What is Communications Data? CONTENT, (PERMESSAGE| SUMMARY) ROUTING INFO, and USER IDENTITY
Dave Bird
dave at xemu.demon.co.uk
Thu, 14 Nov 2002 04:14:03 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In article <012438016373D411A0F300508BBD04A5022EB8E8@L01EB006>, Watkin
Simon <Simon.Watkin@homeoffice.gsi.gov.uk> writes
>Last week I promised to run past the list some thoughts on categories of
>communications data.
>
>Here they are. This is just an **indicative** list for the purpose of
>**discussion** here. Clearly if there were such an indicative list that
>might assist public authorities, data holders and, in cases of dispute, the
>courts to interpret the legislation.
>
>As ever, your comments, observations and thoughts are welcome.
Ouch. In terms of what the whole act covers,
it runs from most to least serious as:----
(1) DECRYPTION -- breaking into content that the sender has secured
by encryption -- NOT INVOLVED IN THIS PART OF THE BILL.
(2) CONTENT -- the actual content or body of a message as sent.
And what the act calls COMMUNICATIONS DATA which comprises:
(3)A. TRAFFIC [PER-MESSAGE ROUTING] DATA. The routing data
which is attached to a message in order to dispatch it through the
system such as 'to' and 'from', also including any description
added to speed handling such as size or data encoding type,
and any trace which is added for system monitoring purposes
such as billing, performance optimisation, or abuse tracking.
B. USAGE [SUMMARY ROUTING] DATA. A summary log of how and when
the service was used, in practice usually listing what messages
were sent, to whom, and when.
(4) USER IDENTITY. The name and address of the account holder
for an email address, phone number, etc.
This is annoyingly different to common usage as I understand it.
To me, all types of routing information are TRAFFIC, as opposed to
CONTENT, interception. If the summary lacks times, then the potential
for abuse is simply tracking a target of harassment down via an
associate, or adding associates of a target as new targets for
harassment, or that existence of contact in itself can be used to
embarrass [the targets may be likely police informers on a
large criminal operation, fleeing battered wives, etc].
The significance of adding a time and duration of call to the data
is that you can tie it to a particular action ["it was you phoned
the cops just before our last cocaine shipment was seized and now
you're going to die"]. Similar principles apply if it is harassment
of extreme political views, or legitimate investigation of crime,
but I'm pointing out the abuse potential to show the need for control.
-=+=-
It would be helpful to group 21(4)a and 21(4)b together adding, at
least in the regulation, some bracketed explanatory terms such as
"permessage-routing" and "summary routing". They should be kept
well separate from 21(4)c, user identity.
This is because there is a clear difference in volume and
processing between the two halves.
User-identity is dealt with in very high volumes. As explained before,
it could nevertheless have very nasty implications for abuse and there
are strong consideration of ECHR privacy rights and existing data
protection law. The police and other emergency services are already
given by TelCos a list of who owns which telephone number. I do not
suggest they be proactively given a list of who owns each email
account(!). However, there should be a link between each ISP and
the (presumably national) police department involved. The ISP should
know that a named officer may need to phone them, the officer should
likewise know who to phone at each ISP. By having particular people
operate the link the work can be done efficiently, cost-effectively,
and legitimately within the rules by specific people who know what
the rules are, and are subject to discipline if they break the rules.
The over-all objective is to handle a very high volume of enquiries
from a diverse variety of sources effectively, yet maintain rigorous
control and audit-trail. A good model of how to do it is the PNC
on vehicle registration numbers. A model of how not to do is
the ginormous cock up at the criminal records agency.
People in industry likewise don't want to be dragged into a messy
inefficient cock up, but to handle their end of the responsibilities
cleanly, properly, and effectively. Other bodies
authorised to have the information would then request it, and be
logged and monitored, though this department of the police.
Obviously it would need staff, and funding (or to bill users),
but that applies wherever it is located. In this case the majority
user is probably the police anyway, though others are present.
All of the routing information is needed in much less volume, by
much fewer agencies, and very few of them are capable of making
intelligent use of the huge mass of raw logs they would receive.
There is time to have more detailed and careful control, and to
do it properly; for example, to provide assistance in interpretation.
This is even more likely to be used almost exclusively by the police
(and customs) in major criminal investigations, rather than by
anyone else, and best handled by a department of the police.
>
>WHAT IS COMMUNICATIONS DATA?
>
>Firstly, the basics. Communications data does **not** include the contents
>of a communication.
>
>Section 21(4) of the Regulation of Investigatory Powers Act 2000 explains
>what communications data" means. It means information about communications
>(traffic data, s. 21(4)(a)), information about use of communications
>services ("service use data", s. 21(4)(b)), and information about
>communications service users ("service user data", s. 21(4)(c)).
>
>WHAT IS TRAFFIC DATA?
>
>Traffic data is referred to in section 21 (4) and explained in section 21
>(6).
>
>21 (4) (a) any traffic data ......
