British Government Wants to Play Online Big Brother

Big Brother is not only watching Britons, soon he may be demanding their computer passwords and perusing their e-mail from a new, $40-million cyber-surveillance center in the headquarters of the MI5 domestic spy agency.

Under a bill making its way through Parliament, the government would have the right to monitor all online activities--some of them without a warrant.

And Internet users who failed to comply with government orders to provide a password or encryption key would face two years in prison, unless they could prove that they no longer had the information.

The Labor government says these new powers are needed to combat high-tech criminals using global computer networks to engage in terrorism, drug-trafficking and pedophilia. But civil libertarians, business leaders and even some members of the Conservative opposition say the proposed legislation is too sweeping.

“This goes way beyond what any other country in the world has proposed with the exception of Russia,” said Caspar Bowden, director of the Foundation for Information Policy Research.

“With this, any public authority would have the ability to sit on the shoulder of anyone who goes Web surfing to see what they are viewing or who they are e-mailing,” Bowden said.

Britain is already one of the most closely monitored societies in the Western world, with an estimated 1 million to 1.5 million closed-circuit television cameras in operation--a per capita density about 12 times higher than in the United States. Authorities say this has helped them track down the likes of Irish Republican Army bombers and a lone assailant who set off fatal explosions in the capital last year, but civil rights activists say it also means that a visitor touring Central London for a day is apt to be recorded on about 600 cameras.

In 1998, Home Secretary Jack Straw authorized more wiretaps--1,646--than any of his predecessors had in a single year. But Straw believes that photography and traditional wiretaps are not sufficient for modern-day crime fighting. The Regulation of Investigatory Powers Bill, put forward by his office and expected to become law this year, would allow the government to keep pace with technology.

Under the bill, Internet service providers would have to establish secure channels to transmit information about Internet traffic to the government cyber facility, which will have the Orwellian title of Government Technical Assistance Center. The GTAC is under construction in the fortified MI5 headquarters on the Thames River.

The bill would give a wide range of police and government officials the right to monitor “data communications” with Home Office authorization--and not a warrant--which means that they could look at lists of the e-mail addresses and Web sites that a user was visiting. A warrant would be required to read the contents of electronic communications.

The government points out that this is similar to the rules for wiretapping, where a warrant is not required to secure lists of telephone numbers called but is needed to listen in on conversations. Officials say the bill protects individual rights by setting out strict conditions under which the authorities could demand encryption keys.

Bowden argues that even a list of Web sites gives officials access to content, which could lead to government abuses. With online shopping and banking and interactive television, “a trail of Web browsing could provide a very complete picture of your life,” he said. “You talk to a few dodgy people, visit insalubrious Web sites, and it trips a flag and becomes the basis for obtaining a warrant. That’s a Big Brother situation.”

Civil libertarians say the legislation violates the basic principle of presumed innocence by requiring individuals and companies to prove that they cannot produce encryption keys when that is the case.

Home Office Minister Charles Clarke, who is responsible for the new legislation, denied charges that it reverses the burden of proof. Speaking to a House of Commons committee earlier this year, he said “a person who has been shown beyond reasonable doubt to have had the key in his possession is presumed still to have that key unless it can be shown on the balance of probabilities that he no longer has it.”

What about a forgotten password?

“Precisely because forgetting a password is such a reasonable thing to do, it is rare that there are no contingency arrangements for such an eventuality,” Clarke said.

Internet service providers say they are worried that the proposed law would put an undue financial burden on the industry. They say it would also give too many officials--from police to local government--access to private information, while preventing the providers from informing their clients that private information had been sought.

The Confederation of British Industry and other business groups are asking that the government agree to compensate providers in the event that the GTAC got information from them and it wound up being leaked. It seems certain that they would face lawsuits in such cases.

Conservative members of Parliament, meanwhile, say they fear the strict rules would scare financial institutions and other businesses away from Britain.

“If companies feel their data is no longer as secure within the U.K., they will go where the law allows the greatest security of their information,” said Tory member of Parliament Ian Bruce.

The law has passed through the House of Commons, but it faces the scrutiny of a House of Lords standing committee next week, when, Bruce said, the Tories hope to address some of the concerns of business and civil liberties groups. If no compromise is reached, the Lords could delay passage through the legislative year, which ends in July.