"Warrants authorising phone taps treble"

Peter Fairbrother ukcrypto at chiark.greenend.org.uk
Sun, 03 Feb 2008 00:31:00 +0000 

Tom Thomson wrote:
> 
> Peter Fairbrother wrote:
>> I'm not entirely sure that wording works for search strings.
>>
>> First let me say I have no idea how Google actually works, except that
>> they have lots and lots of computers, but it could be like this:
>>
>> Suppose they have one computer with all the hits for "illegal" on it,
>> and another with the hits for "interception". When someone searches for
>> "illegal interception" a request-receiving computer routes the request
>> to the two computers which compare files, or file numbers, and one of
>> these outputs results which match, either directly or through the
>> receiving computer.#
>>
>> Now access to the files in both computers has been obtained, so maybe
>> Google have to identify both computers, and maybe thereby the search
>> string, uniquely so if each computer only contains the hits for one word
>> - which is quite possible considering the number of computers Google has.
>>
>> A bit fanciful perhaps, but it shows the difficulty.
> 
> I don't see any difficulty at all. 


Sorry, I was too terse again I expect. I meant the difficulty of writing 
a suitable law.

  The user issues a request to an
> individual computer (identified by ip address, maybe also by domain name) -
> that's the only communication the user takes part in.  

No - for a start the IP address could involve one of many computers on a 
local network, not just one identified computer, unless you include the 
router as the computer. But the router does not have the accessed files 
  on it.

Yes, that computer
> may in turn communicate with other computers is irrelevant, 

I don't think so - the wording is:

"but that expression includes data identifying a computer file or
computer program access to which is obtained, or which is run, by
means of the communication to the extent only that the file or
program is identified by reference to the apparatus in which it is
stored."

The  computer in question is the computer, or all the computers, which 
have files or programs which are accessed.

Suppose a popular site with some nasty content which is held on a 
separate computer ("apparatus"). Did you access the nasty stuff? The 
only way to know that is to know which computer was accessed - and 
that's not the router, or the main server, but the separate computer 
with the nasty stuff.

Of course the nasty stuff could be on the main server - but it's also 
possible that another computer on a local net, without the knowledge of 
the site owner, has some nasty stuff on it.


the user does
> not originate any packets addressed to those computers so a request for comms
> data for that user's communications isn't going to get any information about
> those computers.  

No, but the request will access files stored on them. That's enough that 
the computers containing those files must be identifiable in the data 
given out in a RIPA demand, if possible.


If on the other hand there were a request for information
> as to how the request was dealt with by the computer that received it, a
> reasonable response to which would identify those other computers, that
> would not be a request for communications data because it would require the
> programme to be identified regardless of whether it was the only programme
> stored on that apparatus, which is explicitly not comms data.

Ah, I see - but I don't think it would fly, as the ISP has to give up 
enough data to identify the computer containing the accessed files. If 
for instance that's in the URL string somewhere then the ISP has to 
reveal it.


Though how the ISP knows this, or how much data to reveal, I do not know.


-- Peter Fairbrother

mtsd - more than slightly drunk!