Categories
Articles

Investigatory Powers Act – process details

The Government’s powers make orders relating to information about communications have now moved from the Regulation of Investigatory Powers Act 2000 to the Investigatory Powers Act 2016. The associated Code of Practice provides useful information on the process for issuing three types of notice in particular: Communications Data Requests, Technical Capabilities Orders and Data Retention […]

Categories
Articles

Investigatory Powers Act – new orders to prepare for

[UPDATE: I’ve added links to the Codes of Practice that authorities will use when preparing each of the orders] Under the current Regulation of Investigatory Powers Act 2000 (RIPA), organisations that operate their own private computer networks may receive three different orders relating to those systems. Any organisation that receives an order is, subject to […]

Categories
Articles

Encrypted Information: Law enforcement access

The amount of information stored in encrypted form is steadily increasing, supported by recommendations from the Information Commissioner and others. When deciding to adopt encryption, it’s worth planning for what might happen if the police or other authorities need to access it in the course of their duties. Normally the existing access rules under section […]

Categories
Articles

Interception definition and mailboxes

If you look up “interception” in most dictionaries you’ll find that it happens before an action has completed: in sport a pass can no longer be “intercepted” once it reaches a teammate. In a legal dictionary, however, that turns out not to be true. According to section 2(2) of the Regulation of Investigatory Powers Act […]

Categories
Articles

Directive on Attacks on Information Systems

The EU has finally adopted a new Directive on attacks against information systems, first proposed in 2010. The Directive will require Member States, within two years, to ensure they meet its requirements on Activities that must be considered crimes; Effective sentences for those convicted of the crimes (including higher maximum sentences for aggravating circumstances such […]

Categories
Articles

Legal developments affecting incident response

I was asked recently how I saw current legal developments in Europe affecting the work of incident response teams, so here’s a summary of my thoughts. Understanding Data Protection law has always been a problem for incident response. Some of the information needed to detect and resolve incidents is personal data but laws are unclear […]

Categories
Articles

Communications Data Bill Committee report

The Joint Committee on the Draft Communications Bill has published its report, concluding that while there is “a case for legislation which will provide the law enforcement agencies with some further access to communications data” the current proposal needs “substantial re-writing”. The Committee address three of the four concerns raised in our Janet evidence. They […]

Categories
Consultations

Draft Communications Data Bill consultation

I’ve made a Janet submission to the joint Parliamentary Committee considering the draft Communications Data Bill. It’s actually quite hard to predict what the effect of the Bill would be, as the Bill creates extremely wide powers for both the Home Secretary and Law Enforcement and the impact will depend on how those powers are […]

Categories
Consultations

Home Office RIPA consultation

The Home Office have concluded that a couple of aspects of the Regulation of Investigatory Powers Act 2000 need to be fixed in order to comply with European law, and are doing a rapid consultation on the changes. Unfortunately although the consultation document is clear about what the problems are it doesn’t give a clear […]