Interception of Communications, Cyber-Rights & Cyber-Liberties (UK)

This section of Cyber-Rights & Cyber-Liberties (UK) will deal with issues in relation to the interception of communications. It will provide useful information and links in relation to national and international, governmental and non governmental, public and secret (private) developments in relation to the interception of all sorts of communications including but not specifically to Internet communications.

Please cite these pages as:
Cyber-Rights & Cyber-Liberties (UK), "Interception of Communications Section," at http://www.cyber-rights.org/interception.
Last updated in August 2002. For ECHELON and ENFOPOL related news and developments, see the ECHELON WATCH section of Cyber-Rights & Cyber-Liberties (UK) at http://www.cyber-rights.org/interception/echelon/

Recent Interception of Communications related legal and policy developments

Walker, C., & Akdeniz, Y., "Anti-Terrorism laws and data retention: war is over?" (2003) Northern Ireland Legal Quarterly, 54(2), Summer, 159-182. Abstract: The Anti-Terrorism, Crime and Security Act 2001 signals a determined response to the attacks of September 11^th. One aspect involves the facilitation of the use of electronic surveillance in order to prevent, detect or prosecute the perpetrators of terrorism. The role of Part XI of the 2001 Act is to augment existing surveillance powers in the Regulation of Investigatory Powers Act 2000. This papers plots the relationships between those two statutes and also their relationship to data protection laws. Delays and difficulties in enforcement are noted and are related to a process of return to greater normality after an initial period of panic.

R v IPSWICH CROWN COURT, EX PARTE NTL GROUP LTD ([2002] EWHC 1585 (Admin):
Where the claimant telecommunications company had been required to preserve a client's e-mail communications pending a court order to produce that material, it was implicit in Sch.1 para.11 Police and Criminal Evidence Act 1984 that it had the necessary power to take that action. This implicit power provided lawful authority for intercepting the e-mail such that no offence would be committed under s.1 Regulation of Investigatory Powers Act 2000)

Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), OJ L/2002/201/37.
Article 15 - Application of certain provisions of Directive 95/46/EC
1.Member States may adopt legislative measures to restrict the scope of the rights and obligations provided for in Article 5,Article 6,Article 8(1),(2),(3)and (4),and Article 9 of this Directive when such restriction constitutes a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system, as referred to in Article 13(1)of Directive 95/46/EC. To this end, Member States may, inter alia ,adopt legislative measures providing for the retention of data for a limited period justified on the grounds laid down in this paragraph. All the measures referred to in this paragraph shall be in accordance with the general principles of Community law, including those referred to in Article 6(1)and (2)of the Treaty on European Union.

Commons Written Answers (4 Jul 2002) - RIPA 2000 - Communications Interception

Mr. Gordon Prentice: To ask the Secretary of State for the Home Department what plans he has to allow (a) the police and (b) other regulatory or investigatory agencies of the state to intercept the e-mails and internet communications to internet websites of private individuals; and if he will make a statement. [62053]

4 Jul 2002 : Column: 533W

Mr. Blunkett: Authority to intercept communications can only be given by the Secretary of State personally. Where the warrant is the result of a request for assistance made under an international mutual assistance agreement and where the subject or premises to which the interception relates appear to be outside the United Kingdom, authority may be given by a senior official. Such authority can only be given to those persons specified in Section 6(2) of the Regulation of Investigatory Powers Act 2000. They are:

the Director-General of the Security Service;
the Chief of the Secret Intelligence Service;
the Director of the Government Communications Head Quarters;
the Director-General of the National Criminal Intelligence Service;
the Commissioner of Police of the Metropolis;
the Chief Constable of the Royal Ulster Constabulary (now the Police Service of Northern Ireland);
the chief constable of any police force maintained under or by virtue of section 1 of the Police (Scotland) Act 1967;
the Commissioners of Customs and Excise;
the Chief of Defence Intelligence; and
a person who, for the purposes of any international mutual assistance agreement, is the competent authority of a country or territory outside the United Kingdom.

Authority can only be given where the Secretary of State is satisfied that the interception is necessary:

(a) in the interests of national security;
(b) for the purpose of preventing or detecting serious crime;
(c) for the purpose of safeguarding the economic well being of the United Kingdom;
(d) in circumstances where he would issue a warrant under (b) above, to give effect to an international mutual legal assistance agreement.

