"Warrants authorising phone taps treble"

Roland Perry ukcrypto at chiark.greenend.org.uk
Sat, 2 Feb 2008 12:15:43 +0000 

In article 
<2298D4476FA2F44591690E423F07C37B11F3AFC47A@EA-EXMSG-C333.europe.corp.mic
rosoft.com>, Caspar Bowden <casparb@microsoft.com> writes

>>>>Liberty's eye was off the ball, in this instance, iirc.
>
>>...My remark was aimed mainly at my recollection of their involvement 
>>in the subsequent lobbying process (the consultation responses were 
>>just the opening shots). I could be wrong.
>
>Think that's a fair comment generally, but worth noting that they 
>criticized the notion that traffic and transaction data represented a 
>lower category of intrusion than interception, in the sense that a 
>lower level of intrusion would require lesser justification and 
>safeguards under ECHR.

A van knocks you over while you are crossing the road, you can't see the 
numberplate, but do notice a local phone number on the side. BT tells 
the police "sorry, we won't tell you where that subscriber lives unless 
you get a warrant from the Home Secretary".

It would probably have been better from a PR point of view if there had 
been three different bits of legislation. One on Interception (so the 
Telegraph wouldn't get quite so muddled up), one on Comms Data (along 
the lines of similar provisions that we never hear criticised very much 
in the Social Security Fraud Act) and all the surveillance and other 
stuff somewhere else.

>>That quote was from the 19th June, I still recall the long phone
>>conversation I had a couple of weeks earlier [1], with one particular
>>official, which finally got the issue past the tipping point.
>
>>Caspar, I'm grateful too; your encouragement helped me stick with it.
>
>Likewise. It was just a shame that officials felt they could only 
>negotiate wording

They discussed concepts, and from a very early stage as well. The 
problem is, you can't write "ignore everything beyond the first single 
forward slash" into an Act. Apart from anything else it's ludicrously 
technology specific. So it became a case of finding a technically 
acceptable proxy, which expressed the idea and didn't have too many 
drawbacks (the final wording is unsatisfactory in some ways as you can 
have 1-page websites that reveal all about the subscriber' enquiry 
without drilling down to a specific page, and on the other some hand 
some 'apparatus' hosts a large number of websites and you are little the 
wiser at all - but vital element of success was protecting information 
about visits to individual pages on the majority of websites).

>with industry rather than civil society.

As Margaret Thatcher might have said "There's no such thing as the Civil 
Society". Maybe we should start one. Would drastically reduce the number 
of people having to pay to trek to Internet Governance Forum meetings if 
they could just send a couple of people from the secretariat.

>It was a frantic time, but in my view it was only the palpable loss of 
>confidence in the Lords' chamber that the govt. understood their own 
>proposals, over several stages of surprisingly detailed 
>cross-examination in debate, that forced a change.

Both are needed. An idea of exactly what it is that you might be 
changing *to* and whether that makes technical sense, as well as the 
political need to make the change.

>N.B. someone wrote to me that...
>
><<Reportedly, the reason is that these constitute "sensitive" personal 
>data, which ISTR was one of the arguments FIPR made 8 years ago.>>
>
>...would have been better phrased <<these may contain "sensitive" 
>personal data>>, which I am happy to acknowledge.

And when you have "sensitive personal data" having a specific meaning 
within the DPA, it's unhelpful when people apply the word "sensitive" 
outside that context (which has recently in a debate in Europe).
-- 
Roland Perry