Your Rights – RIP (Part II)
Consequently The RIP Bill became The RIP Act (or RIPA). The draft code of practice stated that RIPA orders could only be obtained in the interests of national security; for the purpose of preventing or detecting crime or preventing disorder; and in the interests of public safety.
“We must ensure that such access is proportionate to the threat and highly regulated, and RIPA introduces, for the first time, strong statutory safeguards to govern this. For an action to be necessary in a democratic society it must pursue a legitimate policy aim, fulfil a pressing social need and above all be proportionate to that policy aim.
“As we implement the Act’’s provisions, we are working with communication services providers to ensure that they are enacted in partnership with them. Today’’s consultation reiterates our commitment to consult in this important area. We welcome comments on all aspects of this draft code from industry, law enforcement agencies and anyone else who has a view on its implementation.”
But in 2003 massive abuses of the new Act was feared, particularly as it was announced that there were plans to increase the number of organisations that could look at records of what people do online.
The UK Government unveiled a draft list of organisations that would be given the right to request information about the web, telephone and fax lives of British citizens under the controversial legislation.
Civil liberty campaigners had little faith that government safeguards would be effective in policing the use of sensitive information passed to organisations not connected with law enforcement.
Industry groups also warn that the technical and financial burden of complying with huge numbers of requests for information could cause problems for some firms.
Previously, under the RIP Act, only law enforcement organisations could ask for permission to look at logs of the sites people visit, who they are exchanging e-mail with and which telephone or fax numbers they call.
Only police forces, intelligence services, Customs and Excise and the Inland Revenue could ask communication service providers for logs of what their customers are doing.
Now another 24 organisations, which included every local authority, obtained the power to request these logs.
Ian Brown, director of the Foundation for Information Policy Research (Fipr), said many of the organisations being handed these powers had little or no experience of handling such confidential information.
In an interview with the BBC he pointed out there was “massive scope for abuse” of personal information and would likely mean a huge increase in the number of requests.
Before now law enforcement organisations wanting to look at communication information had to get permission from a judge. By contrast the RIP Act allows organisations that want to look at this data to get permission from their own senior managers.
Although the Government had drawn up rules dictating how organisations should treat this sensitive communication information, the civil liberties campaigners questioned how seriously in practice these guidelines would be followed.
Clearly, questions were asked as to the quality of the guidance that organisations - such as the Department for the Environment or the Office of Fair Trading would receive.
Fipr also doubted that the government’s own watchdog, called the Interception Commissioner, would be able to police requests for the use of information about someone’s communication habits.
“The Interception Commissioner has been under-resourced for what they are supposed to do at the moment,” claimed Brown. “How they are supposed to oversee the use of these powers by these 20 plus government bodies is beyond me.”
The arguments over RIPA were not limited to the civil liberties lobby. The Internet Service Providers Association (ISPA), the Internet industry’s trade body also harboured its own worries about the extension of RIP Act powers to more organisations.
“It all amounts to high costs for the industry in terms of time and money,” said Nicholas Lansman at the time.
The government was also seeking to finalise a voluntary code of practice for ISPAs on storing e-mail and telephone data - this, despite the fact that the providers themselves had previously made it clear that they would reject such a code.
Such was the concern, legal opinion was sought by the UK’s information commissioner, Elizabeth France, who pointed out that although the code required providers to retain data for purposes of national security and anti-terrorism, in practice, police and government agencies with access to this data are able to easily take advantage of RIPA to mine it for other, more mundane purposes.
Under the legislation, any business with a significant e-commerce operation could find itself on the receiving end of an order demanding disclosure of data about its customers. Businesses would need to know how to respond - and to do this the legislation needed to be clear and unambiguous.
The waters were being muddied further by the fact that some government agencies were making use of a series of other existing laws to access Internet and phone details being retained as a result of RIPA. None of these laws required agencies to work according to the safeguards of RIPA codes of conduct or under the oversight of the Government’s own Interception Commission.
In other words, a host of government bodies were enjoying free reign to access private data, thanks to a raft of overlapping laws and a lack of legislative clarity. The confusion and consternation surrounding the Regulation of Investigatory Powers Act (RIPA) showed no sign of abating.
