Data Retention Categories - GSM/3G secret session keys ?

Brian Beesley BJ.Beesley at ulster.ac.uk
Thu, 13 Mar 2003 11:31:09 +0000 

On Thursday 13 March 2003 10:39, you wrote:

> >Sent email (authentication user name, from/to/cc email addresses, date
> >and time sent)
>
> Does this really mean no that "Blind Carbon Copy" addresses need to be
> retained then ?

No, it just means they forgot to include them. In any case it's pointless as 
I can think of umpteen ways of working round the system by purely technical 
means. (e.g. strange headers processed by anonymizing relays located in 
end-user-friendly administrations)

> >For GPRS & 3G, date and time of connection, IMSI, IP address assigned.
> >Mobile data exchanged with foreign operators; IMSI & MSISDN, sets of GSM
> > triples, sets of 3G quintuples, global titles of equipment communicating
> > with or about the subscriber."
>
> GSM triples and 3G quintuples contain the secret session key (Kc in the
> case of GSM, or K for 3G) used to encrypt the over the air leg of a
> call, and in the
> case of GPRS or 3G, over quite a large part of the landline
> infrastructure of a mobile phone
> network as well.
>
> Is this a sneaky way of intercepting the content of phone calls or SMS
> messages without a proper warrant ?

It's either that, or stupidity again.
>
> I think that the Home Office needs to clarify exactly what they mean by
> each of these
> Data Categories.

And attempts some sort of explanation of how use of these powers (with their 
built-in massive-scale erosion of privacy of innocent citizens) would 
_actually_ (as opposed to possibly) be used in order to make our lives 
"safer". 

If the Government really wants to prevent criminals & terrorists from 
exploiting communications technology then they should be up front and make a 
case for _banning_ use of telephones, computer networks etc. After all, life 
existed before such things were invented. The ban would not work, of course, 
any more than panic firearms control legislation following Dunblane 
eliminated the problem of use of handguns in the furtherance of crime; but it 
would at least provoke a public debate based on the balance of convenience, 
risk and privacy.

My feeling is that if Joe Public were informed as to the true extent of 
invasion of privacy which the proposed legislation enables, he would be no 
more keen to see the legislation passed than he would be to see private motor 
vehicles banned on the grounds that they are responsible for several thousand 
"preventable" deaths in the UK every year.

Brian Beesley