Industry lambasts snooping law costs

The Home Office must say how much it will pay towards the black boxes that ISPs will have to install under the terms of the RIP Act, say ISPs and businesses

The UK government is facing a backlash from industry over its draft code of conduct for the Regulation of Investigatory Powers Act, which gives law enforcement officials the power to tap digital communications.

The criticisms are contained in feedback from industry groups to the government's draft code of conduct. Of particular concern is the government's refusal to detail how it will pay ISPs and other companies who will, under the Act, have to install "black boxes" in their premises that will allow police to intercept communications from employees and customers.

The draft code of practice governs how law enforcement agencies should go about authorising warrants under Part I of the Act, which requires communications providers to maintain a permanent interception capability.

Respondents to the draft code of practice highlighted the costs involved as one major issue. Another area of concern was the technical advisory board which the government is required to assemble to advise on how interception can practically be carried out.

BT, Vodafone and lobby group Eurim called for more clarity on the costs involved in complying with the Act. Vodafone suggested that, even if the code does not go into detail on costs, it should mention the fact that the Government had agreed to provide a fair contribution. Eurim, meanwhile, said it wanted more information to be provided in the code on the potential costs of the technical upgrading that would be required to comply with the Act.

Although the Home Office has said it will meet reasonable costs of intercepting communications under RIPA, industry representatives are worried that the final figure will not compensate them for the true costs.

Tim Snape, who chairs the law enforcement group at the ISP Association (ISPA), told ZDNet UK recently that the costs of intercepting could, in combination with the costs of logging data, which is being introduced in separate legislation, cripple small ISPs. "The actual data acquisition costs could be low," he said, "but the costs for data retention, processing, hand-over, billing, management and regulatory compliance will all be very high."

Although RIPA has a provision for ISPs to recover their costs, said Snape, this does not mean profit. "We don't want to be seen profiting from crime, so we have asked for just cost recovery," he said. "But because this means there will be a requirement to demonstrate costs, there will be a requirement to audit so the process of cost recovery will incur its own costs."

"RIPA says the secretary of state will make payments that are appropriate, but this means it is his calculation and that depends on how generous he is feeling at the time. We do know the Home Office is in the queue to the Treasury to see what sort of budget it has, but we have no idea how much."

The implication, said Snape, will be that the costs of complying with RIPA will be disproportionately damaging to small companies: "For the small company it is a killer, a complete killer."

Sources close to the negotiations say it has been suggested to the Home Office that the compensation to industry should merely cover the storage costs.

Just how the interception capabilities are built into ISPs and other communications providers will be worked out by a technical advisory board -- the second area of concern for respondents to the draft. Eurim, ISPA, and the CBI were among the organisations to call for more clarity on the board, which has to agree to the wording of the draft before Part I of the Act can be implemented. A spokeswoman at the Home Office said the government is still in the process of recruiting the 12 members of the board and still has no chairman.

Other groups raised yet more areas of concern. The Law Society of Scotland argued that the Interception of Communications Commissioner should sanction any requests to intercept legally privileged material, and quash such authorisations if necessary.

Meanwhile telco Thus said a second round of public consultation should be commenced before the code is finalised.

Who's watching you? Get the latest on spy networks such as Echelon and Carnivore, as well as privacy issues for companies and individuals alike, at ZDNet UK's Privacy News Section.

Have your say instantly, and see what others have said. Go to the ZDNet news forum.

Let the editors know what you think in the Mailroom.