As some people have emailed pointing to this story in the Sunday Times,
we feel duty bound to comment on what seems to be another of bit of anonymous Whitehall briefing and spin via the well connected journalist David Leppard.
We reported on the earlier
which looks like an attempt to policy launder a Must Be Seen To Be Doing Something About Cyber Crime plan onto the entire European Union, back on October 18th 2008:
The Register has taken up this story
following on from their earlier investigation of the G6 plus USA summit
(note that the mainstream print and broadcast media did not bother to do any such digging).
A spokesman for the Home Office told the Reg that UK police can already snoop - but these activities are governed by the Regulation of Investigatory Powers Act and the Surveillance Commissioner. He said changes had been proposed at the last Interior Ministers' meeting, but nothing has happened since.
A Home Office spokesperson said: "The UK has agreed to a strategic approach towards tackling cyber crime on the same basis as all Member States - however, the decisions in the Council Conclusions are not legally binding and there are no agreed timescales.
"We fully support work to develop an understanding of the scale and impact of electronic crime across the EU and will work with Member States to develop the detail of the proposal."
This is a typical Home Office media spin statement, carefully avoiding the important privacy and security risks to the public. Note the New Labour weasel word "tackling" - that does not actually promise the prevention or prosecution of even a single instance of "cyber crime", it just gives the impression that they might eventually be "Doing Something".
There is not much that we want to add to The Register's comments on this Sunday Times / Whitehall kite flying / anonymous briefing story, except to remind people that the Office of the Surveillance Commissioners, which is supposed to provide some weak monitoring under the Regulation of Investigatory Powers Act 2000 (RIPA) and the the Police Act 1997 Part III, is not required to be informed of Police or other Property Interference i.e. state sanctioned burglary to plant electronic bugging devices or, by extension, malicious computer snooping software at business premises i.e. company offices, or those premises of, say, internet service providers or co-location hosting computer server hosting companies, online backup companies, or financial institutions etc.
In order to be "in accordance with law", specifically Article 8 of the European Convention on Human Rights, as incorporated in the Human Rights Act 1998 Schedule 1
1 ."Everyone has the right to respect for his private and family life, his home and his correspondence,
such authorisations for Property Interference of people's homes or, following European Court of Human Rights case law precedents, people's private motor vehicles does require the cumbersome and not very effective bureaucracy of the Surveillance Commissioners to be involved. They have no real powers of sanction, only "name and shame" powers via an Annual Report to the Prime Minister and, eventually to Parliament.
They are also meant to "regulate" the use of Covert Human Intelligence sources i.e. infiltrators, undercover agents, and informers, who also might well be involved in helping to set up "remote searches of computer hard disks".
It is all very well for the Home Office to be involved in EU level policies on cyber crime cooperation, but they have done nothing to protect British sovereignty against Collateral Damage or Denial of Service by Law Enforcement. The Indymedia server seizure scandal in 2004 shows that foreign based companies, or even UK based subsidiaries of foreign owned companies can be pressurised into snooping on, or handing over your private data, or killing off your innocent website etc. even if it is physically in the UK, without any UK Court Order and without even a formal or informal request to the UK law enforcement authorities.
The Home Office should be working to prevent foreign or domestic law enforcement "collateral damage" to innocent people's data and computer systems the UK, rather than making it easier for such mistakes to happen.