'Snooping Bill' will not deter criminals, say experts

The Regulation of Investigatory Powers (RIP) Bill will do nothing to deter criminal use of the Internet, but will make legitimate businesses move data offshore to protect their information, according to Internet security vendor Cequrux.

The RIP Bill - due for its third reading in Parliament on Monday - gives government the power to read encrypted messages on the Internet.

However, Dr Graham Wheeler, director of R&D at Cequrux, believes criminals - the intended subjects of the new powers - will easily find ways round the Bill. He said: "This Bill is unlikely to have any impact on the criminal fraternity. Criminals that are wise enough to use encryption in the first place will easily be able to work around it."

Wheeler predicted criminals will use multiple encryption keys, steganography and pre-arranged signals which will indicate that keys have been compromised, to evade the Bill's restrictions.

Steganography is an entirely legal method of camouflaging encrypted data within other random data, such as that found on video files, and makes it impossible to prove there is encrypted data present. Criminals - and businesses - could also use signals to indicate to third parties if data keys have been compromised, which would be illegal under the Bill but impossible to detect.

Wheeler said: "The Bill is much more likely to have an impact on legitimate businesses, who would be unwilling to act in this way."

He believes these legitimate users may be forced to take their business overseas.

Caspar Bowden, director at the Foundation for Information Policy Research (FIPR), who has been campaigning on the issue, agreed with Wheeler's assessment saying it proved the Bill was unworkable. He said: "What this does is single out the UK as a uniquely disadvantageous place to do ecommerce. No other country in the world plans to have similar measures in place - the rest of the world will be a data haven from the UK."

A recent human rights audit, commissioned by FIPR recommended that firms start using steganography to conduct their business.

The Home Office refuted the suggestion, describing the call as a "counsel of despair" and insisting the Bill was a proportionate response to new technological developments and would give better policing to serious crime on the net.