Changes made to the Regulation of Investigatory Powers act could lead to ISPs being unable to properly manage traffic on their networks while allowing companies to snoop on private communications without fear of penalties, claims privacy advocate Alexander Hanff.
Speaking to thinq_ following his campaign to see the Regulation of Investigatory Powers Act reviewed in the wake of Google's Street View scandal and the BT and Phorm secret snooping pact, Hanff, of Privacy International, accused the government of deliberately excluding his consultation paper and ignoring complaints from the privacy community.
"It was clear in our meeting with the Home Office in December that this entire process was a whitewash from start to finish," Hanff claimed, "and the Home Office refused to accept my consultation paper because it was three days late due to illness. Had they given civil society more than three weeks' notice, we might have had more of a say in the process."
The process Hanff speaks of is the consultation into changes to the RIP Act, which has now been completed - with the result, he claims, that both private individuals and ISPs are worse off than before, with the revised Act failing to introduce the desired strict controls against commercial exploitation of private communications.
"RIPA is now worse than it has ever been, whilst providing less protection than it ever has - the result of the Home Office failing due dilligence," Hanff declared. "The changes offer very little deterrent for commercial interception of communications, such as in the Phorm case, with very low fines for 'unintentional' interception and no Strict Liability, which means any case brought forward will be defended on 'unintentional' grounds.
"Those which do go forward to possible prosecution for intentional interception will never get past the Crown Prosecution Service," he claimed - pointing to the decision made by the CPS not to prosecute BT or Phorm over their illegal interception of private communications for the purposes of delivering targeted advertising as evidence. "Had the Home Office made commercial interception a Strict Liability offence it would have made enforcement much easier and given the CPS more opportunity to prosecute."
The changes don't just put those who value their privacy at a disadvantage against large corporations. ISPs could also find themselves deprived of tools important to their networks as a result of the poor wording of the revised Act.
"The changes also make it a requirement for ISPs to obtain consent from all parties engaged in a communication before interception can occur," Hanff explained. "While this sounds good on paper, the reality is very different. ISPs will now have to obtain consent for the use of proxies and other 'legitimate' traffic management systems - which is literally unworkable in practice.
"At first glance, this also means that the use of Phorm-like systems should also be illegal but as stated above, the consequences are so limited it is unlikely to have any impact on this type of activity and in fact such interception was already illegal under RIPA."
Should Hanff's interpretation of the revised Act prove accurate, it's likely to have a dual effect on ISPs' operations. Firstly - and on a happy note for certain users, who enjoy a bit of peer-to-peer action - it will mean that ISPs will have to cease using traffic-shaping systems that use deep-packet inspection technologies. This will probably result in a speed boost for file sharers, but at the overall cost of the quality of the network.
Secondly, and more worryingly, services such as caching proxies, which monitor network traffic and cache frequently accessed files in order to improve network performance, as well as Quality-of-Service systems, which categorise traffic according to their latency requirements to improve the quality of real-time services such as voice-over-IP and video conferencing, would become illegal under the Act.
With the Home Office yet to issue an official statement on this interpretation of the law, the next few weeks will be a trying time for ISPs who do business in the UK.