The interception of communications is subject to oversight by the Interception of Communications Commissioner.

The Regulation of Investigatory Powers (Interception of Communications: Code of Practice) Order 2002 was laid before Parliament on 8 May 2002. The Code of Practice sets out in further detail the procedure, safeguards and oversight regimes governing the lawful interception of communications in the United Kingdom.

Regulation of Investigatory Powers Act

sac burberry pas cher

Mr. Jim Cunningham: To ask the Secretary of State for the Home Department what action is being taken to ensure that individuals are protected from invasion of privacy and personal rights when the Regulation of Investigatory Powers Act 2000 is extended. [62675]

Mr. Blunkett: The Government recognise the need to balance respect for personal privacy with legitimate measures to protect the public, especially in the context of rapidly developing technology.

I have therefore decided to bring forward new proposals in this area in the autumn after consultation over the summer.

4 Jul 2002 : Column: 534W

The aim of the Regulation of Investigatory Powers Act 2000 is to provide greater security, clarity and regulation of these activities. First the Act is intended to ensure that:

public authorities who have been added can only access communications data for one of the specified purposes in the Act;
such access will have to be proportionate to what it seeks to achieve;
use of the power will be subject to oversight by the Interception of Communications Commissioner; and
anyone who thinks their data has been wrongly accessed will have the right to complain to the Investigatory Powers Tribunal.

Home Office Public Consultation on the draft code of practice for Chapter II of Part I of the RIPA 2000
The draft code intends to explain and define in detail the provisions of access to communications data;
set down the authorisation procedure and the information which must be obtained before an authorisation can be
granted or a notice given. The consultation period started on 13 August and will finish on 2 November 2001.

The Home Secretary David Blunkett announces the Emergency Anti-Terrorism Bill which include measures to enable communication service providers to retain data generated in the course of their business, namely the records of calls made and other data - not the content. Government will work with the industry on a Code of Practice to take this forward, 15 October, 2001.

From the Trade and Industry - Eighth Report: UK Online Reviewed:
the First Annual Report of the E-Minister and E-Envoy Report, HC 66, 23 March, 2001.
Q93. Can you comment on the suggestion made by the National Criminal Intelligence Service, GCHQ and all the other spooks
which are around, that companies should keep all their communications for seven years. Would you agree with those comments?
(Ms Hewitt) I do not agree with the proposals. I saw them in the press, I think, ten days ago. I have not had formal communications with the Home Office, I have discussed it informally with Charles Clarke and I understand it is his view as well that that proposal should not be implemented. See the important parts of the report.

Akdeniz, Y.; Taylor, N.; Walker, C., Regulation of Investigatory Powers Act 2000 (1): Bigbrother.gov.uk: State surveillance in the age of information and rights, (2001) Criminal Law Review, (February), pp. 73-90 at http://www.cyber-rights.org/documents/crimlr.pdf
(Published in this format with permission from Sweet & Maxwell, the publishers of the Criminal Law Review)

Interception of Communications Act 1985 (Chapter 56), REPORT OF THE COMMISSIONER FOR 1999
Commissioner: THE RT HON THE LORD NOLAN, Presented to Parliament by the Prime Minister by Command of Her Majesty July 2000
Laid before the Scottish Parliament by the Scottish Ministers July 2000

Annex to the report of the Commissioner for 1999

Warrants (a) in force on 31 December 1994 and (b) issued during the course of 1994

	Telecommunications				Letters			Total
		a	b	a		b	a		b
Home Secretary		308	871	51		76	359		947
Secretary of State for Scotland		28	90	9		10	37		100

Warrants (a) in force on 31 December 1995 and (b) issued during the course of 1995

	Telecommunications				Letters			Total
		a	b	a		b	a		b
Home Secretary		356	910	49		87	405		997
Secretary of State for Scotland		64	137	8		1	72		138

Warrants (a) in force on 31 December 1996 and (b) issued during the course of 1996

	Telecommunications				Letters			Total
		a	b	a		b	a		b
Home Secretary		431	1073	46		69	477		1142
Secretary of State for Scotland		63	228	0		0	63		228

