* subscribe at http://techPolice.com ISPs 'RIP' Into British Police by Michelle Delio A stream of "stupid questions" posed by technically callow police officers trying to enforce a controversial law are angering Britain's Internet service providers, who are threatening to move their businesses out of the country if authorities don't wise up soon. Among the more egregious demands British authorities are accused of is trying to get ISPs to keep records of all Internet traffic that passes through their servers. Arousing the ire of ISPs even more are questions from the police like, "What is a Hotmail account?" Under the UK's controversial Regulation of Investigatory Powers Act, passed in July, law enforcement agencies can demand access to suspected criminals' e-mail and other electronic communications. But at the fifth annual Parliamentary Advisory Forum, members of the Internet Service Providers Association complained that the law is a huge waste of both time and money. They also warned that the costs involved in implementing a new proposal by the National Criminal Intelligence Service, which would require ISPs to store seven years worth of records on every user, would cause the UK's ISPs to move their businesses "offshore." But ISPs' major concern right now is the lack of technical training and expertise among law enforcement officers, Tim Snape, a member of the ISPA, said. "At the moment, the big problem Internet service providers have with the police is their stupid questions. After a while, it gets expensive and unproductive -- it's a problem. It's always a problem, and it's a very serious problem," said Snape. "My children at primary school are better trained on the Internet than the local police are," Snape added. ISPA members shared their tales of woe with members of Parliament on Tuesday. They told of police ordering them to supply information on users who had accounts with other ISPs, including U.S.-based companies, seemingly not realizing that all e-mail doesn't simultaneously pass through all service providers' servers. There were also complaints of police requiring ISPs to check their records just to see if a suspected criminal might possibly have an e-mail address. Rachel Basger, regulatory manager of World Online, said that she'd been asked to provide a list of users who had a specific zip code shared by someone who was under investigation, just in case the suspect had an account with World Online. "Perhaps I got the short straw and pulled the only really stupid request. But from what I hear, I worry that it was not an isolated incident," Basger said Mark Gracey, legal liaison officer with Demon Internet, said that most of his interaction with law enforcement has centered on "educating them or explaining basic Internet questions such as 'what is a Hotmail account?' to the police." "We want to help, but need to think about our customers' rights and our business," Gracey said. Britain's Home Office, a government department responsible for internal affairs in England and Wales, admitted that there is a problem with Internet-naive police officers. "There is recognition in government that greater education is needed for practitioners that need to deal with industry on technical and other issues that impinge on business," a spokesman for the Home Office said. Law enforcement agencies suggested that the best way to solve the problem would be to send in the SPOCs, "single point of contact" officers who would take on the responsibility of acting as a go-between with the technical and non-technical people. Service providers said SPOCs would help, but added that ISPs are now drafting a list of what sort of information they can provide about customers under investigation, and how much they will charge for providing the information. Snape said further details of the list would be available soon. The cost of providing the police with data has been a sore point since RIP became a law. The ISPs were infuriated over plans by the National Criminal Intelligence Service to require them to keep records of all Internet traffic that passes through their servers. Snape described that plan as an "intolerable commercial burden," and warned that ISPs would respond by relocating to other parts of Europe or the United States. He pointed out that ISPs are already fleeing Belgium, which requires providers to keep data for a year. "Our members are quite willing to help by retaining data on a user or a system, but making us save everything will just force the industry offshore," Snape added. The ISPs prefer a plan called Data Preservation, which would require them to track a suspected criminal's communications only upon being notified by police. But law enforcement officials want to be able to search through an archive of stored e-mail, a system known as data retention. Snape estimated that seven-year storage requirements could cost ISPs millions, and said the government would have to pay for the systems if they are required. During the meeting, Roger Gaspar, deputy director general of the National Criminal Intelligence Service, said the police had never asked for data to be retained for seven years. But ISPs pointed to a confidential report written by Gaspar, which was leaked to the Observer. The report outlined a proposal that would force ISPs to archive Internet communications and activity for up to seven years. "We have no intention of doing that," said Gaspar, adding that the seven-year suggestion was "only based on the needs of the Criminal Cases Review Commission," which examines alleged miscarriages of justice. Gaspar also said the general public didn't seem overly concerned about RIP, since neither his office nor the Home Office had received significant mail or calls questioning the law. But Caspar Bowden, director of the Foundation for Information Policy Research, contends that the lack of protest is related to public confusion, since information about RIP and its implementation has been so sketchy. "It seems hypocritical of NCIS to look for a public debate when the document only surfaced as the result of a leak," Bowden said. Meanwhile, an association of programmers and privacy advocates is working hard to make all the arguments about RIP a moot point. Members of the group, "who aren't exactly secret but some of us don't want to be identified either" are designing an open-source security system called "M-o-o-t." M-o-o-t is an operating system that boots off of, and is contained entirely on, a single CD. It will not allow users to store files on their PC. Instead it sends encrypted information to numerous offshore "data havens," outside British jurisdiction. The M-o-o-t CD will also include a stripped down e-mail, word processor and graphics program. "We are doing this so people can be private elsewhere than in our heads. We object to the idea that people should not be allowed to seek privacy from governments," said the project leaders on their website. "Moot will kill RIP dead," promised Piers Hill, a self-described "private network security specialist and developer," who is familiar with the project. A beta release of M-o-o-t is expected in July. Its programmers said they are trying to ensure it will run on all computer platforms and will be usable by "everybody, not just geeks." M-o-o-t's developers hope to be able to offer the program for free, but added that "someone has to pay for all those data havens." --- Support our Sponsor ------------------------------------ Take control of your finances! Register with The Motley Fool. It's free. And, it's tax time -- we can help you save. Get free investment offers, too! http://click.topica.com/aaabgeb1dhr0b1uN1Ic/MotleyFool ------------------------------------------------------------ --via http://techPolice.com archive: http://theMezz.com/cybercrime/archive unsubscribe: [EMAIL PROTECTED] subscribe: [EMAIL PROTECTED] url: http://theMezz.com/alerts ____________________________________________________________ T O P I C A -- Learn More. Surf Less. Newsletters, Tips and Discussions on Topics You Choose. http://www.topica.com/partner/tag01
