"Warrants authorising phone taps treble"

[Caspar Bowden]

>From: ukcrypto-admin@chiark.greenend.org.uk [mailto:ukcrypto-admin@chiark.=
greenend.org.uk] On Behalf Of Roland Perry
>>In article <47A2E21E.6482.5AE5B2F@davidh.spidacom.co.uk>, David Hansen

>>I did ask how big a part Liberty played in writing it and the silence
>>was deafening.

>Liberty's eye was off the ball, in this instance, iirc.

Liberty's consultation response is at http://web.archive.org/web/2000081507=
1512/www.homeoffice.gov.uk/oicd/liberty.pdf (see section 3.3 for what they =
said about comms data)

>FIPR, on the
>other hand, did make a lot of noise, and initiated the process of
>amending one clause whose effect was to reduce opportunities for
>intrusion.

http://www.fipr.org/rip/parliament.html ('fraid Hansard links dead)

and for the turning point see (Col 131) http://www.publications.parliament.=
uk/pa/ld199900/ldhansrd/vo000619/text/00619-28.htm

The upshot was a govt. drafted amendment inserting the rider to S.21(6)

"but that expression includes data identifying a computer file or computer =
program access to which is obtained, or which is run, by means of the commu=
nication to the extent only that the file or program is identified by refer=
ence to the apparatus in which it is stored."

(i.e. *if* CSPs happened to log full URLs or search strings, they are NOT o=
btainable as comms data. The IP/domain-name of the website fetched would be=
 obtainable)

N.B. - the Italian DPA has just ruled that CSPs should NOT be logging full =
URLs (or search strings)

(Italian) http://www.corriere.it/cronache/08_gennaio_24/garante_privacy_int=
ernet_b692f42a-ca99-11dc-bbdc-0003ba99c667.shtml?fr=3Dbox_primopiano

Reportedly, the reason is that these constitute "sensitive" personal data, =
which ISTR was one of the arguments FIPR made 8 years ago.

--
Caspar Bowden