What is Communications Data?

[John R T Brazier]

Charles said:
>> May I suggest we speak of "pure content" in future?

Ross responded:
> Even at the level of human protocols, that's hard.
[snip]
> If the regulations Simon's working on are to remain
> effective and to continue to command reasonably broad
> support, they will have to be updated regularly.

I was wrestling with these. I occurred to me that one may try to start
identifying different types of data, such as (specifically not using RIPA
terms to avoid confusion):
1. The data specifically used in the message movement and delivery.
2. The data created by the message originator, representing the information
that is intended to be given to the receiver.
3. Metadata about the message, such as server names, routing/logging
information, and so forth.

But I think Ross is right: in the end, it will always be almost impossible
to separate the levels. This is because human beings will confuse the
different information types both in their messages, and in the software
products that deal with the messages. In addition, as protocol stacks
continue to develop, the regulations will need to be updated (as Ross
pointed out). There is another implication: that whatever classification
system is ultimately used is likely to be arbitrary. We are not going to be
able to provide a logically coherent definition of content vs traffic data.
We will end up simply placing types of data into each category, and live
with the consequences.

The problem with this, of course, is that the discussions may be compromised
as the decisions are going to be arbitrary (and perhaps made on bases such
as belief or political usefulness rather than the results of well-informed
deliberation).

ATB

John B



-----Original Message-----
From: ukcrypto-admin@chiark.greenend.org.uk
[mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Ross Anderson
Sent: 10 November 2002 14:32
To: ukcrypto@chiark.greenend.org.uk
Subject: Re: What is Communications Data?



> When I use my Internet banking service I provide my name, my date of
> birth, a password, and some other personal information to authenticate
> my access. This clearly constitutes data "identifying, or purporting to
> identify, any person ... to or from which the communication [was]
> transmitted". Would anyone contend this constitutes traffic data? Would
> anyone contend that it is not part of the content of the communication?

It can be both. I go into this in chapter 6 of my book, where I
discuss the problems of naming in secure distributed systems. Stuff
that's a name at one level in the system can be an address at the
next. Similarly, stuff can be both content and traffic data.

This is nothing new. Years ago, there was argument in the USA about
content versus traffic - the FBI found it inconvenient that
`post-cut-through' digits were treated as content, and so a pen
register order isn't enough to find out whom someone was phoning with
a phone card - you need a wiretap warrant. (This is also in my book.)

> May I suggest we speak of "pure content" in future?

Even at the level of human protocols, that's hard. Suppose I send an
email saying `Hi, it was me who called you yesterday when you were
busy; if you want to call me back my office number's 123 4567 89'.
That's pure content, but it's also sort-of traffic data, isn't it?

I expect things will keep on getting worse, as people will keep on
layering one protocol or service on top of another.

The import for the Home Office is this. If the regulations Simon's
working on are to remain effective and to continue to command
reasonably broad support, they will have to be updated regularly. This
is not a big deal - there are areas of government (such as export
controls) where regulations are reworked every year or two to keep up
with teachnology. However, the Home Office will have to acquire a team
that maintains institutional expertise and, presumably, carries on the
coversation on this list. It won't be enough for the Home Secretary of
the day to call for Simon whenever policy loses public credibility.

Simon, what say you?

Ross