FW: [Apc-euroir-ws] "RIP Act" could result in massive surveillance -- BBC

Caspar Bowden cb at fipr.org
Sat, 8 Sep 2001 12:01:46 +0100 

> [mailto:ukcrypto-admin@chiark.greenend.org.uk] On Behalf Of=20
> Roland Perry
..
> In message <000f01c13849$a796a3c0$ef00a8c0@aki>, Caspar=20
> Bowden <cb@fipr.org> writes
>=20
> >I meant traffic which is routed from
> >one UK ISP to another by LINX, rather than leaving the country on an=20
> >international trunk.
> >
> >S.16(3) gives legal power to trawl the former (when you add 5.6 and=20
> >8.4), matching on arbitrary factors, but if GCHQ do in fact confine=20
> >their activities to international trunks they would never see it.
>=20
> I'm not clear why you bring LINX into this. If there is a=20
> target using a UK ISP [who is connected to LINX] why not=20
> gather the traffic directly from that ISP, where it is easier=20
> to filter out, and would also include traffic from the target=20
> to both overseas and other subscribers of that ISP.

I quite agree - exactly my point. Only mentioned LINX because that is
where (primarily) the routers sit that decide whether traffic stays
inside UK or not.

The general point I'm trying to make is that

*) GCHQ wants to continue to have clout with NSA, and as the Internet
becomes increasingly important in SIGINT mix, what is GCHQ's best
strategy ?

*) GCHQ cannot afford to design, build or buy their own ridiculously
fast supercomputers using ridiculously expensive black technologies like
NSA, which would let them do more of what they want in terms of
selectivity by drinking from the firehose.

*) So what is their best longish term strategy ? RIP makes it quite
legal to insist on installing "black-boxes" designed to assist an 8.4
warrant. That is a formidable bit of kit, depending on the size of ISP,
but it is more off-the-shelf than a Fort Meade black-project job, and
they can mix and match fairly flexibly, PROVIDING they are allowed to
remotely program the boxes to filter and select the traffic they like
the look of AT THE ISP. There is nothing in RIP to prevent this.

*) If GCHQ can fudge this transition to acquisition and selection at
ISP, from acquisition from cable/microwave, they can carry on
indefinitely (assuming of course that the UK will still see a lot of
foreign traffic of great interest).

*) If GCHQ don't do this, they will slowly but surely be priced out of
business as the volume growth limits the aggregate traffic they can cope
with to piddling fractions of the total.

So what is their strategy actually going to be over next 10 years ?
--
Caspar =
Bowden=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0 www.fipr.org
Director, Foundation for Information Policy Research
Tel: +44(0)20 7354 2333=20