FW: [Apc-euroir-ws] "RIP Act" could result in massive surveillance -- BBC

Caspar Bowden cb at fipr.org
Mon, 10 Sep 2001 13:40:39 +0100 

> [mailto:ukcrypto-admin@chiark.greenend.org.uk] On Behalf Of Ken Brown
...
> It is not practicable to determine that a message is UK<->UK.

To discuss this, need to read the (immensely confusing, double-neative
strewn) S.16 (http://www.fipr.org/rip/ripa2000.htm#16)

This says that although GCHQ scoops up all sorts of raw material under
8(4) trawling warrants, the analysts cannot lawfully look for material
using a search term (keyword, name, e-mail address) relating to someone
they know is in the UK....

...UNLESS the Secretary of States signs a (totally new with RIP)
"over-ride" certificate, that for the first time allows GCHQ to look for
targets inside UK using trawling mass-surveillance (apart from
terrorists - allowed by IOCA 85, cf. FIPR analysis passim).

So the implication of this is that UNLESS there is an over-ride
certificate in force, if GCHQ knows someone is in UK, they cannot just
read their Hotmail by searching for traffic with that Hotmail address.
It's not enough for GCHQ to say "well they *might* be in Timbuktu,
although they normally live in Croydon" - GCHQ must have reason to
believe they are in fact abroad.

However all bets are off if there is a regular 8(1) warrant in force in
a particular person's name, because those warrants are good for internal
AND external communications, intercepted by GCHQ or ISPs/NTAC.

But there is nevertheless quite a strong restriction on what GCHQ can
legally do. If their international collection systems pickup Hotmail
delivered to UK, they CANNOT just casually have a snoop for "material
contained in communications sent by...or intended for" a particular
person in UK they are interested in (UNLESS they get an over-ride
certificate or a regular 8(1) warrant).

This is brain-hurtingly complicated (no doubt intentionally), and so far
as I know still totally opaque and undiscussed on ukcrypto or anywhere
else (despite regular attempts by FIPR since we tackled govt. on this in
House of Lords).

> Any Hotmail message could be read by anyone from any location=20
> on the net.  Of course the same applies to any mail message=20
> on any server accessible through the Internet.=20

Yes they could, but GCHQ must "believe on reasonable grounds" they are
NOT in UK. That's what the law says.

> But the whole argument about GCHQ or anyone else refraining=20
> from intercepting because of domestic UK law is ludicrous of=20
> course.=20

Well if that is so, we're all completely wasting our time aren't we, and
nobody should bother to scrutinise the letter of the law or mount
challenges under ECHR. Is that what you want ?

The difference is that if they follow the law, then they must obtain
overlapping 8(1) warrants OR over-ride certificates, and there is a
CHANCE (by no means certain) that the Commissioner will detail the
number of these in his annual reports, which will allow some check to be
maintained on the growth of domestic surveillance.

> If TPTB can read it and they want to read it they=20
> will read it. The idea that they would stop themselves =20
> because it is "internal" is absurd. In fact I have trouble=20
> believing that anyone here seriously believes it.

I have trouble believing that anybody here has actually bothered to read
the relevant law and relevant FIPR analysis
(http://www.fipr.org/rip/#Overlapping).

> As long as they are secret they are under no=20
> effective scrutiny,=20

Well what do YOU call effective scrutiny, and how do you think it will
ever be achieved except by careful analysis and application of the
current law ?
--
Caspar =
Bowden=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0 www.fipr.org
Director, Foundation for Information Policy Research
Tel: +44(0)20 7354 2333=20