Investigatory Powers Bill

Written evidence submitted by Roland Perry, Director of Digital Trust CIC (IPB 33)

In summary, we are concerned about technology changes blurring the distinctions between public and private networks, and the lack of a civil remedy for unlawful interception on private networks, which if present would act as a deterrent against certain kinds of invasion of privacy by one member of the public against another.

1. Digital-Trust CIC campaigns for greater clarity in the law with regard to digital crime and abuse, to better protect victims and make it easier for the police and relevant victim-supporting NGOs to understand what tools they have at their disposal.

2. We also offer training and advice regarding digital abuse to criminal justice agencies and charities such as Women’s Aid and the National Stalking Helpline, and are also the secretariat for the Digital Crime APPG.

3. Although RIPA, and the IP Bill, are primarily about regulating the activities of the authorities and protecting the human rights of citizens, we are increasingly concerned about intrusions into the private lives of victims of Harassment, Stalking and Domestic Violence by other members of the public. Who could be, but are not limited to: current or former partners or disaffected colleagues.

4. At the time of RIPA, there were very few private data networks. The only one of any import was JANET, for education establishments. There was no wifi (BT Openzone was the first public wifi in 2002, and consumer wifi equipment started appearing from late 2002). Interception of Private Networks was largely confined to consideration of telephony on the subscriber’s side of the BT socket (both domestic and corporate). Where is the public/private boundary in a cellphone?

5. Private data networks are now commonplace especially in cafes, hotels, on board trains and buses. Although the provision of some (the entire installation, not just the backhaul) outsourced to public telecommunications operators. Should different rules apply to the activities of the wifi-providing establishment, depending on whether the provisioning has been outsourced or not?

6. Both RIPA and the IP Bill contain measures intended to protect the public from unlawful Interception of communications, by other members of the public, taking place on both Private and Public networks.

7. One noticeable change in the IP Bill is the removal of the Civil Remedy expressed in RIPA s1(3).

s1(3 ): Any interception of a communication which is carried out at any place in the United Kingdom by, or with the express or implied consent of, a person having the right to control the operation or the use of a private telecommunication system shall be actionable at the suit or instance of the sender or recipient, or intended recipient, of the communication if it is without lawful authority and is either-

(a)an interception of that communication in the course of its
transmission by means of that private system; or

(b)an interception of that communication in the course of its
transmission, by means of a public telecommunication system, to or
from apparatus comprised in that private telecommunication system.

8. We also note that the expression "person having the right to control the operation or the use of a private telecommunication system " is apparently widely misunderstood, and we believe it refers to the subscriber in a domestic situation, and an organisation’s IT department in a commercial or civic situation.

9. Given the framework established by the Lawful Business Regulations it’s unlikely that an individual would be given permission by their employer to covertly record their own phone calls, let alone those of others. It’s not quite so clear whether an employee working from home is covered by the LBRs, especially in as much as having a responsibility to disclose to callers that the calls might be recorded, and whether it’s the employee or the employer who has the right to control that home phone line.

10. The most likely circumstances for a remedy to be needed is when a person is "recording their own phone calls" at home, but later uses them as evidence to assist in the resolution of some kind of dispute, or as part of a course of conduct amounting to harassment.

11. We are also seeing an increase in the covert monitoring of the communications of intimates as part of a campaign of Coercive Control. That is, a person monitoring the communications of other members of the family, at home.

12. Changes in the way that technology is deployed have blurred the distinction between private and public networks. While for simplicity we are mainly describing telephone calls in this evidence, the same principles apply to emails and data held in various cloud services.

13. There is also a lack of clarity regarding what actions comprise interception, even though

"references to the modification of a telecommunication system
include references to the attachment of any apparatus to, or
other modification of or interference" RIPA s2(6)

is quite widely drafted.

14. We believe that greater clarity is essential, and would welcome the committee probing the Government’s intended policy starting by discovering which, if any, of the following activities are intended to be unlawful on account of involving modification or interference to relevant networks:

15. Installation of, and/or pressing "Record", on a device fitted to an extension socket, for the purpose of recording other people's calls.

16. Installing and using spyware on a smartphone to capture/record/ replay a mobile call
a) If it’s a phone you primarily use yourself, with the intention of recording callers.
b) If it’s a phone you have bought for a family member, but with the intention of being able to monitor both calling and called parties covertly.

17. Installing and using special software on a PC to capture/record a VoIP/Skype call

18. Setting up re-directs on an email account provided by a public telecoms operator and used by a
household member, so that you receive (in effect) a bcc: of every email sent to them.

19. Setting up a smartphone or other device to covertly receive a mirror of content which has been uploaded to a cloud service by someone else.

20. For the avoidance of doubt, we accept that the recording a phone call from an earpiece or speaker with a microphone, or by lifting an extension receiver and listening in person, are neither intended to be an unlawful interception under either RIPA or the IP Bill.

March 2016

 

Prepared 24th March 2016