Jack Straw' View

Owen Lewis oml at eloka.demon.co.uk
Fri, 7 Jul 2000 11:38:55 +0100 

----- Original Message -----
From: "Roland Perry" <roland@linx.net>
To: <ukcrypto@maillist.ox.ac.uk>
Sent: 06 July 2000 08:07
Subject: Re: Jack Straw' View


> In article <003801bfe6cc$278e0940$3e0a989e@eloka>, Owen Lewis
> <oml@eloka.demon.co.uk> writes
>
> >It is
> >widely practiced for a variety of  purposes. Plod practices it, BT
practices
>
> To draw up a list of suggested "Friends and Family", for example.

Yes, and also both billing and network development to service changing
patterns of  of demand. Indeed, the Erlang (basic unit of value of
line-time) requires traffic data collection and analysis to give it meaning.
>
> >it (as does every other PSTN provider). Facilities and communications
> >managers practice it. I practice it. ISPs may or may not yet practice it
but
> >those that don't, as they grow up, will find good reasons why they should
> >practice it.
>
> I think the difference is that the information so gathered is often just
> as useful when anonymised.

Quite so. But not (yet?) in the case of billing a PSTN subscriber. The
argument for anonymising all comms data is an interesting one. Beyond doubt,
if traffic data specific to each number were not collected, Plod would lose
an occasionally very useful tool. Exactly the same can be said in respect of
the current requirement to display vehicle numberplates that can be read bu
the naked eye at 25 yards.


> For example, when running an ISP some years
> ago I wanted to know how many hours a week the subscribers were using
> the service. This was calculated from billing records and (amongst other
> things) produced figures on the number of subscribers using zero hours
> per month, and the number using more than <some arbitrary number,
> perhaps 30> hours a month. I didn't need to know who the individuals
> were, or indeed who/what they were communicating with when online.
>
> On the other hand, when trying to trap a hacker, we *did* want to
> investigate the sessions of individuals who had sessions longer than an
> hour between midnight and 4am (given also that most users connected for
> only a few minutes each session).

Absolutely.

> >The first police coup using an enhanced analytical capability was about
> >89/90 when they busted a ring of bent solicitors and estate agents

But, returning to the mortgage fraud ring, a much more sophisticated
analysis would have been required.
The scam worked by creating repeated fake sales of property at inflated
valuations. On the scale that the lenders thought they were being taken for,
it is impossible that it was being operated by just one form of solrs and
one of estate agents. A prime part of Plod's investigation would have been
to determine, as far as possible, the totality of the ring before pouncing
on any one of them and thus allowing te others to run for cover. A key part
of the successful investigation would have been to establish a group who
were, in a very preferential manner, working in a closed loop on suspect
contracts.

I can't remember how many entities were involved altogether but ISTR it was
about 20-25. The bulk of the business turnover of each would have been
legitimate trading. Therefore, it is likely that the amount of analysis
required to estabish the supect pattern of communications would have been
enormous and not feasible to have undertaken by hand.

> Oh dear, in 24hrs we have mentions of both bent police and bent
> solicitors. My illusions are shattered...

As the old saying has it, 'The whole world's queer except thee and me... and
I'm a mite worried about thee!'  :-)


Owen Lewis