From ukcrypto at chiark.greenend.org.uk Thu May 1 00:02:25 2008 From: ukcrypto at chiark.greenend.org.uk (ukcrypto@chiark.greenend.org.uk) Date: Thu, 1 May 2008 00:02:25 +0100 Subject: Hansard: Written Answer: at least 8 RIPA part III section 49 notices since last October In-Reply-To: <4818F004.10258.2F17C55@davidh.spidacom.co.uk> References: <20080430122502.D520B11803C@mailserver5.hushmail.com>, <48189599.31577.190481B@davidh.spidacom.co.uk> <4818F004.10258.2F17C55@davidh.spidacom.co.uk> Message-ID: <36A5B660A9A74DF7A58CC5C41CBBD73E@wideboy> ----- Original Message ----- From: "David Hansen" To: Sent: Wednesday, April 30, 2008 10:17 PM Subject: Re: Hansard: Written Answer: at least 8 RIPA part III section 49 notices since last October > On the question of the police not protecting keys, it appears that they > cannot even protect humans in "safe" houses, so perhaps it is asking > too much of the poor dears to look after keys. > > Another good reason why RIP should be exterminated and people should > never hand over their keys to anyone they do not authorise to have > them. > > The story below is nothing to do with cryptography, but rather the > murder of a key witness in a "safe" house, as the URL says > witness-murdered-in-police-safe-house-86908-20399532/> An interesting read - I note on that same website the following, perhaps more alarming story (the text in the URL gives a summary): http://www.dailyrecord.co.uk/news/scottish-news/2008/04/30/evidence-was-withheld-to-make-sure-killer-peter-manuel-was-hanged-legal-expert-claims-86908-20400177/ Best Regards Mark From ukcrypto at chiark.greenend.org.uk Thu May 1 08:06:29 2008 From: ukcrypto at chiark.greenend.org.uk (Joel Harrison) Date: Thu, 1 May 2008 08:06:29 +0100 Subject: Full Disclosure In-Reply-To: References: <20EDC654-A171-4B21-BB0B-AEBE1113C54F@batten.eu.org> <7b6bd0c90804281528v764887f5t3fdc4cc8a934c4b3@mail.gmail.com> <7b6bd0c90804290336x34bfa84eh7fefd91dd1370bc9@mail.gmail.com> <48171D91.8020705@ernest.net> <7b6bd0c90804290634m78f90a9diae607b55d568ee35@mail.gmail.com> <6ED388AA006C454BA35B0098396B9BFB038C2475@uxsrvr20.atlas.ukerna.ac.uk> <7b6bd0c90804292254s5dc7172ci66d0b8cbd501c76b@mail.gmail.com> Message-ID: <7b6bd0c90805010006o12a7be91rb106218138264734@mail.gmail.com> On Wed, Apr 30, 2008 at 7:58 AM, Roland Perry wrote: > In article <7b6bd0c90804292254s5dc7172ci66d0b8cbd501c76b@mail.gmail.com>, > Joel Harrison writes > > > > Inherent in the DPA's definition of personal data is that the > > information necessary to identify the individual must be in the > > possession, or be likely to come into the possession, of the data > > controller. That's been in the DPA since day one. Now, that would > > prevent a dynamically allocated IP address from being personal data in > > the search engine's hands, because the search engine doesn't have > > access to the ISP's logs. It is also arguable that even static IP > > addresses aren't personal data in the search engine's hands, because > > the search engine may swear blind that it would never, ever run an IP > > Whois lookup against the IP address and derive the necessary > > information about the person to whom the IP address is allocated. > > > > I disagree with this line of argument in two ways: > > 1) It's not relevant whether the IP addresses are Static, Dynamic, or Fixed > (dynamic technology but assigned an unchanging address). Because it's not > immediately obvious which is which (in a general case), all must be treated > the same. > > 2) Plenty of IP addresses can be associated with an individual without > access to the information that an ISP has on file. Archives of mailing lists > such as this, and Usenet, all contain a rich source of IP addresses. It has > already been discussed (as a criticism of Phorm) how a search engine can > come to conclusions about an individual simply from the searches they do, > with examples. And as in #1 above, because some IP addresses can be traced > in that way, then all of them should be protected. By concentrating on what search engines should do in practice, you're obscuring what I thought were two fairly interesting legal points (others may disagree!), namely: (1) whether an IP address is personal data under the DPA depends on what other information the data controller has or is likely to have, and (2) the UK's implementation of the Directive on this point may produce a different result from that in other Member States. Note also that the DPA looks at what other data is likely to come into the data controller's possession. So, a search engine may be "in possession of" (to use your example) a page from a mailing list archive that would allow an IP address already in the search engine's possession to be matched to an individual. But this is arguably too broad a transposition of recital 26 of the Directive, which looks at "the means likely reasonably to be used ... by the controller" - again, what if the search engine swore blind (backing it up by reference to internal policies, employee codes of conduct, etc, etc) that it would never use information retrived from its crawling the web to identify a person by reference to an IP address already in its possession? Is the individual identifiable by the search engine by "means likely reasonably to be used" by it? Also, what about web sites other than search engines, who don't crawl through mailing list postings or Usenet archives? Are they likely to come into possession of information that enables them to identify individuals by reference to IP addresses in their logs? (Or, in the language of the Directive, can they identify individuals by means likely reasonably to be used by them?) The point I'm making is that this is not a straightforward issue, and one should not assume that IP addresses will invariably be personal data. Joel From ukcrypto at chiark.greenend.org.uk Thu May 1 08:36:06 2008 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Thu, 1 May 2008 08:36:06 +0100 Subject: Full Disclosure In-Reply-To: <7b6bd0c90805010006o12a7be91rb106218138264734@mail.gmail.com> References: <20EDC654-A171-4B21-BB0B-AEBE1113C54F@batten.eu.org> <7b6bd0c90804281528v764887f5t3fdc4cc8a934c4b3@mail.gmail.com> <7b6bd0c90804290336x34bfa84eh7fefd91dd1370bc9@mail.gmail.com> <48171D91.8020705@ernest.net> <7b6bd0c90804290634m78f90a9diae607b55d568ee35@mail.gmail.com> <6ED388AA006C454BA35B0098396B9BFB038C2475@uxsrvr20.atlas.ukerna.ac.uk> <7b6bd0c90804292254s5dc7172ci66d0b8cbd501c76b@mail.gmail.com> <7b6bd0c90805010006o12a7be91rb106218138264734@mail.gmail.com> Message-ID: In article <7b6bd0c90805010006o12a7be91rb106218138264734@mail.gmail.com>, Joel Harrison writes >The point I'm making is that this is not a straightforward issue, and >one should not assume that IP addresses will invariably be personal >data. I don't think that IP addresses can be personal data (or not) on a case by case basis, because you can't design systems to treat different IP addresses differently, having first been able to conclude, conclusively, whether or not the one you are processing at the time is or is not traceable to a particular natural person. -- Roland Perry From ukcrypto at chiark.greenend.org.uk Thu May 1 10:01:41 2008 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Thu, 01 May 2008 10:01:41 +0100 Subject: Hansard: Written Answer: at least 8 RIPA part III section 49 notices since last October In-Reply-To: <36A5B660A9A74DF7A58CC5C41CBBD73E@wideboy> References: <20080430122502.D520B11803C@mailserver5.hushmail.com>, <4818F004.10258.2F17C55@davidh.spidacom.co.uk>, <36A5B660A9A74DF7A58CC5C41CBBD73E@wideboy> Message-ID: <48199505.29390.3D1D62@davidh.spidacom.co.uk> On 1 May 2008 at 0:02, thesowers@sowers.gotadsl.co.u wrote: > An interesting read - I note on that same website the following, perhaps > more alarming story (the text in the URL gives a summary): > > http://www.dailyrecord.co.uk/news/scottish-news/2008/04/30/evidence-was-withheld-to-make-sure-killer-peter-manuel-was-hanged-legal-expert-claims-86908-20400177/ There was a fair bit on Newsnight Scotland about this last night. In more moden times we were assured by party politicians that after the Stefan Kiszko case the government side would not hide anything which undermined/destroyed their case. However, we know that these party politicians lied and the government side still hide things. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Thu May 1 10:04:02 2008 From: ukcrypto at chiark.greenend.org.uk (Nicholas Bohm) Date: Thu, 01 May 2008 10:04:02 +0100 Subject: Full Disclosure In-Reply-To: References: <20EDC654-A171-4B21-BB0B-AEBE1113C54F@batten.eu.org> <7b6bd0c90804281528v764887f5t3fdc4cc8a934c4b3@mail.gmail.com> <7b6bd0c90804290336x34bfa84eh7fefd91dd1370bc9@mail.gmail.com> <48171D91.8020705@ernest.net> <7b6bd0c90804290634m78f90a9diae607b55d568ee35@mail.gmail.com> <6ED388AA006C454BA35B0098396B9BFB038C2475@uxsrvr20.atlas.ukerna.ac.uk> <7b6bd0c90804292254s5dc7172ci66d0b8cbd501c76b@mail.gmail.com> <7b6bd0c90805010006o12a7be91rb106218138264734@mail.gmail.com> Message-ID: <48198782.40809@ernest.net> Roland Perry wrote: > In article > <7b6bd0c90805010006o12a7be91rb106218138264734@mail.gmail.com>, Joel > Harrison writes >> The point I'm making is that this is not a straightforward issue, and >> one should not assume that IP addresses will invariably be personal >> data. > > I don't think that IP addresses can be personal data (or not) on a case > by case basis, because you can't design systems to treat different IP > addresses differently, having first been able to conclude, conclusively, > whether or not the one you are processing at the time is or is not > traceable to a particular natural person. I don't think there's any doubt that Joel's conclusion is right in law; and the fact (on which I'm sure you're right) that the law is impracticable to implement in computer systems isn't a reason to doubt that it is the law. Nicholas -- Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Mobile 07715 419728 (+44 7715 419728) PGP public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From ukcrypto at chiark.greenend.org.uk Thu May 1 10:25:27 2008 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Thu, 1 May 2008 10:25:27 +0100 Subject: BBC NEWS | UK | Tax staff breach data security Message-ID: <1495A593-99A0-464D-A160-9375B10F3C4C@batten.eu.org> --Apple-Mail-8--601505948 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit My attempt to find this out with an FoI request foundered (``not centrally recorded''), but the question has now been answered. http://news.bbc.co.uk/1/hi/uk/7376586.stm --Apple-Mail-8--601505948 Content-Type: text/html; charset=US-ASCII Content-Transfer-Encoding: 7bit
My attempt to find this out with an FoI request foundered (``not centrally recorded''), but the question has now been answered.

