The Regulation of Investigatory Powers Act of 2000 – known as RIPA – was a controversial update to the law on the interception of communications, its aim being to take account of technological change such as the growth of the internet. Among other matters, RIPA regulates intrusive investigative techniques and gives law enforcement new powers which are intended to combat perceived threats from criminal use of encryption.
Three Codes of Practice will cover the use of interception of communications, covert surveillance, and covert human intelligence sources. Each of these Codes requires public consultation. The first of these, which covered the powers of law enforcement agents and the duties on “communication service providers,” such as telcos and ISPs, is still not in final form. The Government received 38 responses at consultation.
Among those expressing concerns, ICL (which recently re-branded as Fujitsu) requested that the draft code include more information on the Technical Advisory Board which is required by RIPA and which is meant to give help to communication service providers in complying with the requirements of interception of e-mail and internet traffic. The Board has not been set up yet. The legislation says that the Board will give "reasonably practical" assistance to communication service providers to give effect to an interception warrant – but ICL pointed out that this is ambiguous and wanted clarification of what it would mean in practice. ICL also wanted to know whether any facility existed for the independent verification of warrants which communication service providers receive and called for more information about the safeguards to be followed by the intercepting agencies.
Lobbying group EURIM requested more information in the code on potential costs, the technical upgrading that would be required etc., if served with an interception notice. EURIM also called for independent verification of interception warrants that have been served.
These concerns were echoed by other respondents, including BT, the Internet Service Provider’s Association, Thus and Vodafone. Reuters called for "confirmation" in the code that networks used solely for financial services would be exempt from the imposition of an interception notice – although this is not provided for in RIPA.
The Foundation for Information Policy Research said that it had decided not to provide a full response because it did not have confidence that the public consultation would be meaningful or effective. However, it briefly set out areas of concern including retention of intercepted material to secure the fairness of prosecutions, safeguards, protection afforded to confidential information (e.g. religious and medical matters) and guidance on the meaning of necessity and proportionality.