Human rights RIP

The Regulation of Investigatory Powers (RIP) Act 2000 empowers the UK authorities to monitor internet traffic data and demand keys to encrypted data (1).

But how did such legislation ever get passed in a country whose law says that ‘everyone has the right to respect for his private and family life, his home and his correspondence’ (2)?

I quote Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms (1950), which was incorporated into UK law by the Human Rights Act 1998 (3). The right to privacy as described in the European Convention did pose several challenges to the passing of the RIP Act. But there is a more curious story to be told about the development of the RIP Act – pointing to a symbiotic relationship between national legislation that undermines our liberties and international legislation that claims to protect our liberties.

The RIP Act met with much opposition, with groups like Privacy International, Statewatch and Cyber Rights and Cyber Liberties taking a stand against it (4). The Foundation for Information Policy Research was instrumental in several modifications to the Act that reduced its adverse impact on our privacy (5). Since March 2000, John Naughton, author of A Brief History of the Future: The Origins of the Internet, has used his column in the UK Observer to attack the RIP Act (6).

The RIP Act also met with resistance from industry – motivated by self-interest on the part of business, rather than a sudden interest in our freedoms. When a British Chambers of Commerce report concluded that ‘the overall financial implication of RIP…may be in the order of £46billion in the first five years of operation’, the business world sat up and took notice (7).

Opponents of the RIP Act used European human rights legislation as their main weapon. This differs from more traditional rights legislation, in that instead of prescribing limits to state power in order that individual rights may flourish, it directly prescribes the rights that individuals are entitled to exercise. So where the First Amendment to the US Constitution begins ‘Congress shall make no law…’ (8), Article 1 of the European Convention begins ‘The High Contracting Parties shall secure to everyone…’ (9).

Neither the US Constitution nor the European Convention is an infallible set of principles, but each contains a description of the free individual that many of us identify with. However, the US Constitution describes the free individual through implication – through the exemptions represented by the Amendments rather than through the assertions represented by the Constitution itself. By contrast, the European Convention describes the free individual through explication – through its core assertions.

This distinction has serious consequences for the way in which each set of principles is implemented. A prescribed limit to state power can be implemented unambiguously, as it describes a default condition where the state simply does nothing. But a prescribed individual freedom can only be implemented ambiguously, because it describes a default condition in which the state does something. This begs the question: what should the state do?

At first sight, Article 8 of the European Convention seems to pose an obstacle to the RIP Act. The European Convention has been invoked before to limit UK surveillance powers. For example, the Interception of Communications Act 1985 was introduced to clarify surveillance powers after the European Commission on Human Rights declared phone tapping a breach of Article 8 (10).

But the 1990s provided a different context for the application of human rights legislation. The Human Rights Act came into force in October 2000, by which time it was necessary for UK state surveillance to comply with the European Convention. The emergence of new communications technologies, beyond the technologies addressed by the Interception of Communications Act, had made the limits of the state’s surveillance powers ambiguous.

This ambiguity needed to be resolved, if the European Convention was to be complied with. How was it resolved? By bringing in the RIP Act. So rather than curtailing surveillance powers, human rights legislation strengthened the UK government’s hand.

The deadline for incorporating the Human Rights Act became the pretext for rushing the RIP Act through parliament. UK home secretary Jack Straw argued that the RIP Act was essential ‘to ensure that law enforcement operations are consistent with the duties imposed on public authorities by the European Convention on Human Rights and the Human Rights Act’ (11).

Rights are minutely codified in human rights legislation – not so much in the initial European Convention, as in subsequent legislation aimed at clarifying the ambiguities that the Convention throws up. Human rights legislation tends to require perpetual clarification, meaning that it can accommodate compromises that would not be possible if rights were treated more absolutely and less ambiguously.

In its early drafts, the RIP Act contained restrictions on the extent to which employers could monitor employee communications. The aim was to raise standards of employee privacy in the UK to the level mandated by the European Convention. But businesses balked at the proposed restrictions, and they were removed from the Act. In the final analysis, the snooping powers of employers were actually increased by the Act, rather than being restricted (12).

This illustrates that the letter of human rights legislation is considered paramount whenever it empowers the state, but can be circumvented whenever it undermines business interests. This is possible because a human rights framework gives the state latitude to set the terms on which freedoms are negotiated, rather than giving individuals the ability to insist that absolute freedoms are protected.

Now, if you want to snoop on others without falling foul of the law all you have to do is visit the helpful Office of Surveillance Commissioners website set up by the UK government. Its homepage states: ‘this website is primarily designed to be used by those who authorise and conduct covert surveillance operations and covert human intelligence….It shows you how to carry out these activities in compliance with the powers granted by parliament.’ (13)

When freedoms are codified, rather than maintained as absolute yardsticks, they are open to negotiation – even dissolution.

The development of the RIP Act is a stark example of such dissolution. The UK government’s data protection commissioner slammed the RIP Act for its privacy implications, arguing that ‘privacy to those who don’t like it is equated to secrecy, but it’s so much more than that’, and warning that the RIP Act ‘could break’ European law (14).

