IOCA99 Response by Cyber-Rights & Cyber-Liberties (UK)

INTERCEPTION OF COMMUNICATIONS IN THE UK

A consultation paper

SUBMISSION TO THE

HOME OFFICE

Cyber-Rights and Cyber-Liberties (UK)

A Non Profit Civil Liberties Organisation

August 1999

(For the press release of this submission see the Interception of Communications section)

1. Cyber-Rights & Cyber-Liberties (UK) (http://www.cyber-righs.org), is a non profit civil liberties organisation. It was founded with the aim of promoting free speech and privacy in regard to the Internet. The Board Members of Cyber-Rights & Cyber-Liberties (UK) welcome the government review but like the Select Committee on Trade and Industry in its paper, Report on Building Confidence in Electronic Commerce (1998-99 HC 187) regret that it was a secretive review. We also regret the lack of empirical evidence for most of the conclusions, especially the claim by the Home Secretary in his foreword that “sophisticated criminals and terrorists have been quick to put the new technology to use”.

2. At the outset, we would not accept that interception is “crucial”, unlike the assertion of the Home Secretary in the Foreword to the Consultation Paper. Interception is important but not “crucial”. If it is so crucial, then why cannot the evidence be used in court? It cannot be crucial to a prosecution by reason of this limitation.

3. The obvious reason why most complaints are not from the subjects of interception is that the fact of interception is never revealed (Consultation Paper, para.1.9). This decreases substantially the chances of abuse ever being uncovered. The retrospective review by the Tribunal or Commissioner is far less likely to spot errors. This limitation raises the issue of whether there should be a mechanism for informing the subjects of surveillance. In common with many Continental European systems, we believe there should be. It is a vital safeguard in practice and in principle respects the autonomy and dignity of the individual. The failure to grant this right will cause continuing problems in respect of inter-state law enforcement (as hinted at in chapter 6). At the same time, if the information is withheld until the investigation is concluded (or perhaps after a specified lapse of time after the surveillance and in circumstances where no legal action has been taken), there should be no significant damage to law enforcement concerns.

4. The proposal for a single legal framework regardless of means of communication is to be welcome (Consultation Paper, para.4.1). It should be emphasised that it should be specified in law what are the powers and procedures. By contrast, the attempt to regulate by codes of practice (such as those issued by ACPO earlier this year) is not acceptable and cannot comply with the demands of the Human Rights Act 1998 (as NCIS for one seems to recognise). The point was made clearly by the European Court of Human Rights as long ago as Malone v UK (Application No. 8691/79, Ser. A. vol. 82) before the enactment of the 1985 legislation. At the same time, it is not clear why there is an exception for “communication data” (Consultation Paper, chap.10). The fact and pattern of traffic is as much a matter of personal preference (including preference as to the level of privacy protection) as the content of a message. Communication data should be subject to the standard legal rules, as seems to be required by the case of Malone v UK (para.56, though the Court did not take a decision in this respect). Furthermore, the consultation paper is defective as it does not address all the forms of surveillance covered by the ACPO codes. There arises a concern that just as fixation on one form of interception (on public telecommunications systems) has become untenable, so fixation on the interception of messages (and not including for example the use of agents and informers) will also result in evasion of the rules.

5. The demand for assistance from ISPs (Consultation Paper, chap.5) is broadly in line with EC Council Resolution on the lawful interception of telecommunications (OJ C 329, 17 January 1995), though this Resolution is subject to proposed amendment (draft Council Resolution on the lawful interception of telecommunications in relation to new technologies (10951/2/98 - C4-0052/99 - 99/0906(CNS). These changes have been criticised by the Committee on Civil Liberties and Internal Affairs in a report on 23 April 1999 (see http://www.cyber-rights.org/interception/schmid-0243.htm). Accordingly, we have three concerns regarding this proposal:

