(Fwd) R.I.P. and NHSNet

[Richard Clayton]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <fm1qdKADIeh5Ew0H@tigers.demon.co.uk>, Mary Hawking
<maryhawking@tigers.demon.co.uk> writes

>My understanding of the R.I.P legislation is that it is aimed at
>obtaining access to *all* the email addresssed to or sent by an
>individual. 

In one part of the Act, yes - but a Secretary of State must sign the
warrant. The Government argues that this is a higher level of
authorisation than a "court order"

>If this is the case, having Al Capone as a patient could
>comprimise the confidentiality of the other 2499 patients on the
>list....

only if you hand over the other information. If the LEA is looking at
your incoming email then yes - they would see other information. They
should immediately discard it - since it is unlawful of them to do
anything more with it than determine it is not of concern to them.

However, and perhaps this is naive of me, I am somewhat concerned if you
are moving this type of information around by email today without
applying any encryption at all :(

If you ARE applying encryption then an interception warrant will be, in
practice, useless - they will have to come to you to obtain the
information. You should then argue that taking away a copy of all of
your email cannot possibly be proportionate and that you should only be
obliged to hand over Mr Capone's info.

>> I
>>am not sure how we stand on disclosing to a patient that a request for
>>access to "their" records has been made....
>
>You can't - 2 years in jail for not disclosing the key -

yes... though this does not have very much to do with email any more.

If you are holding records on a machine then I am pleased to see that
you will be ensuring that the information was encrypted - or that you
have watertight arrangements to ensure that the hard disk was not
stolen.

However, the Government say that you will not be asked for the key
except in some very unusual circumstances. So in fact you'd be locked up
for 2 years for not disclosing the information [I don't suppose that is
much consolation].

> and *5* years
>for telling anyone else that you've been asked!

under some (again said to be unusual) circumstances, yes that's true.
You will have the benefit of adding the signature of a Chief Constable
to your autograph collection. Since they probably can't lock you up
twice for the same offence I expect you could sell it on the open
market. It would have some rarity value :)

- ------------------------------

There's a mixing up (understandable really) of Part I (interception of
email etc) concerns in the above with Part III (access to protected
information). This is not uncommon even amongst people who've been
following the debate for some time.

I think we probably need "Noddy's Guide to the Act" (or is that
fictional character still protecting their intellectual property ?).

FIPR to the rescue again I suppose - or is the Home Office likely to
produce a simple summary in the near future ?  it's their complications
and mind changing that is having to be countered & explained here :(

- -- 
richard                       writing to inform and not as company policy
     want to have an influence on ICANN ?  http://members.icann.org/
"Assembly of Japanese bicycle require great peace of mind" quoted in ZAMM

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBOYXxg+tbVxwhgXFWEQJqTACgm3rzfNSWcjsYXIQWeR+BFOlfAjsAn2ph
6SHqFBVJF3a1E7Dxzwvj2WId
=iaGl
-----END PGP SIGNATURE-----