Warrants (a) in force on 31 December 1997 and (b) issued during the course of 1997

Telecommunications Letters Total

	a	b	a	b	a	b
Home Secretary	420	1391	40	65	460	1456
Secretary of State for Scotland	38	256	0	0	38	256

Warrants (a) in force on 31 December 1998 and (b) issued during the course of 1998

	Telecommunications				Letters			Total
		a	b	a		b	a		b
Home Secretary		385	1646	48		117	433		1763
Secretary of State for Scotland		53	267	1		1	54		268

Warrants (a) in force on 31 December 1999 and (b) issued during the course of 1999

	Telecommunications				Letters			Total
		a	b	a		b	a		b
Home Secretary		484	1645	38		89	522		1734
Secretary of State for Scotland*		45	288	0		0	45		288

Cyber-Rights.Net Forms Alliance with Hush Communications to offer HushMail Private Label to Internet users.

Leeds, UK & Dublin, Ireland—(November 01, 2000) Cyber-Rights & Cyber -Liberties (UK) have partnered with Hush Communications to campaign against the Regulation of Investigatory Powers Act (RIP) 2000, which passed into law in October this year. The Regulation of Investigatory Powers (RIP) Act outlines the extended reach of the UK government’s law enforcement and security agencies in regards to the monitoring and interception of communications across the Internet, and government access to encryption keys. Similar proposals are currently being discussed by the Council of Europe which would give law enforcement agencies extended powers and capabilities for Internet monitoring in more than 40 countries.

In an effort to raise public awareness of these important policy issues and to encourage Internet users to use secure communications, Cyber-Rights & Cyber-Liberties (UK) are launching the Cyber-Rights.Net project. The project offers Internet users HushMail Private Label, an encrypted email solution, that employs Hush’s patent-pending Hush Encryption Engine ™. With HushMail Private Label, Cyber-Rights.Net will be able to offer its visitors and users end-to-end secure email through, http://www.cyber-rights.net. HushMail Private Label fully integrates Hush’s roaming key pair management technology into the Cyber-Rights.Net system enabling its users to send and receive secure mail from any location with access to the Internet throughout the world.

"Both the Website and project promote privacy of communications and hope to raise awareness for security on the Internet. In the absence of clearly defined conditions and safeguards protecting the privacy of communications in homes and in working environments, it is time for the individual to take action and protect their communications. Cyber-Rights.Net will be an additional tool for concerned Internet users when securing their communications."

Cyber-Rights & Cyber-Liberties (UK) is dedicated to the promotion of secure and private communications over the Internet and has been influential in the national and international policy making process.

Jon Matonis, CEO of Hush Communications said, "We are excited to be a part of the Cyber-Rights & Cyber-Liberties project. HushMail Private Label will offer Cyber-Rights.Net users the most secure and user-friendly email solution available on the market today. From everyday Internet users to legal and medical professionals, Hush protects online communications."

From its inception, Hush Communications has been dedicated to the privacy rights. The company’s core technology was specifically developed to protect the communications and transactions of anyone with access to the Internet. While Hush offers a variety of products and services for sale, its flagship product, HushMail.Com (www.hushmail.com), provides fully encrypted, Web-based email, free of charge, to the general public. Hush posts its source code for review and download at www.hush.ai.

DTI LAWFUL BUSINESS PRACTICE REGULATIONS: RESPONSE TO CONSULTATION
"The Government is confident that the Lawful Business Practice Regulations will allow business to conduct most important monitoring or recording activities without needing to restructure practices and without undergoing significant costs. The Regulations should offer business the greatest possible scope for maximising the advantages of new ways of working with phone, email and other electronic communications, consistent with a high degree of privacy for the users of communications services. As such, they will contribute to the Government's aim of making the UK the best place for e-commerce by encouraging modern markets and confident consumers." --- So they say but the new regulations will not achieve this country to become the best place for e-commerce, 04 October, 2000. See further Ananova, "Government to award firms more licence to snoop".

