Draft law sets deadlines for ISPs and telcos to intercept traffic

The draft RIP (Maintenance of Interception Capability) Order of 2002 only applies to those who “intend” to provide a public telecommunications service – including mobile phone operators and ISPs – to more than 10,000 persons in the UK. It also applies to postal services.

A notable exclusion from the draft Order is any business that provides "a public telecommunications service in relation to the provision of banking, insurance, investment or other financial services."

The Secretary of State has the power to give any service provider caught by the Order a notice requiring it to maintain an interception capability. The service provider then has a period of 28 days in which to seek help from the Technical Advisory Board, a body provided for by the RIP Act but yet to be established.

Another draft Order, the RIP (Communications Data: Additional Public Authorities) Order of 2002, also published this month, controversially extended the list of bodies that have authority to access the personal information that flows through ISPs and telcos. If passed, local councils, the NHS and even the Post Office will have authority to obtain interception warrants.

Under the Maintenance of Interception Capability rules, when a service provider is informed that the interception of an individual or business has been “appropriately authorised,” it has just one working day in which to begin interceptions of all communications and related communications data authorised by the interception warrant and “to ensure their simultaneous (i.e. in near real time) transmission to a hand-over point within the service provider’s network as agreed with the person on whose application the interception warrant was issued.”

Among other obligations, the service provide must ensure:

• “filtering to provide only the traffic data associated with the warranted telecommunications identifier, where reasonable”;
• that its system can cope with the simultaneous interception of the communications of up to 1 in every 10,000 users;
• that the reliability of its interception capability is at least equal to the reliability of its main service provision; and
• "that the intercept capability may be audited so that it is possible to confirm that the intercepted communications and related communications data are from, or intended for the interception subject, or originate from or are intended for transmission to, the premises named in the interception warrant.”

See:

• The text of the draft RIP (Maintenance of Interception Capability) Order
• The text of the draft RIP (Communications Data: Additional Public Authorities) Order
• The text of the RIP Act