Out-Law / Your Daily Need-To-Know

Out-Law News 1 min. read

Draft law sets deadlines for ISPs and telcos to intercept traffic


A draft law published this month sets out the rules on interception of communications by ISPs and telcos under the Regulation of Investigatory Powers (RIP) Act of 2000. If the new Order is passed in its current form, it will come into force on 1st August 2002.

The draft RIP (Maintenance of Interception Capability) Order of 2002 only applies to those who “intend” to provide a public telecommunications service – including mobile phone operators and ISPs – to more than 10,000 persons in the UK. It also applies to postal services.

A notable exclusion from the draft Order is any business that provides "a public telecommunications service in relation to the provision of banking, insurance, investment or other financial services."

The Secretary of State has the power to give any service provider caught by the Order a notice requiring it to maintain an interception capability. The service provider then has a period of 28 days in which to seek help from the Technical Advisory Board, a body provided for by the RIP Act but yet to be established.

Another draft Order, the RIP (Communications Data: Additional Public Authorities) Order of 2002, also published this month, controversially extended the list of bodies that have authority to access the personal information that flows through ISPs and telcos. If passed, local councils, the NHS and even the Post Office will have authority to obtain interception warrants.

Under the Maintenance of Interception Capability rules, when a service provider is informed that the interception of an individual or business has been “appropriately authorised,” it has just one working day in which to begin interceptions of all communications and related communications data authorised by the interception warrant and “to ensure their simultaneous (i.e. in near real time) transmission to a hand-over point within the service provider’s network as agreed with the person on whose application the interception warrant was issued.”

Among other obligations, the service provide must ensure:

  • “filtering to provide only the traffic data associated with the warranted telecommunications identifier, where reasonable”;
  • that its system can cope with the simultaneous interception of the communications of up to 1 in every 10,000 users;
  • that the reliability of its interception capability is at least equal to the reliability of its main service provision; and
  • "that the intercept capability may be audited so that it is possible to confirm that the intercepted communications and related communications data are from, or intended for the interception subject, or originate from or are intended for transmission to, the premises named in the interception warrant.”

See:

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.