from cnn.com, October 5, 2000
Snoop Law May Conflict With
EU Human Rights Act
by Laura Rohde
(IDG) -- Trade unions are concerned that portions of the new surveillance bill granting the U.K. government sweeping powers to access e-mail and other encrypted Internet communications may be in conflict with the Human Rights Act, both of which became U.K. law on Monday, Oct. 2.
"The bulk of the Act came into effect at the same time as the Human Rights Act, in part because we were making sure RIPA was completely compliant with the Human Rights Act," said a Home Office spokesman.
Though Parts 1 and 4 of the Regulation of Investigatory Powers Act 2000 (RIPA) became law on Monday, the most controversial parts of the law, including e-mail interception and encryption laws, do not take effect until later.
For example, beginning Oct. 24, companies can have "routine access" to tap phone calls or open e-mails sent by their employees without the employee's knowledge or consent, according to the Department of Trade and Industry (DTI), the government agency overseeing that particular aspect of RIPA.
But already, some unions are questioning whether that comes into direct conflict with Article 8 of the Human Rights Act, the right to privacy portion that asserts that "everyone has the right for his private and family life, his home and his correspondence."
"We can't see how the two laws don't come into conflict," said Trades Union Congress (TUC) Spokeswoman Sarah Veale. The TUC represents a variety of different unions within the U.K.
"We think it is quite likely a union will instigate a court challenge soon," Veale added.
The Human Rights Act, established by the European Union and incorporated into U.K. law, now allows U.K. citizens to go directly to U.K. courts to ensure that their basic human rights are being met. Since 1966, citizens have had to go through the much longer process of taking complaints to the European Court of Human Rights to seek redress.
The DTI issued its draft regulations on Tuesday for the portions of RIPA that will go into effect on Oct. 24. These outline cases in which business and public authorities are allowed to record or monitor communications without the caller's consent. These include simply "gaining routine access to business communications" as well as "monitoring standards of service and training" and combating crime, and the unauthorized use of company systems.
"These draft regulations need to strike the right balance between protecting the privacy of individuals and enabling industry and business to get the maximum benefit from new communications technology," said Minister for e-Commerce and Small Business under DTI, Patricia Hewitt, in her official statement.
The DTI acknowledged that the draft regulations had included clauses demanding caller consent for e-mail and phone tapping (except in cases concerning criminal investigations, or the monitoring of activities such as downloading pornography), but the clause was pulled when businesses complained.
The TUC argues that the regulations would give bosses too much power over their employees and is calling for a "code of practice." "It would have to be issued by the government, but after consultations with lawyers and the TUC," Veale said.
Specifically, the TUC wants to make sure that bosses are not allowed to "go on fishing expeditions" for private employee information and also want the prior notification rule reinserted into the act, Veale said.
Another controversial provision of RIPA, which is not expected to be enacted until "later in 2001," according to the Home Office, is Part 3, allowing the U.K. government -- specifically the Home Office and its head, the Home Secretary (a post currently held by Jack Straw) -- to demand encryption keys to any and all data communications, with a prison sentence of two years for those who do not comply with the order.
Also expected in 2001 is the enactment of what is known as the ISP (Internet service providers) provision, requiring ISPs in the U.K. to track all data traffic passing through their computers and route it to the Government Technical Assistance Center (GTAC). The GTAC is being established in the London headquarters of the U.K. security service, MI5 -- the equivalent to the Federal Bureau of Investigation (FBI) in the U.S.