One is that this change in UK law should accord with a pan-European timetable and that burdens on UK ISPs should not become more onerous than elsewhere. The February 1999 Recommendation of the Council of Europe “for the Protection of Privacy on the Internet” should also be taken into account while developing a policy for the ISPs (See Council of Europe Recommendation (No R (99) 5 of the Committee of Ministers to Member States, at <http://www.coe.fr/cm/ta/rec/1999/99r5.htm>).
Our comments are made without the benefit of feedback from the ISP industry and their respective trade organisations (ISPA and LINX). It may be that the technical and financial burdens which would fall on ISPs under the proposals are quite different in their impact from the corresponding burdens on telecommunications operators (typically much larger concerns). In that case the justification for the imposition of these burdens would need to be reviewed as the heavy financial burdens may push small scale Internet Service Providers (over 300 ISPs are currently present in UK) out of business; this would be an unacceptable price for limited law enforcement advantages. Such a requirement is also mentioned by the above mentioned draft Council Resolution - “The intention is not to constitute a legal framework that would force the Internet Service Providers to establish outside the Union because of the economic burden it imposes in respect of competitiveness.” (paragraph 3) Unreasonable burdens on the UK ISPs would be a disadvantage for the UK industry on a global scale especially within the European Union. The advantage to law enforcement is primarily one of convenience, since the same communications can already be intercepted on the telephone network. This advantage would not be justified if the effect were seriously burdensome to ISPs, as this would be damaging to the whole development of the Internet and electronic commerce (and disproportionately damaging to the UK because it is so far ahead of other EU member states).
A further point is that the imposition of significant burdens on ISPs is unlikely to be proportionate to the advantages obtained, because these are in any event bound to be quickly eroded by the continuing deployment of strong cryptography. A combination of steganography and communications sessions encrypted by transient keys will over the next two to three years nullify the advantages of extending interception to ISPs. The advance of these technologies is effectively beyond legislative control, and law enforcement bodies should be devoting their efforts to adapting their practical strategies to the new technical environment rather than trying to delay the incoming technical tide by ineffectual legislative means.

6. No convincing reasons are given for the failure to adopt procedures by which judicial warrants would replace executive authority. Judicial authorisation is supported by the principle of respect for individual rights and the separation of powers. The involvement of judges should increase the level of scrutiny because they have the training, experience and time to handle such decisions properly. They would also be more exacting, one would hope in terms of the documentation and evidence required in an application – the norm should be an application on oath. And there should be a requirement to report back to the issuing authority to show what has been done pursuant to the warrant (as for physical searches under the Police and Criminal Evidence Act 1984). Retrospective review of the total files for a year by the Commissioner is in comparison useless. The suggestion (para.7.2) that judges would be inappropriate because of the need for an executive officer to deal with cases of national security and economic well-being is wholly spurious. Most cases now arise from international crime (especially drugs) and so it is odd to set up a system which is reflective of a minority rather than a majority of cases. Furthermore, it is not clear why judges would be unable to deal with the two categories mentioned. Both subject areas fall within the scope of the existing powers to grant judicial warrants under the Official Secrets Act 1911 section 9 and the Official Secrets Act 1989 section 11. One should also question why there should be any interception which does not relate to criminal offences. The increase in the volume of warrants per annum must also cast doubt on the value of having the Home Secretary in charge. Are we really to believe that the Home Secretary has time to scrutinise carefully and individually somewhere in the region of five warrants every day of the year in addition to dealing with the renewal of some of the interception warrants from time to time (paragraph 1.7)? It is clear that the task is in fact delegated to others.

