MIRROR PAGES IN BRITAIN and AMERICA and AUSTRALIA.

The police, MI5 and the Home Office are trying to push through a scheme to pressure other service providers to hand over private e-mail information without the court order that is required for telephone calls and the mail. Are the police taking liberties with our privacy? Duncan Campbell reports

[From online Guardian, 17 September 1998]

Police tighten the Net

[ It is increasingly apparent there are inaccuracies in this part of the story. The main raids took place at dawn, but later in the morning a small number of officers went to Demon Internet. One presumes that some of the material had passed through demon servers as it had through many others. There were no involuntary seizures, although we do not know what papers or equipment were given over voluntarily; after all it was a legitimate criminal investigation which most people would be happy to cooperate with. One person was questioned --which might possibly include being detained at police premises for questioning-- but nobody there was arrested or charged with any offence].

This afternoon in London, an informal group convened by Acpo, the Association of Chief Police Officers, is holding a press conference to announce its plans to introduce a private "memorandum of understanding" about police access to e-mail users' identities, activities and messages. Over the next three weeks, senior police officers and key industry figures will host three seminars in Edinburgh, Manchester and London to be addressed by police, industry and prosecution computer specialists. The seminars are being run by a group called the "Acpo, ISP and Government Forum". The press, public, lawyers and defence computer legal specialists are excluded.

"The ISP industry is being privately pressurised into revealing information that others would not reveal as a matter of course," says one senior ISP manager who has followed the police-ISP negotiations.

"We say it time and time again information can only be released on a case by case basis. Fishing expeditions are not allowed", France said this week although they may have happened in the past. "It is important that [e-mail] has the same level of protection for individuals as for any other communications mail & telephone calls".

It would also mean that it could be produced as evidence in court, unlike normal mail intercepts or phone taps. Police sources say, however, that they would not expect access to e-mail as it was being sent, as opposed to stored e-mail, unless they had a normal phone-tap warrant. But the Home Office is currently reviewing the Interception of Communications Act. Home Secretary Jack Straw revealed during this month's emergency debate on terrorism that a review of the Act, including necessary technological changes, has been under way since July. It is understood that this includes reviewing whether or not e-mail should be treated the same way as ordinary mail.

The problem for ISPs is not that they object to court orders or police search warrants being used when they are asked for evidence of serious Net-related crime, but that the threat of disruptive police raids is being quietly used to obtain more extensive information, without legal powers or adequate justification.

"We've had any number of cases when police have come and asked 'tell us about all your subscribers who are living in Warwickshire' ", says one member of the Acpo-ISP group. The problems are that the information may not exist, may not be obtainable, or, if it did exist, would be illegal to hand over.

"A mood of public alarm taken together with a poorly developed forensic science is the most dangerous combination imaginable for miscarriages of justice," says Peter Sommer, a computer forensics research fellow at the London School of Economics and defence legal specialist. "Those factors have historically led to some of the gravest judicial errors in our history."

Police officers face serious problems investigating Net-based crime, given the diversity of size, sophistication and outlook among ISPs. Even if Acpo does obtain a "memorandum of understanding" signed by key industry bodies, this would not be binding on any company providing services. Many on the ISP side say privately that the description is inappropriate. They have asked Acpo to reconstitute the proposed "agreement" as a "guide to best practice" in providing information to the police. Further problems were highlighted at a meeting between police, Home Office, MI5 and industry specialists held at Scotland Yard three months ago to discuss what information ISPs could and should make available. The police and government side asked for "all e-mail sent in the last week to be recorded as a matter of routine". Another "desirable facility" was "the ability to turn on logging of all incoming e-mail for a customer account".

But the ISP representatives explained that these records were not normally kept at many ISPs and that creating them for routine police or MI5 use would be costly. The ISPs were however "happy to do work that has little or no cost implication and is clearly legal". Detective Chief Superintendent Keith Akerman of Hampshire Police, chairman of the Acpo computer crimes group, told Computing magazine: "We want to ensure the criminal doesn't take best advantage of the Internet, without government using the sledgehammer of regulation."

