Internet Privacy: How are my business interests and the interests of my customers protected online?

The internet is such a powerful tool in modern businesses that it is used in every day running of businesses with the implementation of online tools for business and also the daily use of email to communicate both internally and externally.

Furthermore the vast majority of people within the UK use the internet on a daily basis both for personal use.

The rights of each and every person using the internet must be protected taking into account their privacy when using the internet for personal use. Businesses must also be protected with the right to encrypt their information and to stop people viewing their confidential company information.

A key problem with the use of the internet is that often people called hackers can access confidential information in relation to businesses but more importantly in relation to the government and national security. A balancing act is therefore required to protect the personal use of the internet by UK citizens but also to monitor the use of the internet to protect businesses and government.

What Legislation deals with privacy online?

Regulation of Investigatory Powers Act 2000

The Regulation of Investigatory Powers Act was introduced in 2000 and was brought in to support the Human Rights Act 1998.

The primary purpose for the Act being introduced is to make sure that the powers that are provided to various regulatory bodies in relation to investigating use of the internet are exercised in accordance with the Human Rights Act.

The powers which the act deals with are the following:

  • Interception of communications
  • The acquisition of communications data which can include company billing data
  • Access to encrypted data

The act also covers such areas as covert surveillance operations in the course of specific police investigations, the use of covert human intelligence sources such as agents, informants, undercover officers in specific police investigations and the use of intrusive surveillance on both residential homes and in private vehicles. This however, is beyond the scope of this article.

The Act also works together in conjunction with the following acts:

What does the Act say?

Interception of Communications

Internet Service Providers (ISPs)

Under the Regulation of Investigatory Powers Act 2000 the Secretary of State can oblige Internet Service Providers to intercept internet communications by placing an interception warrant on that Internet Service Provider on such grounds as national security, preventing or detecting crime or in some cases safe guarding the economic well being of the UK.

This information will not be able to be disclosed from the Internet Service Provider to the individual or business using the ISP as this is expressly forbidden by the Act.

In order to do this the ISP will be obliged to install interception technology in order to track the internet activity by the users of that particular Internet Service Provider.

Access to Encrypted Data

Often people who are using the internet encrypt their communications to ensure that they remain private. In accordance with the Regulation of Investigatory Powers Act the UK government can require that encrypted and protected data be disclosed to them.

In practice the Regulation of Investigatory Powers Act provides for the following things:

  • Enables the Government to monitor individuals internet activities
  • Prevents the existence of interception warrants and any data collected using them from being revealed in court proceedings
  • Mass internet surveillance can be served by the Home Secretary by the use of interception warrants on ISP’s
  • An ISP must comply with this interception warrant and it cannot provide information in relation to this to anyone
  • The Government can order ISP’s to fit surveillance equipment in order to perform surveillance. The Government will however pay for this equipment
  • The Government can demand that decrypted keys be handed over in order to allow them to obtain information that has been encrypted. If the keys are not handed over then an offence will occur and that person will be liable to two years imprisonment
  • The Government can access Internet Traffic Data for the purposes of national security, prevention or detection of crime or in the interests of public safety and the economic interests of the United Kingdom

This effectively means that the Government can gather the following information about each and every person using the internet if they feel it necessary for the above reasons:

  • Websites that you visit and when you visit these websites
  • Who you email
  • Who emails you
  • What newsgroups you read
  • What software you have downloaded
  • What documents you have downloaded
  • When and where you have logged onto your machine

Problems with Privacy

In practice the conditions imposed on Internet Service Providers could cause your privacy to be diminished as they will be vulnerable to hackers who are aware of the interception warrant so may hack in and be able to view all the internet activity of those people using the ISP.

EU Law versus UK Law

The Regulation of Investigatory Powers Act has been challenged by the European Commission which states that the UK does not provide its citizens with the full protection of EU rules on privacy and personal data protection when using electronic communications.

European Union Law states that European Union Member States must ensure the confidentiality of people’s electronic communications by prohibiting their unlawful interception and surveillance without the user’s consent.

These rules do not seem to have been put in place by the UK using the Regulation of Investigatory Powers Act which is the cause for the European Commission taking issue with the UK.

Many people believe that the law was pushed through too quickly due to fears concerning terrorism and also the use of the internet in relation to child pornography and that this has been to the detriment of the rights of privacy of the people of the UK.