240 likes | 387 Views
2006-7. 2. ISP liability. Traditional communications carrierMere conduit?Unjust, unreasonable, impractical otherwiseErosion of conduit immunity'Regulation of offensive materialSelf-regulation of Internet unworkable. 2006-7. 3. Issues for ISPs. Content liability e.g. defamationSee Godfrey v De
E N D
1. ACE2159 ICT & the Law ISP Liability & RIPA
2006-7
2. 2006-7 2 ISP liability Traditional communications carrier
Mere conduit?
Unjust, unreasonable, impractical otherwise
Erosion of ‘conduit immunity’
Regulation of offensive material
Self-regulation of Internet unworkable
3. 2006-7 3 Issues for ISPs Content liability e.g. defamation
See Godfrey v Demon case
IPR
Crime detection & surveillance
Jurisdiction
E.g. Yahoo case – Nazi memorabilia
Offensive material
‘Notice & Take Down’ actions
ISP not automatically liable if takes prompt action to remove/block material
But must not act in overly protective manner
4. 2006-7 4 What should ISPs do? Ensure users not doing anything illegal
Reasonable steps/adequate measures
Procedures to rapidly remove material or block access
Have ‘acceptable use policy’
Have legal disclaimers on website
Specify applicable jurisdiction in event of dispute
5. 2006-7 5 Interception & monitoring of communications Regulation of Investigatory Powers Act 2000 (RIPA)
Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000
Important related act
Terrorism Act 2006
Includes incitement through web sites and e-mail communications
6. 2006-7 6 Regulation of Investigatory Powers Act 2000 (RIPA) Provides & regulates use of certain investigatory powers
For use by public authorities
Also
Updates law on interception of communications
Takes into account changes in technology e.g. the Internet
Includes other investigatory techniques
New powers re criminal use of encryption
7. 2006-7 7 RIPA Claims is consistent with Human Rights Act 1998
Creates system of safeguards
Reflects requirements of Article 8 of European Convention of Human Rights
5 parts
Powers in relation to specific techniques & establishing systems of scrutiny
8. 2006-7 8 RIPA Part 1 2 chapters
Interception of communications
Updates Interception of Communications Act 1985
Acquisition & disclosure of communications data
9. 2006-7 9 RIPA Part 1 Chapter 1 Interception of communication
In course of transmission
By postal service or telecommunications system
Warrant required for interception
Personally authorised by Secretary of State
Must be proportionate & necessary
In interests of national security
For purpose of preventing/detecting serious crime
For safeguarding economic well-being of UK
10. 2006-7 10 RIPA Part 1 Chapter 1 Material derived from interception warrants cannot be cited as evidence in court
Interception Code of Practice
Guidance on procedures
Interception of Communication Commissioner
Interception can lawfully take place without warrant in certain circumstances
11. 2006-7 11 RIPA Part 1 Chapter 1 Communication Service Providers (CSPs)
Must provide assistance if warrant issued
May have to maintain permanent interception capability
Obligations imposed
In Regulation of Investigatory Powers (Maintenance of Interception Capability) Order 2002
Notice served by Secretary of State on CSP
Obligations of CSPs
Postal, telecommunications, Internet
12. 2006-7 12 RIPA Part 1 Chapter 2 Acquisition & disclosure of comms data
Conduct involved
Legislative framework
Duties & responsibilities of parties for
Requisition
Provision
Handling
System of safeguards
Article 8 of Human Rights Act
13. 2006-7 13 RIPA Part 1 Chapter 2 Definitions of Communications data
Traffic data
e.g. ID information of person, apparatus, location; packets of data indicating which communications attach to which
Use of service data by any person
e.g. itemised telephone records
Any other information
e.g. subscription information
14. 2006-7 14 Disclosing data Test of ‘necessity’
National security
Preventing/detecting crime or disorder
Economic well-being of UK
Public safety
Public health
Assessing/collecting tax, duty etc.
Emergency – death or injury of person
15. 2006-7 15 Obtaining data Authorisation
By public authority
Person must be in same authority as authorising officer e.g. police
Restricted period: 1 month
Notice
Served on data holder
Supply within ‘reasonable’ time
Civil proceedings if not complied with
Cancelled as soon as possible
16. 2006-7 16 RIPA Part 1 Chapter 2 Cost
CSPs can recover some costs
Code of Practice
Statutory code
Application for authorisation
Independent Tribunal
Oversees operation
17. 2006-7 17 RIPA Part 2 Provides statutory basis for interceptions
Regulates use of techniques by
Codes of Practice
Has standard forms for applying
Use by public bodies
Separate arrangements for
Police
Intelligence services
Armed forces
MoD
Customs & Excise
18. 2006-7 18 RIPA Part 3 Encrypted data
Use by criminals to evade detection
Allows lawful access to such data in intelligible form
National Technical Assistance Centre (NTAC)
Decoding of encrypted data
Lawfully intercepted/seized data
19. 2006-7 19 RIPA Part 4 Investigatory Powers Tribunal
Considers complaints against intelligence services, public authorities etc. in respect of RIPA
Also Section 7 of Human Rights Act 1998
20. 2006-7 20 Objections Mass surveillance – ‘big brother’?
“On average, one in every two interception warrants which I issue, results in the arrest of a person involved in a serious crime”
Jack Straw, Home Secretary 1997-2001
1998: 2031 warrants issued
Very small fraction of all communications intercepted
For most serious cases
21. 2006-7 21 Objections ‘Black boxes’ for all ISPs?
ISPs are NOT required to monitor all Internet traffic
Interception of content (RIPA Pt 1 Ch 1) treated separately from provisions of comms data (Pt 1 Ch 2)
Content
CSP must maintain intercept capability via a notice
Communications data
Government does not require installation of equipment for monitoring
22. 2006-7 22 Objections Snooper’s charter?
No new powers, just statutory footing
Authorities using powers will be identified, activities controlled/regulated
Office of Surveillance Commissioners
Independent body of judges
Draconian decryption powers?
No new powers to obtain material
Allows authorities to read material
23. 2006-7 23 Objections Disclosure of keys?
Encryption keys only required in special circumstances
Cost?
Minimal
Cost recovery to some extent
24. 2006-7 24 International Aspect Other countries require CSPs to maintain interception capability
France, Netherlands, Sweden, USA, Canada, Australia
International standards
E.g. International User requirement for the Lawful Interception of Communications
Adopted by EU states in 1995
EU Justice & Home Affairs Council recognised lawful access to encryption keys necessary
25. 2006-7 25 RIPA in practice in HE Recommendations for HE & FE
No blanket licence to monitor communications
Covers all authorised users of institution’s communications system
Institution must have policy
Internet/e-mail or general communications
Must state limits
Must have appropriate disciplinary procedures
All users must be made aware of policy
Must have adequate technical barriers
E.g. login names & passwords