Striking the Right Balance between Privacy and Public Protection

Dave Bird dave at xemu.demon.co.uk
Fri, 25 Oct 2002 17:03:13 +0100 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <20021025084302.GR25000@himalia.ftel.co.uk>, Ian G Batten
<I.G.Batten@ftel.co.uk> writes
>Here's a question for the ``sense of the list'' which might give Simon
>Watkins something less hostile to take back to the Home Office.  What
>would be the reaction of (a) ``people like us'', (b) Liberty or (c) the
>General Public (for it is they) to the proposal:
>
>       Reverse directory lookups should be available to any person.
>
>or
>
>       Reverse directory lookups should be available to any of a
>       very widely drafted list of officials, with no oversight.
>
>I defer to noone in my advocacy of personal privacy, but I actually see
>little intrusive in this (I confess I haven't thought about it deeply).
>If someone has my phone number, it is because I have called them or they
>have somehow come into posession of logs (which would require a
>warrant).  If I don't want them to have my number, I have many options:
>withheld CLI, a payphone, a PAYT mobile. 

 Let me try to give you a sense of what is involved.

 At the lowest level, we are talking about breaching the confidence
 of an ex-directory phone number. You may have gone ex-directory
 because of nuisance calls, pranksters, heavy breathers, threats, etc;
 or you may have taken the view that you don't want people intruding
 into your home with phone-calls unless you personally invited them
 by giving out the number.  In any case, it is an irritation.  

 There may be other cases of unauthorised interception where (a) what
 the eavesdropper gets is the number called then they have to turn
 it into an address, and (b) the stakes are somewhat higher.  
 They might for instance involve stalking, protecting a criminal
 enterprise from disclosure, threatening witnesses, tracking
 whistle-blowers, and the like.  When the address is found, there
 will be threats of force and quite possibly actual beatings.  
 That the eavesdropper broke the law in getting the traffic data
 is not much comfort when you are being beaten up: you would prefer
 that technical means prevented the reverse look-up happening.  


 This is very similar to what might happen if unlawful surveillance
 identified a vehicle and its registration number, then a reverse
 lookup was needed via the PNC to convert this into a name and 
 address to be targeted for violent harassment.  The situation
 is similar in other ways too:  the police do VERY MANY index 
 checks on vehicles.  The system must be able to both handle the
 load rapidly and efficiently, and to see that proper control
 of access is maintained at the same time.  


 The solution is similar.  Within the police, a facility similar
 to the PNC should be used to channel reverse phone look-ups.  
 There should be a very careful audit trail to show who requested
 what and crack down on any mis-use.  The ISP/TelCo should likewise
 keep careful track of all requests coming into him, in case any
 turn out to be unauthorised.  

 Where there is need for a LIMITED number of other national
 agencies (note, not local authority departments) to maintain
 their own channel, then they must maintain similar expertise
 and similar audited computer systems.  Perhaps they could be
 certificated by a particular chief constable -- who would be
 in trouble if he licensed duffers -- that the system meets a 
 series of criteria in terms of seniority of operator, storage
 of confidential materials, logging of all accesses.  Many 
 organisations might feel it was cheaper and simpler to go
 through an existing police-based system.  If part of the audit
 was monthly/quarterly recording of their number of accesses,
 which might also be made publicly available, and perhaps a 
 small charge per access collected at the end of the audit
 period, then so much the better.  


In article <tnZIv9BxORu9EAba@highwayman.com>, Richard Clayton
<richard@highwayman.com> writes
>On the days when things get heated then I suspect that Simon (or whoever
>else is in the firing line) might view the prospect of every person on
>this list being able to determine that he lived at 7 Acacia Avenue with
>a little alarm !
>
>I think that the main effect of the "available to any person" regime
>would be (just as looks likely to happen in the Nominet domain) to cause
>a very significant number of people to remove any useful information
>from the directories.
 
 ...and ownership of a domain name is still, to some extent, a
 specialised activity which, it could be argued, is mostly done
 by businesses from their office addresses. Email addresses and
 phone numbers are much more commonly found at home addresses too.
>
>There is, BTW, a European Directive (97/66/EC) that gives people the
>right to have details suppressed in a public telecomms directory. It is
>implemented in the UK by The Telecommunications (Data Protection and
>Privacy) Regulations 1999



- -- 
   ^-^-^-@@-^-;-^   http://www.xemu.demon.co.uk/
        (..)__u     news:alt.smoking.mooses

       happy as a clam at high tide -. <_" .-._.-.


-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBPblrQXpGxv7MBb4WEQJsvgCgoLS65Pr0s9UgOEmrlNSRyBVCU4AAnix/
iNfVxuHSzHvOuPGqg2ASGZko
=IpNR
-----END PGP SIGNATURE-----