RIP Bill faces fresh attack

The British Chambers of Commerce (BCC) has warned the government that its proposals to allow the interception of emails by law enforcement agencies could expose businesses to breach of confidentiality charges.

In a letter to Home Secretary Jack Straw, BCC director general Chris Humphries called for a "number of amendments" to the Regulation of Investigatory Powers (RIP) Bill, which requires ISPs to install monitoring equipment allowing law enforcement agencies to intercept suspicious email.

Humphries is concerned that the Bill, currently before the House of Lords, could lead to leaks of commercially sensitive information if it is misused by individuals within law enforcement authorities, resulting in third-party claims against affected businesses. "Law enforcement agencies are made clearly liable in civil law for any loss resulting from their misuse or failure to secure a key," he said.

Claire Coleman, a lawyer in Denton Wilde Sapte's IT practice, said that legal claims could arise from third parties affected by information misuse if contracts do not state that legally issued warrants are an exception to confidentiality agreements. She advised companies to secure themselves against such claims by including a waiver in contracts for when encryption keys are demanded by law enforcement agencies.

The BCC is also calling on Westminster to amend the Bill, so that law enforcement agencies have to obtain an additional warrant to force an employee to hand over encryption keys. As the legislation stands, only one warrant needs to be issued to an ISP. This warrant is then valid for any subsequent ordering of employees of the ISP's customer to reveal decryption codes.

A BCC spokesman said: "We want to see a separate, judicially authorised warrant in addition to the one needed by an ISP as the proposed legislation currently stands, so the judges would have the opportunity to weigh up commercial sensitivities against the interests of national security."

First published in Computing