Invasion of privacy

On the surface it is a much needed way to police cyberspace, and meet the goring needs of regulation that so many feel is needed by the speed, scale and scope of internet growth.

Sadly, the act is flawed, and a growing number of groups, MPs and professional bodies are realising this. From The Guardian to Amnesty International, from professors at universities to leading IT directors, and from trade unions to The Internet Society, the opposition is large, and growing.

One of the reasons for opposing the RIP Act, is the total confusion it brings. This at a time when the government is proclaiming the UK to be at the very centre of e-world activity. In short, the RIP Act is at complete odds to the often stated policy to make Britain ‘the most e-friendly country in the world’.

Here are its main flaws:

  • Every UK internet service provider will have to monitor all data traffic passing through its computers – putting them at a disadvantage to competitors, just for being based in the UK.

  • There is a special centre being installed at MI5 London headquarters, to access all email traffic. While I appreciate MI5 will need a warrant to read an email, the government seems unaware the technology is different from tapping a telephone. This will mean MI5 will have unregulated access to logs of websites we access, discussion groups and addresses of all those with whom we correspond.

  • The act is at direct odds with the European Convention’s requirements about privacy. In particular, Section 46 of Part III of the bill gives the government the power to order the surrender of keys used to encrypt data. The only countries in the world with laws coercing disclosure of keys are India and Singapore.

  • The act reverses the burden of proof. People who have lost or forgotten the key will have to prove in a court of law they have done this – in other words they will be presumed guilty until proved innocent. Perhaps someone could advise me how I could prove that I have forgotten something?

  • The RIP Bill was accelerated through the Commons with industry virtually ignored. Submissions made were mostly hostile. Quite simply, most business leaders and industry experts do not have a clue over its implications.

  • The act puts us at a disadvantage with other countries, in particular America and Ireland, where many ISPs are likely to move.

There is a need to prevent and expose terrorist, paedophile and illegal activity, however the RIP Act is a classic sledge-hammer to crack a nut.

The volume of monitoring, additional resources and time consuming effort is huge. The idea of the internet is speed, with communications, knowledge and activity moving fast. We need a speedy solution to respond to this, and several groups have put forward clearer alternatives.

So where does this leave organisations, and what does the RIP Act mean for you? Quite simply, email and internet regulation works best with clear boundaries and self-regulation.

Beware of these areas in your company, on your website and email traffic.

My advice is to put in place a code of conduct. If you do, you will be less liable as a company but despite numerous inquiries, I have never had this confirmed, or denied.

Electronic communications through sites and email are no different from every other form, and there should be no need for complex guidelines, rules and restrictions. As long as everyone is clear on company policy, none of these potential dangers will grow out of hand. People must take personal ownership of their information and emails, even after sending.

Control, regulation and law of the internet is a difficult issue, and I am sure the principles behind the bill are honourable. However the RIP Act threatens the very future, freedom and success of UK plc, while failing to fulfil what it sets out to achieve.

  • David Taylor is president of Certus, the association for IT directors.


Information on other companies

Detail can be used in courts of law. Do not use email to discuss competitors, acquisitions or mergers, or to give opinions on another company. The word ‘confidential’ does not apply to electronic communication as it can always be accessed.

Information on individuals

Take great care, even with the facts. Also, avoid providing references by email.

Personal behaviour

This should cover access to website types (pornography, those deemed not to be in the best interests of UK). Let people use common sense. Many companies are concerned about the volume of non-work related email. The key words are guidelines and trust. Put in place a policy that gives freedom, but people know their boundaries on time and content. Control people, by giving them ownership and responsibility.

Related reading