The UK's Web of Fear
A version of this article first appeared in Customer strategy, a magazine published 10 times a year in London by TBC Research. Through its comprehensive portfolio of magazines, events and research, TBC Research is dedicated to helping senior business professionals make more informed technology decisions.
Just a century ago Britannia ruled the waves, but empires inevitably crumble. In an attempt to recapture faded glories, the British Government now hopes to position itself as the ruler of the cyber-waves. The trouble is that it is really out of its depth. After all, the US rules the Web.
But the UK's lawmakers are pressing on with what they see as a pioneering bid to control the use of the Web for illegal activities. They are preparing to battle a host of unlikely allies: Internet service providers (ISPs), civil liberties groups and UK business.
The need for such a move followed Tony Blair's announcement two years ago that the UK should be the best place to carry out e-business by 2003. It is a laudable aim for a self-confessed Net ignoramus such as Blair. But no sooner was the announcement made than a flood of proposed legislation streamed out of the Whitehall civil service officials, aimed at putting the UK in pole position in the e-business race. Some bills intend to update existing laws to take digital standards into account, such as giving electronic signatures full legal validity. Others chart new e-territories such as tax-free transactions and the breakdown of privacy.
One area in which the Government sees itself as a trend-setter is the Home Office's Regulation of Investigatory Powers (RIP) Bill which would give the security forces unprecedented powers to access information about individuals and organisations, in ways that no other country seems prepared even to consider. Opponents claim it merely updates existing law controlling how the security forces investigate unlawful behaviour - and that there is already a raft of good legislative and judicial practice in place to inform Government behaviour in the Internet era.
The Government can already tap your phone or intercept your mail if they suspect illegal activity. All that is needed is for the security apparatus to justify their intentions to a judge who signs a warrant of permission. And if somebody engages in illegal activities and loses their right to privacy, then so be it.
The trouble with the digital environment is that people can make their communication secure by coding data. So the Government needs the secret information to crack the code used to protect the data or conversation whizzing down that phone line.
Code Keys Wanted
It's at this point that the RIP Bill diverges from accepted practice. Let's suppose that the Government is after me and suspects that I am exchanging data with you. It can ask you for the key to the codes that we use or to the data we have exchanged. If you can't provide the keys for the code, the onus is on you to prove that you do not have the information required. This duty simply adds to our concerns about supposedly secure transactions being accessed by people across Government.
What makes this situation even more crazy is that if you represent, say, a US bank, then giving the data being asked for by the British Government can break US laws, since the Americans don't recognise the British Government as a valid third party in our exchange of data. So you really are between a rock and a hard place. The British get you if you don't hand over the info, the Americans get you if you do.
But it does not stop there. Since a lot of data transmissions will actually be routed through ISPs, the RIP Bill suggests they keep track of all security codes in use. They will have to develop "black boxes" to track such information. Unsurprisingly, the ISPs are up in arms. Carrying out such sophisticated tracking would demand extra capital investment, people and time, just when all of these are tough to extract from the market.
The Government has offered to assist some smaller ISPs on the costs of adhering to these regulations, but what really bothers them is that if the UK remains the only country with such draconian data regulations, businesses concerned about the security and privacy of their data will simply move out - preventing the growth of the UK Net industry.
It is regulation such as this, which seems to come from a government that is either unaware of the implications of what it is doing (which is hard to believe, given the adverse press it has received) or just plain incompetent, that will result in the baby being thrown out with the bath water. Sure, the UK will be a great place to do e-business - it's just such a shame that there will be nobody left to do business with.