Cyber-Rights & Cyber-Liberties (UK) Response to Better Regulation Task Force Review of E-Commerce, 12 October, 2000. Better Regulation Task Force Review of e-commerce, Regulating Cyberspace: better regulation for e-commerce, (PDF version) was published on 14 December, 2000. See also the Principles of Good Regulation and the related pages. The Government response to the Task Force review is published in March 2001.
So far we believe that the government through the Home Office and the DTI has not fully taken into account the Human Rights Act. We have witnessed the importance given to "business interests" over individual rights in the past and now with the recent publication of the DTI Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 under sections 4(2) and 78(5) of the Regulation of Investigatory Powers Act 2000. In our view, such regulations together with the RIP Act, will NOT contribute to the Government's aim of making the UK the best place for e-commerce by encouraging modern markets and confident consumers. In our view, there is nothing in the Government’s current policy that promotes confidence and trust in the Information Age. If the UK is to become the best place for e-commerce, it should also offer the best protection for individual rights and liberties.
We note the Better Regulation Task Force’s October 1999 Self-Regulation report which states that regulation should be "necessary, fair, balanced and command public support". Your report also identifies five principles against which to test the appropriateness and effectiveness of regulation. They are:
So far you have used these in all your work to judge the standard of existing or proposed regulations. Therefore, we hope you will apply the above principles to the
following government regulations:
Electronic Communications Act 2000
Regulation of Investigatory Powers Act 2000
The Home Office should commission an independent impact assessment of the effect of the Regulation of Investigatory Powers Act, 2000 (RIPA) on business confidence and investment, one year after its implementation.
The Home Office should commission an independent impact assessment of the effect of the Regulation of Investigatory Powers Act 2000 (RIPA) on business confidence and investment, one year after its implementation.
Accepted in part. The Government notes the clarification, within the "Regulating Cyberspace" Report itself, that the Task Force is referring to Parts I and III of RIPA and that any assessment should not only investigate the impact of the Act on business but also examine whether the legislation is effective in meeting its aims. This is important. The Government agrees that a continuing review of the effectiveness of the Act is necessary.
The Government undertakes to keep the operation of Parts I and III of RIPA under review in order properly to assess the effectiveness of its provisions and their impact on business. The Government will consider whether an independent element might be introduced at an appropriate point. The Government would, though, make the following observations.
The implementation of the RIPA provisions of most interest to industry is being staggered. Industry will be kept closely involved with the Government in this process. There will be opportunities to comment on the secondary legislation which will give practical effect to the Act as it is developed. Consultation exercises have begun, and have included meetings with industry directly. The necessary orders will all require affirmative resolution in both Houses of Parliament before they come into force, and this will provide a further opportunity for industry to influence the practical requirements on them. Moreover, industry will have a continuing and significant voice in the way in which the Act operates. Under the terms of the Act, Communications Service Providers (CSPs) will make up half the Technical Advisory Board (TAB), to be established under section 13, which will advise the Secretary of State on the reasonableness of requirements imposed under section 12 of RIPA (maintenance of an interception capability by CSPs). The Government believes that the TAB will be well placed to assess the actual and perceived impact on industry of the relevant provisions of RIPA, and to ensure that unreasonable burdens are not being placed on business through the Act.
As the Task Force has recognised, a number of changes were made to RIPA during its Parliamentary passage, specifically to address the concerns of business. The Government is not complacent though about the amount of work still to be done in this area. The question of the perception of RIPA’s impact on business (highlighted by the Task Force) is, the Government recognises, a crucial one. That is why the Government will continue to take every opportunity to address misconceptions about the Act which still appear in a number of arenas.
The Government welcomes the Task Force’s support for the RIPA’s intention to combat cybercrime. But this is not the sole aim of the Act. The legislation provides for, and regulates the use of, powers which are vital in combating serious crimes more generally, and threats to national security. As the Government stated in the Regulatory Impact Assessment for Part I of RIPA published in February 2000, these aims are highly valued but difficult to quantify. But any assessment of the effectiveness of the Act must be viewed in this wider context, having command of the full picture. It also means that any meaningful review will need to encompass the practical use of interception by the limited number of agencies empowered to utilise the relevant provisions of the Act. As the Task Force will recognise, interception is, by its very nature, a covert intelligence-gathering activity. There are sensitivities involved for the agencies carrying out interception operations. And there are, importantly, sensitivities too for CSPs. RIPA already provides for independent oversight of the interception power. The Interception of Communications Commissioner has a statutory responsibility to oversee the operation of the relevant provisions in Part I of the Act, and to publish an annual report. There is a similar statutory oversight mechanism for Part III.
UPDATE: ZDNet News, Government backtracks on encryption enquiry, 04 April, 2001.