The Regulation of Investigatory Powers Act of 2000 – known as
RIPA – was a controversial update to the law on the interception of
communications, its aim being to take account of technological
change such as the growth of the internet. Among other matters,
RIPA regulates intrusive investigative techniques and gives law
enforcement new powers which are intended to combat perceived
threats from criminal use of encryption.
Three Codes of Practice will cover the use of interception of
communications, covert surveillance, and covert human intelligence
sources. Each of these Codes requires public consultation. The
first of these, which covered the powers of law enforcement agents
and the duties on “communication service providers,” such as telcos
and ISPs, is still not in final form. The Government received 38
responses at consultation.
Among those expressing concerns, ICL (which recently re-branded
as Fujitsu) requested that the draft code include more information
on the Technical Advisory Board which is required by RIPA and which
is meant to give help to communication service providers in
complying with the requirements of interception of e-mail and
internet traffic. The Board has not been set up yet. The
legislation says that the Board will give "reasonably practical"
assistance to communication service providers to give effect to an
interception warrant – but ICL pointed out that this is ambiguous
and wanted clarification of what it would mean in practice. ICL
also wanted to know whether any facility existed for the
independent verification of warrants which communication service
providers receive and called for more information about the
safeguards to be followed by the intercepting agencies.
Lobbying group EURIM requested more information in the code on
potential costs, the technical upgrading that would be required
etc., if served with an interception notice. EURIM also called for
independent verification of interception warrants that have been
served.
These concerns were echoed by other respondents, including BT,
the Internet Service Provider’s Association, Thus and Vodafone.
Reuters called for "confirmation" in the code that networks used
solely for financial services would be exempt from the imposition
of an interception notice – although this is not provided for in
RIPA.
The Foundation for Information Policy Research said that it had
decided not to provide a full response because it did not have
confidence that the public consultation would be meaningful or
effective. However, it briefly set out areas of concern including
retention of intercepted material to secure the fairness of
prosecutions, safeguards, protection afforded to confidential
information (e.g. religious and medical matters) and guidance on
the meaning of necessity and proportionality.
