Securius Newsletter

August 31, 2003
Volume 1, Number 9
http://www.securius.com

RIP vs. Carnivore

By Seth Ross

In the wake of last month's coverage of the FBI's Carnivore packet-sniffing system, I received a handful of notes along the lines of: "You think you have it bad in the States ... Have you followed what's happened in the UK with the RIP Act?"

At first glance, it seems like the world's most advanced and enlightened nations are in a mad rush to see which can implement the most totalitarian surveillance systems.

The UK's Regulation of Investigatory Powers (RIP) Act 2000 was approved last month and will take effect in October. It provides the British secret police with widespread and coercive Internet surveillance powers. RIP requires that all Internet Service Providers (ISPs) in the UK develop the capability to pass all traffic to the MI5 (the equivalent of the FBI). If intercepted data is encrypted, the government can compel disclosure of the decryption keys. Those who don't comply with an order to provide keys face up to two years of imprisonment.

They have ways of making you talk!

Even more insidiously, once someone is ordered to surrender an encryption key or cooperate with an interception order, that person is barred from telling anyone. Not even their own management or security people. Not ever. Those who violate the "tip-off" rule face five years of imprisonment.

The interception and key disclosure requirements go into effect if law enforcement believes it is necessary * in the interests of national security * for the purpose of preventing or detecting crime * in the interests of the economic well-being of the United Kingdom.

This last justification should be of interest to any non-UK company that does business in or competes in the UK. Your confidential business information (read: all competitive business correspondence) can be intercepted and cracked through coercion at the behest of nameless, shadowy bureaucrats who deem the disclosure important to the UK's economic well-being.

For some companies - ISPs in particular - this could be reason enough to avoid the UK as a nexus of business.

The FBI may have wide surveillance powers in the US and technology like the Carnivore system to back it up, but it's still limited by the US Constitution's Bill of Rights: the Fifth Amendment protects against self-incrimination (key disclosure) and the First Amendment protects freedom of speech (tip-offs). These were originally put in place in response to an overarching monarchy. Ironic how little changes over the centuries. As they still say over in the great state of New Hampshire: Live free or die!

For a recap of articles about the RIP Act, see
http://www.theregister.co.uk/content/29/11821.html

STAND is a loose organziation of concerned netizens that led a well-intentioned but doomed campaign against RIP:
http://www.stand.org.uk/

If you want explanations how RIP 2000 will help combat "the threat posed by rising criminal use of strong encryption," visit the Home Office site:
http://www.homeoffice.gov.uk/ripa/ripact.htm



Subscribe to the Securius Newsletter
Please enter your email address:



Securius.com is a service of GuardianEdge Technologies.
Copyright © 2006 GuardianEdge. All rights reserved.
We will not share your personal information with third parties.
Nor will we contact you without your permission.