"Warrants authorising phone taps treble"

Caspar Bowden ukcrypto at chiark.greenend.org.uk
Sat, 2 Feb 2008 15:04:46 +0000 

>From: ukcrypto-admin@chiark.greenend.org.uk [mailto:ukcrypto-admin@chiark.=
greenend.org.uk] On Behalf Of Roland Perry
..
>>(Liberty) criticized the notion that traffic and transaction data represe=
nted a
>>lower category of intrusion than interception, in the sense that a
>>lower level of intrusion would require lesser justification and
>>safeguards under ECHR.

>A van knocks you over while you are crossing the road, you can't see the
>numberplate, but do notice a local phone number on the side. BT tells
>the police "sorry, we won't tell you where that subscriber lives unless
>you get a warrant from the Home Secretary".

That's why I said "traffic and transaction data". I think people forget tha=
t the idea of lumping together reverse DQ, traffic data, and location data =
into one catch-all category of comms data (under the same administrative se=
lf-authorisation framework) was one of the landgrabs of RIPA that was never=
 properly scrutinised. Why shouldn't traffic and location data be subject t=
o prior judicial authorisation, as in most other countries?

The stock answer would be there are too many requests, not enough judges, b=
ut to gauge the plausibility of this, it would be helpful to know the break=
down of the exercise of Pt.1 Ch.2 powers amongst the different category of =
comms data, but the IoCC doesn't tell us. SpyBlog got this rather puzzling =
answer when he tried a FOIA on another matter http://www.spy.org.uk/foia/20=
06/01/interception_of_communications.html. Perhaps Simon can tell us whethe=
r the HO "collates this information centrally", and thus whether a FOIA to =
the Home Office might work. Of course if HO does NOT have that information,=
 it's hard to see how they could properly formulate future policy and desig=
nations.

>They discussed concepts, and from a very early stage as well...

ISTR raising the specific issue early and often in many different fora, but=
 always getting stonewalled on whether full URLs were sought or not. Seemed=
 like the HO were confident that Parliament couldn't unpick that question, =
so they wanted to try it on.

>The problem is, you can't write "ignore everything beyond the first single
>forward slash" into an Act.

Of course all this happened pre-data retention, so the question then was ho=
w blanket retention of ANY traffic (rather than subscriber) data by ISPs wa=
s lawful under data protection? (It's STILL a valid question wrt traffic da=
ta not covered by the DRD). So from that point of view there should have be=
en no need to worry about drafting slash language, as the data it sought to=
 catch shouldn't have existed at all. Any traffic data that ISPs decided ne=
eded to be case-by-case retained for e.g. QoS investigation could have been=
 got through production orders anyway.

>As Margaret Thatcher might have said "There's no such thing as the Civil
>Society". Maybe we should start one.

That's basically what FIPR was for, faute de mieux. Govt chooses which trad=
e/lobby groups they want inside the magic circle. ISTR that a year or two e=
arlier in the crypto wars, they excluded FIPR from a "Working Group" becaus=
e it would "lead to an uncontrollable agenda" (i.e. others present might be=
 persuaded).

...
>And when you have "sensitive personal data" having a specific meaning
>within the DPA, it's unhelpful when people apply the word "sensitive"
>outside that context (which has recently in a debate in Europe).

I wonder which instance you are thinking of?
--
Caspar Bowden