Chapter 5 - notes


Chapter 4


p105

1. For a review of authentication methods see Ford, M, 'Identity Authentication and E-Commerce' [1998] 3 JILT.


p106

2. See eg 'What is public-key cryptography?' (RSA Laboratories).


p107

3. Sites employing SSL have web addresses beginning 'https://'. Cf '64-bit encryption broken after four years' VNUNet 30 September 2002.

4. For a brief introduction see Lim, Y, 'Digital Signature, Certification Authorities and the Law' (2002) 9 E-Law.

5. Below, ch 9.

6. Lincoln, A, 'Electronic signature laws and the need for uniformity in the global market' (2004) 8 JSEBL 67 (Lexis).

7. For documents see UNCITRAL - Electronic Commerce.


p108

8. For the US position see Zemnick, S, 'The E-Sign Act' (2001) 76 CKLR 1965 (Lexis); Spyrelli, C, 'Electronic Signatures: A Transatlantic Bridge?' [2002] 2 JILT.

9. For documentation see The Wassenaar Arrangement home page.

10. Regulation 2004/1504/EC, on setting up a Community regime for the control of exports of dual-use items and technology.

11. Export of Goods, Transfer of Technology and Provision of Technical Assistance (Control) Order 2003 (UK) SI 2003/2764 reg 6.

12. DTI Export Control Organisation.


p109

13. See Directive 1999/93/EC on a Community framework for electronic signatures, on which see further Siems, M, 'The EU Directive on Electronic Signatures - A worldwide model or a fruitless attempt to regulate the future?' (2002) 16 IRLCT 7 (Taylor and Francis).

14. See below, p 133.


p110

15. For discussion see Hindelang, S, 'No Remedy for Disappointed Trust - The Liability Regime for Certification Authorities Towards Third Parties Outwith the EC Directive in England and Germany Compared' [2002] 1 JILT; Balboni, P, 'Liability of certification service providers towards relying parties' (2004) 13 ICTL 211 (Taylor and Francis).


p111

16. 'Sun sets on UK encryption regulation powers' Register 26 May 2005.

17. See Electronic Communications Act 2000 (UK) ss 1-6 and Electronic Signatures Regulations 2002 (UK) SI 2002/318; Electronic Commerce Act 2000 (IE) ss 29-30.

18. See tScheme homepage; Mason, S, Electronic Signatures in Law, 2003, ch 10, London: LexisNexis; 'Digital certificate regime wins UK gov plaudits' Register 22 April 2004.

19. R (NTL Group Ltd) v Crown Court at Ipswich [2002] EWHC 1585 Admin, [2003] QB 131 (Lexis).

20. Data Protection Act 1998 (UK) s 29(3); Data Protection Act 1988 (IE) s 8, as amended by Data Protection (Amendment) Act 2003 (IE) s 9.


p112

21. 'Outcome of case inevitable, says judge' Irish Times 24 April 2004; 'Exclusion of unconstitutionally obtained evidence' (2004) 14 ICLJ 25.

22. See Lord Advocate's Reference (1/2002) [2002] SCCR 743 (Lexis); Lambert, P, 'The search for elusive electrons: Getting a sense for electronic evidence' (2001) 1 JSIJ 23.

23. See Sommer, P, 'Downloads, logs and captures: Evidence from cyberspace' [2002] CTLR 33; Knight, W, 'Chasing the elusive shadows of e-crime' [2004] NS (8 May) 26 (New Scientist); Clark, A, 'Hard drive evidence' (2004) 148 Sol Jo (Expert Witness Supp, Summer) 14.

24. See Hill, S, 'Driving a trojan horse and cart through the Computer Misuse Act' (2004) 14 C&L (5) 30 (SCL); Brenner, S, Carrier, B and Henniger, J, 'The Trojan Horse defense in cybercrime cases' (2004) 21 SCCHTLJ 1 (Lexis).

25. R v Governor of Brixton Prison ex parte Levin [1997] UKHL 27, [1997] AC 741, on which see Fitzpatrick, B, 'Computers, hearsay, and the status of extradition proceedings' [1998] 1 WJCLI; R (O'Shea) v Coventry Justices [2004] EWHC Admin 905.

