Thursday, May. 11, 2000
Brits to spy on the Net
By JILL LAWLESS-- The Associated Press
LONDON (AP) -- To civil libertarians, it smacks of Big Brother.com.
The British government plans to set up a multimillion-dollar spy center capable of tracking every e-mail and Internet hit in the country -- a move it says will help fight cybercrime, but which civil libertarians contend heralds the arrival of an Orwellian state.
The new cyber-snooping base, which will bear the unassuming title of Government Technical Assistance Center, reportedly will be housed within the fortress-like London headquarters of the MI5 spy agency.
It will be established as part of the Regulation of Investigatory Powers Bill, expected to become law this fall.
"We regard it as an outrageous piece of legislation," said Yaman Akdeniz, director of the watchdog group Cyber-Rights and Cyber Liberties.
As part of the bill, Internet service providers will have to establish secure channels to transmit information about Internet traffic to the government cyber-center.
The bill also gives law enforcement authorities the power to demand that Internet users hand over the keys to decode encrypted messages. Encryption is commonly used by business and in e-commerce transactions to protect credit card numbers and other sensitive information.
Civil liberties groups argue the legislation sets a sinister precedent by requiring individuals and companies to prove they cannot hand over encryption keys or face prosecution.
"The bill creates a new offense -- not providing this information to the government," Akdeniz said. "It will be incompatible with the European Convention on Human Rights in terms of self-incrimination and a switch in the burden of proof."
The legislation is wending its way through Parliament, but the government already has established a so-called encryption coordination unit to oversee creation of the $40 million spy center.
The government argues the bill protects individual rights, setting out strict conditions under which law enforcement agencies can demand keys to unlock encrypted data or intercept records of Internet traffic.
"The bill does not give the authorities any new powers to obtain material which they cannot already do," said Home Office Minister Charles Clarke, the Cabinet minister responsible for the project.
"Accusations that the bill reverses the burden of proof are simply wrong. Innocent people are not going to suffer under these proposals."
Although authorities must obtain a warrant before demanding access to information, critics argue the grounds for getting one are vague. In addition, they say warrants should be issued by judges instead of by Cabinet ministers, as provided for by the bill.
Internet service providers have expressed concerns about the cost to the industry of complying with the new regulations -- estimated at $32 million -- and of the vagueness of the rules.
Some predict the new rules will also scare Internet users away from encryption technology, dealing a blow to the government's stated aim of making Britain a hotbed of e-commerce.
"Everything in the bill is a little bit undefined," said Roland Perry, regulation officer for the London Internet Exchange, a grouping of some 100 service providers.
"Who needs to sign the bits of paper, what they might be requesting -- there's a national standard for that negotiated between industry and law enforcement, and if we're not careful this bill might throw all that away," he said.
While countries like China and Singapore monitor their citizens' Internet use, Akdeniz says the British government's move is unprecedented in Europe.
"Of course, the government has to improve law enforcement techniques and adapt to information technology," he said. "But that doesn't mean they have to turn it into an Orwellian state. We are moving toward Big Brother."
Britain's Internet service providers already must tread more carefully than their counterparts in some other parts of the world, including the United States.
In March, Internet service provider Demon Internet Ltd. apologized and agreed to pay damages in an out-of-court settlement with a man who said he was libeled by items posted on a Web site.
The case was seen as setting a precedent that service providers could be considered publishers and held responsible for information transmitted on their networks.
In the United States, by contrast, the Supreme Court ruled this month that service providers are not legally and financially liable when someone is defamed in e-mail communications or bulletin board messages.