http://news.bbc.co.uk/1/hi/uk/7376586.stm

--Apple-Mail-8--601505948-- From ukcrypto at chiark.greenend.org.uk Thu May 1 10:56:06 2008 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Thu, 01 May 2008 10:56:06 +0100 Subject: BBC NEWS | UK | Tax staff breach data security In-Reply-To: <1495A593-99A0-464D-A160-9375B10F3C4C@batten.eu.org> References: <1495A593-99A0-464D-A160-9375B10F3C4C@batten.eu.org> Message-ID: <4819A1C6.6685.6EEE8F@davidh.spidacom.co.uk> On 1 May 2008 at 10:25, Ian Batten wrote: > My attempt to find this out with an FoI request foundered (``not > centrally recorded''), but the question has now been answered. > > http://news.bbc.co.uk/1/hi/uk/7376586.stm 'Ms Kennedy said HMRC has a "strict policy forbidding staff to access customer records unless they have a legitimate business need.' So, it is now a business. Fascinating. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Thu May 1 11:20:45 2008 From: ukcrypto at chiark.greenend.org.uk (Nigel Metheringham) Date: Thu, 1 May 2008 11:20:45 +0100 Subject: BBC NEWS | UK | Tax staff breach data security In-Reply-To: <1495A593-99A0-464D-A160-9375B10F3C4C@batten.eu.org> References: <1495A593-99A0-464D-A160-9375B10F3C4C@batten.eu.org> Message-ID: <79C5CC38-EFEB-4E4B-868E-C675CE6145C8@dev.intechnology.co.uk> On 1 May 2008, at 10:25, Ian Batten wrote: > My attempt to find this out with an FoI request foundered (``not > centrally recorded''), but the question has now been answered. > > http://news.bbc.co.uk/1/hi/uk/7376586.stm Treasury Financial Secretary Jane Kennedy said that in many cases the penalty for staff was dismissal In a mathematical sense isn't "many" the next level up from "few", which is normally taken as being "4 or less". So by "many" do they actually mean "5 or more"? I'd prefer harder numbers. Nigel. -- [ Nigel Metheringham Nigel.Metheringham@InTechnology.com ] [ - Comments in this message are my own and not ITO opinion/policy - ] From ukcrypto at chiark.greenend.org.uk Thu May 1 11:23:12 2008 From: ukcrypto at chiark.greenend.org.uk (James Firth) Date: Thu, 1 May 2008 11:23:12 +0100 Subject: BBC NEWS | UK | Tax staff breach data security In-Reply-To: <4819A1C6.6685.6EEE8F@davidh.spidacom.co.uk> References: <1495A593-99A0-464D-A160-9375B10F3C4C@batten.eu.org> <4819A1C6.6685.6EEE8F@davidh.spidacom.co.uk> Message-ID: <008501c8ab75$5d25c9a0$e57ea8c0@Jinja> > > My attempt to find this out with an FoI request foundered (``not > > centrally recorded''), but the question has now been answered. > > > > http://news.bbc.co.uk/1/hi/uk/7376586.stm > > 'Ms Kennedy said HMRC has a "strict policy forbidding staff to access > customer records unless they have a legitimate business need.' I wonder whether Civil Servants have had training in their use of language when talking about how they use private data... Simon Watkins: "The purpose of Chapter 1 of Part 1 of RIPA is not to inhibit legitimate business practice particularly in the telecommunications sector" From ukcrypto at chiark.greenend.org.uk Thu May 1 11:47:34 2008 From: ukcrypto at chiark.greenend.org.uk (Roger Hird) Date: Thu, 01 May 2008 11:47:34 +0100 Subject: BBC NEWS | UK | Tax staff breach data security In-Reply-To: <4819A1C6.6685.6EEE8F@davidh.spidacom.co.uk> References: <1495A593-99A0-464D-A160-9375B10F3C4C@batten.eu.org> <4819A1C6.6685.6EEE8F@davidh.spidacom.co.uk> Message-ID: <4f989bd384roger.hird@argonet.co.uk> In article <4819A1C6.6685.6EEE8F@davidh.spidacom.co.uk>, David Hansen wrote: > So, it is now a business. Fascinating. It's current Civil-Service-speak: just as taxpayers are "customers". But actually what civil servants do has always been "business" in the dictionary sense: "public business" - though it's a rather 19th century term. -- Roger Hird roger.hird@argonet.co.uk Running RISCOS 4.39 on an Acorn StrongARM RiscPC From ukcrypto at chiark.greenend.org.uk Thu May 1 12:02:58 2008 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Thu, 01 May 2008 12:02:58 +0100 Subject: BBC NEWS | UK | Tax staff breach data security In-Reply-To: <4f989bd384roger.hird@argonet.co.uk> References: <1495A593-99A0-464D-A160-9375B10F3C4C@batten.eu.org>, <4819A1C6.6685.6EEE8F@davidh.spidacom.co.uk>, <4f989bd384roger.hird@argonet.co.uk> Message-ID: <4819B172.19582.AC28D0@davidh.spidacom.co.uk> On 1 May 2008 at 11:47, Roger Hird wrote: > In article <4819A1C6.6685.6EEE8F@davidh.spidacom.co.uk>, > David Hansen wrote: > > So, it is now a business. Fascinating. > > It's current Civil-Service-speak: just as taxpayers are "customers". No they are not. Taxpayers are the employers of these bods. It was something I never forgot when I was in the civil service. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Thu May 1 12:48:32 2008 From: ukcrypto at chiark.greenend.org.uk (Dan Beale-Cocks) Date: Thu, 01 May 2008 12:48:32 +0100 Subject: Hansard: Written Answer: at least 8 RIPA part III section 49 notices since last October In-Reply-To: <20080430122502.D520B11803C@mailserver5.hushmail.com> References: <20080430122502.D520B11803C@mailserver5.hushmail.com> Message-ID: <4819AE10.4050206@bealoid.co.uk> Watching Them, Watching Us wrote: > (2) how many prosecutions and convictions there have been under the > Regulation of Investigatory Powers Act 2000 for withholding passwords > and encryption keys to hard drives since that provision entered into > force. [200588] Thanks for the numbers. I thought -bicbw- that they could also just use contempt laws if people aren't disclosing keys. Is that true, and if it is are there any numbers to compare? From ukcrypto at chiark.greenend.org.uk Thu May 1 12:45:55 2008 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Thu, 1 May 2008 12:45:55 +0100 Subject: Full Disclosure In-Reply-To: <48198782.40809@ernest.net> References: <20EDC654-A171-4B21-BB0B-AEBE1113C54F@batten.eu.org> <7b6bd0c90804281528v764887f5t3fdc4cc8a934c4b3@mail.gmail.com> <7b6bd0c90804290336x34bfa84eh7fefd91dd1370bc9@mail.gmail.com> <48171D91.8020705@ernest.net> <7b6bd0c90804290634m78f90a9diae607b55d568ee35@mail.gmail.com> <6ED388AA006C454BA35B0098396B9BFB038C2475@uxsrvr20.atlas.ukerna.ac.uk> <7b6bd0c90804292254s5dc7172ci66d0b8cbd501c76b@mail.gmail.com> <7b6bd0c90805010006o12a7be91rb106218138264734@mail.gmail.com> <48198782.40809@ernest.net> Message-ID: In article <48198782.40809@ernest.net>, Nicholas Bohm writes >>> The point I'm making is that this is not a straightforward issue, and >>> one should not assume that IP addresses will invariably be personal >>> data. >> I don't think that IP addresses can be personal data (or not) on a >>case by case basis, because you can't design systems to treat >>different IP addresses differently, having first been able to >>conclude, conclusively, whether or not the one you are processing at >>the time is or is not traceable to a particular natural person. > >I don't think there's any doubt that Joel's conclusion is right in law; >and the fact (on which I'm sure you're right) that the law is >impracticable to implement in computer systems isn't a reason to doubt >that it is the law. In which case I'll rephrase my remarks, and say that my (overcautious) approach is the only way to be sure you are complying with the law. -- Roland Perry From ukcrypto at chiark.greenend.org.uk Thu May 1 13:34:16 2008 From: ukcrypto at chiark.greenend.org.uk (Nicholas Bohm) Date: Thu, 01 May 2008 13:34:16 +0100 Subject: Hansard: Written Answer: at least 8 RIPA part III section 49 notices since last October In-Reply-To: <4819AE10.4050206@bealoid.co.uk> References: <20080430122502.D520B11803C@mailserver5.hushmail.com> <4819AE10.4050206@bealoid.co.uk> Message-ID: <4819B8C8.3010901@ernest.net> Dan Beale-Cocks wrote: > Watching Them, Watching Us wrote: > >> (2) how many prosecutions and convictions there have been under the >> Regulation of Investigatory Powers Act 2000 for withholding passwords >> and encryption keys to hard drives since that provision entered into >> force. [200588] > > Thanks for the numbers. I thought -bicbw- that they could also just use > contempt laws if people aren't disclosing keys. Is that true, and if it > is are there any numbers to compare? I don't think there's any overlap. It cannot be contempt of court to withhold keys (or decrypted data) from the police or most other investigative or enforcement agencies, which is why RIPA is thought necessary. In the case of witnesses required to produce documents or things containing them, and in the case of disclosure obligations in civil proceedings, where RIPA does not apply to compel anything, punishment of disobedience to the court as a contempt is an available sanction. There won't be any numbers for cases where the threat produces obedience; there might be for cases where a contempt has been punished, but I don't know where you'd look for these, and they would probably not be broken down into different reasons for the finding of contempt. Nicholas -- Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Mobile 07715 419728 (+44 7715 419728) PGP public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From ukcrypto at chiark.greenend.org.uk Thu May 1 14:13:55 2008 From: ukcrypto at chiark.greenend.org.uk (Roger Hird) Date: Thu, 01 May 2008 14:13:55 +0100 Subject: BBC NEWS | UK | Tax staff breach data security In-Reply-To: <4f989bd384roger.hird@argonet.co.uk> References: <1495A593-99A0-464D-A160-9375B10F3C4C@batten.eu.org> <4819A1C6.6685.6EEE8F@davidh.spidacom.co.uk> <4f989bd384roger.hird@argonet.co.uk> Message-ID: <4f98a9396eroger.hird@argonet.co.uk> In article <4f989bd384roger.hird@argonet.co.uk>, Roger Hird wrote: > In article <4819A1C6.6685.6EEE8F@davidh.spidacom.co.uk>, > David Hansen wrote: > > So, it is now a business. Fascinating. > It's current Civil-Service-speak: just as taxpayers are "customers". > But actually what civil servants do has always been "business" in the > dictionary sense: "public business" - though it's a rather 19th century > term. Off topic but fascinating - first use of the term "public business" seems to be attributed to one N. Machiavelli (Old Nick, indeed) in The Prince in 1513. That should please David! First reference in English - 1709. -- Roger Hird roger.hird@argonet.co.uk Running RISCOS 4.39 on an Acorn StrongARM RiscPC From ukcrypto at chiark.greenend.org.uk Thu May 1 17:01:44 2008 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Thu, 1 May 2008 17:01:44 +0100 Subject: Virgin Media distances itself from Phorm 'adoption' claims | The Register Message-ID: <4325A313-4B3A-4AC9-8D70-25A189069CBE@batten.eu.org> --Apple-Mail-11--577728964 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit There's been a lot of to-ing and fro-ing, but this all seems pretty unambiguous. http://www.theregister.co.uk/2008/05/01/virgin_media_phorm_misleading/ So of the three launch ISPs, CPW appear to have taken several steps back from the table (no plans to deploy and a clear opt-in commitment which is as close to walking away as makes no odds), Virgin have pushed it off into the future (in a manner akin to parents saying ``we'll see'') and BT are left as the only ISP with a serious current interest in the game. But how serious? Their much-bruited (and how much do we love the Mac spelling checker for having bruited in it?) March, and then April trial, is now ``within 28 days'' from Tuesday (http://news.zdnet.co.uk/communications/0,1000000085,39408146,00.htm ). And promises a network level opt-out. Unless they're prepared to skate to the very edges of the ICO's advice, that's going to need to be a network level opt-IN, and quite how you organise that in a way which will get you a take-up worth having is a whole can of worms. ian --Apple-Mail-11--577728964 Content-Type: text/html; charset=US-ASCII Content-Transfer-Encoding: quoted-printable

http://www.theregister.co.uk/2008/05/01/virgin_media_phorm_misleadin= g/

So of the three launch ISPs, CPW appear to have = taken several steps back from the table (no plans to deploy and a clear = opt-in commitment which is as close to walking away as makes no odds), = Virgin have pushed it off into the future (in a manner akin to parents = saying ``we'll see'') and BT are left as the only ISP with a serious = current interest in the game.   


