Email interception law faces more delays

Technical issues are delaying the far-reaching Regulation of Investigatory Powers Act from being put into place, as ISPs call for government advice

A key part of the Regulation of Investigatory Powers Act (RIPA) that will force ISPs to store Internet traffic including Web addresses visited and emails is facing a major delay.

The delay is causing uncertainty among the UK's Internet Service Provider (ISP) industry over what technical measures they have to take to comply with the law, how much this will cost and how much the government is prepared to contribute. The law has been unpopular, receiving widespread criticism during its passage through parliament for its Big Brother-type measures; but ISPs say that now that it is unavoidable, they need guidance.

According to the Home Office Web site, the government had hoped to bring Chapter II, Part 1 of the Act into power before Easter, and a source close to the issue said that a date of 4 March had been planned.

But now, according to the Home Office, there is no chance of a March date. "We are aiming to implement this part of the Act as soon as possible after Easter," said a Home Office spokesperson. "We are continuing to work closely with service providers on the practical issues surrounding that part of the Act, and we can't comment further until we are sure there are no operational difficulties."

However, even "soon after Easter" may be an unattainable target. The technical advisory board, which is supposed to help iron out the technical issues surrounding the interception of all emails and Web traffic in the UK, has not yet been formed. After sustained pressure the government early last year agreed to include industry representatives on the 12-member committee, but legislation enabling the board to be assembled did not appear until December.

"Recruitment for the committee is ongoing," said a Home Office spokesperson, "and the post of chair was recently advertised." Until the technical board is formed and has time to figure out how the interception will be conducted, the Act cannot be enforced.

ISPs say technical issues have plagued this part of the act from the start. "Much of the delay has been due to the problem of figuring out how to overcome the technical difficulties," said Nicholas Lansman, secretary general of the ISP Association.

The main issues relate to how the data should be intercepted, and how it should be stored. "The media costs are very low," said Tim Snape, ISPA's spokesperson on the act. "But the storage issues are very complex. You have to store the media safely with such a protocol that only the right people can gain access. This means a mechanism for both the police and the data subject (which under the Data Protection Act would be anyone in the UK who had their data intercepted) to gain access.

"You can't just put it in a vault and forget about it. There has to be some way for people to see the data, but you also need to be able to anonymise some parts of it (under the Data Protection Act)," he said.

These are significant hurdles for any ISP or any other company treated as a Communications Service Provider under the Act, said Snape. The idea of a data warehouse has been suggested, but Elizabeth France, the Information Commissioner, ruled this out as "highly dangerous".

Who's watching you? Get the latest on spy networks such as Echelon and Carnivore, as well as privacy issues for companies and individuals alike, at ZDNet UK's Privacy News Section.

Have your say instantly, and see what others have said. Go to the ZDNet news forum.

Let the editors know what you think in the Mailroom.