Ripa changes call for consent before snooping

Ripa changes call for consent before snooping

Summary: The Home Office has proposed interception law changes that would require businesses to get consent from consumers in situations such as BT's secret Phorm trials and Google's collection of Wi-Fi data

SHARE:
TOPICS: Security
1

Any person or company intercepting communications without a warrant will have to get the consent of both parties involved, under proposals made by the Home Office on Tuesday.

Ripa Home Office

Changes to Ripa will apply fines to "unintentional acts" of unlawful interception, according to the Home Office. Photo credit: Nathan Collins/Flickr

The Home Office is in the process of amending the Regulation of Investigatory Powers Act 2000 (Ripa), and it carried out a consultation in November 2010 on the subject. It was forced to make the amendments by the European Commission, which said the UK had not correctly transposed the E-Privacy Directive of 2003 into national law.

Under the proposed amendments (PDF), any business carrying out interception to provide 'value-added services' will require the consent of the sender and intended recipient of the communication. 

The maximum penalty for unlawful interception will be increased from £5,000 to £50,000, and this penalty will apply to "unintentional acts" of unlawful interception, the Home Office said. The rules will now cover any person or organisation, not just communication service providers.

Ripa amendments' effect

The Home Office's consultation took place as many in the industry were debating the actions of companies such as BT and Google. BT had carried out secret trials of a service called Phorm, which tracked BT customers' browsing in order to serve up better advertisements, and Google's Street View cars had — unintentionally, according to Googlerecorded information from people's Wi-Fi connections.

In theory, the amendments to Ripa would make both of these actions more clearly illegal. However, according to Alexander Hanff of Privacy International, this will not be the effect.

The revised Ripa doesn't offer any real protection. It introduces 'unintentional interception', which doesn't make any sense.

– Alexander Hanff, Privacy International

"It [the revised Ripa] doesn't offer any real protection — it introduces 'unintentional interception', which doesn't make any sense," Hanff told ZDNet UK. "It gives companies a 'get out of jail free' card. [Companies engaged in] commercial interception will now offer a defence of unintentional interception for a minimal fine."

Hanff, who has always argued it would have been impossible for the Street View data collection to be truly accidental, said the maximum fine of £50,000 was so low as to make no difference to large businesses. "Companies will continue to break the law because the liability is so limited it doesn't act as a deterrent," he said.

Read this

Commission refers UK to court over privacy laws

The European Commission has asked the ECJ to rule on whether the UK's privacy laws are adequate, in a case that began with complaints about BT's trials of Phorm advertising technology

Read more+

The Home Office met with civil society groups in December 2010, after complaints from those groups that they had not been involved in the Ripa consultation. However, Hanff said, Home Office representatives did not offer answers to any of the groups' questions; a key one of those questions related to the idea of strict liability, which has not turned up in the Home Office's new amendments.

Without strict liability, Hanff said, prosecutors will have to prove intentional guilt on the part of companies engaged in interception. "The Crown Prosecution Service won't prosecute because they don't have the funds and would argue it was not in the public interest to prosecute," Hanff said.

Parliament will now have to pass the amendments by affirmative resolution if they are to come into force.


Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.

Topic: Security

David Meyer

About David Meyer

David Meyer is a freelance technology journalist. He fell into journalism when he realised his musical career wouldn't pay the bills. David's main focus is on communications, as well as internet technologies, regulation and mobile devices.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Those specifics about how to avoid intercepting communication such as with wireless telephones is the major difficulty.
    brentpieczynski