Government consultations – Doublespeak in action
The UK Government is conducting what it calls a consultation into its proposed amendments to RIPA – specifically, amendments to ‘lawful interception’. This is not done by choice, but because it has to, by order of the EU.
It goes back to Phorm’s behavioural advertising system, and BT’s covert use of the system on its own customers without their knowledge, nevermind their approval. At the time, the Home Office had issued guidance suggesting that the Phorm system was legal. Privacy campaigners disagreed, complained and took the matter to the EU.
The EU decided that the UK had not ‘transposed’, that is, implemented, the EU privacy requirements adequately into UK law (the EU privacy requirements are contained in the European Data Protection Directive (95/46) and the E-Privacy Directive (2002/58).
Apparently, the UK did not transpose the E-Privacy Directive in toto because it believed that some of the conditions were already met within the Regulation of Investigatory Powers ACT (RIPA). Under RIPA, the Home Office believed that Phorm/BT’s opt-out (of interception) process is legal. But the EU’s position is that interception is only lawful under informed consent; that is, ‘opt-in’ rather than ‘opt-out’. The EU has consequently required the UK to bring its national laws into line with the EU Directives.
The UK’s proposed course of action is to amend RIPA.
RIPA makes provision for lawful interception without a warrant under certain limited circumstances. These include the provision in section 3(1) where both the sender and intended recipient of the communication give their consent to the interception, or where the person carrying out the interception “has reasonable grounds for believing” that consent has been given. The interception of communications will involve the processing of personal data, and it is important to ensure that there is clarity about the circumstances in which lawful interception can take place.
The current provisions do not provide the required clarity. This is because “reasonable grounds for believing” is open to different interpretations.
The UK proposes to amend RIPA so that it is clear that “interception will be lawful only where both parties to the communication give specific consent to the interception?” In other words, behavioural advertising must become opt-in by the user – that’s you and me. Our ISPs and behavioural advertising companies (take note, TalkTalk) will not be able to covertly monitor where we go and what we do on the internet without our specific approval.
It doesn’t mean that behavioural advertising is dead, because the ISPs could always push up their prices for anyone who doesn’t opt-in – but at least covert behavioural profiling is dead in the UK. Which might explain why Phorm is reducing its presence in the UK. Phorm’s Interim results for the six month period ended 30 June 2010 has the Chairman and CEO’s statement starting:
Operating losses for the six month period ended 30 June 2010 were $15.7m (six month period ended 30 June 2009: $15.0m). During this period, the Company underwent further restructuring, building up its operations in Brazil while reducing the size of the UK office to reflect the focus of our current operations…
So far the Government’s proposals seem to be a Good Thing. But the EU also requires that all unlawful interception should be subject to sanction. RIPA only has sanctions for ‘intentional interception’; spying on us by accident has been, well, not worth worrying about. But rather than make all unlawful interception subject to “imprisonment of up to two years and a substantial fine up to the statutory maximum”, the Government is now introducing a new civil sanction rather than extending the existing criminal sanction to include ‘unintended interception’.
The argument appears to be that since ISPs can be legally served warrants under RIPA to compel them to spy on us (legally) they should not be punished harshly if they accidentally spy on others of us who are not directly covered by the warrant. I don’t have too many concerns about this – after all, we all make mistakes. But it is not the courts who will decide, in public, whether an unlawful interception was intended or unintended – it is another of those unaccountable quangos: the Interception of Communications Commissioner (IoCC).
And this is where I do have a problem. Such quangos are not required to justify their actions in public – this one would merely
be required to take account of any representations made by the CSP before deciding whether to impose a penalty. Before imposing any penalty, the IoCC would also have to ensure that the penalty imposed and its amount was determined in accordance with all issued guidance.
In other words, a government-appointed quango will have the ability to take decisions secretly, and only be required to act ‘in accordance with all issued guidance.’ Guidance of the quality, I guess, of the earlier Home Office guidance saying that Phorm’s opt-out was perfectly legal.
This consultation provides a lesson in how to comply with European regulations without changing a thing: doublespeak in action.