Wholesale connectivity provider Entanet has published a new opinion piece on its website commenting on the UK government for rushing through legislation and without properly consulting the Internet industry or parliament about what is possible and practical.
The new Counter Terrorism and Security Bill (CTSB) is, the company states, another classic example of action being taken in response to a high profile (and in this case highly emotive) issue in the run-up to an election.
In the article, Paul Heritage-Redpath, Entanet Product Manager, states: “Unfortunately, once again parliament has failed to grasp the technical aspects of this issue. Not only have they confused Facebook (and Google) with ‘ISPs’, they seem to think that this new Bill will enable ISPs to ‘snoop’ on their customers’ social media posts – which isn’t the case. Facebook in particular encrypts all information, which means no UK ISP will be able to access this information, regardless of the new laws. The additional fact that Facebook is a US-based company decreases the likelihood that they will comply with any requests from the UK to change these practices.”
One of the concerns of the proposed new Bill is the fact that it will once again focus on the IP address to identify a user. The article states: “The government regularly calls on the industry to work with them, yet when we do they ignore our suggestions and concerns and then impose new regulations on us that will provide little benefit to the investigations. When are they going to learn to listen to us?”
ISPA has already voiced its disappointment that the Home Office did not consult with industry on proposals for IP matching, but has said it will work with its members to scrutinise and inform the legislation, notwithstanding that the “fast-track” process being used makes this challenging.
Heritage-Redpath also points out that previous efforts to introduce legislation covering the monitoring of email and other communications have been thwarted by concerns over privacy and the sheer enormity of the task.
Currently, ISPs are required to provide details of specific customer communications when requested to do so by the police or security agencies using a RIPA (Regulation of Investigatory Powers Act) notice. ISPs do not, at present, proactively monitor or scan customer communications for potential ‘illegal’ activity or terrorist threats.
Heritage-Redpath states: “We don’t have the legal power to do so and we, as ISPs, are not the police – therefore should not be making such judgements.”