Acpo was unwilling this week to release any drafts of the proposed memorandum of understanding, or to provide copies of the form that Acpo has already drafted to be used by police forces seeking Net information. The form is based on a system now widely used to get lists of telephone numbers called from BT and other telecoms providers without Home Secretary warrants or court orders, which was revealed in OnLine in September last year.

Apart from suspicion in some parts of the industry and reluctance in others, the Acpo and government initiative to access e-mail information also faces the problem that a new EU directive on communications privacy comes into force in less than two months. The directive says that: "Member States shall ensure via national regulations the confidentiality of communications by means of public telecommunications network and publicly available telecommunications services. In particular, they shall prohibit listening, tapping, storage or other kinds of interception or surveillance of communications, by other than users, without the consent of the users concerned, except when legally authorised."

[See http://europa.eu.int/eur-lex/en/lif/dat/en_397L0066.html; It also states: "Article 15 Implementation of the Directive 1. Member States shall bring into force the laws, regulations and administrative provisions necessary for them to comply with this Directive not later than 24 October 1998. By way of derogation from the first subparagraph, Member States shall bring into force the laws, regulations and administrative provisions necessary for them to comply with Article 5 of this Directive not later than 24 October 2000" see further note on this].

"There's not much left for a 'memorandum of understanding' to cover," says LSE's Sommer. He suspects that, with the directive, a new Data Protection Act and a Home Office review of the interception of communications act due in the next three months, the "cosy agreements" between Acpo and ISPs may be as futile to the police as they are aggravating to Net civil liberties and privacy campaigners.

TWO YEARS OF POLICING THE NET

• 2 August 1996
  Following a rash of child porn investigations, the Metropolitan Police invite Internet service providers (ISPs) to a seminar at New Scotland Yard to discuss how to deal with obscene material on Net newsgroups.

• 9 August 1996
  Letter from Metropolitan Police Clubs and Vice unit to ISPs circulates veiled threat: "We trust that with your co-operation and self regulation it will not be necessary for us to move to an enforcement policy." A list of 200 sex-related newsgroups was appended to the letter. Worried ISPs quickly start ad hoc meetings with police to try and agree a modus vivendi.

• September 1996
  Internet Watch Foundation launched with government backing to consider curbs on Net content, with particular reference to child pornography.

• October 1996
  National Criminal Intelligence Service (NCIS) launches Project Trawler to study the extent of criminal use of the Net,and the methods law enforcement officials should use.

• May 1997
  NCIS announces results from Project Trawler, and requests urgent action to introduce laws enabling police to intercept and monitor e-mails. No action is taken because of the election.

• May 1998
  Acpo (Association of Chief Police Officers) and major ISPs plan seminars to promote informal agreements for police access to e-mail and Net information.

• 18 June 1998
  Meeting at New Scotland Yard between Home Office, MI5, police, BT and ISP representatives discusses law enforcement requirements for Net information, including stored e-mail and logs of Web usage.

• 2 September 1998
  Police raids on 11 sites in Britain, including one major ISP, seize child porn material connected with a US Web site called "Wonderland"; 30 others arrested in 12 other countries.

• 12 Sept 1998
  First Acpo seminar in Edinburgh aims to win industry acceptance of "memorandum of understanding" allowing automated access to ISP information.