7. The system of oversight by the Commissioner and Tribunal has failed to reassure complainants or the public. The cases cited (especially Christie v United Kingdom, App. no. 21482/93, 78A D&R, Consultation Paper, para.2.10) are said to show that it is sufficient to comply with the European Convention. This may be arguable. These are Commission cases which have not been as fully argued as one would wish. Where similar arguments have reached the Court, the applicant has won (eg Chahal v UK, App.no. 22414/93, Reports 1996-V, (1996) 23 EHRR 413; Tinnelly v UK, App. nos. 20390/92 ; 21322/93, Reports 1998-IV, (1999) 27 EHRR 249). The effectiveness of oversight is particularly doubtful in the case of warrants for bulk interception, where an underlying certificate is used to specify the intercepted material which may be examined. Effect is given to the certificate by computer-based word searching of intercepted material, and the choice of words for searching is of course crucial in determining what is examined. There appears to be no oversight that ensures that the selection corresponds properly to what is specified in the certificate. The choice of search criteria, and the evidence on which that choice is based, should be examined as part of the authorisation and oversight process.

8. It remains unclear why the fruits of intercepts cannot be used in court (section 9 of the 1985 Act) - especially if such evidence is "crucial". Reasons cited against such use are not convincing or are unacceptable:

It is not a problem that intercepts are not supervised by judges. The same applies to all search warrants. Outside of Anton Pillar orders, we do not know of any requirement for a judge to supervise the execution of a warrant.
The notion that use in evidence would compromise the fact of interception (the usual reason given over the years might have been convincing 30 years ago, but the secret has been well and truly out in the open for far too long for that old argument to wash any longer. Strangely, the Cabinet Office Performance and Innovation Unit report, Encryption and Law Enforcement, more or less acknowledged this, suggesting that more openness might be a good thing in terms of justifying to the public the importance and necessity of interception.

As became clear from the decision of the House of Lords in R v. Preston ([1994] 2 A.C. 130), the statutory provisions for maintaining the secrecy of the fact of interception, and the narrowly expressed purpose of the power itself, have led to difficulties from the point of view of law enforcement in the use of intercepted evidence: all material must be destroyed as soon as its retention is no longer necessary for the prevention or detection of crime, which must usually be inconsistent with its retention for use in a prosecution. The secrecy of the process, and the vesting of the relevant power in the Executive rather than the Judiciary, have effectively prevented the development of a body of case law bearing on the substance of interception issues. Therefore, a further reform may be a needed in the form of the repeal of section 9 of the Interception of Communications Act 1985 as supported by the Lloyd Report on Terrorism Legislation in 1996 (Inquiry into Legislation against Terrorism (Cm.3420, 1996) (the Lloyd Report)). Usage in court (and the prior stage of disclosure) would also be a further valuable check against breach of due process during the collection process.

9. Chapter 6 deals with the international developments in relation to interception of communications. The unregulated (or even illegal) interception capabilities of the Echelon systems and the Enfopol proposals at a European Union level are no longer secret and have been brought to light by civil liberties groups and journalists around the globe. We call for transparency and openness in relation to the development and use of such unaccountable international systems, and for the adoption of safeguards no less stringent than for interceptions with a domestic element. Otherwise interception of international telecommunications amounts to nothing less than state-sponsored information piracy, and will inevitably operate as a constraint on the development of legitimate international co-operation in the prevention of crime.

The Board of Cyber-Rights and Cyber-Liberties (UK)

Principal author of this paper:
Professor Clive Walker, Deputy Director
CyberLaw Research Unit
Centre for Criminal Justice Studies
University of Leeds,
Leeds LS2 9JT.
Telephone: +44 (0) 113 2335033
E-mail: law6cw@cyber-rights.org

Other board members:
Mr Yaman Akdeniz, Director
Telephone: +44 (0) 498 865116
E-mail: lawya@cyber-rights.org

Mr Nicholas Bohm, E-Commerce Policy Adviser
Telephone: +44 (0) 1279 871272
E-mail: nbohm@cyber-rights.org

Dr Brian Gladman, Technology Policy Adviser
Telephone: +44 (0) 1905 748990
E-mail: brg@cyber-rights.org

Dr. Louise Ellison, Deputy Director
Telephone: +44 (0) 118 9875123 (ext: 7507)
E-mail: lawlee@cyber-rights.org

Go Back to Cyber-Rights & Cyber-Liberties (UK) Reports and Publications Pages