P/2000/663
3 October 2000
GUIDANCE FOR FIRMS WHO MONITOR E-MAILS AND PHONE CALLS

Minister for e-Commerce and Small Business Patricia Hewitt today published draft regulations setting out the conditions in which businesses can record and monitor e-mails and phone-calls. The regulations allow business and public authorities to record or monitor communications without the caller's consent in such cases as:

* Recording evidence of transactions;
* Ensuring compliance with regulatory or self regulatory rules orguidance;
* Gaining routine access to business communications;
* Maintaining the effective operation of their systems;
* Monitoring standards of service and training; and
* Combating crime and the unauthorised use of their systems.

Ms Hewitt said:
"These draft regulations need to strike the right balance between protecting the privacy of individuals and enabling industry and business to get the maximum benefit from new communications technology. "These regulations will not lead to significant changes in normal business practice in normal business practice. But they will help users of e-commerce to be confident about giving information over the telephone, e-mail or internet." "We have worked closely and constructively with the Small Business Service and consulted widely with business to improve the drafting of these regulation."

These regulations will reassure businesses, who can be confident that their normal business practice will not fall foul of the law.

Notes to Editors
1. The new regulations come under the Regulation of Investigatory Powers (RIP) Act. The Act establishes a new legal framework to govern the interception of communications in the course of their transmission on public or private telecoms systems. It also establishes a basic principle that communications may not be recorded or monitored without the consent of the senders and recipients. The purpose of the Lawful Business Practice Regulations is to make sure that legitimate business practices are not prevented by the new regime.

2. The Act reflects the changes which have taken place in the communications industry over the last 15 years. It also ensures that the UK's interception regime is compliant with the Telecoms Data Protection Directive which requires Member States to protect the confidentiality of communications. The Lawful Business Practice Regulations take advantage of the scope allowed by the Telecoms Data Protection Directive for Member States to limit the general prohibition on interception without consent in order to ensure that businesses may record or monitor communications to obtain evidence of transactions or other business communications.

3. The Government has developed the regulations in close consultation with those businesses and individuals affected by them. In a consultation exercise on the proposals from 1 August to 15 September 2000, DTI received over 80 responses from businesses, representative organisations and private individuals, and conducted extensive discussions with interested groups.

4. A Response to Consultation and a Summary of Consultation Responses will be published on the DTI website at http://www.dti.gov.uk/cii/regulation.html in the week starting 2 October.

Regulation of Investigatory Powers Bill has been published by the Home Office - 9 February, 2000. See the Bill and the explanatory notes. See further the Home Office web site dealing with the Regulation of Investigatory Powers Bill. The Bill regulates investigatory powers in three areas: Interception of Communications, Intrusive Investigative Techniques, and Access to Encrypted Data. See further http://www.cyber-rights.org/interception/ and http://www.cyber-rights.org/crypto/ pages.

According to a Home Office Press Release related to the publication of the RIP Bill in relation to Part I – Interception of Communications:

"Interception of communications such as "telephone tapping" is the single most effective weapon in the fight against serious crime. Interception also plays a vital role in the fight against terrorism of all kinds.

In order to do this he undertakes inspections of the interception Agencies and relevant Government Departments and makes an annual report to the Prime Minister which is laid before Parliament. "

An Open Letter to the Internet Engineering Task Force: A letter which urges the IETF not to adopt new protocols or modify existing protocols to facilitate eavesdropping was sent on 08 November, 1999 by a group of academics, security experts, lawyers, and civil liberties activists. Based on our expertise in the fields of computer security, cryptography, law, and policy, we believe that such a development would harm network security, result in more illegal activities, diminish users' privacy, stifle innovation, and impose significant costs on developers of communications. At the same time, it is likely that Internet surveillance protocols would provide little or no real benefit for law enforcement. See the letter at http://www.cyber-rights.org/interception/ietf-letter.htm
Update: The IETF proposals have been rejected (only 25 of the 1000 members voted for the favour of the proposals - 11 November, 1999)

ACLU Launches ECHELON Watch Website (16 November, 1999) - The American Civil Liberties Union, in conjunction with Omega Foundation,EPIC, and CR&CL(UK) has launched a new web site at http://www.echelonwatch.org, which is designed to focus public attention on the threats to civil liberties which are posed by Project ECHELON.

