We told you the Regulation of Investigatory Powers (RIP)Act was a
bad idea and now here's the proof. The Association of Chief Police
Officers (ACPO) has called on the Government to legislate for
blanket storage of all digital communications for seven years.
ACPO's leaked document has civil liberties campaigners hopping
mad, and represents yet another blow for those who thought the Data
Protection Commission would be a guardian of our digital
privacy.
Yet again the business issues are enormous. The report reveals
that organised crime is so sophisticated that it uses mainstream
business methods. So corporate IT users must now have their
business-critical data stored - possibly by a PFI-funded
outsourcing company - to satisfy law enforcement.
In the run-up to the RIP legislation there was much public
debate among the law enforcement agencies in the G8 countries about
the problems of 90-day "freeze and store" orders.
Internet service providers didn't like them and neither did the
cybercops: they were costly, disruptive and opened the prosecution
case to question, because of the selective nature of the tapping
order.
The UK's law enforcement agencies want to get around this
problem with the blanket storage of all data. That is, your
business data: every phone call a sales person makes; every e-mail
message an employee sends; every audit trail a Web-site user
leaves. And not only yours. All communications terminating in the
UK are to be given the seven-year storage treatment.
Yet the same report reveals that digital crime is, in fact,
minuscule. The main use of crimebusting data at present is to
pinpoint suspects' mobile phone use and establish evidence of
criminal networks.
One telling figure in the report is the 36% by which police
requests for cybertapping dropped once telcos introduced a nominal
charge for data access. The cybersleuths moved to a more
"intelligence-led" approach - which only makes us ask what they
were doing before.
It is not ultimately a question of cost, but of confidence. To
be really fair to defendants, the stored data should be trawlable
by them as well as prosecution. And the idea is that defence
lawyers will have the right to look at stored data.
It will be your stored data. And whether the court case involves
individual or business crime, your customers' and business
partners' confidence in your ability to protect their data must be
called into question.
The cybersleuths' seven-year data storage itch is not the main
problem. It is probably the most cost-effective technical solution
to the requirements of the RIP Act.
The problem lies with the RIP Act itself. It will damage the UK
as an e-business destination and undemine confidence in
confidential data. It should be scrapped.