Striking the Right Balance between Privacy and Public Protect ion

Ian G Batten I.G.Batten at ftel.co.uk
Thu, 24 Oct 2002 13:38:28 +0100 

On Thu, 24 Oct 2002, James Hammerton wrote:
> It's the electronic equivalent of recording who you meet, which places
> you visit, who visits you, who talk to in the street, etc and
> retaining that for a year or 2 years or whatever figure the govt's
> opting for. It means the police, IR, C & E and spooks, under the RIPA
> powers concerning comms data, can self authorise access to a detailed
> record of my (or your) communications activities on a retrospective
> fishing expedition. The Stasi would be proud of such a thing.

Exactly.  And the only possible purpose for such as thing is
surveillance against the general population, as it'll be utterly useless
against real criminals.  Those logs will provide no information for
someone who sends and receives mail by, for example, an https: protected
webmail service such as hushmail.  If we agree to allow such retention,
the next cry from Simon and the Home Office will be to criminalise the
use of any service which renders the logs less useful than they
otherwise would be.

And the retained logs will be a _massive_ source of blackmail.  Figures
vary, but about 60% of Internet traffic, certainly in res contexts, is
``adult'' content.  Encouraging ISPs to retain logs of all visited
website will make it open season for blackmailers.  Now Simon and the
Home Office will, of course, chorus ``those with nothing to hide have
nothing to fear'', but perhaps they might agree that there are things
which are not illegal but are still subject to blackmail and shame?  Ron
Davis didn't commit a crime, but his career was finished just as surely.
What about the oft-bruited ``grooming'' problem?  A list of which
websites my daughter frequents and to whom she sends email would allow
an attacker to ingratiate himself more easily (note I don't accept this
is a risk, but the Home Office could at least be consistent).

I've followed the ISP industry since its inception.  I don't think their
operations are any more or less secure than any other business, and
their operational processes are comparable to other large users of
computing.  To have them sat on a large goldmine of potentially valuable
information would be a step change in their attraction to black hats,
and I don't see how they could make this secure.  The idea that ISP
backup tapes would have to be held at Top Secret is interesting, but
hardly practical.

ian