References: <4325A313-4B3A-4AC9-8D70-25A189069CBE@batten.eu.org> Message-ID: <481AD705.2658.526F1A8@davidh.spidacom.co.uk> On 1 May 2008 at 17:01, Ian Batten wrote: > There's been a lot of to-ing and fro-ing, but this all seems pretty > unambiguous. I hope you are right and the companies who wished to get into bed with these slimeballs are deciding it is not worth the hassle. However, that still leaves the criminal activities of one of them, criminal activities for which they have not been held to account. Of course they probably will never be held to account, as they are inside the tent. Given their complete disregard for the privacy of their customers it is easy to see why these criminals were so keen on RIP. It also shows how ineffective the Huttons are. All they have to say about these criminals is "well done chaps, keep up the good work", more recently even more nauseating words about how wonderful they and their staff are. I would like to be proved wrong in my assessment of the Huttons. I can be proved wrong by the Huttons naming and shaming BT in general, and those involved in criminal activities in particular, in a special report and in their annual report. I have very little expectation that I will be proved wrong, but stranger things have happened. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Fri May 2 11:15:52 2008 From: ukcrypto at chiark.greenend.org.uk (John Brazier) Date: Fri, 2 May 2008 11:15:52 +0100 Subject: BBC NEWS | UK | Tax staff breach data security - Italians In-Reply-To: <1495A593-99A0-464D-A160-9375B10F3C4C@batten.eu.org> References: <1495A593-99A0-464D-A160-9375B10F3C4C@batten.eu.org> Message-ID: <0b6c01c8ac3d$809c7960$81d56c20$@co.uk> This is a multipart message in MIME format. ------=_NextPart_000_0B6D_01C8AC45.E260E160 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit On the other hand, the Italians have a refreshing approach . http://news.bbc.co.uk/1/hi/world/europe/7376608.stm ATB JB From: ukcrypto-admin@chiark.greenend.org.uk [mailto:ukcrypto-admin@chiark.greenend.org.uk] On Behalf Of Ian Batten Sent: 01 May 2008 10:25 To: ukcrypto@chiark.greenend.org.uk Subject: BBC NEWS | UK | Tax staff breach data security My attempt to find this out with an FoI request foundered (``not centrally recorded''), but the question has now been answered. http://news.bbc.co.uk/1/hi/uk/7376586.stm ------=_NextPart_000_0B6D_01C8AC45.E260E160 Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable

On the other hand, the Italians have a refreshing = approach …

 

http://news.= bbc.co.uk/1/hi/world/europe/7376608.stm

 

ATB

 

JB

 

From:= = ukcrypto-admin@chiark.greenend.org.uk [mailto:ukcrypto-admin@chiark.greenend.org.uk] On Behalf Of Ian = Batten
Sent: 01 May 2008 10:25
To: ukcrypto@chiark.greenend.org.uk
Subject: BBC NEWS | UK | Tax staff breach data = security

 

My attempt to find this out with an FoI request foundered = (``not centrally recorded''), but the question has now been = answered.

 

http://news.bbc.co.uk/= 1/hi/uk/7376586.stm

 

------=_NextPart_000_0B6D_01C8AC45.E260E160-- From ukcrypto at chiark.greenend.org.uk Thu May 8 13:51:51 2008 From: ukcrypto at chiark.greenend.org.uk (David Biggins) Date: Thu, 8 May 2008 13:51:51 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. Message-ID: This is a multi-part message in MIME format. ------_=_NextPart_001_01C8B10A.4946CF92 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable This is an official body tasked with monitoring the scheme, and their report makes fascinating reading... http://www.ips.gov.uk/identity/downloads/ISAP_Annual_Report.pdf And a "Plain English" translation of it here: http://talk.guardian.co.uk/WebX?14@456.XJGMbkMrzyM@.77607ed8/61 Dave. ------_=_NextPart_001_01C8B10A.4946CF92 Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable "Independent Scheme Assurance Panel" report on ID cards = published.


This is an official body tasked with = monitoring the scheme, and their report makes fascinating = reading…


= http://www.ips.gov.uk/identity/downloads/ISAP_Annual_Repor= t.pdf


And a "Plain English" = translation of it here:

= http://talk.guardian.co.uk/WebX?14@456.XJGMbkMrzyM@.77607e= d8/61



Dave.



