Striking the Right Balance between Privacy and Public Protection

Ian G Batten I.G.Batten at ftel.co.uk
Fri, 25 Oct 2002 09:43:02 +0100 

On Fri, 25 Oct 2002, Roland Perry wrote:
> >>The Met asked for lots of subscriber details (mainly reverse directory
> >>enquiries on telephone numbers).
> >
> >How many were reverse directory inquiries vs something more intrusive??
> 
> We don't know for sure,

Here's a question for the ``sense of the list'' which might give Simon
Watkins something less hostile to take back to the Home Office.  What
would be the reaction of (a) ``people like us'', (b) Liberty or (c) the
General Public (for it is they) to the proposal:

	Reverse directory lookups should be available to any person.

or

	Reverse directory lookups should be available to any of a
	very widely drafted list of officials, with no oversight.

I defer to noone in my advocacy of personal privacy, but I actually see
little intrusive in this (I confess I haven't thought about it deeply).
If someone has my phone number, it is because I have called them or they
have somehow come into posession of logs (which would require a
warrant).  If I don't want them to have my number, I have many options:
withheld CLI, a payphone, a PAYT mobile.  And for a sufficiently
resourced opponent, brute-force search of the phone book is (outside
London) plausible, as is scanning and OCRing the phone book.  And simply
dialing the number and asking ``who is that please'' would also work for
most people.  Limited reverse directory lookups provides little
security, but provides a large objection to the spooks to regulation of
more intrusive requests.

The benefit of this move would be that the ``we cannot implement
oversight X of interception, because the volume is just too high'' would
be immediately defeated.  We would then be looking at an interception
regime which handles perhaps 5% of the current levels, and therefore
oversight would be far less resource hungry.  The counter-proposal, that
even reverse directory lookups should be subject to extensive oversight,
is probably a case of our reach exceeding our grasp.

Which is worse: conceding reverse directory lookups, and aiming for a
secure oversight process for the residual 5%, or holding the line on
reverse directory lookups and having the entire regulatory framework set
at the level practical for that volume?

Dave Bird or someone will now have a killer argument I didn't think of.
	
ian