26. For the modern English and Welsh law of criminal hearsay see Criminal Justice Act 2003 (UK) ss 114-133.

27. Criminal Evidence Act 1992 (IE) ss 4-11. For the position in England and Wales see Quinn, K, 'Computer evidence in criminal proceedings: Farewell to the ill-fated s 69 of the Police and Criminal Evidence Act 1984' (2001) 5 IJEP 174 (Lexis); Tapper, C, 'Electronic evidence and the Criminal Justice Act 2003' [2004] CTLR 161.

28. 'Footprints on the disk' Guardian 5 February 2004.


p113

29. Ackerman, W, 'Encryption: A 21st century national security dilemma' (1998) 12 IRLCT 371 (Taylor and Francis); Andrews, S, 'Who Holds the Key? - A Comparative Study of US and European Encryption Policies' [2000] 2 JILT.

30. Regulation of Investigatory Powers Act 2000 (UK) ss 49-56; 'Government backtracks on encryption enquiry' ZDNet UK 4 April 2001.

31. 'Regulation of Investigatory Powers Act 2000' Hansard (Lords) 16 July 2004.

32. See eg m-o-o-t home page.

33. For background and a selection of views see Mostyn, M, 'The need for regulating anonymous remailers' (2000) 14 IRLCT 79 (Taylor and Francis); Brown, I and Laurie, B, 'Security against compelled disclosure'; du Pont, G, 'The Criminalization of True Anonymity in Cyberspace' (2001) 7 MTTLR 191.


p114

34. Murphy, A, 'Cracking the code to privacy: How far can the FBI go?' [2002] 2 DLTR.

35. Hartzog, N, 'The "Magic Lantern" revealed: A report of the FBI's new "key logging" trojan' (2002) 20 JMJCIL 287 (Lexis).

36. On the technical and legal issues see particularly Nabbali, T and Perry, M, 'Going for the throat: Carnivore in an Echelon World - part 1' (2003) 19 CLSR 456 and 'part 2' (2004) 20 CLSR 84 (Ingenta).

37. 'FBI retires Carnivore' Register 15 January 2005.

38. eg Barrett, C, 'FBI Internet Surveillance: The Need for a Natural Rights Application of the Fourth Amendment to Insure Internet Privacy' (2002) 8 RJOLT 16; Dunham, G, 'Carnivore, The FBI's E-mail Surveillance System: Devouring Criminals, Not Privacy' (2002) 54 FCLJ 543; Kerr, O, 'Internet Surveillance Law After the USA-PATRIOT Act: The Big Brother That Isn't' (2003) 97 Nw ULR 607 (Lexis); Kollar, J, 'USA PATRIOT Act, the Fourth Amendment, and Paranoia: Can They Read this While I'm Typing?' (2004) 3 JHTL 67.

39. Regulation of Investigatory Powers Act 2000 (UK) ss 17-18; A-G's ref 5/2002 [2004] UKHL 40; R v E [2004] 1 WLR 3279 (Lexis). See generally Ormerod, D and McKay, S, 'Telephone intercepts and their admissibility' [2004] Crim LR 15 (Westlaw UK).


p115

40. '"Phone-tapping" evidence vetoed' BBC News 18 February 2005.

41. For the powers generally see Regulation of Investigatory Powers Act 2000 (UK) ss 5-20; Akdeniz, Y, Taylor, N and Walker, C, 'Regulation of Investigatory Powers Act 2000 (1): BigBrother.gov.uk' [2001] Crim LR 73 (Westlaw UK).

42. Regulation of Investigatory Powers Act 2000 (UK) ss 57-58.

43. Regulation of Investigatory Powers Act 2000 (UK) ss 65-69; Investigatory Powers Tribunal Rules 2000 (UK) SI 2000/2665 (both as amended).

44. Regulation of Investigatory Powers Act 2000 (UK) s 19.

45. 'Intelligence and security service tribunals' Hansard (Commons) 18 March 2004].

46. A little more detail is given in the Covert Surveillance Code of Practice.

47. Regulation of Investigatory Powers (Maintenance of Interception Capability) Order 2002 (UK) SI 2002/1931. Official figures for the number of warrants do not distinguish between warrants for letters, the Internet and data; see Report of the Interception of Communications Commissioner for 2003 (HC 883, July 2004).

48. Regulation of Investigatory Powers Act 2000 (UK) ss 12-14; Technical Advisory Board home page. For general discussion of the legislation see Best, K and McCusker, R, 'The Scrutiny of the Electronic Communications of Businesses: Striking the Balance Between the Power to Intercept and the Right to Privacy?' [2002] 1 WJCLI.


p116

49. Postal and Telecommunications Services Act 1983 (IE) ss 98 and 110; Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993 (IE). Despite the specific reference to 'Telecom Éireann' (Eircom), the provisions also catch other licensed operators: Postal and Telecommunications Services (Amendment) Act 1999 (IE) s 7.

