In the face of increasing pressure from privacy groups, business groups and ISPs, the government is backing away from some of the more controversial aspects of its email surveillance bill currently under consideration in the House of Lords.
The Home Office, which proposed and is overseeing the Regulation of Investigatory Powers (RIP) bill on behalf of the government, will send amendments on the bill to the House of Lords a spokesman for the Home Office told Digit.
The bill, which has already passed the House of Commons, would give the government sweeping powers to access email and other encrypted Internet communications.
"Yes, we've been listening to suggestions being made by the British Chambers of Commerce (BCC) and others, and with the amendments, we are trying to offer reassurances to industry while trying to maintain the balance of the bill," the Home Office spokesman said.
The government spokesman denied that Home Secretary Jack Straw is attempting to avert a revolt in the House of Lords, or that the move is a significant change of tactics for the government. "We've been making amendments to the bill throughout the process, as we do with any bill," he said.
The RIP bill - to get a second reading by the House of Lords at the end of the month - would require ISPs to track all data traffic passing through its computers and route it to the Government Technical Assistance Center (GTAC). The GTAC is being established in the London headquarters of the MI5.
Under the provisions of the RIP bill, the government - specifically the Home Office and its head, the Home Secretary - can demand encryption keys to any and all data communications with a prison sentence of two years for those who do not comply with the order.
Furthermore, if a company official is asked to surrender an encryption key to the government, that individual is barred by law from telling anyone - including their employer, be it senior management or security staff - that they have done so. Guidelines for this "tipping off offence," as it is known, could leave an international company completely unaware that what it assumes is secure company data may be under investigation by MI5.
While UK employees are protected against the consequences of passing encryption keys or encrypted data to the government, that protection does not extend outside the UK to other jurisdictions, such as that of the parent company.
The RIP bill already has 229 amendments that must be addressed by the House of Lords, but the government's new amendments are meant to address the more controversial aspects of the bill, the Home Office spokesman said.
"We want to make the definitions clearer. For example, we can request a list of Web sites visited from an ISP, just as we can ask the telephone company for a record of a person's phone calls. But if you open up those URL and see how a person has interacted with that site, that is very different, and it has never been our intention to obtain that sort of data," the Home Office spokesman said.
The government is not looking to back down from those aspects of the RIP bill which are coming under attack but wishes to clear up any confusion that may be causing concern within the business community, he said.
"The 'tipping off offence' is not something we envision being used frequently or widely, but it is necessary. There are times when our investigations are covert. But we fully understand the importance of those keys, and it is more important to reassure business and industry that the keys will be kept very secure," the spokesman said.
Civil liberty organizations are worried that the government's email interception bill would grossly encroach on privacy, while businesses fear the law will force ecommerce companies to move operations to other countries, such as Ireland, which do not have such restrictions. And ISPs. are concerned that the costs of establishing the technology required by the RIP bill would be crippling.
The BCC has estimated that implementing the RIP bill will cost industry £46 billion over five years, a claim that Jack Straw vehemently denied in a letter sent to the Financial Times on June 14 and posted on the Home Office Web site.