From 1st August, ISPs and telcos will be obliged to maintain certain minimum levels of interception capacity in order to assist law enforcement agencies. The cost to the industry of implementing these controversial measures, however, remains unclear.
These new obligations are contained in the Regulation of Investigatory Powers (Maintenance of Interception Capability) Order 2002 (the "Order"). This 'fleshes out' provisions under the Regulation of Investigatory Powers Act 2000 ('RIPA') which give the Home Secretary power to order a provider of public telecoms services to maintain a "reasonable" level of intercept capacity to enable interception warrants to be complied with. Consultation with industry on this issue took place between December 2000 and August 2001.
ISPs are expressing their confusion over the new obligations and how they will be recompensed. The actual obligations are as follows.
The new obligations in more detail
The Order imposes new legal obligations on providers of public telecommunications services, although service providers who do not (or do not intend to) provide their service to over 10,000 users in the UK are exempt, as are providers who limit their services to the banking, insurance, investment or other financial services sectors.
The 'intercept capacity' which service providers are required to provide is as follows:
- A mechanism for implementing interceptions within one working day of the service provider being informed that the interception has been authorised;
- Where the service provider serves more than 10,000 people, to enable the simultaneous interception of communications of up to 1 in 10, 000 of those users;
- To ensure the interception of all communications and related traffic data authorised by the warrant and their simultaneous transmission to the law enforcement agency in question;
- To ensure the intercepted communication and data can be correlated;
- To ensure the handover interface complies with any requirements stipulated by the Home Secretary (these should generally be in line with agreed industry standards);
- To ensure filtering to provide isolated traffic data, associated with the relevant account where reasonable;
- To ensure any protection applied to the intercepted communication can be removed;
To minimise the risk of "tipping-off" the interception subject or other unauthorised persons about the interception. Where a service provider is unhappy with the extent or compliance cost of an interception notice, a referral can be made to the National Technical Advisory Board ('TAB'), a body comprised of industry as well as Government representatives. Non-compliance with these interception obligations carries civil penalties, including issue of an injunction.
The cost burden on the telecoms industry of implementing the new measures is potentially substantial. RIPA imposes a duty on the Secretary of State to ensure that a service provider receives a "fair contribution" towards the cost of complying with an interception warrant or maintaining intercept capability. A sum of £20 million has been earmarked for communications provider support for the three years from 2001 to 2004 in connection with broader RIPA obligations, of which £14 million was spent last year. Further consultations are due to take place between the Government, industry and the TAB on the precise costs to the industry of complying with these new rules but no timetable has yet been set.
The bigger picture
RIPA, which has been on the statute book since July 2000, has been the source of enormous controversy since the proposals for reform of the interception regime were first published three years ago. Recently, in a much-publicised climb-down, the Home Secretary David Blunkett withdrew a proposal to extend the range of public authorities with power to access details of people's communications under the Act.
Although the Act received Royal Assent nearly two years ago, its wide-ranging provisions have been brought into force by a series of statutory instruments since then. The most recent include an Interception of Communications Code of Practice which came into force on 1 July 2002 and which outlines the duties of law enforcement agencies with regard to interception of telephone and internet communications for national security and crime prevention purposes. Codes of Practice regulating the use of other covert surveillance techniques are also due to come into force on 1st August.
The information contained in this bulletin is intended as a general overview of the subjects featured and detailed specialist advice should always be taken before taking or refraining from taking any action