Banks snub bill to spy on IT data

David Bicknell

The Government's interception measures in its proposed Regulation of Investigatory Powers Bill (RIP) are set for...

David Bicknell

The Government's interception measures in its proposed Regulation of Investigatory Powers Bill (RIP) are set for behind-the-scenes criticism from City banks keen to fight off too much red tape.

Although the RIP bill has had its second reading in Parliament, many of the measures contained in it will be introduced by secondary legislation, which will require minute dissection by the computer and other industries, as well as by civil liberties lobbyists.

At a briefing to launch new payment systems in London last week, bank officials admitted that spending time developing their e-commerce solutions had meant thay had "taken their eye off the ball".

"The RIP is a 'submarine' bill, and we need to get to grips with it," said one senior bank executive specialising in e-commerce.

"We will not be saying anything publicly, but you can assume we will be talking to the government through normal channels. There are parts of this bill that worry us."

High on the list of concerns for some legal specialists are procedures in the bill that effectively force an individual to prove they have "lost" a decryption key if they are unable to provide it on demand to law enforcers.

Although the Home Office says the burden of proof for the defendant will be on the prosecution, campaigners insist that individuals cannot "prove a negative".

The issues were due to be debated at a public meeting yesterday by a string of security specialists, to which Home Office Minister Charles Clark has promised a reply. He has already told the UKcrypto discussion group that the planned decryption measures are "not draconian". He added that accusations that the bill reverses the burden of proof are "simply wrong".

Meanwhile, the Home Office has denied reports that it will fund Internet service providers' compliance costs for the bill, in contradiction of earlier statements that it would not.

Nicholas Lansman, secretary general of the Internet Services Providers Association, said discussions had already been continuing "for some time" with the Home Office on what would be fair both for large and small ISPs.

He insisted it was not only the technology costs that had to be discussed, but also the necessary intrusion into management time in delivering investigatory powers at law enforcers' requests.

Read more on IT risk management