50. Middleton, R, 'Data retention policies after Enron' (2002) 18 CLSR 333 (Ingenta); Chan, M, 'Paper piles to computer files: A federal approach to electronic records retention and management' (2004) 44 SCLR 805 (Lexis).

51. 'Retailers reject gov't plea for data' Campaign 29 January 1999.

52. 'Loyalty cards may help switch to healthy eating' Scotland on Sunday 4 January 2004.


p117

53. Above, p 111.

54. Directive 2002/58/EC on the processing of personal data, art 15.1.

55. See especially 'Memorandum of laws concerning the legality of data retention with regard to the rights guaranteed by the European convention on human rights', prepared by Covington and Burling for Privacy International, 10 October 2003.

56. Regulation of Investigatory Powers Act 2000 (UK) ss 21-25, in force 5 January 2004: see SI 2003/3140.

57. 'Blunkett shelves access to data plans' Guardian 19 June 2002.

58. Regulation of Investigatory Powers (Communications Data) Order 2003 (UK) SI 2003/3172. See Munir, A and Mohd, S, 'Access to communications data by public authorities' (2004) 20 CLSR 194 (Ingenta).

59. Regulation of Investigatory Powers (Communications Data) (Amendment) Order 2005 (UK) SI 2005/1083.


p118

60. 'UK snoop charter: we're already getting all the data anyway' Register 18 June 2002; 'How ISP surveillance currently works, Pt 1'.

61. 'UK gov seizes data on 100m calls, 1m users, a year' Register 14 May 2003.

62. 'Communications data' Hansard (Lords) 9 June 2003.

63. 'Snooping laws may be illegal' Guardian 31 July 2002.

64. Anti-terrorism, Crime and Security Act 2001 (UK) ss 102-107. See more generally Walden, I and McCormack, E, 'Retaining and accessing communications data' (2003) 8 Comms L 256; Walker, C and Akdeniz, Y, 'Anti-terrorism laws and data retention: War is over?' (2003) 54 NILQ 159.

65. Voluntary Code of Practice. The Code is authorised by Retention of Communications Data (Code of Practice) Order 2003 (UK) SI 2003/3175.

66. 'Communications data code of practice' Hansard (Commons) 14 May 2004; Vine, S, 'The data retention regime: the ISP's point of view' [2003] EBL (Dec) 5.

67. Retention of Communications Data (Extension of Initial Period) Order 2003 (UK) SI 2003/3173, by which the period now ends on 13 December 2005.


p119

68. See especially 'Communications data: Report of an Inquiry by the All Party Internet Group' (APIG, January 2003).

69. Some reference has been made to statutory interception powers (above, pp115-116), but these evidently apply only to investigations of particular suspect individuals, not the entire population.

70. 'State secretly retaining phone data' Irish Times 25 February 2003; 'Move to retain phone call data deplored' Irish Times 6 March 2003; 'Court threat for State over data privacy' Irish Times 26 May 2003. See generally Woods, A, 'We know what you did last summer!' [2005] COLR 3.

71. Criminal Justice (Terrorist Offences) Act 2005 (IE) ss 61-67, in force 8 March 2005.

72. 'EU data protection chiefs oppose data retention moves' Register 17 September 2002.

73. DG InfSo - DG JAI Consultation Document on Traffic Data Retention (30 July 2004). See also Opinion 9/2004 of the Article 29 Data Protection Working Party (9 November 2004).

74. 'EC calls for rethink of data retention proposals' Register 10 December 2004.

75. Privacy and Data-sharing: The way forward for public services (Cabinet Office, 11 April 2002). See also Privacy and Data sharing: the way forward for public services - An update on progress (Department for Constitutional Affairs, November 2003) and Public Sector Data Sharing: Guidance on the Law (Department for Constitutional Affairs, November 2003).


p120

76. See Privacy and Data-sharing: the way forward.

77. See e-GIF.

78. 'Patient records go on database' Times 21 July 2003

79. Health and Social Care Act 2001 (E&W) s 60; Health Service (Control of Patient Information) Regulations 2002 (E&W) SI 2002/1438.

80. See NHS numbers for babies; 'NHS "numbers for babies" goes live' VNUNet 29 October 2002.

81. 'How safe is your medical record?' Register 23 June 2004.

