Striking the Balance

Ian G Batten I.G.Batten at ftel.co.uk
Wed, 30 Oct 2002 18:00:44 +0000 

On Wed, 30 Oct 2002, Watkin Simon wrote:
> >  By that logic, they won't mind my 
> > installing a
> > camera in their bedrooms so long as I promise not to look at the
> > pictures.
> 
> Not quite.  In your example the camera installer who implicitly/explicitly
> acquires or has access to the pictures is making the promise not to look at
> those pictures.  In the data retention example, the data retainer holds the
> data and the one promising not to look at the data (except where necessary,
> proportionate, subject to oversight, safeguards and sanctions) is a separate
> party.

OK, I'll grant you that one.  However, that then throws the problem onto
the CSP.  I think you said previously that people with access to
intercepted material within the Home Office were subject to DV and the
protective marking on the material was Top Secret.  Would it be the Home
Office's contention that all people with access to the retained data
within a CSP should be likewise vetted?  In other words, should CSP
which are retaining data all fall under the general procedures of List X
companies, with a signficant portion of their operational staff subject
to security clearance?  After all, if the concern is blackmail, the CSP
is _more_ able to do it than the Home Office, as it has access to the
data without any obvious constraint.

If the answer to this is `no' (for the simple reason that the CSPs would
say ``OK, but you pay for it'' and Gordon would then have a heart
attack) then why is it then intercepted material should be subject to a
far stricter set of critera in one form than another?

Or is it your contention that a much of geeks in an ISP working the
night shift with a big farm of hosting servers are unable to run `grep'
over a bunch of log files?  Is data retention not encouraging companies
with no reason to hold large stockpiles of sensitive data to hold large
stockpiles of sensitive data, without proper control?

And, once you've answered that, how would you stop Bad People from just
using Hotmail, which could conceal all the information you want? 

ian