>
>.. identifying, or purporting to identify, any person, apparatus or location
>to or from which the communication is or may be transmitted (s. 21 (6)(a))
>
>.. identifying or selecting, or purporting to identify or select, apparatus
>through which, or by means of which, the communication is or may be
>transmitted, (s. 21 (6) (b))
>
>..... comprising signals for the actuation of apparatus used for the
>purposes of a telecommunication system [including any system in which that
>apparatus is comprised s. 21 (7) (a)] for effecting (in whole or in part)
>the transmission of any communication (s. 21 (6) (c))
>
>..... identifying the data or other data as data comprised in or attached to
>a particular communication [including] data identifying a computer file or
>computer program access to which is obtained, or which is run, by means of
>the communication to the extent only that the file or program is identified
>by reference to the apparatus in which it is stored (s. 21 (6) (d))
>
>..... comprised in or attached to [where "attached to" includes references
>to the data and the communication being logically associated with each
>other) (s. 21((7)(b) ] a communication (whether by the sender or otherwise)
>for the purposes of any postal service or telecommunication system by means
>of which it is being or may be transmitted
>
>This might include:
>- information identifying the sender and recipient (including copy
>recipients) of a communication
>- information written on the outside of a postal item (letter or parcel)
>- information about data (such as size in bytes) exchanged in a
>communication
>- call detail records (including calling line identity and called line
>identity)
>- mobile cell site location data
>- IP addresses
>- routing information, including e-mail header information (to the extent
>that content of the communication is **not** disclosed - and the subject
>line is considered content, details attached to communications of the
>redirection and forwarding of communications (calls, connections, parcels
>forwarded/diverted to alternative numbers, locations, addresses))
>- web browsing logs (to the extent that only the domain name (web site not
>the actual page) is disclosed (eg www.homeoffice.gov.uk not
>www.homeoffice.gov.uk/ripa/ripact.htm))
>- online tracking of communications (including postal items and parcels)
>- signalling information and dialling sequences that affects the routing of
>a communication (but not the delivery of information)
>- cookies (to the extent that personal information or preferences is **not**
>disclosed)
>
>WHAT IS SERVICE USE DATA?
>
>21 (4) (b) any information which includes none of the contents of a
>communication (apart from [traffic data]) and is about the use made by any
>person-
>
>(i ) of any postal service or telecommunications service; or
>
>(ii) in connection with the provision to or use by any person of any
>telecommunications service, of any part of a telecommunication system
>
>This is information that is **not** content (other than traffic data)
>**and** is about the use made by any person including "any organisation and
>any association or combination of persons" (section 81(1) of a
>communications service.
>
>It also includes information that is **not** content (other than traffic
>data) **and** is about the use made by any person - in connection with the
>provision to or use by any person of any telecommunications service - of any
>part of a telecommunications system.
>
>This might include:
>- itemised telephone call records (numbers called)
>- itemised connection records
>- itemised timing and duration of service usage (calls and/or connections)
>- information about the connection, disconnection and reconnection of
>services
>- information about the provision of forwarding/redirection services (by
>postal and telecommunications service providers)
>- information about the provision of conference calling, call messaging,
>call waiting and call barring telecommunications services
>- records of postal items (such records of registered, recorded or special
>delivery postal items, records of parcel consignment, delivery and
>collection)
>- abstract personal records provided by service user to service provider
>(such as demographic information or sign-up data that disclose personalised
>service preferences but not to the extent that password information is
>disclosed)
>WHAT IS SERVICE USER DATA?
>
>21 (4) (c) any information not falling within [21 (4)] (a) or (b) that is
>held or obtained, in relation to persons to whom he provides the service, by
>a person providing a postal service or telecommunications service
>
>This is information that is **not** content, **not** traffic data, and
>**not** service use information that is held or obtained, in relation to
>service users by communications service providers.
>
>This might include:
>- service users' account information
>- subscriber information (subscriber checks or reverse look ups)
>- "who is the subscriber of phone number, 012 345 6789?"
>- "who is the subscriber of e-mail account, xyz@xyz.anyisp.co.uk?"
>- "who is the subscriber of, or who is entitled to post to, web space
>www.xyz.anyisp.co.uk <http://www.xyz.anyisp.co.uk>?"
>- address for fixed line service delivery
>- address for billing
>- abstract personal records provided by service user to service provider (to
>the extent that password or personalised service access information is not
>disclosed))
>
>Simon Watkin
>
>
>**********************************************************************
>This email and any files transmitted with it are private and intended
>solely for the use of the individual or entity to whom they are addressed.
>If you have received this email in error please return it to the address
>it came from telling them it is not for you and then delete it from your
>system.
>
>This email message has been swept for computer viruses.
>
>**********************************************************************
>
>
>
- --
^-^-^-@@-^-;-^ http://www.xemu.demon.co.uk/
(..)__u news:alt.smoking.mooses
happy as a clam at high tide -. <_" .-._.-.
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBPdMjC3pGxv7MBb4WEQLiWACfZYD2hKhObJBpKR7NUGooexgdteQAniAV
qr+zUEbugIdmmfFxyRh5e8Bq
=kGnh
-----END PGP SIGNATURE-----