        

On 17 Sep 1998, In{199809172136.WAA00867@odin.mimir.com}, Pete Bentley writes:
:
: Interestingly, the printed version of Online only said "a major UK
: ISP" rather than naming Demon.  I asked about that on another mailing
: list (a UK ISP gossip/industry watch one) and [.......] replied that
: "As far as I'm aware no raid took place, and no service machines were 
: removed.  I believe several ISP's were approached by the police (with 
: the correct documentation) and assisted with their enquiries".
:
On Fri 18 Sep 1998, in{001e01bde2e6$4f0ab860$8dfff3c1@Alan.kable.co.uk},
Alan Burkitt-Gray writes:
|
| The printed Guardian's main section yesterday has as its first item
| in its Corrections column a paragraph saying that no one was arrested 
| [and also identifying Demon].
|
On 18 Sep, In{4.0.1.19980918133612.00df0f00@pop.gn.apc.org}, Duncan Campbell  writes:
#
# Police and email : Guardian and C4N
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# I produced the Channel 4 News item on Wednesday night as well as 
# writing the report for Guardian Online ... since some wondered 
# (but C4N forgot the credit).  Regarding the raid on Demon Internet,
# this has been confirmed on the record
# by the National Crime Squad, who say however that the Demon employee
# concerned was questioned but was not arrested.   This information was
# provided too late for the Online Guardian paper deadline - a day 
# before the main paper - but appears (as has been noted) on the web 
# site and as a correction carried in the main paper on Thursday 
# morning. The National Crime Squad also state that they removed two 
# computers together with other material from Demon's offices. 
# 
On 20 Sep 1998, In{memo.19980920172027.316A@itconsult.co.uk}, Matthew Richardson writes:
+
+ In the demon.service newsgroup, two senior representatives 
+ from Demon have emphatically denied that ANY raids have taken place 
+ on their premises.
+
FURTHER NOTE ON THE E.U. DIRECTIVE.
In{s60777d8.023@Tecsun.Demon.Co.Uk}, Dave Howe writes:
|Hmm. all sounds very nice, until you reach this bit....
|
|(12) Whereas this Directive, similarly to what is provided for by Article 3 of 
|Directive 95/46/EC, does not address issues of protection of fundamental 
|rights and freedoms related to activities which are not governed by Community 
|law; whereas it is for Member States to take such measures as they consider 
|necessary for the protection of public security, defence, State security 
|(including the economic well-being of the State when the activities relate 
|to State security matters) and the enforcement of criminal law; whereas this 
|Directive shall not affect the ability of Member States to carry out lawful 
|interception of telecommunications, for any of these purposes;
|
|Article 1 Object and scope
|
|3. This Directive shall not apply to the activities which fall outside the 
|scope of Community law, such as those provided for by Titles V and 
|VI of the Treaty on European Union, and in any case to activities concerning 
|public security, defence, State security (including the economic well-being 
|of the State when the activities relate to State security matters) and the 
|activities of the State in areas of criminal law.

This was removed after copyright threats from the I.S.P.

Message-ID: {rOr4WLAsI5I2Ew0Y@xemu.demon.co.uk}
Date:Tue, 13 Oct 1998 18:47:24 +0100
To:  Clive D.W. Feather 
From:Dave Bird
Subject: Re: ISPs to give emails to British Police?
In-Reply-To: {e76CLxJNG4I2Ewhs@on-the-train.demon.co.uk}

In{e76CLxJNG4I2Ewhs@on-the-train.demon.co.uk}, Clive D.W.Feather writes:
:In article {x4DebFAxRfH2EwNx@xemu.demon.co.uk}, Dave Bird writes
::[The full form is on my homepage].
:
:You are hereby requested to remove all copies of this material from your
:web site within 48 hours. If you fail to do so, the London Internet
:Exchange may consider action for breach of copyright.
:Note that the current version of the form and covering notes are
:available at: http://www.linx.net/misc/dpa28-3form.html. 
:We have no objections to you linking to that page.

 Merry Christmas to you too.  I will remove the material and replace
 it with this correspondence asking for it to be removed. This will
 probably have zero effect where there are copies on foreign sites
 not under my control, except to cause ill-will.

