'We listened to industry on RIP Act' says Straw

Last week Computer Weekly columnist David Taylor slammed the new RIP Act as an obstacle to e-business. The home secretary Jack...

Last week Computer Weekly columnist David Taylor slammed the new RIP Act as an obstacle to e-business. The home secretary Jack Straw penned this response

I was disappointed to see that misconceptions continue to circulate about the Regulation of Investigatory Powers Act (RIPA).

The Internet and associated technologies offer huge legitimate opportunities for business and society - opportunities that the Government is actively encouraging. But it cannot be right for criminals to be free to abuse these technologies with impunity because the law is not up to date, and for e-businesses themselves to become the victims of serious criminality.

Simply put, RIPA aims successfully to balance individual rights, the interests of business and those of law enforcement, to ensure that UK cyberspace provides the best and the safest environment for e-business.

Let me deal with your specific questions.

RIPA does not mean that all ISPs will be required to monitor all e-mail traffic. Nor are we creating a special centre to access all e-mail. As we have consistently explained, a small number of ISPs may be required to maintain an intercept capability and then only after consultation with individual providers on the precise terms of that requirement.

RIPA does not permit unfettered electronic surveillance by the security service or anyone else. Interception warrants require my personal authority and may only be authorised if they meet one of the narrow criteria set out in the Act - a threat to national security, a threat to the nation's economic well-being, or to prevent or detect serious crime.

We believe RIPA to be compatible with the European Convention on Human Rights. The Convention rightly seeks to protect individual privacy, but in Article 8 it is also recognises that in certain circumstances it may be necessary to interfere with an individual's privacy where this is in accordance with the law and - in a democratic society - is in the interests of, for example, the prevention of crime.

These are precisely the sort of strictures contained in section 49 of RIPA - establishing the power to serve a disclosure notice. The Act does not presume that individuals are guilty until proven innocent. We altered the offence of non-compliance with a disclosure notice in Parliament to lower the burden of proof in favour of the defence in cases where the authorities have been able to prove only prior possession of an encryption key.

You ask for international comparisons. I make no apologies for this Government having taken a lead in tackling the difficult issues involving e-mail interception and encryption. But other countries are now looking at ways to update law enforcement powers to take account of technological advancement. Look at the recent debate about the "Carnivore" e-mail interception system in the US.

RIPA is not about stifling e-business. The Act has benefited from direct discussion with industry, including three detailed public consultation exercises last year.

We made a number of significant amendments to the Act during its Parliamentary passage in specific response to points raised by industry. We will provide £20m over three years from next April to ease the introduction of the new interception arrangements. There will also be a Technical Advisory Board, comprised of Government and industry members, to oversee notices requiring the maintenance of an intercept capability.

RIPA needs industry's co-operation, and we will continue our constructive dialogue with the relevant players, most immediately on the codes of practice, during the coming months.

We are making this country an "e-friendly" place for business. One of the Government's important responsibilities is to ensure that the UK is also a safe place for people to live and work. That is everyone's right. RIPA will help us achieve this.

Computer Weekly comment

Nobody denies the need for laws to stop cybercrime. But the RIP Act does two things that needlessly hamper the emergence of e-business. It places the cost of surveillance onto business without adequate guarantees of compensation - ISPs say £20m is not enough. And it undermines trust, because businesses suspect their secure communications will be open to scrutiny by leaky and unaccountable law enforcement agencies.

The Government's attempts to regulate electronic commerce have always put crimefighting first, fostering e-business confidence second.

The Republic of Ireland has outlawed the same measures the RIP Act now enforces. That is one of the reasons Eire is fast becoming western Europe's Silicon Valley, while major corporations seriously consider moving secure e-commerce operations out of the UK.

The Government's last-minute climbdowns on the detail of the Act simply show how little it had listened to business in the first place. If it had listened more, the RIPAct would not exist.

What do you think? Email [email protected]

Read more on E-commerce technology