The Smith Report

[Caspar Bowden]

Charles,

I think the difference between us is chiefly that you have been making very
reasonable assumptions about what the Bill SHOULD mean and how it CAN be
interpreted, but I am concerned to pay attention to what the Bill actually
says and what limits it places on lawful conduct. I think this approach is
especially justified given the history of this policy, but it would be
sensible in any case. I'm sorry if these don't accord with the assumptions
of your scenarios, but there is no point building castles in the air - if
the instructions to the parliamentary draftsmen were specifically intended
to legalise various practices, then agencies aren't going to change their
ways after RIP because they don't fit in with how techies outside government
conceive that they should do their job.

I should point out again that there is absolutely no official, let alone
binding or public, confirmation that the assumptions that you are making
about what constitutes comms data vs. content, whether warrants must be
served on ISPs, or limits on the operation of black-boxes, are correct. Do
you accept that? I don't need to produce evidence that anyone in government
has an intention to do a particular thing, it is sufficiently alarming that
the law as written will allow such a thing to be done.

I really had assumed that this was common ground between us, and hence my
sharp reaction to allegations of "conspiracy theory", which I'm glad you
acknowledged were pointed in my general direction. If you have only just got
around to reading the Smith Report, maybe it would have been better to ask
me about your misgivings by private e-mail - especially since the tone of
your posting suggested that I misunderstood the report at a technical
level - nothing in your reply substantiates that.

What perhaps you didn't take into account is the need to make the rather
abstract formulation of RIP and its technical implementation, accessible to
journalists and legislators - there is no squeaky clean way to do this, but
I think it speaks for itself that since FIPR painted the Big Browser
scenario in our Press Release for the HoC 3rd Reading debate, there has not
been one word of official denial on any point.

Why not? It would be very easy for the government to issue categorical
denials, confirming your viewpoint and refuting ours, but there has been
absolutely nothing for three weeks, and near enough forty media stories in
that time alone. If government was going to change the Bill as a result of
reasoned and informed objections, they would have done so months ago -
substantial clarifications and safeguards are only going to be achieved by
clear-sightedly but sceptically pointing out the inadequacies of the Bill as
drafted, not making panglossian assumptions which do government
spin-doctors' work for them.

>Charles Lindsey
(footling points snipped)

> If I were an ISP, I would much prefer the semi-active method.
> I think it is much more likely that it can be made to work with
> less hassle than the passive ones

Well the ISP industry tell me different - let's hear from a few ISPs ?

> And there is nothing in Smith to suggest that these boxes are
> in any way "black" or "opaque".

That's not the point. Can you propose a verifiable protocol and design,
proof against insider attack, that would allow Swinton Thomas to know what
any box had actually been doing, assuming that the boxes will have an uplink
and be controllable from GTAC?

As to the rest, it seems to me we can't make further progress until we have
a definitive statement (which a Minister will be prepared to repeat in
Parliament) from the Home Office which tells us whether in the Government's
view:

a) Part.I Ch.I warrants to intercept the Internet MUST ALWAYS be served on
ISPs - ESPECIALLY in the circumstance of a Smith Group passive box installed
on ISP premises, capable of being remotely programmed.

b) Part.I Ch.II Authorisations could be directly implemented by Smith Group
passive box installed on ISP premises, WITHOUT serving Notice on ISP.

c) Exactly how government define communications data in the context of the
Internet

There are other questions, but without answers to these, we are BOTH
speculating.
--
Caspar Bowden               Tel: +44(0)20 7354 2333
Director, Foundation for Information Policy Research
RIP Information Centre at:    www.fipr.org/rip#media