A former Nato director has made a stinging attack on the UK government over its cyber snooping law.
Network IT Week, 01 Nov 2000
A former Nato director has made a stinging attack on the UK government over its cyber snooping law.
The Regulation of Investigative Powers (RIP) Act came into force last week and can force ISPs to install a 'black box' to monitor the data that passes through their servers.
Security experts are concerned this box may do more than the court order states and could expose private information to the curious eyes of MI5.
Brian Gladman, former technical director at Nato, said the content of the box should be made public. "We ought to know what is in the box," he said. "If it was built by MI5, there is little chance."
In the US, the FBI has developed an equivalent box called Carnivore. In response, software developer ICE Networks has created an open source alternative, Altivore, that meets court requirements but throws out any information that did not come from the mandated address.
Altivore captures the original packets from an IP address, but then leaves it to others to rebuild them into an email message.
Robert Graham, chief technology officer at ICE, said: "This is the only way that you can prove in court that you haven't inserted another package."
However, Gladman argued that in any case an IP address could only prove a link to a machine - unless it used "strong authentication", a method that verifies identity through facts that are only know by the individual.
"I don't trust the government with that information," Gladman said. "It is not true that digital signatures are needed for ecommerce. The idea comes from the government and I suspect that there are other agendas."
Two weeks ago a US court ruled that the FBI cannot enforce its own box, but must accept Altivore as a legitimate alternative. In the UK this is yet to be decided.
A Home Office spokesman said that a technical advisory board is to be formed for the implementation of RIP. He could not say who would represent the IT industry in this board, or whether it would consider an open source box.
"At least the US administration is open," Gladman said. "The UK government is trying to be unco-operative."
First published in Network News
A privacy group this week launched a campaign to shut down web bookshop Amazon, claiming that the firm contravenes the UK's Data Protection Act.
Businesses could face legal action from their employees because of a conflict between new snooping and human rights laws.
Businesses could be inadvertently infringing staff privacy rights introduced this week under the Human Rights Act.
Developers in the US have uncovered a way of snubbing the American equivalent of the Regulation of Investigatory Powers Bill, prompting speculation that a similar system could be introduced into the UK.
V3.co.uk gets a walk through of the Hero, which includes HTC's new Sense overlay for Android
First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1
NetGear's four-bay compact network-attached storage gets a serious speed boost
Do you agree?
Have your say on this article