:As a personal matter, not linked to the above, and on the assumption
:that you are interested in a fair debate rather than scaremongering, I
:expect you to include on your web page my statement that this is nothing
:to do with email interception, 

 Only when I am satisfied that is the case.  At the moment it does
 seem the document is MAINLY about identification, but could creep
 into other things.  The discussion has alternated between newspapers
 speculating and ISPs being silent, defensive, or obfuscatory.  
 Positive statements along the lines of "what actually happened was..."
 or "what is actually intended is..." would do much to clarify things,
 and to remove them impression you have something to hide (which is
 the impression defensiveness, and copyright threats, is likely to give)

:Also, why have you excluded the Guardian's retraction printed on
:Saturday 19th September ? 

 There have been various statements by the Guardian & by Duncan Campbell 
 individually, accepting that "it was not in the early hours", "there 
 were not a large number of police", and "nobody was arrested but one
 person was questioned by police."  I have dealt with these by adding
 notes in the original story pointing out the errors.

:I am willing to write a rebuttal to the points
:mentioned on your page, but only if it is going to be used fairly and
:not misquoted.

 Feel free.  I will even carry it, with nothing cut, but with
 my own comments added.

         

In article{kOeiTXAXYoA2EAU2@turnpike.com}, Richard Clayton: 
:In article{36028010.6D309F68@algroup.co.uk}, Ben Laurie:
::Duncan Campbell wrote:
:::
:::The Data Protection Act only allows release of information where 
:::both the information is required for one of the purposes listed 
:::and failure to disclose the data would be likely to prejudice the 
:::matter.
::
::What are "the purposes listed"? I can't find any list.
:
:I believe that this is meant to refer to the list in the DPA itself 
:[viz 28(3) at present, 29(3) when the new Act comes into force]
:Taking the new Act's wording only,to keep the size down---
:
:"29 (3) Personal data are exempt from the non-disclosure provisions in
:"any case in which- 
:" 
:"  (a)  the disclosure is for any of the purposes mentioned in
:"       subsection (1), and 
:"  (b)  the application of those provisions in relation to the
:"       disclosure would be likely to prejudice any of the matters 
:"       mentioned in that subsection. 
:
:so now you need to look at 29(1)---
:
:"29 (1) Personal data processed for any of the following purposes- 
:"  
:"  (a)  the prevention or detection of crime, 
:"  (b)  the apprehension or prosecution of offenders, or 
:"  (c)  the assessment or collection of any tax or duty or of any 
:"       imposition of a similar nature, 
:"
:"       are exempt from the first data protection principle (except to 
:"       the extent to which it requires compliance with the conditions 
:"       in Schedules 2 and 3) and section 7 in any case to the extent to 
:"       which the application of those provisions to the data would be 
:"       likely to prejudice any of the matters mentioned in this 
:"       subsection. 
:
:If you want to look at Schedules 2&3 and Section 7 try...
http://www.hmso.gov.uk/acts/acts1998/19980029.htm

   