------_=_NextPart_001_01C8B10A.4946CF92-- From ukcrypto at chiark.greenend.org.uk Thu May 8 14:32:09 2008 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Thu, 08 May 2008 14:32:09 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: References: Message-ID: <482300D9.8080508@iosis.co.uk> David Biggins wrote: > This is an official body tasked with monitoring the scheme, and their > report makes fascinating reading… > > _http://www.ips.gov.uk/identity/downloads/ISAP_Annual_Report.pdf_ > > And a "Plain English" translation of it here: > > _http://talk.guardian.co.uk/WebX?14@456.XJGMbkMrzyM@.77607ed8/61_ > > Dave. Great stuff. Never has there been any sign of technical specifications, and never has there been any detailed 'requirement' (as required by EU procurement rules, including the ones that they are now using) seen, at least not in the public domain, not in the Chatham House Rule meetings that I have been to over several years, and not in the early stages of the NIS procurement programme [1]. They just are not designing this scheme, but are expecting it to come together with the help of suppliers (who, this time, because of the Act, will be culpable if it goes wrong) - that was the way we ran the Empire. It is actually possible to deisgn the scheme: other countries do it. Peter [1] The only area that has had significant in-house technical expertise has been biometrics. From ukcrypto at chiark.greenend.org.uk Thu May 8 15:43:58 2008 From: ukcrypto at chiark.greenend.org.uk (David Biggins) Date: Thu, 8 May 2008 15:43:58 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: <482300D9.8080508@iosis.co.uk> References: <482300D9.8080508@iosis.co.uk> Message-ID: Glad you like it... There's also this: http://www.hm-treasury.gov.uk/media/6/7/identity_assurance060308.pdf Challenges and opportunities in identity assurance By=20 Sir James Crosby Dave. =20 > -----Original Message----- > From: ukcrypto-admin@chiark.greenend.org.uk=20 > [mailto:ukcrypto-admin@chiark.greenend.org.uk] On Behalf Of=20 > Peter Tomlinson > Sent: 08 May 2008 14:32 > To: ukcrypto@chiark.greenend.org.uk > Subject: Re: "Independent Scheme Assurance Panel" report on=20 > ID cards published. >=20 > David Biggins wrote: > > This is an official body tasked with monitoring the scheme,=20 > and their=20 > > report makes fascinating reading... > > > > _http://www.ips.gov.uk/identity/downloads/ISAP_Annual_Report.pdf_ > > > > And a "Plain English" translation of it here: > > > > _http://talk.guardian.co.uk/WebX?14@456.XJGMbkMrzyM@.77607ed8/61_ > > > > Dave. > Great stuff. >=20 > Never has there been any sign of technical specifications,=20 > and never has there been any detailed 'requirement' (as=20 > required by EU procurement rules, including the ones that=20 > they are now using) seen, at least not in the public domain,=20 > not in the Chatham House Rule meetings that I have been to=20 > over several years, and not in the early stages of the NIS=20 > procurement programme [1]. They just are not designing this=20 > scheme, but are expecting it to come together with the help=20 > of suppliers (who, this time, because of the Act, will be=20 > culpable if it goes wrong) - that was the way we ran the Empire. >=20 > It is actually possible to deisgn the scheme: other countries do it. >=20 > Peter >=20 > [1] The only area that has had significant in-house technical=20 > expertise has been biometrics. >=20 >=20 >=20 >=20 >=20 >=20 From ukcrypto at chiark.greenend.org.uk Fri May 9 09:01:15 2008 From: ukcrypto at chiark.greenend.org.uk (Mary Hawking) Date: Fri, 9 May 2008 09:01:15 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. - relevant to NHS? In-Reply-To: <20080509064631.7343.3003.Mailman@chiark.greenend.org.uk> References: <20080509064631.7343.3003.Mailman@chiark.greenend.org.uk> Message-ID: >This is an official body tasked with monitoring the scheme, and their >report makes fascinating reading& > >http://www.ips.gov.uk/identity/downloads/ISAP_Annual_Report.pdf > >And a "Plain English" translation of it here: > >http://talk.guardian.co.uk/WebX?14@456.XJGMbkMrzyM@.77607ed8/61 > >Dave. Let's hope that the government pay attention - but as they have invested so much political capital, I doubt it! We have the same situation in the NHS: in the interests of sharing information to improve health care ( a worthy objective, surely?) CSC is introducing Detailed Care Records - locally inclusive records of all health care - GP, Community, mental health, hospital , one record per patient - without full consideration of how the thing would work, who would be responsible for what and how confidentiality - if the term means anything in this context - could be maintained. I feel strongly about this - http://shorterlink.co.uk/14241 but *have* amended to subject line! Mary Hawking -- Mary Hawking From ukcrypto at chiark.greenend.org.uk Fri May 9 09:04:03 2008 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Fri, 09 May 2008 09:04:03 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: References: <482300D9.8080508@iosis.co.uk> Message-ID: <48240573.2090604@iosis.co.uk> Crosby is about something directly useful to citizens, but the NIS is about something directly useful to government (and they hope indirectly useful to citizens in that by way of the NIS we should be able to root out the nasty people and thus improve British society) [1]. The ICO is also interested in something useful to citizens, which is why the WG on User-centric ID Management is operating (part of the Cyber-Security Knowledge Transfer Network thing, now run by BERR and Qinetiq www.cybersecurity-ktn.com). Peter [1] I wonder if that story about air-side airport workers not being fully checked for past bad behaviour, allegedly uncovered by Newsnight, was in fact a plant, aimed at encouraging us to support the fast track issuing of ID Cards to air-side workers, which of course will need proper investigation of their bona-fides (and it will result in the issuing of UK ID Cards to those who are already citizens of another EU country, and eResident cards for those who are third country nationals). David Biggins wrote: > Glad you like it... > > There's also this: > > http://www.hm-treasury.gov.uk/media/6/7/identity_assurance060308.pdf > > > Challenges and opportunities > in identity assurance > By > Sir James Crosby > > > Dave. > > > > > > > > > > > > > > >> -----Original Message----- >> From: ukcrypto-admin@chiark.greenend.org.uk >> [mailto:ukcrypto-admin@chiark.greenend.org.uk] On Behalf Of >> Peter Tomlinson >> Sent: 08 May 2008 14:32 >> To: ukcrypto@chiark.greenend.org.uk >> Subject: Re: "Independent Scheme Assurance Panel" report on >> ID cards published. >> >> David Biggins wrote: >> >>> This is an official body tasked with monitoring the scheme, >>> >> and their >> >>> report makes fascinating reading... >>> >>> _http://www.ips.gov.uk/identity/downloads/ISAP_Annual_Report.pdf_ >>> >>> And a "Plain English" translation of it here: >>> >>> _http://talk.guardian.co.uk/WebX?14@456.XJGMbkMrzyM@.77607ed8/61_ >>> >>> Dave. >>> >> Great stuff. >> >> Never has there been any sign of technical specifications, >> and never has there been any detailed 'requirement' (as >> required by EU procurement rules, including the ones that >> they are now using) seen, at least not in the public domain, >> not in the Chatham House Rule meetings that I have been to >> over several years, and not in the early stages of the NIS >> procurement programme [1]. They just are not designing this >> scheme, but are expecting it to come together with the help >> of suppliers (who, this time, because of the Act, will be >> culpable if it goes wrong) - that was the way we ran the Empire. >> >> It is actually possible to deisgn the scheme: other countries do it. >> >> Peter >> >> [1] The only area that has had significant in-house technical >> expertise has been biometrics. >> >> >> >> >> >> >> > > > > From ukcrypto at chiark.greenend.org.uk Sun May 11 10:11:04 2008 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Sun, 11 May 2008 10:11:04 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: <48240573.2090604@iosis.co.uk> References: <482300D9.8080508@iosis.co.uk> <48240573.2090604@iosis.co.uk> Message-ID: On 9 May 2008, at 09:04, Peter Tomlinson wrote: > I wonder if that story about air-side airport workers not being > fully checked for past bad behaviour, allegedly uncovered by > Newsnight, was in fact a plant, aimed at encouraging us to support > the fast track issuing of ID Cards to air-side workers, which of > course will need proper investigation of their bona-fides (and it > will result in the issuing of UK ID Cards to those who are already > citizens of another EU country, and eResident cards for those who > are third country nationals). The problem is _how_ do you do that investigation, and do you trust the result? I recall being told that there is a process for obtaining clearance for non-UK nationals, for cases which don't otherwise require UK citizenship, but I suspect it has `governments we trust' caveat. How does getting a certificate of non-conviction from a foreign country? How do you pay for it? How do you cope with differing `spent convictions' rules? For example, we now know that Austria regards rape convictions more than ten years previously as spent: how would that play for an CRB check in the UK, enhanced or not? ian From ukcrypto at chiark.greenend.org.uk Mon May 12 08:33:21 2008 From: ukcrypto at chiark.greenend.org.uk (PeteM) Date: Mon, 12 May 2008 08:33:21 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: References: <482300D9.8080508@iosis.co.uk> <48240573.2090604@iosis.co.uk> Message-ID: <4827F2C1.2090601@callnetuk.com> Ian Batten wrote on 11-05-08 10:11: > How do you cope with differing `spent > convictions' rules? For example, we now know that Austria regards rape > convictions more than ten years previously as spent: how would that play > for an CRB check in the UK, enhanced or not? I do not know about others, but the UK system was designed to deal with spent convictions by treating them the same as any other. It returns all convictions (or convictions and suspicions in the case of an enhanced check) no matter how old they are, and leaves it to the applying organisation to apply ROOA. It is possible that this has been or is being changed, but it was certainly true a year or so ago, and I suspect it still is. -- Pete Mitchell From ukcrypto at chiark.greenend.org.uk Mon May 12 09:21:25 2008 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Mon, 12 May 2008 09:21:25 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: <4827F2C1.2090601@callnetuk.com> References: <482300D9.8080508@iosis.co.uk> <48240573.2090604@iosis.co.uk> <4827F2C1.2090601@callnetuk.com> Message-ID: <109CAA79-044F-4E8D-8BF4-A9B7126F9240@batten.eu.org> On 12 May 08, at 0833, PeteM wrote: > Ian Batten wrote on 11-05-08 10:11: > How do you cope with differing `spent >> convictions' rules? For example, we now know that Austria regards >> rape convictions more than ten years previously as spent: how would >> that play for an CRB check in the UK, enhanced or not? > > > I do not know about others, but the UK system was designed to deal > with spent convictions by treating them the same as any other. It > returns all convictions (or convictions and suspicions in the case > of an enhanced check) no matter how old they are, and leaves it to > the applying organisation to apply ROOA. > > It is possible that this has been or is being changed, but it was > certainly true a year or so ago, and I suspect it still is. I don't believe a disclosure certificate for general employment includes spent convictions. A disclosure or enhanced disclosure certificate for occupations exempted from the Rehabilitation of Offenders Act (children, vulnerable adults, pharmacy, finance, security, etc) does include spent convictions, because the employer is explicitly exempted from the Act for their decisions: http://www.nacro.org.uk/data/resources/nacro-2007021302.pdf It would obviously render the RoOA impotent if any random employer could obtain a list of spent convictions, but with a ``hey, don't make use of this!'' caveat. If someone with a spent conviction is asked ``Have you ever been convicted of...'' they are legally allowed to say ``No'', unless activities which are covered by the exemptions are involved. ian From ukcrypto at chiark.greenend.org.uk Mon May 12 09:43:45 2008 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Mon, 12 May 2008 09:43:45 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: <4827F2C1.2090601@callnetuk.com> References: , , <4827F2C1.2090601@callnetuk.com> Message-ID: <48281151.22701.4906408@davidh.spidacom.co.uk> On 12 May 2008 at 8:33, PeteM wrote: > I do not know about others, but the UK system was designed to deal with > spent convictions by treating them the same as any other. It returns all > convictions (or convictions and suspicions in the case of an enhanced > check) no matter how old they are, and leaves it to the applying > organisation to apply ROOA. There is no UK system, though I gather the systems in the countries/principality/province that form the UK are fairly similar. In this country there are three levels to this scam . Two versions of the scam include spent convictions, one does not. The page does not say whether malicious prosecutions are included in the other tittle tattle and lies included in the "enhanced" disclosure. If it was not so serious it would be mildly amusing that governments which tell us they want us to protect ourselves against "identity fraud" at the same time set up systems which provide ways and means to increase "identity fraud". -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Mon May 12 10:05:37 2008 From: ukcrypto at chiark.greenend.org.uk (PeteM) Date: Mon, 12 May 2008 10:05:37 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: <48281151.22701.4906408@davidh.spidacom.co.uk> References: , , <4827F2C1.2090601@callnetuk.com> <48281151.22701.4906408@davidh.spidacom.co.uk> Message-ID: <48280861.5030701@callnetuk.com> David Hansen wrote on 12-05-08 09:43: > On 12 May 2008 at 8:33, PeteM wrote: > >> I do not know about others, but the UK system was designed to deal with >> spent convictions by treating them the same as any other. It returns all >> convictions (or convictions and suspicions in the case of an enhanced >> check) no matter how old they are, and leaves it to the applying >> organisation to apply ROOA. > > There is no UK system, though I gather the systems in the > countries/principality/province that form the UK are fairly similar. Sorry David :) of course I meant the English system. > In this country there are three levels to this scam > . Two versions of > the scam include spent convictions, one does not. In England, there are officially three categories; Basic, Standard and Enhanced. Standard included all convictions whether ROOA-spent or otherwise; Basic was supposed to include unspent convictions; Enhanced, all convictions and suspicions. However, Basic checks were not in practice available because the means of doing them hadn't been created. There were plans to introduce them but the actual implementation was put off several times. I do not know whether it ever got done; as I say, they hadn't been when I last looked. -- Pete Mitchell From ukcrypto at chiark.greenend.org.uk Mon May 12 10:03:26 2008 From: ukcrypto at chiark.greenend.org.uk (PeteM) Date: Mon, 12 May 2008 10:03:26 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: <109CAA79-044F-4E8D-8BF4-A9B7126F9240@batten.eu.org> References: <482300D9.8080508@iosis.co.uk> <48240573.2090604@iosis.co.uk> <4827F2C1.2090601@callnetuk.com> <109CAA79-044F-4E8D-8BF4-A9B7126F9240@batten.eu.org> Message-ID: <482807DE.80106@callnetuk.com> Ian Batten wrote on 12-05-08 09:21: > > It would obviously render the RoOA impotent if any random employer could > obtain a list of spent convictions, but with a ``hey, don't make use of > this!'' caveat. > This says, "The government would have been stupid to do X, so the government can't have done X." -- Pete Mitchell From ukcrypto at chiark.greenend.org.uk Mon May 12 11:27:06 2008 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Mon, 12 May 2008 11:27:06 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: <48280861.5030701@callnetuk.com> References: , <48281151.22701.4906408@davidh.spidacom.co.uk>, <48280861.5030701@callnetuk.com> Message-ID: <4828298A.25723.4EF0456@davidh.spidacom.co.uk> On 12 May 2008 at 10:05, PeteM wrote: > Enhanced, all convictions and suspicions. Does that include malicious prosecutions, which means any prosecution where the victim was found innocent? -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Mon May 12 12:16:18 2008 From: