Business is ignorant of Governmentcyber sleuthing

British businesses are still dangerously ignorant of the potential impact of the government Regulation of Interceptory Powers...

British businesses are still dangerously ignorant of the potential impact of the government Regulation of Interceptory Powers (RIP) Act.

The RIP Act provoked a storm of controversy as it worked its way through the legislative process with businesses complaining about the costs of its implementation and civil liberties groups raising privacy concerns.

The act significantly widened the circumstances in which the state can intercept electronic communications and also increased the number of organisations that can apply to intercept communications.

However, almost two years after it received Royal Assent, many businesses lack the most basic understanding of the act and few have prepared for the consequences of being caught up in its tentacles.

Just 14% of UK plcs are aware of the act and of these and only half have taken measures to cope with the consequences having to comply with an approach by investigatory authorities, according to a survey of 100 senior managers at UK PLCs by law firm Nabarro Nathanson.

The law firm also surveyed 100 Internet service providers and found an astonishing 61% of ISPs were unaware of the RIP act.

Dai Davis, technology lawyer with Nabarro Nathanson, told "IT professionals and ISPs might say the figures in this survey are ridiculous, but they point to a very real problem. Some one in your organisation will know about the RIP Act but are they the right person?"

The initial focus on business problems with the RIP Act meant people have ignored the fact that the act is enforced through individuals not organisations, said Davis.

"Everyone assumes that if an RIP Act notice is served on a company the organisation can determine what is to be done. That is nonsense," said Davis.

The Act requires employees not to tell their employers if they are called on to hand over "private keys which unlock encrypted information belonging to customers or employees of the organisation.

Davis said this raised potential problems if the authorities approached the wrong person in the organisation or if the right person lacked the authority to act. With the act implying that in-house lawyers would be unable to offer advice, Davis said: "Organisations have got to plan in advance and notify staff what to do if they are approached under the RIP Act".

Read more on IT risk management