82. eg 'Data sharing calls time on Cardiff bar brawls' VNUNet 13 July 2004.

83. eg 'Data protection, informed consent and research' (2004) 328 BMJ 1029.

84. Gertz, R, 'An analysis of the Icelandic Supreme Court judgement on the Health Sector Database Act' (2004) 1 SCRIPT-ed 2; Potts, J, 'At Least Give the Natives Glass Beads: An Examination of the Bargain Made Between Iceland and deCODE Genetics with Implications for Global Bioprospecting' (2002) 7 VJOLT 8.

85. Hsieh, A, 'A Nation's Genes for a Cure to Cancer: Evolving Ethical, Social and Legal Issues Regarding Population Genetic Databases' (2004) 37 Col JL & Soc Prob 359 (Lexis).

86. See the Bichard Inquiry report (22 June 2004).

87. 'Home Office promises national intelligence system' ZDNet UK 23 June 2004; 'Data federation and the police' Register 6 July 2004.

88. Wildish, N and Nissanka, V, 'A deletion too far: Huntley, Soham and data protection' (2004) 14 C&L (6) 28 (SCL); Tomlinson, H and Thomson, M, 'Policing the use of data' (2004) 154 NLJ 338 (Lexis); Room, S, 'Meeting the challenges of Climbié and Soham - part 3' (2004) 154 NLJ 590 (Lexis).


p121

89. 'Linked databases to beat uninsured drivers' VNUNet 11 August 2004.

90. Fay, S, 'Tough on crime, tough on civil liberties: Some negative aspects of Britain's wholesale adoption of CCTV surveillance during the 1990s' (1998) 12 IRLCT 315 (Taylor and Francis).

91. 'Congestion charging - Enforcement technology'; 'Does London mayor's "ring of steel" breach UK Data Act?' Register 19 February 2003; Lerouge, J, 'Road tolling and privacy' (1999) 15 CLSR 379 (Ingenta).

92. Luk, J, 'Identifying terrorists: Privacy rights in the US and the UK' (2002) 25 HICLR 223 (Lexis).

93. 'Anger over airport security scans that reveal all' Sunday Telegraph 11 August 2002.

94. For current info see Identity cards; 'ID cards to use "key database" of personal info' Register 26 April 2004.

95. For discussion see Holderness, M, 'Every step you take' [2002] NS (25 May) 50; 'Policing by plastic' Guardian 30 May 2003; 'Information Commissioner publishes concerns on identity cards' (Information Commissioner, 30 July 2004); 6, Perri, 'Entitlement cards: do the Home Secretary's proposals comply with data protection principles? Part I' (2003) 3 WDPR 18, and 'Part II' (2003) 3 WDPR 13.


p122

96. 'Web raids help to put 3,000 on sex crimes register' Times 29 July 2004; 'Operation Ore puts children "at risk"' BBC News 27 January 2003; R (O'Shea) v Coventry Justices [2004] EWHC 905 Admin.

97. Kennedy, D, 'In Search of a Balance Between Police Power and Privacy in the Cybercrime Treaty' (2002) 9 RJOLT 3; 'EU-USA agreements - the drafts on the table' (Statewatch, April 2003).

98. eg 'US cybercrime push "imperils personal security" of Americans' Register 20 November 2003.

99. EURPOL home page.

100. On which see Karanja, S, 'The Schengen Information System in Austria' [2002] 1 JILT; Colvin, M, 'The Schengen Information system: A human rights audit' (2001) 151 NLJ 895 (Lexis).

101. 'E-mail users warned over spy network' BBC News 29 May 2001.

102. For some background see Nabbali, T and Perry, M, 'Going for the throat: Carnivore in an Echelon World - part 2' (2004) 20 CLSR 84 (Ingenta); Sloan, L, 'ECHELON and the legal restraints on signals intelligence: a need for re-evaluation' (2001) 50 Duke LJ 1467.


p123

103. 'Flying to the US? Give US gov all your personal data' Register 20 February 2003.

104. 'Ministers thwart MEPs, OK EU-US airline data deal' Register 18 May 2004.

105. 'EU move to have US air data pact annulled' Irish Times 26 June 2004.