In{34829EB7874@lucs-01.novell.leeds.ac.uk},  Yaman Akdeniz writes:
:
:| in the recent past, in that this form has had significant recent
:| input from the Data Protection Registrar's Office. I'm posting it to
:| the list for the sake of discussion and comment.
:
:In the light of what has been said so far and with all the denials 
:that there was no such agreement between ACPO and ISPs, I must 
:congratulate you for posting this here on the list and I will make 
: 
:| Data  Protection  Act  s28(3)  form
:| Agreed by ACPO and the ISP industry
:| ===================================
:| I certify that the data is required for the prevention or detection
:| of crime or for the apprehension or prosecution of offenders, and
:| that failure to disclose the data would be likely to prejudice these
:| matters.
:
:A House of Lords decision would suggest otherwise in the sense that
:the power of the Secretary of State to issue a warrant under section
:2(2)(b) of the 1985 Interception of Communications Act "for the
:purpose of preventing or detecting serious crime" does not extend to
:the collection of evidence with a view to the prosecution of
:offenders (see R. v. Preston [1994] 2 A.C. 130)
:So it is unclear to me in which circumstances under section 28 of the 
:DPA the police officers can get access to data. I see no reason why 
:this should not be the case under the DPA. Any further comments ?
:
:| The requested data are required for case reference [note 8] but may
:| be used for any other investigation for which the above declaration
:| applies.
:
:I think this is too far away and it would create enable the police to 
:keep the obtained data for unnecessary periods of time and maybe also 
:to create databases. I cannot see this being acceptable.
:
:| This application must be authorised by a person who is senior to the
:|requesting officer, and of a rank no lower than Inspector. See note9
:
:This would enable easy authorisation and of course the ISPs would 
:comply. Again this is in my view unacceptable.
:
:| Note 5: give here enough information that the recipient can make a
:| decision whether to disclose in accordance with your declaration.
:
:What happens if an ISP decides not to comply?
:[.........]
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:Yaman Akdeniz lawya@leeds.ac.uk
:Cyber-Rights & Cyber-Liberties (UK) at: http://www.cyber-rights.org
:read the new CR&CL (UK) Report, Who Watches the Watchmen, Part:II
:Accountability & Effective Self-Regulation in the Information Age,
:August 1998 at http://www.cyber-rights.org/watchmen-ii.htm
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

In{3.0.5.32.19980918173655.00a1be40@mail.netkonect.co.uk}, Nicholas Bohm writes:
=
= It may well be that proper use of the proposed form will avoid 
= breach by the ISP and police of the Data Protection Act.  But 
= that is only part of the story.
=
= I suggest that all holders of accounts with an ISP should check the
= contractual terms to see whether these terms permit any disclosure of
= the kind contemplated.  Unless there are express terms to that effect,
= the account holder should inform the ISP that they regard the content,
= origin, destination and timing of their messages as confidential (and 
= in the case of practising lawyers, also in some cases subject to legal
= professional privilege).  (List members may be able to suggest similar
= terms to apply to information about the account holder's access to 
= websites.)  They should inform the ISP that they will hold the ISP 
= liable for any breach of confidence involved in an unauthorised 
= disclosure, whether or not permitted under the Data Protection Act, 
= unless made pursuant to a warrant or subpoena or other order of a 
= court of competent jurisdction.  They should request acknowledgement
= and confirmation from the ISP.
=
= Just to make the point explicit, the fact that a disclosure may not 
= be a breach of the DPA does not relieve the ISP from liability for 
= a breach of confidence, actionable in damages.  The ISP may be able 
= to rely on the maxim that there is no confidence in iniquity, but 
= only if what the ISP discloses in fact reveals iniquity (which the 
= ISP would have to check for itself if it wants to be sure this defence
= is available). I suggest that this list could conveniently gather
= information about responses to this procedure, with a view to 
= identifying ISPs who are either willing or reluctant to respect 
= their account holders' confidences.
=
=	Regards,
=
=		Nicholas Bohm

    

FOR IMMEDIATE RELEASE 		PRESS RELEASE 18 September 1998

CIVIL LIBERTIES ORGANISATIONS CONDEMN TALKS BETWEEN INTERNET PROVIDERS
AND POLICE

Three of Britain's leading Internet related civil liberties
organisations today condemned the ongoing collaborative talks between
Internet Service Providers (ISPs) and the UK police.

In a joint press statement Internet Freedom, Cyber Rights & Cyber
Liberties, and the Campaign Against Censorship of the Internet in
Britain, unanimously condemned secret talks between the Association of
Chief Police Officers (ACPO) and representatives for Internet Service
Providers (ISPs) which aim to reach a "memorandum of understanding" to
give the police access to private data held by ISPs, as reported in
the Guardian Online this week.

There are to be three further seminars held by "ACPO, ISPs, and
Government Forum" which do not include user representatives or civil
liberties organisations as speakers.

