Forwarded From: William Knowles <erehwon@kizmiaz.dis.org>
http://www.sunday-times.co.uk/news/pages/sti/99/04/04/_e_stiinnnewa01006.html?1334425
(Sunday Times) [4.4.99] Police say that when new European laws are
implemented this summer it will be almost impossible to catch high-tech
criminals who use the Internet and mobile phones to plan crimes.
The European telephone directive will make it illegal for telephone
companies and Internet Service Providers (ISPs) to keep records of a
customer's use of the Net and his mobile phone unless the information is
needed for billing.
With the proliferation of free Net accounts and pre-paid mobile phones
this would mean tracking consumers' use of such services would be illegal
because no bills are involved. A criminal could contest any intelligence
the police gained, arguing that it was a breach of the Data Protection Act
1998.
Keith Akerman is head of the computer crime unit at the Association of
Chief Police Officers (Acpo). He believes that if fully ratified in
Britain, the new laws would hamper police attempts to combat criminals by
analysing their use of the Net and cellphones. He is planning, through
Acpo, to raise the issue with the Home Office before the new laws come
into effect.
"The new laws would have a huge impact on intelligence gathering," he
says. "They are far from helpful for both the police and the person being
asked to pass over information. There are many areas of doubt in the new
act that will require clarification.
"If the law is fully ratified it will be very regrettable indeed. I don't
want to be seen giving out advice to criminals, but anyone looking at the
new law - if it is ratified - will be given a pretty clear idea of how to
plan and execute crimes without the police being able to do much to stop
them."
At the moment police can take advantage of Section 28 of the Data
Protection Act to ask an ISP or mobile-phone operator to pass on details
about a suspect. With an inspector's signature on a standard form,
officers can find out what Net sites and newsgroups a suspect has visited.
If any of the suspect's recent e-mail or newsgroup postings are still
stored by the ISP, these can also be read. However, police normally obtain
a warrant first.
The same form can be used to ask a mobile-phone operator to supply details
of people a suspect has called and from where. This can prove where a
person was at the time of a crime and whether he has called people he
claims not to know.
Police forces across the country have come to rely on such details and are
worried the new laws will close down a useful source of information. They
are also concerned because the new proposals are confusing even the
experts.
Phil Jones, a telecommunications expert at the Data Protection Registrar,
says: "The new rules are tricky because they make a distinction between
traffic data and billing data, yet don't clarify what this means.
"It can be very difficult to separate billing and traffic data because
sometimes they can be seen as related. What is certainly true is that
telecommunications companies will not be able to keep records as they have
done without having good reasons to justify it.
"For example, if I am using a pre-paid mobile phone, then what reason
could the telephone operator possibly have for logging the calls I make
and from where?
"Similarly, with the Net, if I am not being charged for my browsing time
by my ISP, what right would they have to store information on sites I have
visited? They would not have any legitimate reason to track where I had
been and what I had looked at.
"The only way I can see mobile-phone operators or, more likely, ISPs
keeping data about users that the police could later request is if they
attach conditions to their free services. An ISP could say, for example,
that in return for free Net access it will collect data about customers'
browsing patterns for marketing purposes.
"However, they would have to make it clear to customers what data will be
held about them and the fact that the police could legitimately request to
see that information. They would almost certainly need to get customers to
sign a consent form."
Jones admits that the high priority attached to online privacy means that
most ISPs would be unwilling to act as the police's eyes and ears. Their
customers would see them as snoops.
The police and security forces are also concerned about encryption
technology that makes it hard for them to decode intercepted messages.
They had been urging the Department of Trade and Industry to push through
measures that would have required Net users to store with a third party
the keys that are used to decode e-mail. This company could then be called
on to decipher messages.
The proposed measures were seen as too draconian. The DTI is now proposing
two new offences in measures that will almost certainly be put before the
Commons later this year. These will make it illegal not to show deciphered
messages to a police officer with a warrant and will punish anyone who
tips off somebody else that police have asked for a key to decode their
messages.
The consultation period on the DTI's e-commerce bill ended on Thursday.
Critics are angry that the government dropped its unpopular "key escrow"
policy but then gave only three weeks, instead of the normal eight, to
allow interested parties to comment on new proposals.
The DTI claims the short consultation period was essential if the
e-commerce bill is to be read in the Commons before the end of the year.
Critics, however, have accused the government of trying to rush through a
"broken back" piece of legislation without properly consulting computer
users.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Hacker News Network [www.hackernews.com]
Received on Mon Apr 5 17:33:17 1999