106. Directive 2004/82/EC on the obligation of carriers to communicate passenger data, to be implemented by 5 September 2006. For some of the issues in the controversy see Baker, S, Shenk, M, Kuilwijk, K, Chang, W and Mah, D, 'Flights and rights: Anonymisation, data-matching and privacy' (2004) 14 C&L (6) 35 (SCL); Asinari, M and Poullet, Y, 'The airline passenger data disclosure case and the EU-US debate' (2004) 20 CLSR 98 (Ingenta); and see the same authors' 'Airline passengers' data' (2004) 20 CLSR 370 (Ingenta).

107. 'US calls for increased and earlier passenger data transfers' OUT-LAW 24 May 2005.

108. Freedom of Information (Amendment) Act 2003 (IE).

109. See Freedom of Information (Scotland) Act 2002 (Commencement No 3) Order 2004 (Sc) SI 2004/203.

110. Regulation 2001/1049/EC.


p124

111. For general discussion see Irish FOI Links.

112. Freedom of Information Act 1997 (IE) ss 6-18, as amended by Freedom of Information (Amendment) Act 2003 (IE) ss 4-13.

113. Freedom of Information Act 1997 (IE) ss 19-32, as amended by Freedom of Information (Amendment) Act 2003 (IE) ss 14-24.


p125

114. Freedom of Information Act 1997 (IE) ss 7, 8 and 12, as amended by Freedom of Information Act 2003 (IE) ss 5-6.

115. Freedom of Information Act 1997 (IE) ss 17-18, as amended by Freedom of Information Act 2003 (IE) ss 12-13.

116. Freedom of Information Act 1997 (IE) ss 15-16, as amended by Freedom of Information Act 2003 (IE) ss 10-11.


p126

117. Woods, A, 'Adding Another Glass Block to the Barrier of Transparency: The Media and the Freedom of Information Acts' [2004] COLR 1.

118. Freedom of Information Act 2000 (UK) s 77, in force 1 January 2005. See 'Freedom of Information Act 2000: Section 77' Hansard (Lords) 24 June 2002.

119. See eg 'Mayor Ken boasts of pre-FOIA "juicy bit" shredfest' Register 21 March 2005.

120. Freedom of Information Act 2000 (UK) ss 8-17; Freedom of Information and Data Protection (Appropriate Limit and Fees) Regulations 2004 (UK) SI 2004/3244.

121. Freedom of Information Act 2000 (UK) ss 1-7 and sch 1.

122. Freedom of Information Act 2000 (UK) ss 21-44.


p128

123. Turle, M, 'Free information, business threat?' (2004) 154 NLJ 1258 (Lexis).

124. Freedom of Information Act 2000 (UK) ss 50-54.

125. Information Asset Register.


p129

126. Jones, N and Marchant, J, 'Here comes Big Brother' [2001] NS (22 September) 12 (New Scientist); 'For whom the Liberty Bell tolls' [2002] Economist (31 Aug) 19.

 

FURTHER READING

Birkinshaw, P, Freedom of information - The law, the practice and the ideal, 3rd edn, 2001, London: Butterworths.

Birnhack, M and Elkin-Koren, N, 'The Invisible Handshake: The Re-emergence of the State in the Digital Environment' (2003) 8 VJOLT 6.

Black, T, 'Taking Account of the World As it Will Be: The Shifting Course of US Encryption Policy' (2001) 53 FCLJ 289.

Case, P, 'Confidence matters: The rise and fall of informational autonomy in medical law' (2003) 11 Med LR 208 (Lexis).

Cornford, T, 'The Freedom of Information Act 2000: Genuine or Sham?' [2001] 3 WJCLI.

Curtin, D, 'Citizens' fundamental right of access to EU information: An evolving digital passepartout?' (2000) 37 CML Rev 7.

Levi, M and Wall, D, 'Technologies, security and privacy in the post-9/11 European Information Society' (2004) 31 JLS 194 (Blackwell).

Murray, J, 'Public Key Infrastructure, Digital Signatures and Systematic Risk' [2003] 1 JILT.

Palfrey, T, 'The hidden legacy of Scott' (1999) 13 IRLCT 163 (Taylor and Francis).

Price, S, 'Understanding contemporary cryptography and its wider impact upon the general law' (1999) 13 IRLCT 95 (Taylor and Francis).

Reid, A and Ryder, N, 'For whose eyes only? A critique of the UK's Regulation of Investigatory Powers Act 2000' (2001) 10 ICTL 179 (Taylor and Francis).

Steele, J, 'Freedom of Information: Is privacy winning?' (2004) 13 Notts LJ 17.


Chapter 6