RIP vs. Carnivore
By Seth Ross
In the wake of last month's coverage of the FBI's Carnivore
packet-sniffing system, I received a handful of notes along
the lines of: "You think you have it bad in the States ... Have
you followed what's happened in the UK with the RIP Act?"
At first glance, it seems like the world's most advanced and enlightened
nations are in a mad rush to see which can implement the most totalitarian
surveillance systems.
The UK's Regulation of Investigatory Powers (RIP) Act 2000 was
approved last month and will take effect in October. It provides
the British secret police with widespread and coercive Internet
surveillance powers. RIP requires that all Internet Service Providers
(ISPs) in the UK develop the capability to pass all traffic to the
MI5 (the equivalent of the FBI). If intercepted data is encrypted,
the government can compel disclosure of the decryption keys. Those
who don't comply with an order to provide keys face up to two years
of imprisonment.
They have ways of making you talk!
Even more insidiously, once someone is ordered to surrender an
encryption key or cooperate with an interception order, that person
is barred from telling anyone. Not even their own management or
security people. Not ever. Those who violate the "tip-off" rule
face five years of imprisonment.
The interception and key disclosure requirements go into effect
if law enforcement believes it is necessary * in the interests of
national security * for the purpose of preventing or detecting crime
* in the interests of the economic well-being of the United Kingdom.
This last justification should be of interest to any non-UK company
that does business in or competes in the UK. Your confidential business
information (read: all competitive business correspondence) can
be intercepted and cracked through coercion at the behest of nameless,
shadowy bureaucrats who deem the disclosure important to the UK's
economic well-being.
For some companies - ISPs in particular - this could be reason
enough to avoid the UK as a nexus of business.
The FBI may have wide surveillance powers in the US and technology
like the Carnivore system to back it up, but it's still limited
by the US Constitution's Bill of Rights: the Fifth Amendment protects
against self-incrimination (key disclosure) and the First Amendment
protects freedom of speech (tip-offs). These were originally put
in place in response to an overarching monarchy. Ironic how little
changes over the centuries. As they still say over in the great
state of New Hampshire: Live free or die!
For a recap of articles about the RIP Act, see
http://www.theregister.co.uk/content/29/11821.html
STAND is a loose organziation of concerned netizens that led a
well-intentioned but doomed campaign against RIP:
http://www.stand.org.uk/
If you want explanations how RIP 2000 will help combat "the threat
posed by rising criminal use of strong encryption," visit the Home
Office site:
http://www.homeoffice.gov.uk/ripa/ripact.htm
|