The plans are for an agreement to allow the police access to email
messages transmitted by any of Britain's eight million Internet users
along with detailed web usage logs about sites that users had visited.
If reached, the agreement would exploit a so-called loophole in the
existing Data Protection and Interception of Communications Acts which
allows the police to routinely access private information without the
signature of any rank higher than inspector. Currently the tapping of
telephone communications requires the written consent of the Home
Secretary and unlike email is not admissable as evidence in court.

The planned agreement would be in violation of Article 8(1) of the
European Convention on Human Rights which will be incorporated to the
English Legal System with the Human Rights Bill, stating:

'Everyone has the right to respect for his private and family life,
his home and his correspondence'

There can only be interference by a public authority with the exercise
of this right when it is 'necessary in a democratic society in the
interests of national security, public safety or the economic
well-being of the country, for the prevention of disorder of crime,
for the protection of health or morals, or for the protection of the
rights and freedoms of others.'

Chris Ellison, spokesman for Internet Freedom, added:

"The proposed 'memorandum of understanding' is the product of two
years of collaborative talks between industry bodies and the police.
Fuelled by panics around child pornography on the Net, industry
representatives have got themselves into a situation where they are
under pressure to disclose information without legal obligation or
justification. There is no alternative but to break off these talks
immediately."

Yaman Akdeniz of Cyber-Rights & Cyber-Liberties (UK) stated that:

"ISPs have a duty to protect the fundamental rights and freedoms of
their users, and in particular their right to privacy with respect to
the processing of personal data. ACPO might have found a loophole
under weak UK laws about electronic surveillance but should not in any
case be allowed to amass evidence without showing probable and
specific cause either to the ISP or to a judge.

We are disheartened at learning yet again about influential but
unaccountable bodies such as ACPO and the Internet Watch Foundation
(IWF) taking decisions on regulatory issues involving the Internet,
behind close doors. It is the duty of the government to take decisions
on these matters and to open these closed doors to the public.
Transparency and accountability are important features of a healthy
society. If there is a legal loophole which allows speculative police
intrusion, then the government should close that loophole
immediately."

Malcolm Hutty, of Campaign Against Censorship of the Internet in
Britain stated that:

"If Internet Service Providers intercept their customers email and
pass it on to the police, people will be too scared to use the
Internet for any sensitive communications. The police must not exploit
loopholes in the Interception of Communications Act to invade personal
privacy without any democratic accountability. A legal challenge for
breach of the European Convention on Human Rights is almost
inevitable."

For further comment call Chris Ellison on +44 (0) 956 129 518


Internet Freedom
http://www.netfreedom.org/
BM CAM, London WC1N 3XX, UK.
campaign@netfreedom.org

Cyber Rights & Cyber Liberties (UK)
http://www.cyber-rights.org
Centre For Criminal Justice Studies, University of Leeds, LS2 9JT.
lawya@cyber-rights.org   

Campaign Against Censorship of the Internet in Britain
http://www.liberty.org.uk/cacib
60 Albert Court, Prince Consort Road, London SW7 2BE.
cacib@liberty.org.uk






ORIGINAL REPORT by Dan Sabbaugh (in August'98)

In message{80256687.005A58BE.00@vnulonnotes03.vnu.co.uk}, Daniel_Sabbagh writes:

It'd be good if you credit the orginal story (seeing as I wrote it...) in
your archive on the topic. It appeared on 5th August and helped Duncan
Campbell get going for his excellent Guardian piece.
You can link to it or reproduce it, as long as you 
credit the periodical, Computing,
and the publisher, VNU Business Publications.

Here is a URL for it.

 Police eye up email data
 ========================
 Internet service providers in talks with officers POLICE forces are close to 
 an  agreement with Internet  services providers (ISPs) allowing them access to  
 personal data and email  messages.

