1 / 24

ACE2159 ICT the Law

2006-7. 2. ISP liability. Traditional communications carrierMere conduit?Unjust, unreasonable, impractical otherwiseErosion of conduit immunity'Regulation of offensive materialSelf-regulation of Internet unworkable. 2006-7. 3. Issues for ISPs. Content liability e.g. defamationSee Godfrey v De

sebille
Download Presentation

ACE2159 ICT the Law

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. ACE2159 ICT & the Law ISP Liability & RIPA 2006-7

    2. 2006-7 2 ISP liability Traditional communications carrier Mere conduit? Unjust, unreasonable, impractical otherwise Erosion of ‘conduit immunity’ Regulation of offensive material Self-regulation of Internet unworkable

    3. 2006-7 3 Issues for ISPs Content liability e.g. defamation See Godfrey v Demon case IPR Crime detection & surveillance Jurisdiction E.g. Yahoo case – Nazi memorabilia Offensive material ‘Notice & Take Down’ actions ISP not automatically liable if takes prompt action to remove/block material But must not act in overly protective manner

    4. 2006-7 4 What should ISPs do? Ensure users not doing anything illegal Reasonable steps/adequate measures Procedures to rapidly remove material or block access Have ‘acceptable use policy’ Have legal disclaimers on website Specify applicable jurisdiction in event of dispute

    5. 2006-7 5 Interception & monitoring of communications Regulation of Investigatory Powers Act 2000 (RIPA) Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 Important related act Terrorism Act 2006 Includes incitement through web sites and e-mail communications

    6. 2006-7 6 Regulation of Investigatory Powers Act 2000 (RIPA) Provides & regulates use of certain investigatory powers For use by public authorities Also Updates law on interception of communications Takes into account changes in technology e.g. the Internet Includes other investigatory techniques New powers re criminal use of encryption

    7. 2006-7 7 RIPA Claims is consistent with Human Rights Act 1998 Creates system of safeguards Reflects requirements of Article 8 of European Convention of Human Rights 5 parts Powers in relation to specific techniques & establishing systems of scrutiny

    8. 2006-7 8 RIPA Part 1 2 chapters Interception of communications Updates Interception of Communications Act 1985 Acquisition & disclosure of communications data

    9. 2006-7 9 RIPA Part 1 Chapter 1 Interception of communication In course of transmission By postal service or telecommunications system Warrant required for interception Personally authorised by Secretary of State Must be proportionate & necessary In interests of national security For purpose of preventing/detecting serious crime For safeguarding economic well-being of UK

    10. 2006-7 10 RIPA Part 1 Chapter 1 Material derived from interception warrants cannot be cited as evidence in court Interception Code of Practice Guidance on procedures Interception of Communication Commissioner Interception can lawfully take place without warrant in certain circumstances

    11. 2006-7 11 RIPA Part 1 Chapter 1 Communication Service Providers (CSPs) Must provide assistance if warrant issued May have to maintain permanent interception capability Obligations imposed In Regulation of Investigatory Powers (Maintenance of Interception Capability) Order 2002 Notice served by Secretary of State on CSP Obligations of CSPs Postal, telecommunications, Internet

    12. 2006-7 12 RIPA Part 1 Chapter 2 Acquisition & disclosure of comms data Conduct involved Legislative framework Duties & responsibilities of parties for Requisition Provision Handling System of safeguards Article 8 of Human Rights Act

    13. 2006-7 13 RIPA Part 1 Chapter 2 Definitions of Communications data Traffic data e.g. ID information of person, apparatus, location; packets of data indicating which communications attach to which Use of service data by any person e.g. itemised telephone records Any other information e.g. subscription information

    14. 2006-7 14 Disclosing data Test of ‘necessity’ National security Preventing/detecting crime or disorder Economic well-being of UK Public safety Public health Assessing/collecting tax, duty etc. Emergency – death or injury of person

    15. 2006-7 15 Obtaining data Authorisation By public authority Person must be in same authority as authorising officer e.g. police Restricted period: 1 month Notice Served on data holder Supply within ‘reasonable’ time Civil proceedings if not complied with Cancelled as soon as possible

    16. 2006-7 16 RIPA Part 1 Chapter 2 Cost CSPs can recover some costs Code of Practice Statutory code Application for authorisation Independent Tribunal Oversees operation

    17. 2006-7 17 RIPA Part 2 Provides statutory basis for interceptions Regulates use of techniques by Codes of Practice Has standard forms for applying Use by public bodies Separate arrangements for Police Intelligence services Armed forces MoD Customs & Excise

    18. 2006-7 18 RIPA Part 3 Encrypted data Use by criminals to evade detection Allows lawful access to such data in intelligible form National Technical Assistance Centre (NTAC) Decoding of encrypted data Lawfully intercepted/seized data

    19. 2006-7 19 RIPA Part 4 Investigatory Powers Tribunal Considers complaints against intelligence services, public authorities etc. in respect of RIPA Also Section 7 of Human Rights Act 1998

    20. 2006-7 20 Objections Mass surveillance – ‘big brother’? “On average, one in every two interception warrants which I issue, results in the arrest of a person involved in a serious crime” Jack Straw, Home Secretary 1997-2001 1998: 2031 warrants issued Very small fraction of all communications intercepted For most serious cases

    21. 2006-7 21 Objections ‘Black boxes’ for all ISPs? ISPs are NOT required to monitor all Internet traffic Interception of content (RIPA Pt 1 Ch 1) treated separately from provisions of comms data (Pt 1 Ch 2) Content CSP must maintain intercept capability via a notice Communications data Government does not require installation of equipment for monitoring

    22. 2006-7 22 Objections Snooper’s charter? No new powers, just statutory footing Authorities using powers will be identified, activities controlled/regulated Office of Surveillance Commissioners Independent body of judges Draconian decryption powers? No new powers to obtain material Allows authorities to read material

    23. 2006-7 23 Objections Disclosure of keys? Encryption keys only required in special circumstances Cost? Minimal Cost recovery to some extent

    24. 2006-7 24 International Aspect Other countries require CSPs to maintain interception capability France, Netherlands, Sweden, USA, Canada, Australia International standards E.g. International User requirement for the Lawful Interception of Communications Adopted by EU states in 1995 EU Justice & Home Affairs Council recognised lawful access to encryption keys necessary

    25. 2006-7 25 RIPA in practice in HE Recommendations for HE & FE No blanket licence to monitor communications Covers all authorised users of institution’s communications system Institution must have policy Internet/e-mail or general communications Must state limits Must have appropriate disciplinary procedures All users must be made aware of policy Must have adequate technical barriers E.g. login names & passwords

More Related