EU legal threat stirs Home Office on interception opt-ins

People who use the internet may have greater protection from electronic eavesdroppers following a consultation on changes to the Regulation of Investigatory Powers Act (RIPA).

People who use the internet may have greater protection from electronic eavesdroppers following a consultation on changes to the Regulation of Investigatory Powers Act (RIPA).

The Home Office recommendations include an explicit opt-in for information exchanged between a sender and receiver to be intercepted by a third party, and a civil sanction for "unintentional" breaches.

The changes arise from complaints that Phorm, which makes web advertisement-serving technology, bases its selection of ads on the illegal tracking of web browsers' online behaviour. BT was condemned for testing Phorm twice without first telling its internet customers.

Complaints were escalated to the European Commission, which said that the UK's implementations of the EU's data protection and e-privacy directives were flawed.

Announcing the consultation, the Home Office said the commission had received complaints alleging that "some communication service providers (CSPs) were deploying new value-added or advertising services which relied on interception, without seeking the appropriate consent from users".

"Having considered the issues raised by the commission, the UK has agreed to make some changes to address the concerns raised, the Home Office said.

The commission said the UK's implementations were flawed because the existing offence of unlawful interception in RIPA addressed only intentional unlawful interception; and where both parties consented to an interception, making the interception lawful within the meaning of s.3(1) of RIPA, the meaning of "consent" did not reflect that set out in the data protection directive.

Jim Killock of privacy activists the Open Rights Group, said the Home Office had been forced to change UK law following the Phorm case, to ensure that citizens are properly protected against private interception.

Killock said that the Home Office has mishandled the issue from start to finish, and that even the present consultation was in breach of guidelines as it called for replies by 7 December, giving a deadline of just four weeks rather than the recommended 12.

"ISPs, with a commercial interest at stake, have however been fully informed, we are told," he said.

"The consultation is about a very serious matter. What rights should we have as citizens to take legal action against people who intercept our communications? Should criminal as well as civil charge be available? Who should investigate?", he said.

Describing Home Office actions as "botches", he said, it gave incorrect legal advice to BT and Phorm during the Phorm trials in stating that the interception their system involved was legal.

"Officials then denied that their advice was in fact legal advice," he said. "They then failed to act when it there was evidence that illegal trials took place."

The Home Office then failed to act when European information commissioner Vivian Reding threatened legal action in 2009, despite reviews of RIPA taking place under Labour and the new government.

"Now they have finally been forced to take action, and they have brushed the review under the carpet, with inadequate time for consultation," Killock said.

"The coalition (government) promised to protect our privacy against the surveillance state. They now need to get a grip of Home Office officials before further botches are made," he said.

Read more on IT legislation and regulation