 The police are hoping to reach a ?memorandum of understanding? with ISPs, 
 following  a series  of  seminars with the IT industry in September and  October 
 last year.  It is understood that the agreement could enable  officers across the 
 country to read  an individual?s  emails and to discover which web sites the 
 person had  viewed.  Sources involved in the discussions say that a  statement 
 could be published at the beginning of 1999.  Discussions were initiated by the 
 computer crimes subcommittee  of the Association of Chief Police  Officers.

 Detective chief superintendent Keith Akerman of  Hampshire Police, the chairman 
 of the sub-committee,  said: ?We want to ensure the criminal doesn?t take best 
 advantage of the Internet, without government using  the sledgehammer of 
 regulation.? Akerman declined to comment on the content of the  discussions.
 One ISP representative involved in the talks described  the discussions as 
 ?very friendly?,  and denied there  were any implications for civil liberties.

 ISP objections have largely centred on the cost of the  proposals.
 The agreement will also aim to clarify the legal status of  using email as 
 evidence. One proposal could mean that email sent within the UK  and obtained 
 by the police would not fall under  telephone tapping legislation. This would 
 allow the information to be used as evidence in court. Telephone  taps are not 
 admissible in court under UK law. The move represents a reversal of earlier 
 agreements which assumed that emails fell under  telephone tapping legislation.

 ? Report by Dan Sabbagh.
        First appeared in COMPUTING, 05 August 1998 



On 2th Sept, In{36048a81.36512024@news.virgin.net},  Mark Pawelek writes:

TechWeb report
http://www.techweb.com/wire/story/TWB19980918S0006

British Police, ISPs Cooperate On Crime
(09/18/98; 2:07 p.m. ET)
By Andrew Craig, TechWeb

British police on Friday dismissed as "rubbish" claims by several civil-liberties 
organizations in the United Kingdom that they are working with ISPs to get access 
to Internet users' private information. The Association of Chief Police Officers 
launched Wednesday a series of seminars involving the police, ISPs, and key 
industry figures that will run for the next three weeks. The police said the 
talks were intended to give ISPs a better understanding of police requirements 
for investigating illegal activity that uses the Internet. But civil-liberties 
groups said in a statement Friday they "unanimously condemned secret talks" 
between the parties. The groups said the meetings were being held to create 
an agreement that would give the police access to e-mail messages transmitted
by any of Britain's 8 million Internet users, along with detailed Web usage logs 
about sites users had visited.

Proposals for a "memorandum of understanding" between the police and 
British ISPs has been fueled by panic about child pornography on the Internet, 
according to Chris Ellison, a spokesman for civil-rights group Internet Freedom. 
"Industry representatives have got themselves into a situation where they are 
under pressure to disclose information without legal obligation or justification,"
he said. "There is no alternative but to break off these talks immediately." 
The police association denied it was creating new rules. Instead, it just wants 
guidelines for implementing existing data-protection laws. "There has been no
attempt by police to get extra access [to Internet user data]," said a spokesman 
for the police association. "To say this is a secretive scheme to give police 
access to information about any Internet user is rubbish."

At least one industry representative believes increased police cooperation 
with ISPs is a good development. "ISPs have always felt we were being told 
'You must not move illegal content' -- or host it or forward it -- but we 
were not in a position to say what illegal content is," said Laurence Blackall, 
chairman of the British ISP Association. In addition to child pornography, 
the seminar addressed police concerns about Internet gambling, although the 
police declined to offer any further details about the discussions. The 
seminars were triggered by "the growth of the ISP industry and growing 
concern that crime is being facilitated by the Internet," the police 
spokesman added.

ISPs have a duty to protect the fundamental rights and freedoms of their users, 
according to Yaman Akdeniz of Cyber-Rights & Cyber-Liberties, a British 
civil-rights group. Although the police may have found a loophole in 
weak British laws governing electronic surveillance, they "should not, in 
any case, be allowed to amass evidence without showing probable and specific
cause either to the ISP or to a judge," said Akdeniz in a statement. If ISPs 
sign the police memorandum, they could be asked to provide police with 
information needed for criminal investigations under Britain's Data Protection 
Act, by filling in electronic forms issued by the police, according to a report 
in British newspaper The Guardian.