ukcrypto at chiark.greenend.org.uk (Roger Hird) Date: Mon, 12 May 2008 12:16:18 +0100 Subject: Disclosure - was "Independent Scheme Assurance Panel" In-Reply-To: <48280861.5030701@callnetuk.com> References: <4827F2C1.2090601@callnetuk.com> <48281151.22701.4906408@davidh.spidacom.co.uk> <48280861.5030701@callnetuk.com> Message-ID: <4f9e48a6ecroger.hird@argonet.co.uk> In article <48280861.5030701@callnetuk.com>, PeteM wrote: > > There is no UK system, though I gather the systems in the > > countries/principality/province that form the UK are fairly similar. > Sorry David :) of course I meant the English system. > > In this country there are three levels to this scam > > . Two versions of > > the scam include spent convictions, one does not. > In England, there are officially three categories; Basic, Standard and > Enhanced. Standard included all convictions whether ROOA-spent or > otherwise; Basic was supposed to include unspent convictions; > Enhanced, all convictions and suspicions. > However, Basic checks were not in practice available because the means > of doing them hadn't been created. There were plans to introduce them > but the actual implementation was put off several times. I do not know > whether it ever got done; as I say, they hadn't been when I last looked. Well, for purposes of the Licensing Act 2003, English licensing authorities suggest applicants for personal licenses get a Basic Disclosure from disclosurescotland. -- Roger Hird roger.hird@argonet.co.uk Running RISCOS 4.39 on an Acorn StrongARM RiscPC From ukcrypto at chiark.greenend.org.uk Mon May 12 12:26:17 2008 From: ukcrypto at chiark.greenend.org.uk (PeteM) Date: Mon, 12 May 2008 12:26:17 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: <48280861.5030701@callnetuk.com> References: , , <4827F2C1.2090601@callnetuk.com> <48281151.22701.4906408@davidh.spidacom.co.uk> <48280861.5030701@callnetuk.com> Message-ID: <48282959.90204@callnetuk.com> PeteM wrote on 12-05-08 10:05: > otherwise; Basic was supposed to include unspent convictions; ... "supposed to include *only* unspent convictions". Sorry. -- Pete Mitchell From ukcrypto at chiark.greenend.org.uk Mon May 12 15:19:59 2008 From: ukcrypto at chiark.greenend.org.uk (PeteM) Date: Mon, 12 May 2008 15:19:59 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: <4828298A.25723.4EF0456@davidh.spidacom.co.uk> References: , <48281151.22701.4906408@davidh.spidacom.co.uk>, <48280861.5030701@callnetuk.com> <4828298A.25723.4EF0456@davidh.spidacom.co.uk> Message-ID: <4828520F.508@callnetuk.com> David Hansen wrote on 12-05-08 11:27: > On 12 May 2008 at 10:05, PeteM wrote: > >> Enhanced, all convictions and suspicions. > > Does that include malicious prosecutions, which means any prosecution > where the victim was found innocent? > Any incident where the subject was recorded on the PNC as being "suspected" of an offence. -- Pete Mitchell From ukcrypto at chiark.greenend.org.uk Mon May 12 16:24:41 2008 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Mon, 12 May 2008 16:24:41 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: <4828520F.508@callnetuk.com> References: , <4828298A.25723.4EF0456@davidh.spidacom.co.uk>, <4828520F.508@callnetuk.com> Message-ID: <48286F49.29389.5FF78DF@davidh.spidacom.co.uk> On 12 May 2008 at 15:19, PeteM wrote: > > Does that include malicious prosecutions, > > which means any prosecution > > where the victim was found innocent? > > Any incident where the subject was recorded on the PNC as being > "suspected" of an offence. So, being found innocent means nothing of the sort. The malice of police and prosecutors in bringing a malicious prosecution is all that is needed. These officials are not held to account for their malice either. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Mon May 12 16:44:43 2008 From: ukcrypto at chiark.greenend.org.uk (Matthew Pemble) Date: Mon, 12 May 2008 16:44:43 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: <48286F49.29389.5FF78DF@davidh.spidacom.co.uk> References: , <4828298A.25723.4EF0456@davidh.spidacom.co.uk>, <4828520F.508@callnetuk.com> <48286F49.29389.5FF78DF@davidh.spidacom.co.uk> Message-ID: <482865EB.3090100@pemble.net> David Hansen wrote: > On 12 May 2008 at 15:19, PeteM wrote: > > >>> Does that include malicious prosecutions, >>> which means any prosecution >>> where the victim was found innocent? >>> >> Any incident where the subject was recorded on the PNC as being >> "suspected" of an offence. >> > > So, being found innocent means nothing of the sort. The malice of > police and prosecutors in bringing a malicious prosecution is all that > is needed. These officials are not held to account for their malice > either. > > > Errors do actually occur in identifying suspects - it is not always malice. In fact, you could very well say that is why we have courts as opposed to conviction and punishment on indictment - the law tending to (implausibly) assume the absolute probity of its officers. You can also be suspected of an offence and never cleared by a court - lack of evidence or, as per the common or garden domestic, no or a withdrawn complaint (and insufficient official will to carry through the investigation without such.) I would assume (if I wasn't quite so cynical) that your PNC record would be noticeably different if you were found innocent in court as opposed to suspected but never prosecuted? Matthew From ukcrypto at chiark.greenend.org.uk Mon May 12 16:46:05 2008 From: ukcrypto at chiark.greenend.org.uk (Matthew Pemble) Date: Mon, 12 May 2008 16:46:05 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: <48286F49.29389.5FF78DF@davidh.spidacom.co.uk> References: , <4828298A.25723.4EF0456@davidh.spidacom.co.uk>, <4828520F.508@callnetuk.com> <48286F49.29389.5FF78DF@davidh.spidacom.co.uk> Message-ID: <4828663D.7070703@pemble.net> Sorry, I meant to have written: "never prosecuted yourself and nobody else found guilty". Matthew. From ukcrypto at chiark.greenend.org.uk Mon May 12 17:38:43 2008 From: ukcrypto at chiark.greenend.org.uk (Matthew Pemble) Date: Mon, 12 May 2008 17:38:43 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: <48286F49.29389.5FF78DF@davidh.spidacom.co.uk> References: , <4828298A.25723.4EF0456@davidh.spidacom.co.uk>, <4828520F.508@callnetuk.com> <48286F49.29389.5FF78DF@davidh.spidacom.co.uk> Message-ID: <48287293.5030509@pemble.net> David Hansen wrote: > On 12 May 2008 at 15:19, PeteM wrote: > > >>> Does that include malicious prosecutions, >>> which means any prosecution >>> where the victim was found innocent? >>> >> Any incident where the subject was recorded on the PNC as being >> "suspected" of an offence. >> > > So, being found innocent means nothing of the sort. The malice of > police and prosecutors in bringing a malicious prosecution is all that > is needed. These officials are not held to account for their malice > either. > > > Errors do actually occur in identifying suspects - it is not always malice. In fact, you could very well say that is why we have courts as opposed to conviction and punishment on indictment - the law tending to (implausibly) assume the absolute probity of its officers. You can also be suspected of an offence and never cleared by a court - lack of evidence or, as per the common or garden domestic, no or a withdrawn complaint (and insufficient official will to carry through the investigation without such.) I would assume (if I wasn't quite so cynical) that your PNC record would be noticeably different if you were found innocent in court as opposed to suspected but never prosecuted? Matthew From ukcrypto at chiark.greenend.org.uk Mon May 12 18:30:28 2008 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Mon, 12 May 2008 18:30:28 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: <4828298A.25723.4EF0456@davidh.spidacom.co.uk> References: , <48281151.22701.4906408@davidh.spidacom.co.uk>, <48280861.5030701@callnetuk.com> <4828298A.25723.4EF0456@davidh.spidacom.co.uk> Message-ID: <77C0D7E5-A9ED-4A20-99C0-EC4F17ACBA79@batten.eu.org> On 12 May 08, at 1127, David Hansen wrote: > On 12 May 2008 at 10:05, PeteM wrote: > >> Enhanced, all convictions and suspicions. > > Does that include malicious prosecutions, which means any prosecution > where the victim was found innocent? Sorry, I didn't catch this at the time. Are you saying that on any occasion that someone is found innocent in a court, the only explanation is malice on the part of the police? That the police know infallibly if someone is innocent or guilty, and then prosecute people they know to be innocent out of malice, and only people who are in that set are ever found innocent? This implies, therefore, that if we could but find an honest policemen we could shut down the courts, because a policeman free from malice would be able to pass people guilty or innocent by themselves. To believe that the only reason someone might be found innocent by a court is the malice of the police is quite a stretch, I think. ian From ukcrypto at chiark.greenend.org.uk Tue May 13 07:48:41 2008 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Tue, 13 May 2008 07:48:41 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: <77C0D7E5-A9ED-4A20-99C0-EC4F17ACBA79@batten.eu.org> References: , <4828298A.25723.4EF0456@davidh.spidacom.co.uk>, <77C0D7E5-A9ED-4A20-99C0-EC4F17ACBA79@batten.eu.org> Message-ID: <482947D9.11001.3EFC73@davidh.spidacom.co.uk> On 12 May 2008 at 18:30, Ian Batten wrote: > Sorry, I didn't catch this at the time. Are you saying that on any > occasion that someone is found innocent in a court, the only > explanation is malice on the part of the police? No. However, there are plenty of cases where they and the prosecuters have acted maliciously. This has nothing to do with them being infallible. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Tue May 13 21:38:02 2008 From: ukcrypto at chiark.greenend.org.uk (Richard Clayton) Date: Tue, 13 May 2008 21:38:02 +0100 Subject: Surveillance, the Database State, Online Crime ... What Next? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We still have spare space at this upcoming event, so if you are interested in coming, then we'd be delighted to see you. - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Surveillance, the Database State, Online Crime ... What Next? WHAT: An open meeting to celebrate FIPR's tenth birthday. WHEN: 2:00-5:30pm, Tuesday 27 May 2008, followed by a reception. WHERE: JZ Young Lecture Theatre, Anatomy Building, UCL, Gower St, London WC1. ~~~~~~~ The Foundation for Information Policy Research was set up in May 1998 to bring together engineers, lawyers, economists, policy people and others who are interested in the interaction between technology and society. It has become the UK's leading Internet policy think tank. On May 27th 2008 we will be celebrating our tenth birthday with a conference at the JZ Young Lecture Theatre, University College London, from 2:00 - 5:30pm, followed by a reception. The first two sessions will discuss the big information policy challenges of the last ten years, while the third may attempt some crystal ball gazing: 1. Surveillance, privacy and technology - --------------------------------------- The Regulation of Investigatory Powers Act, NHS databases, children's databases, behavioural advertising. Chair: Lord Phillips Panelists: Caspar Bowden (Microsoft), Simon Watkin (Home Office), Terri Dowty (Action on Rights for Children), Richard Clayton (FIPR) 2. Crime, consumers' rights and the law - --------------------------------------- IP enforcement, online contracts, the resolution of financial and other disputes, service personalisation. Chair: William Heath Panelists: The Earl of Erroll, Ian Brown (OII), Roland Perry (e-Victims), Nicholas Bohm (FIPR), Joris van Hoboken(IViR, the Netherlands) 3. The next ten years - --------------------- What will be the interesting policy challenges as computers and communication become embedded invisibly everywhere? Chair: Baroness Miller of Hendon Panelists: The Earl of Northesk, Nigel Hickson (BERR), David Howarth MP, Tom Steinberg (mySociety), Ross Anderson (FIPR) Admission is free to the public but space is limited. Please register by sending email to < birthday2008 AT fipr.org > -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBSCn8KpoAxkTY1oPiEQJx/gCfZ2d2E8Hcuqd2ZD3parPK63J3fHgAnict cpnQw8eYSEHshflTSWuZQWIA =0nK8 -----END PGP SIGNATURE----- From ukcrypto at chiark.greenend.org.uk Tue May 13 18:45:45 2008 From: ukcrypto at chiark.greenend.org.uk (Richard Clayton) Date: Tue, 13 May 2008 18:45:45 +0100 Subject: Surveillance, the Database State, Online Crime ... What Next? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We still have spare space at this upcoming event, so if you are interested in coming, then we'd be delighted to see you. - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Surveillance, the Database State, Online Crime ... What Next? WHAT: An open meeting to celebrate FIPR's tenth birthday. WHEN: 2:00-5:30pm, Tuesday 27 May 2008, followed by a reception. WHERE: JZ Young Lecture Theatre, Anatomy Building, UCL, Gower St, London WC1. ~~~~~~~ The Foundation for Information Policy Research was set up in May 1998 to bring together engineers, lawyers, economists, policy people and others who are interested in the interaction between technology and society. It has become the UK's leading Internet policy think tank. On May 27th 2008 we will be celebrating our tenth birthday with a conference at the JZ Young Lecture Theatre, University College London, from 2:00 - 5:30pm, followed by a reception. The first two sessions will discuss the big information policy challenges of the last ten years, while the third may attempt some crystal ball gazing: 1. Surveillance, privacy and technology - --------------------------------------- The Regulation of Investigatory Powers Act, NHS databases, children's databases, behavioural advertising. Chair: Lord Phillips Panelists: Caspar Bowden (Microsoft), Simon Watkin (Home Office), Terri Dowty (Action on Rights for Children), Richard Clayton (FIPR) 2. Crime, consumers' rights and the law - --------------------------------------- IP enforcement, online contracts, the resolution of financial and other disputes, service personalisation. Chair: William Heath Panelists: The Earl of Erroll, Ian Brown (OII), Roland Perry (e-Victims), Nicholas Bohm (FIPR), Joris van Hoboken(IViR, the Netherlands) 3. The next ten years - --------------------- What will be the interesting policy challenges as computers and communication become embedded invisibly everywhere? Chair: Baroness Miller of Hendon Panelists: The Earl of Northesk, Nigel Hickson (BERR), David Howarth MP, Tom Steinberg (mySociety), Ross Anderson (FIPR) Admission is free to the public but space is limited. Please register by sending email to < birthday2008 AT fipr.org > -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBSCnTyZoAxkTY1oPiEQJzYwCg8zP8ZcjnXJyatIvV2i9GKZrhu6QAn31n ZOgvjKMXBiqSY5YACqeShS9t =rkv4 -----END PGP SIGNATURE----- From ukcrypto at chiark.greenend.org.uk Mon May 12 09:02:55 2008 From: ukcrypto at chiark.greenend.org.uk (Mark Lomas) Date: Mon, 12 May 2008 09:02:55 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: <4827F2C1.2090601@callnetuk.com> References: <482300D9.8080508@iosis.co.uk> <48240573.2090604@iosis.co.uk> <4827F2C1.2090601@callnetuk.com> Message-ID: ------=_Part_3097_3785913.1210579375925 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline 2008/5/12 PeteM : > Ian Batten wrote on 11-05-08 10:11: > > > > > How do you cope with differing `spent > > > convictions' rules? For example, we now know that Austria regards rape > > convictions more than ten years previously as spent: how would that play for > > an CRB check in the UK, enhanced or not? > > > > > I do not know about others, but the UK system was designed to deal with > spent convictions by treating them the same as any other. It returns all > convictions (or convictions and suspicions in the case of an enhanced check) > no matter how old they are, and leaves it to the applying organisation to > apply ROOA. > > It is possible that this has been or is being changed, but it was > certainly true a year or so ago, and I suspect it still is. > This depends upon the organisation requesting the records. Ian is correct to suggest that records are retained after they are spent. ACPO guidelines suggest for up to ten years. However, when conducting a background check for a job, unless the hiring organisation is 'exempt' it will not see spent convictions. Further, the applicant is entitled to lie about spent convictions and protected from unfair dismissal because of that lie. Mark ------=_Part_3097_3785913.1210579375925 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline

