Home Office rethinks e-mail snooping law

The Home Office is consulting with security and privacy experts over controversial proposals to give public sector bodies access...

The Home Office is consulting with security and privacy experts over controversial proposals to give public sector bodies access to e-mail, Web and phone traffic amid concerns in government circles that the anti-terrorist legislation passed after 11 September fails to meet law enforcement agency needs.

Government officials aim to identify the main privacy and human rights concerns raised by critics of the communications monitoring powers, with a view to putting forward potential solutions in a public consultation exercise scheduled for early next year.

The move could lead to a major re-think of government policy and follows a public outcry in June when home secretary, David Blunkett, was forced to retreat from plans to extend e-mail and Internet monitoring powers from law enforcement agencies to a wide range of government bodies.

The Home Office plans to use a second, wider public consultation, expected in January, to set out a case for government bodies, such as trading standards or environmental health, to have access to communications data for investigating crime or Internet-based frauds.

The consultation will also sound out public opinion on propoals to require phone and Internet companies to store records of e-mails, phone calls and Web traffic for up to a year, where they do not already do so for business reasons.

Early feedback to the Home Office, collected by officials from the UKCrypto news group, suggests that critics would be willing to accept monitoring provided that any intrusion is proportionate, that it is governed by judicial warrant, at least in some cases, that there are clear sanctions for anyone abusing the powers and there is generally greater public accountability and openness.

The Home Office is understood to be considering a range of options designed to make monitoring powers more acceptable, including requiring government agencies to go to a central agency to obtain communications data, rather than having direct access themselves.

The move will be seen as a tacit admission that the e-mail monitoring powers rushed through after 11 September, which require phone and Internet firms to store personal data for "national security" reasons, fails to meet the needs of law enforcement agencies.

"Some might say the legislation on the stocks won't ever work. We have ended up with legislation done in the post-11 September atmosphere that does not address the real problem, fighting crime in general, not national security," said one source close to government.

Plans to give agencies access to communications records for other purposes, such as investigating minor crimes or housing benefit fraud, were thrown into disarray when the information commissioner released a legal opinion earlier this year, concluding that they would breach human rights and data protection legislation.

The objections are likely to mean that the Government will have no option but to introduce new legislation, if it is to press ahead with plans to give police and other agencies access to communications data for reasons which fall short of national security, providing it can secure public support.

Philip Virgo, strategic adviser to the Institute for the Management of Information Systems, said, "IT directors need to make sure their professional bodies are gearing up to respond to the consultation and they need to do that now. If they do that, we could end up with some much better legislation than was on the cards earlier."

Primary concerns about the RIP Act
  • Needs to value privacy and addresses criminal abuse

  • Intrusions into privacy must be proportionate to offence

  • Intrusive powers can be authorised within the investigating agency

  • Wider access to investigatory powers means less control

  • Access to more intrusive powers should require a warrant

  • Access to powers should be through a court or other central agency representing public interest.

Source: Home Office

Read more on IT risk management