But when it transpired that the RIP Act appeared to contradict an item of European data protection law – the 1997 Telecoms Data Protection Directive (15) – the UK authorities simply reconciled the two pieces of legislation, in a document entitled Lawful Business Practice Legislation (16). This kind of triangulation between contradictory laws is made easy by a human rights framework, where it would be far more difficult under a traditional rights framework.

European law may have placed certain restrictions on the surveillance powers of the RIP Act, but it also gave rise to proposals for even more restrictive surveillance powers. In May 2001, leaked documents revealed that the European Union (EU) was considering the creation of data warehouses storing almost every kind of electronic communication for seven years (17).

The UK was one of six EU countries leading the call for the new powers – despite the promises of New Labour’s e-minister Patricia Hewitt. Just days before the plans for data warehouses were revealed, someone challenged Hewitt in an online debate that ‘the police…are still pressing for a new law to compel ISPs to log the addresses of all emails sent and received, websites browsed, newsgroups perused, for all their customers indiscriminately, for up to seven years’. Asked ‘will Labour enact such a law in its next term?’, Hewitt responded: ‘no’ (18).

There was more to this than the duplicity of the UK government (even though that duplicity was breathtaking). The data warehouse proposals actually appeared to contradict an entire decade of European data retention legislation, which enforces the right to privacy. But because the contemporary human rights framework allows the opportunistic resolution of legal ambiguities, such contradictions are inherent to the entire framework.

The rhetoric of human rights holds that rights are absolute – but the application of human rights legislation assumes that rights are negotiable.

The Human Rights Act purports to impose upon UK law absolute standards of free speech, privacy and other liberties enshrined in the European Convention. But the Human Rights Act has also done an excellent job of promoting the idea that individual rights can be negotiated, because they are commensurable with other considerations.

Those who oppose the RIP Act rely on the argument that the Act contravenes international human rights legislation. In truth, human rights legislation and legislation like the RIP Act are mutually reinforcing.

Accusing the UK authorities of being hypocritical, for simultaneously upholding and contravening our rights, is an insufficient criticism. The only effective critique of new authoritarian legislation such as the RIP Act will be a critique founded on a non-divisible view of individual liberties.

Such a critique must be as suspicious of human rights legislation as it is of the more obvious threats to our freedoms.

Sandy Starr has consulted and written on internet regulation for the Organisation for Security and Cooperation in Europe, and for the European Commission research project RightsWatch. He is a contributor to Spreading the Word on the Internet: Sixteen Answers to Four Questions, Organisation for Security and Cooperation in Europe, 2003 (download this book (.pdf 576 KB)); From Quill to Cursor: Freedom of the Media in the Digital Era, Organisation for Security and Cooperation in Europe, 2003 (download this book (.pdf 399 KB)); and The Internet: Brave New World?, Hodder Murray, 2002 (buy this book from Amazon (UK) or Amazon (USA)).

Read on:

RIPping into our rights, by Sandy Starr

10 things I hate about EU, by Jennie Bristow

spiked-issue: Privacy

(1) See RIPping into our rights, by Sandy Starr, and the Regulation of Investigatory Powers (RIP) Act 2000

(2) Convention for the Protection of Human Rights and Fundamental Freedoms (1950), Council of Europe, Article 8

(3) See the Human Rights Act 1998

(4) See the Privacy International, Statewatch and Cyber Rights and Cyber Liberties websites

(5) See the Achievements section of the Foundation for Information Policy Research website

(6) John Naughton’s first Observer column on the subject was Encryption bill has to be last straw, 12 March 2000. His most recent column on the subject is When every Threat has a spooky lining, 16 June 2002

(7) The Economic Impact of the Regulation of Investigatory Powers Bill: An Independent Report Prepared for the British Chambers of Commerce (.pdf 182 KB), p37

(8) Amendments to the Constitution of the United States of America, First Amendment

(9) Convention for the Protection of Human Rights and Fundamental Freedoms (1950), Council of Europe, Article 1

(10) In the case of Malone v UK (1984)

(11) Regulation of Investigatory Powers Bill published today, Home Office, 10 February 2000

(12) See Ministers beat email spying ban, Anthony Barnett, Observer, 20 August 2000; Government retreats on email snooping, Mark Tran, Guardian, 25 August 2000; New rules on monitoring emails delayed, Julia Hartley-Brewer, Guardian, 26 August 2000; Employers gain e-snoop powers, BBC News, 24 October 2000. For an account of how new employer snooping powers extend to universities, see For your eyes only, Gillian Evans, Guardian, 24 April 2001

(13) Homepage of the Office of Surveillance Commissioners website

(14) Data protection chief swipes out at spying Bill, Will Knight, ZD Net UK; Safeguard over email ‘snooping’ Bill, BBC News, 13 July

(15) See Directive 97/66/ec of the European Parliament and of the Council of 15 December 1997 Concerning the Processing of Personal Data and the Protection of Privacy Sector (.pdf 34 KB)

(16) See Protecting privacy and monitoring email, Mark Ward, BBC News, 5 October 2000

(17) Government ‘snoop law’ stance slammed, Mark Ward, BBC News, 17 May 2001

(18) Talk with Patricia Hewitt, Labour e-minister, Guardian Unlimited, 11 May 2002