2008/5/12 PeteM <otcbn@callnetuk.com>:
Ian Batten wrote  on 11-05-08 10:11:

How do you cope with differing `spent
convictions' rules?  For example, we now know that Austria regards rape convictions more than ten years previously as spent: how would that play for an CRB check in the UK, enhanced or not?


I do not know about others, but the UK system was designed to deal with spent convictions by treating them the same as any other. It returns all convictions (or convictions and suspicions in the case of an enhanced check) no matter how old they are, and leaves it to the applying organisation to apply ROOA.

It is possible that this has been or is being changed, but it was certainly true a year or so ago, and I suspect it still is.

This depends upon the organisation requesting the records.

Ian is correct to suggest that records are retained after they are spent. ACPO
guidelines suggest for up to ten years.

However, when conducting a background check for a job, unless the hiring organisation
is 'exempt' it will not see spent convictions. Further, the applicant is entitled to lie
about spent convictions and protected from unfair dismissal because of that lie.

    Mark
------=_Part_3097_3785913.1210579375925-- From ukcrypto at chiark.greenend.org.uk Wed May 14 10:38:13 2008 From: ukcrypto at chiark.greenend.org.uk (David Biggins) Date: Wed, 14 May 2008 10:38:13 +0100 Subject: (no subject) Message-ID: This is a multi-part message in MIME format. ------_=_NextPart_001_01C8B5A6.3ACD9DC9 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable http://www.guardian.co.uk/uk/2008/may/14/law.humanrights A council that used controversial powers to spy on a family to check whether they were living in the correct school catchment area has done the same to keep an eye on local fishermen, it emerged yesterday.=20 Poole borough council is using the Regulation of Investigatory Powers Act (Ripa) - a law brought in to combat terrorism and cyber crime - to scrutinise people gathering shellfish. Dave. ------_=_NextPart_001_01C8B5A6.3ACD9DC9 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

http://www.guardian.co.uk/uk/2008/may/14/law.humanrights

A council that used controversial = powers to spy on a family to check whether they were living in the = correct school catchment area has done the same to keep an eye on local = fishermen, it emerged yesterday.

Poole borough council is using the = Regulation of Investigatory Powers Act (Ripa) - a law brought in to = combat terrorism and cyber crime - to scrutinise people gathering = shellfish.

Dave.

------_=_NextPart_001_01C8B5A6.3ACD9DC9-- From ukcrypto at chiark.greenend.org.uk Wed May 14 12:47:45 2008 From: ukcrypto at chiark.greenend.org.uk (PeteM) Date: Wed, 14 May 2008 12:47:45 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: References: <482300D9.8080508@iosis.co.uk> <48240573.2090604@iosis.co.uk> <4827F2C1.2090601@callnetuk.com> Message-ID: <482AD161.3000400@callnetuk.com> Mark Lomas wrote on 12-05-08 09:02: > > I do not know about others, but the UK system was designed to deal > with spent convictions by treating them the same as any other. It > returns all convictions (or convictions and suspicions in the case > of an enhanced check) no matter how old they are, and leaves it to > the applying organisation to apply ROOA. > > It is possible that this has been or is being changed, but it was > certainly true a year or so ago, and I suspect it still is. > > This depends upon the organisation requesting the records. > > Ian is correct to suggest that records are retained after they are > spent. ACPO > guidelines suggest for up to ten years. > > However, when conducting a background check for a job, unless the hiring > organisation > is 'exempt' it will not see spent convictions. Further, the applicant is > entitled to lie > about spent convictions and protected from unfair dismissal because of > that lie. > You mean the basic disclosure system is now working as promised, after all the delays? Could you tell me when it was finally implemented (and provide a reference for it)? [Sorry for the late follow up, ukcrypto seems to be sending me posts very erratically at the moment; in fact I don't think I'm getting them all.] -- Pete Mitchell From ukcrypto at chiark.greenend.org.uk Wed May 14 12:58:55 2008 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Wed, 14 May 2008 12:58:55 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: <482AD161.3000400@callnetuk.com> References: <482300D9.8080508@iosis.co.uk> <48240573.2090604@iosis.co.uk> <4827F2C1.2090601@callnetuk.com> <482AD161.3000400@callnetuk.com> Message-ID: <482AD3FF.9060104@iosis.co.uk> PeteM wrote: > Mark Lomas wrote on 12-05-08 09:02: >> I do not know about others, but the UK system was designed to deal >> with spent convictions by treating them the same as any other. It >> returns all convictions (or convictions and suspicions in the case >> of an enhanced check) no matter how old they are, and leaves it to >> the applying organisation to apply ROOA. >> >> It is possible that this has been or is being changed, but it was >> certainly true a year or so ago, and I suspect it still is. >> >> This depends upon the organisation requesting the records. >> >> Ian is correct to suggest that records are retained after they are >> spent. ACPO >> guidelines suggest for up to ten years. >> >> However, when conducting a background check for a job, unless the >> hiring organisation >> is 'exempt' it will not see spent convictions. Further, the applicant >> is entitled to lie >> about spent convictions and protected from unfair dismissal because >> of that lie. > You mean the basic disclosure system is now working as promised, after > all the delays? Could you tell me when it was finally implemented > (and provide a reference for it)? > > [Sorry for the late follow up, ukcrypto seems to be sending me posts > very erratically at the moment; in fact I don't think I'm getting them > all.] > Talking last night in the pub to someone who uses CRB quite a lot, he has heard that they are about to make significant changes. He indicated that they might be issuing a more permanent, portable certificate. Peter From ukcrypto at chiark.greenend.org.uk Wed May 14 13:08:37 2008 From: ukcrypto at chiark.greenend.org.uk (Roger Hird) Date: Wed, 14 May 2008 13:08:37 +0100 Subject: "Independent Scheme Assurance Panel" report on ID cards published. In-Reply-To: <482AD161.3000400@callnetuk.com> References: <482300D9.8080508@iosis.co.uk> <48240573.2090604@iosis.co.uk> <4827F2C1.2090601@callnetuk.com> <482AD161.3000400@callnetuk.com> Message-ID: <4f9f551d1droger.hird@argonet.co.uk> In article <482AD161.3000400@callnetuk.com>, PeteM wrote: > You mean the basic disclosure system is now working as promised, after > all the delays? Could you tell me when it was finally implemented (and > provide a reference for it)? Haven't the faintest idea when it it was implemented - all I know is that if you go to www.disclosurescotland.co.uk/basic.htm able to answer a few identity questions and with appropriate means of payment, a basic disclosure will arrive through your letter box within not too many days. -- Roger Hird roger.hird@argonet.co.uk Running RISCOS 4.39 on an Acorn StrongARM RiscPC From ukcrypto at chiark.greenend.org.uk Wed May 14 14:22:57 2008 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Wed, 14 May 2008 14:22:57 +0100 Subject: (no subject) In-Reply-To: References: Message-ID: <482AF5C1.12035.44E6F15@davidh.spidacom.co.uk> On 14 May 2008 at 10:38, David Biggins wrote: > http://www.guardian.co.uk/uk/2008/may/14/law.humanrights > > A council that used controversial powers to spy on a family to check > whether they were living in the correct school catchment area has done > the same to keep an eye on local fishermen, it emerged yesterday. > Poole borough council is using the Regulation of Investigatory Powers > Act (Ripa) - a law brought in to combat terrorism and cyber crime - to > scrutinise people gathering shellfish. The true RIP successors to the Egg Marketing Board:-) -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Wed May 14 17:42:34 2008 From: ukcrypto at chiark.greenend.org.uk (PeteM) Date: Wed, 14 May 2008 17:42:34 +0100 Subject: (no subject) In-Reply-To: <482AF5C1.12035.44E6F15@davidh.spidacom.co.uk> References: <482AF5C1.12035.44E6F15@davidh.spidacom.co.uk> Message-ID: <482B167A.7000703@callnetuk.com> David Hansen wrote on 14-05-08 14:22: > On 14 May 2008 at 10:38, David Biggins wrote: > >> http://www.guardian.co.uk/uk/2008/may/14/law.humanrights >> >> A council that used controversial powers to spy on a family to check >> whether they were living in the correct school catchment area has done >> the same to keep an eye on local fishermen, it emerged yesterday. >> Poole borough council is using the Regulation of Investigatory Powers >> Act (Ripa) - a law brought in to combat terrorism and cyber crime - to >> scrutinise people gathering shellfish. > > The true RIP successors to the Egg Marketing Board:-) It's not funny. We used to use the Egg Marketing Board as the ultimate example of a comic-opera government agency, but the HMRC child benefit fiasco has taught us that none of these people give a monkey's about our privacy. However I suppose they can always claim that they are better than the Italians: "There has been outrage in Italy after the outgoing government published every Italian's declared earnings and tax contributions on the Internet." Apparently this was not a bug, but intentional. In any case, the full details of every Italian's income and tax returns were posted without warning on the Net for anyone to see, for at least 24 hours. (BBC report) http://news.bbc.co.uk/1/hi/world/europe/7376608.stm Coming to an HMRC website near you soon ... -- Pete Mitchell From ukcrypto at chiark.greenend.org.uk Wed May 14 22:59:49 2008 From: ukcrypto at chiark.greenend.org.uk (Ian G Batten) Date: Wed, 14 May 2008 22:59:49 +0100 Subject: What do we know about Communications Data Bill? Message-ID: <482B60D5.9010503@batten.eu.org> This is a multi-part message in MIME format. --------------040009010804060407090006 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit > *Communications data bill* > New procedures for gathering and retaining data from internet service > providers and phone companies for the purposes of investigating > serious crime and terrorism. Incorporates EU directive on data > gathering into UK law. > > Covers: Whole of UK. > ian --------------040009010804060407090006 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
Communications data bill
New procedures for gathering and retaining data from internet service providers and phone companies for the purposes of investigating serious crime and terrorism. Incorporates EU directive on data gathering into UK law.

Covers: Whole of UK.