UK Related Developments

A list of the responses to the Interception of Communications Act consultation exercise is at http://www.homeoffice.gov.uk/oicd/conslist2.htm. An Analysis of the Responses to the Government's Consultation Paper is also available through the Home Office website at http://www.homeoffice.gov.uk/oicd/iocresp.htm. The breakdown of responses by area of interest was as follows: Telecommunication interests - 9, Postal interests - 5, Internet interests - 19, Other business interests - 8, Law enforcement agencies - 21, Health organisations - 6, Other bodies - 17 and most of these responses are available through http://www.homeoffice.gov.uk/oicd/conslist2.htm as PDF files. (added on 20 December, 1999)

“Cyber-Rights & Cyber-Liberties (UK) publishes the IOCA Response” - 12 August, 1999

LEEDS - Cyber-Rights & Cyber-Liberties (UK) today published its response to the Home Office review of the Interception of Communications in the UK. The Board Members of Cyber-Rights & Cyber-Liberties (UK) welcome the government review but regret that it was a secretive review. Cyber-Rights & Cyber-Liberties (UK) also regret the lack of empirical evidence for most of the conclusions, especially the claim by the Home Secretary in his foreword that “sophisticated criminals and terrorists have been quick to put the new technology to use”.

The response argues that “no convincing reasons are given for the failure to adopt procedures by which judicial warrants would replace executive authority,” and also states that “the system of oversight by the Commissioner and Tribunal has failed to reassure complainants or the public.”

Furthermore, the response states that: “it remains unclear why the fruits of intercepts cannot be used in court (section 9 of the 1985 Act) - especially if such evidence is ‘crucial’ to law enforcement.” According to the Cyber-Rights & Cyber-Liberties (UK) response, “reasons cited against such use are not convincing or are unacceptable.”

Finally, Cyber-Rights & Cyber-Liberties (UK) call for transparency and openness in relation to the development and use of unaccountable international systems for interception (Echelon and Enfopol), and for the adoption of safeguards no less stringent than for interceptions with a domestic element. “Otherwise interception of international telecommunications amounts to nothing less than state-sponsored information piracy, and will inevitably operate as a constraint on the development of legitimate international co-operation in the prevention of crime.”

Professor Clive Walker, Deputy Director of Cyber-Rights & Cyber-Liberties (UK) stated that:

“We recognise the value of surveillance to law enforcement but at the same time we believe that these proposals are not adequate to guard against the establishment of a surveillance society in the 21st century. All we are asking for are some of the controls and safeguards which are commonplace in Continental Europe and North America.”

“The Government does not have a convincing plan and evidence for such an invasion of privacy and we are not persuaded by the fact that interception is crucial to law enforcement. The proposals are drafted with an Orwellian State in mind. It should also be noted that the debate about interception of communications is not national but international and there is an urgent need for openness and accountability at an international level for the development and use of intrusive technologies and systems such as Echelon.”

Mr. Nicholas Bohm, E-Commerce Policy Adviser for Cyber-Rights & Cyber-Liberties (UK) added:

“The rapid growth of digital communications has produced a correspondingly huge increase in exposure to interception by law enforcement and intelligence agencies. More effective and stringent safeguards are needed to prevent unjustified invasions of privacy, and to promote justified confidence in the Internet. For the same purpose, the legitimate fruits of interception should be used to combat crime on the Internet and elsewhere by being made admissible in the prosecution of criminals.”

Mr Yaman Akdeniz, Director of Cyber-Rights & Cyber-Liberties (UK)
E-mail: lawya@cyber-rights.org

Mr Nicholas Bohm, E-Commerce Policy Adviser,
Cyber Rights & Cyber-Liberties (UK)
E-mail: nbohm@cyber-rights.org

Dr Brian Gladman, Technology Policy Adviser,
Cyber Rights & Cyber-Liberties (UK)
E-mail: brg@cyber-rights.org

The Home Office published the Interception of Communications in the United Kingdom: A Consultation Paper, June 1999, CM 4368, at http://www.homeoffice.gov.uk/oicd/ioc.htm

Your comments back to the Interception Legislation Team by Friday, 13 August, 1999. Cyber-Rights & Cyber-Liberties (UK) will provide a response to the Consultation Paper in due course.

