[ISN] Internet law will protect criminals

From: mea culpa (jerichoat_private)
Date: Mon Apr 05 1999 - 10:48:31 PDT

  • Next message: mea culpa: "[ISN] The Anarchic Lure of Virus Writing"

    Forwarded From: William Knowles <erehwonat_private>
    
    http://www.sunday-times.co.uk/news/pages/sti/99/04/04/_e_stiinnnewa01006.html?1334425
    
     (Sunday Times) [4.4.99] Police say that when new European laws are
    implemented this summer it will be almost impossible to catch high-tech
    criminals who use the Internet and mobile phones to plan crimes.
    
    The European telephone directive will make it illegal for telephone
    companies and Internet Service Providers (ISPs) to keep records of a
    customer's use of the Net and his mobile phone unless the information is
    needed for billing.
     
    With the proliferation of free Net accounts and pre-paid mobile phones
    this would mean tracking consumers' use of such services would be illegal
    because no bills are involved. A criminal could contest any intelligence
    the police gained, arguing that it was a breach of the Data Protection Act
    1998.
     
    Keith Akerman is head of the computer crime unit at the Association of
    Chief Police Officers (Acpo). He believes that if fully ratified in
    Britain, the new laws would hamper police attempts to combat criminals by
    analysing their use of the Net and cellphones. He is planning, through
    Acpo, to raise the issue with the Home Office before the new laws come
    into effect.
    
    "The new laws would have a huge impact on intelligence gathering," he
    says. "They are far from helpful for both the police and the person being
    asked to pass over information.  There are many areas of doubt in the new
    act that will require clarification.
    
    "If the law is fully ratified it will be very regrettable indeed. I don't
    want to be seen giving out advice to criminals, but anyone looking at the
    new law - if it is ratified - will be given a pretty clear idea of how to
    plan and execute crimes without the police being able to do much to stop
    them."
    
    At the moment police can take advantage of Section 28 of the Data
    Protection Act to ask an ISP or mobile-phone operator to pass on details
    about a suspect. With an inspector's signature on a standard form,
    officers can find out what Net sites and newsgroups a suspect has visited. 
    
    If any of the suspect's recent e-mail or newsgroup postings are still
    stored by the ISP, these can also be read. However, police normally obtain
    a warrant first.
    
    The same form can be used to ask a mobile-phone operator to supply details
    of people a suspect has called and from where.  This can prove where a
    person was at the time of a crime and whether he has called people he
    claims not to know.
    
    Police forces across the country have come to rely on such details and are
    worried the new laws will close down a useful source of information. They
    are also concerned because the new proposals are confusing even the
    experts. 
    
    Phil Jones, a telecommunications expert at the Data Protection Registrar,
    says: "The new rules are tricky because they make a distinction between
    traffic data and billing data, yet don't clarify what this means.
    
    "It can be very difficult to separate billing and traffic data because
    sometimes they can be seen as related. What is certainly true is that
    telecommunications companies will not be able to keep records as they have
    done without having good reasons to justify it.
    
    "For example, if I am using a pre-paid mobile phone, then what reason
    could the telephone operator possibly have for logging the calls I make
    and from where?
    
    "Similarly, with the Net, if I am not being charged for my browsing time
    by my ISP, what right would they have to store information on sites I have
    visited? They would not have any legitimate reason to track where I had
    been and what I had looked at.
    
    "The only way I can see mobile-phone operators or, more likely, ISPs
    keeping data about users that the police could later request is if they
    attach conditions to their free services. An ISP could say, for example,
    that in return for free Net access it will collect data about customers'
    browsing patterns for marketing purposes.
    
    "However, they would have to make it clear to customers what data will be
    held about them and the fact that the police could legitimately request to
    see that information. They would almost certainly need to get customers to
    sign a consent form." 
    
    Jones admits that the high priority attached to online privacy means that
    most ISPs would be unwilling to act as the police's eyes and ears. Their
    customers would see them as snoops. 
    
    The police and security forces are also concerned about encryption
    technology that makes it hard for them to decode intercepted messages. 
    They had been urging the Department of Trade and Industry to push through
    measures that would have required Net users to store with a third party
    the keys that are used to decode e-mail. This company could then be called
    on to decipher messages.
    
    The proposed measures were seen as too draconian. The DTI is now proposing
    two new offences in measures that will almost certainly be put before the
    Commons later this year. These will make it illegal not to show deciphered
    messages to a police officer with a warrant and will punish anyone who
    tips off somebody else that police have asked for a key to decode their
    messages.
    
    The consultation period on the DTI's e-commerce bill ended on Thursday.
    Critics are angry that the government dropped its unpopular "key escrow"
    policy but then gave only three weeks, instead of the normal eight, to
    allow interested parties to comment on new proposals. 
    
    The DTI claims the short consultation period was essential if the
    e-commerce bill is to be read in the Commons before the end of the year.
    Critics, however, have accused the government of trying to rush through a
    "broken back" piece of legislation without properly consulting computer
    users.
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Hacker News Network [www.hackernews.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:21:50 PDT