UK And EC To Rethink RIPA And ISP Data Retention

The UK Home Office and European Commission (EC) are both in danger of appearing in front of the European Court of Justice in Luxembourg. For the Home office a rapid review of its Regulation of Investigatory Powers Act (RIPA) has been undertaken. For the EC its ruling about ISP data retention has been called into question.

The UK government is rushing through a consultation document to try to head off a potentially expensive court case brought by the EC. The proposal for changes to RIPA has been posted on the internet but responses must arrive before December 7. The government was given two months to take action in October.

RIPA Revision Could Spell Trouble For BT

The consultation document proposes the creation of civil sanctions even against unintentional interception of customer communications. The Interception of Communications Commissioner (IoCC) would gain powers to act against ISPs and telecom carriers in addition to his existing brief to regulate wiretapping by the intelligence departments.

If the amended RIPA is passed, the IoCC would be able to impose fines of up to £10,000 for unintentional interception. If the breach was shown to be intentional, the penalty could be a prison term of up to two years upon conviction.

“This should make the enforcement process more streamlined and reduce the administrative burden on the police, the CPS and courts,” the document states.

The EC case against the government would focus on the government’s lack of action to seal the loopholes in RIPA that allowed BT to snoop on customers using Phorm’s profiling application. The Information Commissioners Office (ICO) ended its investigation of BT arguing that the Act allowed such activity if the user’s consent was implied. The fact that BT customers would theoretically benefit from the profiling was considered to be sufficient.

The Crown Prosecution Service (CPS) has yet to be convinced that there is no case to answer under RIPA and its report will be delivered later this month.

If the changes to RIPA are imposed and the CPS rules that BT has a case to answer, it could mean that BT officials will be facing a prison sentence because the snooping was obviously intentional. However, BT’s legal representatives will argue that the Act was not in force in its present form when the offence was committed.

Under EC regulations, consent for Internet Service Providers (ISPs) to intercept user communications must be “freely-given, specific and informed” as this was not the case in BT’s use of Phorm, RIPA has been held to be at fault and the Commission requested action which has yet to be taken.

This delay prompted the EC to threaten court proceedings but the issuance of the consultation document may stay the Commission’s hand. If not, the government could be fined millions of Euros for every day that the legal loopholes exist.

Indiscriminate Activity Records May Be Illegal

It all seems at odds with the current stance of the EC over the retention of phone call and internet activity records by ISPs. Ironically, this has landed the Commission on the wrong side of the European Court of Justice.

On Tuesday the court ruled “invalid” EU requirements to publish every recipient of agricultural subsidies but added that “limitations in relation to the protection of personal data must apply only in so far as is strictly necessary”.

The data retention demanded by the Commission is held to also breach this part of the ruling by Patrick Breyer, co-founder of rights organisation the German Working Group Against Data Retention.

“The EU must also abandon the disproportionate practise of indiscriminate retention of records on any communication, lest the EU Court of Justice rules the EU data retention directive invalid, too. The targeted preservation of suspect data is much less invasive and still contributes effectively to the prosecution of crime, he said.”

According to the Working Group’s Website, Breyer has qualified support from the German Minister of Justice who has undertaken to suggest that individual countries should have the right to opt out of the EC regulations.

Eric Doyle, ChannelBiz

Eric is a veteran British tech journalist, currently editing ChannelBiz for NetMediaEurope. With expertise in security, the channel, and Britain's startup culture, through his TechBritannia initiative

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago