The Three Minute Guide to RIP
This is John Naughton's Observer column from March 12th, 2000. It gives
STAND's concerns with the Bill rather better than we ever could.
Imagine: it's a dark night, and you are trying to get some cash from an ATM
machine. Suddenly you notice a large figure in uniform behind you.
Distracted, you mistype your PIN number. The machine demands you type it
again, so you do - and collect your money.
Then the figure puts his hand on your shoulder and you discover he's a
policeman. A large, unfriendly policeman. He says he has reason to suspect
you are up to no good and demands that you tell him your PIN number. You
refuse or, in the confusion, you can't remember it.
Before you know what's happening you've been arrested and are standing
before a judge. The charge? Failing to disclose your PIN number to a duly
authorised person. The fact that you cannot remember it is no defence. It is
assumed that you were up to no good - unless you can prove to the contrary.
You are sent down for two years.
Unbelievable? Couldn't happen in a liberal democracy? Well, I have news for
you.
Last week Jack Straw, New Labour's avuncular Interior Minister, introduced a
Bill into the Commons which aims to create an analogous situation in
relation to data encryption. A PIN number is analogous to a cryptographic
key such as you might use to protect your email - or confidential files on
your hard disk - from prying eyes. The Regulation of Investigatory Powers
Bill gives Mr Straw the power to demand you decrypt data on demand. Failing
to provide the key will be a criminal offence, with a maximum penalty of two
years in jail, and carries with it the presumption of guilt. You must
somehow prove you do not have the key. That you may have mislaid or
forgotten it will not be a defence.
And if, having suffered a miscarriage of justice under this statute, you
decide to complain in public, 'Liberal Jack' has another ace up his sleeve -
you can be sent down for a further five years!
Meanwhile, paedophiles and criminals, who really do have appalling stuff on
their disks and in their emails, will keep their mouths shut and take the
two years for refusing to decrypt on demand. After all, it's a better deal
than doing five to 10 years for a really serious offence.
There is more.
The Bill requires UK Internet Service Providers to install systems which
will allow Secretary Straw and his duly authorised goons to track
subscribers' communications traffic. That means every email you send - and
every reply you receive, plus information on every website you've visited,
every book you've bought from Amazon, every air-ticket you've purchased,
every piece of software you've ever downloaded. And if you have encrypted
your communications - well, see the last paragraph, but one above.
On what grounds might the Interior Ministry justify such an invasion of your
privacy? Here's a list from Section 20 of the Bill: national security (not
defined, of course); preventing or detecting crime; preventing disorder;
public safety; protecting public health.
Oh, and Mr Straw can lawfully authorise electronic snooping 'in the
interests of the economic well-being of the United Kingdom'.
Imagine how that last justification will play with foreign businesses
wondering whether to set up in e-commerce in the UK. And then ponder the
fact that the official line is to make the UK the most e-friendly state in
Europe by 2002. Joined-up government, my eye.
Meanwhile, the Irish government is legislating to make it illegal even for
it to snoop on Internet traffic, so if this Bill makes it to the Statute
book we can all move to Irish ISPs.
I wonder what Secretary Straw will do about that?
Reproduced with permission from the author.
john.naughton@observer.co.uk
For links and background see John's footnotes.
For STAND's more detailed (read: geeky) analysis, see our
RIP Notes