TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

BUSINESS
Playing for Iraq's jackpot

Coke & smoke bite Dow

Sun Microsystems posts tiny profit

(MORE)

MARKETS	4:30pm ET, 4/16
DJIA	144.70	8257.60
NAS	3.71	1394.72
S&P	10.90	879.91

SPORTS
Jordan says farewell for the third time

Shaq could miss playoff game for child's birth

Ex-USOC official says athletes bent drug rules

(MORE)

All Scoreboards

WORLD

Quake help not fast enough, says Indian PM

U.S.

Bush: No help from Washington for California power crunch

POLITICS

Bush signs order opening 'faith-based' charity office for business

LAW

Prosecutor says witnesses saw rap star shoot gun in club

ENTERTAINMENT

Can the second 'Survivor' live up to the first?

HEALTH

Heart doctors debate ethics of testing super-aspirin

TRAVEL

Nurses to aid ailing airline passengers

FOOD

Texas cattle quarantined after violation of mad-cow feed ban

ARTS & STYLE

Ceramist Adler adds furniture to his creations

(MORE HEADLINES)

MAINPAGE WORLD U.S. WEATHER BUSINESS SPORTS

TECHNOLOGY

computing personal technology

SPACE HEALTH ENTERTAINMENT POLITICS LAW CAREER TRAVEL FOOD ARTS & STYLE BOOKS NATURE IN-DEPTH ANALYSIS LOCAL
EDITIONS:
CNN.com Europe change default edition
MULTIMEDIA:
video video archive audio multimedia showcase more services

E-MAIL:

Subscribe to one of our news e-mail lists.
Enter your address:

DISCUSSION:

chat
feedback

CNN WEB SITES:

CNNfyi.com
CNN.com Europe
AsiaNow
Spanish
Portuguese
German
Italian
Danish
Japanese
Chinese Headlines
Korean Headlines

TIME INC. SITES:

CNN NETWORKS:

CNN anchors
transcripts
Turner distribution

SITE INFO:

help
contents
search
ad info
jobs

WEB SERVICES:

U.K. e-mail snooping bill passed

From...

by Laura Rohde

LONDON (IDG) -- The surveillance bill granting the U.K. government sweeping powers to access e-mail and other encrypted Internet communications passed its final vote in the House of Commons on Wednesday and is set to become law on October 5.

ALSO

U.S. senators propose Web privacy legislation

Among other provisions, the Regulation of Investigatory Powers (RIP) bill requires ISPs (Internet service providers) in the U.K. to track all data traffic passing through their computers and route it to the Government Technical Assistance Center (GTAC). The GTAC is being established in the London headquarters of the U.K. security service, MI5 -- the equivalent to the Federal Bureau of Investigation (FBI) in the U.S.

The House of Commons, which had already passed the RIP bill earlier in the year, voted to approve amendments added by the House of Lords on July 13. Mainly as a formality, the bill must now be signed by the Queen to receive its official passage into law with what is known as the Royal Assent.

Some U.K. ISPs and civil rights organizations have argued that the amendments are mainly cosmetic and do not adequately address the "Big Brother" powers granted to the U.K. government to access e-mail and other electronic data without a warrant.

Under the provisions of the RIP bill, the U.K. government -- specifically the Home Office and its head, the Home Secretary (a post currently held by Jack Straw) -- can demand encryption keys to any and all data communications, with a prison sentence of two years for those who do not comply with the order.

MORE COMPUTING INTELLIGENCE

IDG.net home page

Make your PC work better with these tips

ITWorld.com

E-BusinessWorld

TechInformer: The Thinking Internaut's Guide to the Tech Industry

Reviews & in-depth info at IDG.net

How-to and advice from IDG.net

Download free PC software from PCWorld.com

Questions about computers? Let IDG.net's editors help you

Product reviews and computing news from IDG.net

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

Furthermore, if a company official is asked to surrender an encryption key to the government, that individual is barred by law from telling anyone -- including their employer, be it senior management or security staff -- that they have done so. Guidelines for this "tipping-off" offense, as it is known, could leave an international company completely unaware that what it assumes is secure company data may be under investigation by MI5. Those violating the tipping-off offense can face up to five years in prison.

While U.K. employees are protected against the consequences of passing encryption keys or encrypted data to the government, that protection does not extend outside the U.K. to other jurisdictions, such as that of the parent company.

Civil liberties organizations are worried that the government's e-mail interception bill would grossly encroach on privacy, while businesses fear the law will force e-commerce companies to move operations to other countries, such as Ireland, which do not have such restrictions.

And ISPs in the U.K. are concerned that the cost of establishing the technology required by the RIP bill would be crippling. Some ISPs in the U.K., including PSINet, have said they will be forced by the RIP bill to move their operations out of the U.K. altogether.

On June 16, the House of Lords received an open letter signed by 50 organizations, asking that the bill be further amended or scrapped altogether. The letter, which in part reads: "We are deeply concerned that the bill will inhibit the development of the Internet and e-commerce," includes Esther Dyson, Consumers International and Amnesty International as signers.

The amendments added by the House of Lords -- while not changing any of the major provisions in the RIP law -- give the government the discretion to allow companies to turn over printed text rather than encryption keys. Furthermore, as with telephone wire taps, the Home Secretary must now personally approve in writing all interception warrants as well as financial compensation for ISPs required install monitoring equipment.

During Wednesday's debate in the House of Commons, Home Office minister Charles Clarke argued that the RIP bill will not harm e-commerce in the U.K. and that the law suffers primarily from a perception problem, caused mainly by alarmist reports in the media.

"Given the comments made in the overseas media, we must explain clearly what the Bill is and is not, and why we do not believe it poses a threat to e-commerce in Britain; on the contrary, it will help to achieve the government's aim of a strong and secure e-commerce economy, to which we are all committed," Clarke said to the House of Commons

Clarke stressed that "propaganda is needed" to re-educate the public about the provisions of the bill and asked the House with help in promoting "the interests of this country's businesses when the time comes."

The British Broadcasting Corp. has estimated that implementing the RIP bill will cost companies 46 billion pounds (US$69.9 billion) over five years, a claim that Jack Straw vehemently denied in a letter sent to the Financial Times on June 14 and posted on the Home Office Web site.

Some opponents of the RIP bill are pointing out that the technology provided for in the bill is already out of date and fairly simple to circumvent.

In an article for New Scientist magazine, Internet security experts Ian Brown, from the University College London, and Brian Gladman, a former employee for the Ministry of Defence, asserted that people (including criminals) can easily avoid the "black box." All users have to do is set up their own mail servers over which they then use prepaid mobile phones or free, anonymous Internet accounts.

"The powers for interception and for the seizure of encryption keys are technically inept," Brown and Glandman said.

The pair also pointed out that "it is very unlikely that the Government will install interception equipment at the many small ISPs since the overall costs of doing this will be high and the gains involved will be very limited. It is very likely that any interception capability will be at larger ISPs and this means that using a small ISP can reduce the likelihood that email is vulnerable to interception."