ian
 --------------040009010804060407090006-- From ukcrypto at chiark.greenend.org.uk Wed May 14 23:28:59 2008 From: ukcrypto at chiark.greenend.org.uk (Richard Clayton) Date: Wed, 14 May 2008 23:28:59 +0100 Subject: Phorm, RIPA, the ICO and the HO Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In message <8vNMtEdkRO$HFArK@highwayman.com> way back on the 9th April, Richard Clayton wrote: >In article <47FCD497.40503@zen.co.uk>, Peter Fairbrother > writes > >>(I'd be interested to see that written response) > >I interpret the written response as "Simon's document" that was widely >circulated a few weeks back (find it on, for example, Cryptome) > > http://cryptome.org/ho-phorm.htm > >Related material will hopefully become available because I made a wide- >ranging FOI request a few weeks ago... > >I must have managed to cast my net wide enough for the Home Office not >to be able to wriggle through by disclosing nothing exciting :) because >I have now had a holding letter that says that they have had to give >themselves a time extension: > > > The information requested must be considered under the exemptions > contained within sections 40, 41, 42 and 43 of the Act. In order to > consider the public interest test fully we need to extend the 20 > working day response period, and now aim to respond by 12 May. > They have now written to me, in almost but not quite grammatical English, giving themselves another four weeks! FOI is not a quick process :( - -- richard Richard Clayton They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. Benjamin Franklin -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBSCtnq5oAxkTY1oPiEQLD3QCbBOw6jNTh/Mr9ZjvhhvDLNO63+ugAoONh Ewq9tCJPqY6LvUGXojF6oxrl =YDBg -----END PGP SIGNATURE----- From ukcrypto at chiark.greenend.org.uk Thu May 15 00:07:44 2008 From: ukcrypto at chiark.greenend.org.uk (Richard Clayton) Date: Thu, 15 May 2008 00:07:44 +0100 Subject: What do we know about Communications Data Bill? In-Reply-To: <482B60D5.9010503@batten.eu.org> References: <482B60D5.9010503@batten.eu.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In article <482B60D5.9010503@batten.eu.org>, Ian G Batten writes >> Communications data bill >> New procedures for gathering and retaining data from internet >> service providers and phone companies for the purposes of >> investigating serious crime and terrorism. Incorporates EU >> directive on data gathering into UK law. > >> Covers: Whole of UK. a bit more in this document: http://www.official-documents.gov.uk/document/cm73/7372/7372.pdf but not much - -- richard Richard Clayton They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. Benjamin Franklin -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBSCtwwJoAxkTY1oPiEQI7eACbBBj9s48OBSGibRoEjLGyCN1oVV8AnROR +VpaYX7H4DwBl/DCLRnZe1Hy =Ay4B -----END PGP SIGNATURE----- From ukcrypto at chiark.greenend.org.uk Thu May 15 10:13:32 2008 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Thu, 15 May 2008 10:13:32 +0100 Subject: What do we know about Communications Data Bill? In-Reply-To: <482B60D5.9010503@batten.eu.org> References: <482B60D5.9010503@batten.eu.org> Message-ID: In article <482B60D5.9010503@batten.eu.org>, Ian G Batten writes > Communications data bill > New procedures for gathering and retaining data from internet > service providers and phone companies for the purposes of > investigating serious crime and terrorism. Incorporates EU directive > on data gathering into UK law. > Covers: Whole of UK. I presume they mean the Data Retention Directive at: Currently the UK has an article 15(3) postponement of its application to Internet data (see page 8). A good summary of the Data Retention landscape is available at: http://www.jisclegal.ac.uk/pdfs/dataretention.pdf -- Roland Perry From ukcrypto at chiark.greenend.org.uk Fri May 16 06:30:24 2008 From: ukcrypto at chiark.greenend.org.uk (Ian G Batten) Date: Fri, 16 May 2008 14:30:24 +0900 (JST) Subject: Interesting Work Factors Message-ID: <54423.164.71.1.148.1210915824.squirrel@offsite2.batten.eu.org> >From the NAO report on Connecting for Health: ``All downloaded data is required to be encrypted with a 256k [sic] key. Using current technical knowledge and technology, it would take around 100 years to break the encryption without the key'' 256k? What does that mean? And if it's a mistake for 256 bits, 100 years to brute force a 256 bit means on average 10^67 operations per second, which seems implausible (*). Or have we now got visibility of a GCHQ assessment of computing power to credit your adversary with :-) ian (*) check my bc -l: l((2^255)/(86400*365.25*100))/l(10) 67.26 From ukcrypto at chiark.greenend.org.uk Fri May 16 08:27:18 2008 From: ukcrypto at chiark.greenend.org.uk (Ian G Batten) Date: Fri, 16 May 2008 16:27:18 +0900 (JST) Subject: Interesting Certifications In-Reply-To: <54423.164.71.1.148.1210915824.squirrel@offsite2.batten.eu.org> References: <54423.164.71.1.148.1210915824.squirrel@offsite2.batten.eu.org> Message-ID: <38789.164.71.1.148.1210922838.squirrel@offsite2.batten.eu.org> From the NAO report on Connecting for Health: ...complies with the relevant international and British Standards ISO/IEC 17799:2000 and BS7799-2:2002. That'll be news to everyone whose auditors have told them that they had until Jul 2007 to upgrade their 7799 to ISO 27001 before 7799 lapsed... ian From ukcrypto at chiark.greenend.org.uk Fri May 16 13:49:46 2008 From: ukcrypto at chiark.greenend.org.uk (Ian Mason) Date: Fri, 16 May 2008 13:49:46 +0100 Subject: Interesting Work Factors In-Reply-To: <54423.164.71.1.148.1210915824.squirrel@offsite2.batten.eu.org> References: <54423.164.71.1.148.1210915824.squirrel@offsite2.batten.eu.org> Message-ID: On 16 May 2008, at 06:30, Ian G Batten wrote: > > 256k? What does that mean? And if it's a mistake for 256 bits, > 100 years > to brute force a 256 bit means on average 10^67 operations per second, > which seems implausible (*). > Ah, you're a bit behind on technology. This is a recently defined unit of entropy. The k stands for kitten. It's the entropy available from leaving one kitten with one Wii Fit for one second. 256k is therefore obviously the entropy available from leaving 256 kittens on a Wii Fit for one second. This unit scales in a highly non-linear and non-uniform fashion with number of kittens. From ukcrypto at chiark.greenend.org.uk Fri May 16 18:26:40 2008 From: ukcrypto at chiark.greenend.org.uk (Ian Mason) Date: Fri, 16 May 2008 18:26:40 +0100 Subject: FOI requests and WhatDoTheyKnow Message-ID: <7E492EFB-EA6F-4058-85B7-A6E0BCE0F4F2@sourcetagged.ian.co.uk> As there are some frequent Freedom Of Information Act requesters here I thought I'd draw everybody's attention to the latest production from the folks at MySociety. http://www.whatdotheyknow.com/ is a website that helps you submit FOI requests and then publicly tracks their progress. It has a number of advantages principal of which, in my opinion, is that it could build into a very useful central repository of FOI replies. Anyway, take a look for yourselves and form your own opinion. Regards, Ian From ukcrypto at chiark.greenend.org.uk Fri May 16 19:51:08 2008 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Fri, 16 May 2008 19:51:08 +0100 Subject: FOI requests and WhatDoTheyKnow In-Reply-To: <7E492EFB-EA6F-4058-85B7-A6E0BCE0F4F2@sourcetagged.ian.co.uk> References: <7E492EFB-EA6F-4058-85B7-A6E0BCE0F4F2@sourcetagged.ian.co.uk> Message-ID: <482DE5AC.17786.1C7B6C7@davidh.spidacom.co.uk> On 16 May 2008 at 18:26, Ian Mason wrote: > http://www.whatdotheyknow.com/ is a website that helps you submit FOI > requests and then publicly tracks their progress. It has a number of > advantages principal of which, in my opinion, is that it could build > into a very useful central repository of FOI replies. If government departments do not send out "replies" which consist of, "please see the attached Microshit Word document", then this would indeed be the case. It would also mean some questions would not be asked as the information is already available. I fear that some organisations are addicted to Microshit Word and they can become very defensive when they are asked to reply using open standards. I now inform all officials that I don't want a reply in Microshit Word just to head off this problem. I await the answers to my question to Fife Council about RIP with interest. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Mon May 19 12:37:59 2008 From: ukcrypto at chiark.greenend.org.uk (Charles Lindsey) Date: Mon, 19 May 2008 12:37:59 +0100 Subject: US Congress questions legality of Phorm and the Phormettes Message-ID: http://www.theregister.co.uk/2008/05/15/charter_and_nebuad/ -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131     Web: http://www.cs.man.ac.uk/~chl Email: chl@clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 From ukcrypto at chiark.greenend.org.uk Tue May 20 15:04:31 2008 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Tue, 20 May 2008 15:04:31 +0100 Subject: Home Office data grab Message-ID: <4832E87F.24137.6CC7261@davidh.spidacom.co.uk> According to the Daily Wail the Home Office are at it again . "A giant database of every phone call and email sent in Britain is being considered by the Government. "Internet service providers and telephone companies would be forced to hand over records to the Home Office, which would keep them on a computer system. "All forms of electronic communication face being monitored, including social networking sites and text messages. "The database would also include details of how long individuals spend on the internet." The end of the article contains the sort of bullshit one would expect from the Home Office. "A Home Office spokesman said retaining communications information was essential for protecting national security." Nonsense. "He also emphasised powers to hold information were subject to strict safeguards." If it wasn't so serious I would roll around the floor with laughter at that one. Is this spokesman in some parallel universe where information does not leak? "He said: "Communications data - the who, how, when and where of a communication but not the what (content) of the communication - is a crucial tool for protecting national security, preventing and detecting crime and protecting the public."" The same rubbish we heard about RIP. I hope the spokesman was not Simon and he is not regurgitating the nonsense his department spouted over RIP. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Tue May 20 15:17:22 2008 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Tue, 20 May 2008 15:17:22 +0100 Subject: What do we know about Communications Data Bill? In-Reply-To: References: <482B60D5.9010503@batten.eu.org> Message-ID: <0BE2E5EB-4DF6-45D2-AAF9-CA0582A5B523@batten.eu.org> > A government database holding details of every phone call made, > email sent and minute spent on the internet by the public could be > created as part of a centralised fight against crime and terrorism, > it emerged today. http://www.guardian.co.uk/politics/2008/may/20/justice.privacy From ukcrypto at chiark.greenend.org.uk Tue May 20 15:23:19 2008 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Tue, 20 May 2008 15:23:19 +0100 Subject: Home Office data grab In-Reply-To: <4832E87F.24137.6CC7261@davidh.spidacom.co.uk> References: <4832E87F.24137.6CC7261@davidh.spidacom.co.uk> Message-ID: <1EBF50E0-F550-4066-9C8D-B8FBA9E7199D@batten.eu.org> On 20 May 08, at 1504, David Hansen wrote: > The same rubbish we heard about RIP. I presume Home Office and Thames House are trying to get what they can rammed through by this government before it falls, worrying that the Tories might not be quite to friendly towards surveillance. Still, Labour claimed they were in favour of civil liberties until they came to power: didn't we speculate that Jack Straw had been given `the briefing' after which he signed off any and all measures that were put to him? ian From ukcrypto at chiark.greenend.org.uk Tue May 20 15:32:06 2008 From: ukcrypto at chiark.greenend.org.uk (Wendy M. Grossman) Date: Tue, 20 May 2008 15:32:06 +0100 Subject: Home Office data grab In-Reply-To: <4832E87F.24137.6CC7261@davidh.spidacom.co.uk> References: <4832E87F.24137.6CC7261@davidh.spidacom.co.uk> Message-ID: <4832E0E6.1070408@pelicancrossing.net> David Hansen wrote: > > "The database would also include details of how long individuals spend > on the internet." > I've been trying to figure out how they would calculate this, given broadband. > > The end of the article contains the sort of bullshit one would expect > from the Home Office. > > "A Home Office spokesman said retaining communications information was > essential for protecting national security." > > Nonsense. Especially since in a century or two of postal systems they never made any effort to collect address data for all mail. (Quick! ban the Pos > "He also emphasised powers to hold information were subject to strict > safeguards." I believe new research shows that if you TELL data not to leak, it will stay exactly where you put it. wg From ukcrypto at chiark.greenend.org.uk Tue May 20 16:03:00 2008 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Tue, 20 May 2008 16:03:00 +0100 Subject: Home Office data grab In-Reply-To: <4832E0E6.1070408@pelicancrossing.net> References: <4832E87F.24137.6CC7261@davidh.spidacom.co.uk>, <4832E0E6.1070408@pelicancrossing.net> Message-ID: <4832F634.27518.701FE35@davidh.spidacom.co.uk> On 20 May 2008 at 15:32, Wendy M. Grossman wrote: > > "The database would also include details of how long individuals spend > > on the internet." > > > > I've been trying to figure out how they would calculate this, given > broadband. Presumably the length of time a router is connected. If that is all the time then that would not be particularly useful. Either the Home Office have yet to understand or the newspapers are publicising something they think the public might not like. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Tue May 20 16:10:24 2008 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Tue, 20 May 2008 16:10:24 +0100 Subject: Home Office data grab In-Reply-To: <1EBF50E0-F550-4066-9C8D-B8FBA9E7199D@batten.eu.org> References: <4832E87F.24137.6CC7261@davidh.spidacom.co.uk>, <1EBF50E0-F550-4066-9C8D-B8FBA9E7199D@batten.eu.org> Message-ID: <4832F7F0.20974.708C7B1@davidh.spidacom.co.uk> On 20 May 2008 at 15:23, Ian Batten wrote: > I presume Home Office and Thames House are trying to get what they can > rammed through by this government before it falls, worrying that the > Tories might not be quite to friendly towards surveillance. Quite possibly. > Still, > Labour claimed they were in favour of civil liberties until they came > to power: didn't we speculate that Jack Straw had been given `the > briefing' after which he signed off any and all measures that were put > to him? I think it quite likely that party politicians are threatened that some information will be released about them unless they dance to the tune of officials. A few, Ken Clarke was the last reasonable Home Secretary, have the backbone to resist. The other possibility is that the problem is old man syndrome. As people get older they tend to worry that the sky is only being held up by a thin line. Put such a person in power and they are likely to want all sorts of things done to others, as long as they are exempt. Thus war criminals like Mr Liar swan around and the police make no attempt to arrest them while preventing others from enforcing the law. As I have said before the definition of Terrorism in the 2000 act is very clear and it applies to the invasion of Iraq. Either the law is wrong, or the actions are terrorism. There is no third possibility. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Wed May 21 07:52:52 2008 From: ukcrypto at chiark.greenend.org.uk (Stop Common Purpose) Date: Wed, 21 May 2008 07:52:52 +0100 Subject: Home Office data grab Message-ID: <114b9bdc0805202352u98c666tf4a80f50c4bbefe7@mail.gmail.com> ------=_Part_5305_13872737.1211352772775 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Sounds like Common Purpose up to their usual tricks. The Common Purpose Revolution by Stealth Common Purpose is a Trojan Horse network of senior managers in positions of power in the media, national and local government, the police, the judiciary, the NHS and private businesses, all controlled by Brussels to soften up Britain for take over by the EU. Stop Common Purpose If you don't know what Common Purpose is, I suggest you find out. Common Purpose is a corrupt organisation which must be stopped: http://www.stopcp.com -- Regards Stop Common Purpose: http://www.stopcp.com Make FOI requests online: http://www.whatdotheyknow.com ------=_Part_5305_13872737.1211352772775 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Sounds like Common Purpose up to their usual tricks.

