"Warrants authorising phone taps treble"

Clive D. W. Feather ukcrypto at chiark.greenend.org.uk
Mon, 4 Feb 2008 08:32:32 +0000 

-----BEGIN PGP SIGNED MESSAGE-----

In article 
<2298D4476FA2F44591690E423F07C37B11F6E87F40@EA-EXMSG-C333.europe.corp.mic
rosoft.com>, Caspar Bowden <casparb@microsoft.com> writes
>>The big debate at the time (for data retention anyway) was the size of
>>the logs, which were mainly those incidental to the operation of web
>>caches. You may recall that the retention period was negotiated down to
>>3 days,
>
>Surely any such "negotiation" must have happened around ATCSA, since at 
>the time of RIPA and pre-ATCSA there was no statutory basis whatsoever 
>for any minimum retention period. Of course, cognoscenti knew from the 
>Gaspar document that LEAs were itching to have mandatory retention.
>
>>as that was all that made sense given both the size, and the
>>operational requirements which had caused the logs to be kept at all.
>
>Namely? What were these operational requirements? Did any ISP go out 
>business by NOT retaining any web caches, or IPs of the associated 
>customers?

There appears to be some confusion here.

At the time of RIPA, ISPs were retaining *some* web cache logs for 
business purposes. What was retained, and for how long, varied. These 
logs were *not* kept for law enforcement purposes, but law enforcement 
wanted to look at them when they existed. The RIPA discussions were 
about how much of those web cache logs should be revealed.

After September 11th, data retention was suddenly on the government's 
agenda. At that point they were suggesting that all ISPs should keep web 
cache logs for 7 years. The discussions were *then* about how long the 
logs should be kept, and the "voluntary code of practice" (S.I.2003 No. 
3175) ended up saying 4 days.

>Well, ministers gave assurances that they were not going to introduce 
>data retention, and then 9/11 happened and they changed their mind with 
>ATCSA Pt.11.

Right.

>If a minister gives assurances that they are not going to setup a 
>population register of fishfinger consumption (detailing every 
>breadcrumb), it seems otiose to spend a lot of time figuring out how 
>such a fishfinger register is going to be accessed in such excruciating 
>detail. Unless you believe and acquiesce to the idea that a fishfinger 
>register is going to happen anyway.

However, to continue the analogy, if transport cafes are keeping notes 
of which customers eat fish fingers and whether they prefer cod or 
haddock, large or small crumb, and so on, then it seems reasonable to 
discuss whether access to those notes should only include fishfinger 
counts or should also include species and breadcrumb details.

>However if your employer at the time was a prominent fishfinger 
>exchange (whose clients would be greatly encumbered by a register), 
>they might not think you were serving their interests well by designing 
>legislative apparatus that would dovetail neatly with the non-existent 
>fishfinger register, because it would rather tend to make it easier to 
>create one.

Agreeing that fishfinger suppliers don't need to record the density of 
breadcrumbs in their existing business records is in the interests of 
the clients, *whether or not* the government are planning a population 
register of fishfinger consumption.

>What is objectionable is that the tramlines of policy are laid in 
>secret,

This, I would agree with.

>by officials who proved to be incompetent, influenced by technical 
>volunteers from "industry" whose motives remain obscure, but evidently 
>were selected for their complaisant views on policy.

Anyone who thinks I have "complaisant views on policy" had better change 
their mind sharpish. While I am not complacent about the lack of 
consultation with the public during RIPA and ACTSA (something that I 
think has improved since), those who were invited to take part were 
chosen because of knowledge of the area, not because they would just 
roll over and play dead.

- -- 
Clive D.W. Feather                       | Home: <clive@davros.org>
Tel: +44 20 8495 6138 (work)             | Web:  <http://www.davros.org>
Fax: +44 870 051 9937                    | Work: <clive@demon.net>
Please reply to the Reply-To address, which is:  <clive@davros.org>

-----BEGIN PGP SIGNATURE-----
Version: PGP SDK 3.0.2

iQEVAwUBR6bNnyNAHP3TFZrhAQHV4Af/VmAro9q9iJgp97bZ8rnuLgIZSqEzlRmc
5/v87MzQzwiKjmMJqrywJjXR49VMPxuTvLRajkIMT/mo+h86IeVczjipFia8z8P+
4/ogQLqEQ0sKf0Q9BxHOn4ZWNaWgUDzcxy+d+RlR5+ptoSTzDMIA4HCvuImPEdrf
3Ua70QwwZc7dPwqk7roZrNc9Uq9c3ds1HH9i+oBQhmK0EseqxIrHzuP2JzKkLQ+Y
6HOpVS+cNJHx7k9F7qQjPv7KXA3aoD3db3mnJjC/eEYZwUxAiw7Cvq0CrXKBwpCp
IOGj7/av9N21X8Nznt2JP8iTcUIJQWIYF4rXic7JmRoerG1jQe0GrA==
=UuAk
-----END PGP SIGNATURE-----