In article{3604911e.38204929@news.virgin.net} he also wrote:

I am curious as to what my ISP makes of all this - so I wrote an email
to them. I hope that they don't find it too sarastic.

Why don't we all email our ISPs about this?
++++++++++++++++++++++++++++++++++++++++
Dear Sir,

The following news story (below) arrived in my inbox from a news list
which I am on. I would like you to answer a number of important
questions for me.

1) I would like to know why Virgin is holding secret talks with the
police if the substance of those talks is non-controversial?
2) Is it the case that the police are able or will be able to get
"access to e-mail messages transmitted" or "detailed Web usage logs
about sites users had visited"?

3) Have the police actually asked Virgin to provide information about
email or web usage logs without first submitting a court order?
4) If the answer to the previous paragraph is yes then how did Virgin r
respond?
5) If the answer to paragraph 3 (above) is no they how are the police
able to investigate child pornography?

6) I have made this inquiry because I note that Virgin is a member of
the Internet Watch Foundation (IWF) and that the IWF's job is to
remove "potentially illegal material" from the Internet. I agree that
illegal material should be removed from the Internet but I find the
concept of "potentially illegal material" to be bizarre. Until there
has been a criminal conviction how can a piece of media be said to be
illegal?

If "potentially illegal material" is being removed then I assume that
potential crimes must be committed. In these circumstances I imagine
that Virgin will be cooperating with the police to catch potential
criminals. As everyone is a potential criminal - this has grave
consequences for privacy.

{insert the text of the original news story here}



A response received from Virgin Net to Justin Guest.
Organization:   	Virgin Net
Subject:        	Internet Privacy

Sean

I have been passed your e-mail regarding Internet Privacy by Anne Cush, as
I have recently dealt with other such enquiries.

Firstly, let me assure that as far as Virgin Net are concerned we have no
plans to hand over information simply upon demand.  As it stands, I have
to say, the first I heard about this was the recent Independent article,
which I believe this is based upon. I deal with abuse on Virgin Net's
service and work closely on a number of issues with a variety of
enforcement bodies, as I am sure you would agree any responsible ISP
should be doing.  However, you may see that the article says the 'details'
are being worked out by ACPO and ISPA (Internet Service Providers
Association) an organisation which, you may or may not know, Virgin Net is
a not member of.

Our position at present is that the police must demonstrate a reason for
us to hand over any information about any of our users (usually via some
legal mechanism).  I do not think that this will change very quickly, as
the privacy of our users in using the Internet is as important to Virgin
Net as it is to you. There are also a host of other technical, legal and 
political issues that must be overcome before a system where the police can 
simply access someone's e-mail and other information about their use of the 
Net can be put into place, the least of these not being the Data Protection 
Act and also Privacy laws that currently exist.

In terms of the word potentially, because of the way the Obscene
Publications Act is worded and enforced, an image cannot be deemed
illegal until a court has judged it so.  However there are 'guidelines' as
to what would fall under certain headings, i.e., is the image prosecutable
(for example pedophiliac images).  The IWF, as far as I am aware is simple
an advisory body, sitting between the ISP industry and the police, giving
trusted advice.  They, we feel, are in a position to judge what may well
bring a criminal conviction if a case were to be brought before a UK
court.  I am sure you would agree that if the IWF were to advise us of
material that may contravene the obscene publications act then it must be
of a serious nature, and as a responsible family oriented ISP, we will
trust this advice and act upon it.  (I would also add that if we were not
to act on it we could be breaking the law ourselves.)

I hope this has helped, if you have any further questions on this
matter, please contact me direct.

Regards

Justin Guest