The Home Secretary announced the Consultation Paper through a Written Answer within the House of Commons:

Mr. Hope: To ask the Secretary of State for the Home Department when he will publish his proposals for updating the legislation on interception of communications. [88130] 22 Jun 1999 : Column: 351

Mr. Straw: I announced last September that I had put in hand a comprehensive review of the interception regime and that a consultation document would be published in due course. The review is now complete and I am today publishing a consultation paper "Interception of Communications in the United Kingdom" in which our proposals are laid out in detail. A copy has been placed in the Library (copies are available in the Vote Office).

The extraordinary pace of change in the communications industry, particularly in the last decade, has revolutionised communications and brought benefits to us all. This new technology, however, brings new opportunities for criminals and terrorists, which they have been quick to exploit. The law has not kept pace with these developments. We need to bring our interception law up to date to ensure the continued success of this essential investigative tool.

There are also some areas in which we need to improve the protection offered to the individual. There is currently no basis in law, for example, for the interception of communications on private telephone networks. We intend to put such interception on a statutory footing for the first time. This will ensure that the privacy of those who use these networks is respected, and that they have a means of redress if their communications are intercepted unlawfully.

The Government are committed to building a safe, just and tolerant society. In the field of interception, there is a difficult balance to be struck. I believe our proposals strike the right balance and will be grateful for views on any of the proposals in the consultation paper.

Campbell, D., "Britain Sneaks Enfopol Plan Into Action," Telepolis, 28 June, 1999 at http://www.heise.de/tp/english/inhalt/te/2989/1.html - Consultation paper on the Interception of Communications published in circumstances intended to minimise reporting or public discussion.

NCIS published several Code of Conducts for covert techniques following the enactment of the Human Rights Act 1998 by the UK Government. The need for the Codes arises from the prospective implementation of the Human Rights Act 1998, which will give more immediate effect to the obligation for UK public authorities to act in accordance with the European Convention on Human Rights (ECHR). The NCIS press release dated 13 May 1999 is at http://www.ncis.co.uk/web/Press%20Releases/convention_of_human_rights_codes.htm

The Associations of Chief Police Officers Codes of Practice on Covert Law Enforcement Techniques as published on the 13th May 1999 are on the web:

INTERCEPTION OF COMMUNICATIONS AND ACCESSING COMMUNICATIONS DATA CODE OF PRACTICE
Scope: This code of practice applies to the interception of communications and accessing of data associated with the provision of communications services (communications data) by police,the National Crime Squad, the Scottish Crime Squad, the National Criminal Intelligence Service and Her Majesty's Customs and Excise.

SURVEILLANCE CODE OF PRACTICE
Scope: This code of practice applies to authorisations for surveillance (not involving entry on or interference with property or with wireless telegraphy as regulated by the Police Act 1997) by police, the National Crime Squad, the Scottish Crime Squad, the National Criminal Intelligence Service and Her Majesty's Customs and Excise.

USE OF INFORMANTS CODE OF PRACTICE
Scope: This code of practice applies to authorisations for the use of informants in criminal investigations by police, the National Crime Squad, the Scottish Crime Squad, the National Criminal Intelligence Service and Her Majesty's Customs and Excise.

UNDERCOVER OPERATIONS CODE OF PRACTICE
Scope: This code of practice applies to authorisations for undercover operations by police, the National Crime Squad, the Scottish Crime Squad, the National Criminal Intelligence Service and Her Majesty's Customs and Excise.

THE RECORDING AND DISSEMINATION OF INTELLIGENCE MATERIAL CODE OF PRACTICE
Scope: This code of practice applies to authorisations to record and disseminate intelligence material by police, the National Crime Squad, the Scottish Crime Squad, the National Criminal Intelligence Service and Her Majesty's Customs and Excise.

INTERCEPTION OF COMMUNICATIONS

Recent Interception of Communications related legal and policy developments

Commons Written Answers (4 Jul 2002) - RIPA 2000 - Communications Interception

Regulation of Investigatory Powers Act

Annex to the report of the Commissioner for 1999

UK Related Developments

The Home Office published the Interception of Communications in the United Kingdom: A Consultation Paper, June 1999, CM 4368, at http://www.homeoffice.gov.uk/oicd/ioc.htm

The Associations of Chief Police Officers Codes of Practice on Covert Law Enforcement Techniques as published on the 13th May 1999 are on the web:

Go back to Cyber-Rights & Cyber-Liberties (UK) home page.