Snooping bill under attack again

The Regulation of Investigatory Powers (RIP) Bill, which will give the state powers to eavesdrop on internet traffic, was amended by the government in its third Commons reading on Monday, but without satisfying its critics.

One of the most unpopular measures - the presumption of guilt for people who fail to hand over encryption keys for email - was attacked from two angles by opposition speakers.

Shadow Home Affairs spokesman Oliver Heald told the House: "It is repugnant at law to require someone to prove his innocence. It goes against the golden thread that runs through English justice."

However, Heald added that the planned sentence of two years for failing to hand over a key meant that serious criminals might take this option, to avoid offences carrying longer sentences.

Home Office minister Charles Clarke said the government had made concessions, for example in removing company directors from liability if their company does not disclose a key.

He added that the demands which trigger a presumption of guilt are only for use in 'special' circumstances, which will be defined in a code of practice.

This will be published in draft form while the Bill is passing through the House - although this may well be in July, just before the legislation gets royal assent.

Defending the presumption of guilt on failure to hand over keys, Clarke said: "Two hurdles must be negotiated before a prosecution is justified. There must be reasonable grounds, and the material has to have been lawfully obtained."

"I also stress that, where prosecutions occur, it is for the authorities to prove, beyond reasonable doubt, that the accused has, or has had, a key," he added. "That is a significant burden of proof, and it is laid on the prosecution, not the defence."

He said that he expects such cases - in which a court will have to decide on balance of probabilities whether a person is truthful in saying they have lost a key - to occur "very rarely".

Caspar Bowden, director of think-tank Foundation for Internet Policy Research (FIPR), said he was concerned by what is not being debated - namely, the technical infrastructure used for interception. "The Home Office is saying, let's get the legislation through, then worry about this afterwards," he said.

A report by the Smith Group for the government has suggested it installs its own 'black boxes' at every internet service provider to monitor all traffic.

"Then no-one would have a good idea of what happens inside the boxes. We find that very worrying," said Bowden. "Once the legislation is passed, there's nothing stopping the government stumping up the money and rolling out the black boxes."

This would nullify any objections from internet service providers, Bowden added, who have been threatened with the cost of providing interception capabilities. It would, however, give the state total access to the actions of everyone using the internet, with few checks on this power.