The confusion and consternation surrounding the Regulation of
Investigatory Powers Act (RIPA) shows no sign of abating. Now,
Computer Weekly has learnt that the Home Office is to instigate two
consultations to iron out some of the inconsistencies that are
currently hobbling the Act.
First, the Home Office intends to enter into consultation to decide
which government agencies should be able to access data for
purposes of national security, under the terms of the Act. Second,
it is seeking to finalise a voluntary code of practice for
communications service providers on storing e-mail and telephone
data - this, despite the fact that the providers themselves have
already made it clear that they will reject such a code.
The Home Office is right to act to clarify this unpopular law.
Clearly, an Act that gives the police and other government
organisations the right to access details of telephone, e-mail and
Web communications must be carefully framed if it is not to breach
the fundamental principles of human rights.
But the arguments over RIPA are not limited to the civil liberties
lobby. The Act will have direct repercussions for the work of many
IT directors. Under the legislation, any business with a
significant e-commerce operation could find itself on the receiving
end of an order demanding disclosure of data about its customers.
IT directors will need to know how to respond - and to do this the
legislation needs to be clear and unambiguous.
Legal opinion that was recently sought by the UK's information
commissioner, Elizabeth France, points out that although the code
requires providers to retain data for purposes of national security
and anti-terrorism, in practice, police and government agencies
with access to this data are able to easily take advantage of RIPA
to mine it for other, more mundane purposes, such as investigating
benefit or tax fraud.
The waters are muddied further by the fact that some government
agencies are currently making use of a series of other existing
laws to access Internet and phone details being retained as a
result of RIPA. None of these laws require agencies to work
according to the safeguards of RIPA codes of conduct or under the
oversight of the Government's Interception Commission.
In other words, a host of government bodies are enjoying free reign
to access private data, thanks to a raft of overlapping laws and a
lack of legislative clarity.
We applaud the Government's efforts to bring transparency to this
unsatisfactory situation. But there must be no halfway house.
Nothing less than a top-down reappraisal of any and all laws
pertaining to the accessing of public data will suffice, if
communications service providers and the companies and individuals
they serve are to be assured that their human rights to privacy
remain intact.
RIPA must state clearly and unambiguously which agencies are
entitled to access what data, and under what circumstances. And any
other miscellaneous UK laws that pertain to the retention of public
communications data must be dovetailed into RIPA, closing any
loopholes through which public bodies are currently clipping in
order to scrutinise data for purposes other than national security.