The PC in your mailbox

The police may soon be allowed to read your email and check your Internet use at will.
Click to follow
When you drop an envelope in a red pillar-box, you walk away confident that your mail will not be read by anyone except the addressee. However, when you send an email, it might be wise to reflect on the differences.

According to the organisation Internet Freedom, an agreement being negotiated between the UK's internet service providers (ISPs) and the police will open the email of the UK's eight million Internet users to scrutiny without debate in Parliament or oversight by the courts or the Home Secretary.

British police are said to be close to reaching an agreement with ISPs that will enable them to monitor customers' emails and web usage logs. Chris Ellison of Internet Freedom, says: "Following a series of meetings between the Association of Chief Police Officers (ACPO) and Internet industry representatives, we understand that both groups have stated a willingness to reach a `memorandum of understanding' about implementing police access to private data held by ISPs."

According to David Kennedy, chairman of the Internet Service Providers Association, that is a serious overstatement of the discussions. However, he admits that the UK's ISPs are trying to avoid being flooded by court orders or having the police cart off critical servers for evidence. He says: "We are talking to law enforcement representatives to find a way to work with them within the legal framework that exists. All members of our association take the view that emails are private."

As with the understanding between the Metropolitan Police and the ISPs over "banned" Usenet newsgroups and the closing down of web sites that may breach the law, the significance of such an agreement is that any such police activity may not be subjected to judicial review or legal constraint. Detective Chief Superintendent Keith Ackerman, chairman of the ACPO's computing crimes sub-committee, says: "We want to ensure the criminal doesn't take best advantage of the Internet, without requiring the Government to use the sledgehammer of regulation. However, we are not looking for the ability to go on fishing expeditions."

The ISPs know that they are stuck in the middle, according to Keith Mitchell, chairman of Linx, a partnership of large ISPs. He says: "To divulge private email even under duress would be commercial suicide for an ISP. In some circumstances it would constitute a crime."

Nonetheless, mistakes happen and there are well-known cases where the police have been persuasive. Mitchell says: "The current laws do not adequately protect ISPs or private individuals. We will be active in seeking responsive changes from Parliament."

While there are undoubtedly individuals who use the Internet's email and worldwide web for nefarious purposes, the vast majority of people who use email and the web for personal and business communications have an expectation of privacy. And law-abiding citizens who wholeheartedly support the goals of law enforcement agencies may nevertheless feel uneasy about giving them carte blanche over email.

America Online has been quite vocal in its opposition to opening the doors to the police short of a court order. Many ISPs agree. Julie Hatch, marketing communications director of Easynet, says:"We do not allow anyone to access our customers' email without a court order.

"It makes no difference if it is an estranged wife or a suspicious business partner or anyone else, we would not divulge a subscriber's private email unless we were presented with a court order. This is in accordance with our terms and conditions.

"Our business is also subject to restrictions imposed by the Data Protection Act (DPA), and in any situation we would certainly abide by those rules. So unless a subscriber's actions are illegal, you can say that email is confidential."

The DPA provides scanty protection to email users, however.

While the Act has aspects that protect the quality and use of information held in computer systems, disclosure can be afforded by a compliant ISP by simply including appropriate language in the small print of their terms and conditions. Data may be revealed to law enforcement officials as long as the subscriber is notified.

Easynet's assurances highlight the differences between ISPs that are classified as telecoms providers, protected from feeling the long arm of the law by a regulatory framework, and those that are merely private businesses unaccountable to anyone but their owners and governed solely by their contracts with subscribers.

As well as Easynet, UK ISPs that are regulated as telecoms providers include BT Internet and Demon, which is now part of Scottish Telecom.

Smaller ISPs are more vulnerable to the persuasive demands of the police.They have no legally protected right of privacy and any redress for email disclosure would only be for breach of contract.

Furthermore, most ISPs now include in their terms and conditions a requirement that the subscriber bear the expense of any legal costs resulting from their use of the service. This could lead to a complaining subscriber having to bear the costs of both sides of a lawsuit against an ISP even if they won.

The most serious aspect of this potential agreement between the police and ISPS is, according to critics, the absence of legal safeguards. In order to tap telephones, the police need the permission of the Home Secretary and must justify violating the privacy of a suspect. It is not clear from the law whether tapping a telephone and tapping into an email exchange are the same thing.

Chris Ellison says: "This is what is so dangerous about the new culture of private regulation and moral responsibility. ISPs now operate in a moral climate which insists on limitations for freedom of speech. Any material that causes offence - especially to children and ethnic minorities - is regularly removed. ISPs have now embraced this self-censorship credo and are willing to set themselves up as moral arbiters of internet content, filtering out anything that they feel may be illegal."

Without public debate or scrutiny by Parliament, the police are likely to gain, as Liz Parratt from the organisation Liberty puts it, "a snoopers' charter for the Internet". Ordinary users will have little legal protection or redress against police monitoring of their communications. This trend could render the Internet less private and more regulated than any other communications medium.

"If nothing else, these discussions have demonstrated what self-regulation really means: ISPs undertaking the role of publicly unaccountable instruments of law enforcement."

Email is not like a letter in an envelope; it is more like a postcard. Just as you would not put some messages on a postcard, you should think before you use email for your most private communications. While the legality and desirability of the any agreement between ACPO and the ISPs is highly debatable, anyone interested in maintaining their privacy on the Internet must take responsibility for their own actions.

The agreement between ACPO and ISPs will be the subject of three seminars: 22 September in Edinburgh, 8 October in London and 27 October in Manchester. Additional details can be found at misc/acposeminar.html.