The government has published a draft version of a bill that, if signed into law in its current form, would force Internet Service Providers (ISPs) and mobile phone network providers in Britain to installblack boxes in order to collect and store information on everyone’s internet and phone activity, and give the police the ability to self-authorise access to this information. However, the Home Office failed to explain whether or not companies like Facebook, Google and Twitter will be brought under the Regulation of Investigatory Powers Act (RIPA), and how they intend to deal with HTTPS encryption.
Faith in the integrity of HTTPS encryption is what makes online banking and the entire e-commerce industry possible, and Google uses it to secure its Gmail service, as do most webmail providers. The need for easy access to Gmail has been one of the Home Office’s primary justifications for the Communications Bill, but technology experts are dubious as to whether it is possible to technically and lawfully break HTTPS on a nationwide scale. At this morning’s Home Office briefing, Director of the Office for Security and Counter-Terrorism Charles Farr was asked about how the black box technology would handle HTTPS encryption. His only response was:It will.
The draft Bill includes controversial measures to require network operators to acquire communications data relating to third party services — for example, requiring an ISP to discover and record when its customers post a message on a social networking site, and to which other user of the site that message was addressed. The Bill does not specify what data ISPs are to acquire, nor provide any limits; the requirements for ISPs are to be set out in Orders made by the Home Secretary at a later date.
Writing in The Sun, Home Secretary Theresa May said:
I just don’t understand why some people criticise these proposals. People have a right to privacy. But unless you are a criminal, then you’ve nothing to worry about from this new law. This isn’t a snoopers’ charter, it’s a criminals’ nightmare.
At a press and MP briefing at Parliament today, Julian Huppert MP said that he couldn’t believe the bill could even be put before the House in its current form. David Davis MP remarked that, given that the RIPA process is already a disgrace , the Home Office should be introducing a bill that introduces warrant requirements to RIPA rather than making it even easier for the police to access citizens’ communications data. He also revealed that David Maclean, the most right-wing politician the Home Office ever saw , will be chairing the committee on the bill.
Dr Gus Hosein, Executive Director of Privacy International, said: In the UK, we’ve historically operated under the presumption that the government has no business peering into the lives of citizens unless there is good reason to – that people are innocent until proven guilty. This legislation would reverse that presumption and fundamentally change the relationship between citizen and state, and their relationship with their internet and mobile service providers. Yet there are still big question marks over whether Facebook and Google will be brought under RIPA, and how far the government is willing to go in undermining internet security in order to fulfil its insatiable desire for data.