This preparation may include:
- A comprehensive review of every use of encrypted technology and
detailed consideration of what the encryption is protecting and
why
- Putting procedures in place for dealing with possible enquiries
under RIP from a whole range of regulators, ranging from the police
to Customs & Excise
- Making employees aware of how to react if a request for the key
to encrypted transmissions is received (including documents signed
with an electronic signature)
- Reviewing any security or confidentiality agreements in place
with third parties that may be breached by regulators being given
the key to encryption and the potential impact of this on existing
and future commercial arrangements
- Analysing how easy it will be to comply with the regulators'
request - is appropriate tracking information to hand? Who holds
the key to encryption? Is the key in an intelligible form? What
will be the cost of compliance?
- Consideration of how the regulators may use the encrypted data
and whether the safeguards under RIP, eg that the key will not be
misused, are sufficient
What could non-compliance mean to you?
Failure to provide the key to encrypted data will be a strict
liability criminal offence carrying a maximum penalty of two years
imprisonment and/or an unlimited fine. Both individuals and
companies can be held liable, so preparation should not be
underestimated.
For further information or advice please contact Jane Rawlings
at DLA on 08700-111 111 or jane.rawlings@dla.com