The Common Purpose Revolution by Stealth

Common Purpose is a Trojan Horse network of senior managers in positions of power in the media, national and local government, the police, the judiciary, the NHS and private businesses, all controlled by Brussels to soften up Britain for take over by the EU.

Stop Common Purpose
 
If you don't know what Common Purpose is, I suggest you find out.
 
Common Purpose is a corrupt organisation which must be stopped: 
 
http://www.stopcp.com

--
Regards

Stop Common Purpose:

http://www.stopcp.com

Make FOI requests online:

http://www.whatdotheyknow.com ------=_Part_5305_13872737.1211352772775-- From ukcrypto at chiark.greenend.org.uk Wed May 21 08:49:45 2008 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Wed, 21 May 2008 08:49:45 +0100 Subject: Home Office data grab In-Reply-To: <114b9bdc0805202352u98c666tf4a80f50c4bbefe7@mail.gmail.com> References: <114b9bdc0805202352u98c666tf4a80f50c4bbefe7@mail.gmail.com> Message-ID: <4833E229.16232.2209AF@davidh.spidacom.co.uk> On 21 May 2008 at 7:52, Stop Common Purpose wrote: > Common Purpose is a Trojan Horse network of senior managers in positions of > power in the media, national and local government, the police, the > judiciary, the NHS and private businesses, all controlled by Brussels to > soften up Britain for take over by the EU. Yawn. I have done two sessions for them. At the first one, on transport issues in the area, I gave a talk designed to stir the attendees up (it did, very nicely) and was then a panel member. At the second one I was a panel member. They will probably ask me to do a session sometime this year and I will be happy to do so. No programming of the attendees as part of some secret EU project. No corruption. No black helecopters. There are plenty of organisations to worry about, corrupt, subversive and sinister organisations which seek to destroy Britain and introduce a police state, the Home Office for one. It is rather foolish to waste energy campaigning about an organisation which is none of those things. Anyone who doesn't believe me should take a look at and judge for themselves. Just the home page should be enough, the other pages are similar. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Wed May 21 09:57:27 2008 From: ukcrypto at chiark.greenend.org.uk (Ian G Batten) Date: Wed, 21 May 2008 09:57:27 +0100 Subject: Home Office data grab In-Reply-To: <114b9bdc0805202352u98c666tf4a80f50c4bbefe7@mail.gmail.com> References: <114b9bdc0805202352u98c666tf4a80f50c4bbefe7@mail.gmail.com> Message-ID: <4833E3F7.8000806@batten.eu.org> Stop Common Purpose wrote: > Sounds like Common Purpose up to their usual tricks. My younger daughter's godmother ran the Common Purpose group in the Midlands for a while. I'm sometimes happy to believe in the deep cover mole penetration subversion theory of history, but if she's a threat to our precious bodily fluids then I'm the centre-forward for a Premiership football team. And I don't think she's a `useful idiot', unknowing pawn of the secret conspiracy, either. Common Purpose is an upper middle class version of Rotary. The few I know who have had dealings with it tend to be a bit religious in a nice way: the sort of people whose Methodism causes them to become Labour or LibDem councillors, and who can use the phrase ``putting something back'' without making me throw up. Yes, it's probable that solicitor Common Purpose member X may put some business to accountant Common Purpose member Y, but in that sense it's no more a threat to our national polity than an NCT-run bumps and babies group in the suburbs. ian From ukcrypto at chiark.greenend.org.uk Wed May 21 08:19:53 2008 From: ukcrypto at chiark.greenend.org.uk (Martin Hepworth) Date: Wed, 21 May 2008 08:19:53 +0100 Subject: Home Office data grab In-Reply-To: <4832E0E6.1070408@pelicancrossing.net> References: <4832E87F.24137.6CC7261@davidh.spidacom.co.uk> <4832E0E6.1070408@pelicancrossing.net> Message-ID: <72cf361e0805210019k70abf7a7qbdd36b98e779818f@mail.gmail.com> ------=_Part_5373_1253101.1211354393066 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline On Tue, May 20, 2008 at 3:32 PM, Wendy M. Grossman < wendyg@pelicancrossing.net> wrote: > David Hansen wrote: > >> >> "The database would also include details of how long individuals spend on >> the internet." >> >> > I've been trying to figure out how they would calculate this, given > broadband. > or indeed how they deal with companies who have leased lines/broadband and their own email servers! Or companies who route via non UK proxies/offices. Mind you given the NHS IT project and others I doubt they'll make it work any time soon ;-) -- Martin ------=_Part_5373_1253101.1211354393066 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline

On Tue, May 20, 2008 at 3:32 PM, Wendy M. Grossman <wendyg@pelicancrossing.net> wrote:
David Hansen wrote:

"The database would also include details of how long individuals spend on the internet."


I've been trying to figure out how they would calculate this, given broadband.

or indeed how they deal with companies who have leased lines/broadband and their own email servers!


Or companies who route via non UK proxies/offices.

Mind you given the NHS IT project and others I doubt they'll make it work any time soon ;-)

--
Martin

------=_Part_5373_1253101.1211354393066-- From ukcrypto at chiark.greenend.org.uk Wed May 21 18:41:06 2008 From: ukcrypto at chiark.greenend.org.uk (sean lock) Date: Wed, 21 May 2008 17:41:06 +0000 (GMT) Subject: Charged for failing to comply with a Section 49 Notice (RIPA Part 3) Message-ID: <12317.19785.qm@web25805.mail.ukl.yahoo.com> --0-731351806-1211391666=:19785 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, I have been charged for failing to comply with a Section 49 notice. I d= eclined to divulge my passphrase at my first interview in August 2006. Twen= ty-one months later, and when Part 3 of the RIPA act was in force, requiri= ng the disclosure of encryption keys, I was served with a Section 49 Notice= . This was impossible for me to comply with as it had been 20 months since = I last used my passphrase and as a result, I have forgotten the passphrase = simply because I have not used it in such a long time.=0A=0AI personally co= nsider this an abuse of process as I am at a distinct disadvantaged conside= ring 20 months have alapsed and only now, I am expected to recall the passp= hrase. Whereas if I was served with the notice in more efficient manner, re= membering the passphrase is very likely. I would be grateful if anyone can = assist me with any help. My email is jaffy1229@yahoo.co.uk=0A=0ARegards,=0A= Sean Lock=0A=0A=0A ___________________________________________________= _______=0ASent from Yahoo! Mail.=0AA Smarter Email http://uk.docs.yahoo.com= /nowyoucan.html --0-731351806-1211391666=:19785 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
Hi, I have been charged for failing to comply with a Sectio= n 49 notice. I declined to divulge my passphrase at my first interview in A= ugust 2006. Twenty-one  months later, and when Part 3 of the RIPA act = was in force, requiring the disclosure of encryption keys, I was served wit= h a Section 49 Notice. This was impossible for me to comply with as it had = been 20 months since I last used my passphrase and as a result, I have forg= otten the passphrase simply because I have not used it in such a long time.=

I personally consider this an abuse of process as I am at a distinc= t disadvantaged considering 20 months have alapsed and only now, I am expec= ted to recall the passphrase. Whereas if I was served with the notice in mo= re efficient manner, remembering the passphrase is very likely. I would be grateful if anyone can assist me with any help. My email is jaffy1229@y= ahoo.co.uk

Regards,
Sean Lock


=0A=0A=0A=0A =
=0ASent from Yahoo! Mail.=0A
=0AA Smarter Ema= il. --0-731351806-1211391666=:19785-- From ukcrypto at chiark.greenend.org.uk Thu May 22 09:21:40 2008 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Thu, 22 May 2008 09:21:40 +0100 Subject: Charged for failing to comply with a Section 49 Notice (RIPA Part 3) In-Reply-To: <12317.19785.qm@web25805.mail.ukl.yahoo.com> References: <12317.19785.qm@web25805.mail.ukl.yahoo.com> Message-ID: <48353B24.12572.47425E@davidh.spidacom.co.uk> On 21 May 2008 at 17:41, sean lock wrote: > Hi, I have been charged for failing to comply with a Section 49 > notice. I declined to divulge my passphrase at my first interview in > August 2006. Twenty-one months later, and when Part 3 of the RIPA act > was in force, requiring the disclosure of encryption keys, I was > served with a Section 49 Notice. This was impossible for me to comply > with as it had been 20 months since I last used my passphrase and as a > result, I have forgotten the passphrase simply because I have not used > it in such a long time. IANAL and I think need ones who have experience of human rights if you can rather than one who deals with shoplifting and so on. However, I agree that you are being abused by officials. We were told by the Home Office that they would take measures against RIP being used wrongly by officials. They never revealed what this would be and I suspect that if it is anything at all this is a hard stare. In your case I suspect that they are too scared of the police to even give them a hard stare. has the usual bullshit for which they are famous, including, "Several bodies have been set up to monitor surveillance activity to ensure it doesn´t encroach upon our right to privacy and to hold public authorities to account for any misconduct.", which would be laughable if it wasn't so serious. However, they do have a list of official people who are supposed to consider these things, though their record of doing so is pathetic. While it is worth keeping these useless official bodies informed I wouldn't rely on them at all. Unofficial action is the way of dealing with this sort of thing, though lawyers often advise against this as they have a touching belief in official systems. In my view the way of holding officials to account is to get as much publicity as possible. They are the ones who want to hide. I would asking my MP if they are in favour of retrospective legislation. This could lead in a number of directions, depending on their history. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Thu May 22 14:39:16 2008 From: ukcrypto at chiark.greenend.org.uk (Nicholas Bohm) Date: Thu, 22 May 2008 14:39:16 +0100 Subject: Charged for failing to comply with a Section 49 Notice (RIPA Part 3) In-Reply-To: <12317.19785.qm@web25805.mail.ukl.yahoo.com> References: <12317.19785.qm@web25805.mail.ukl.yahoo.com> Message-ID: <48357784.1000006@ernest.net> sean lock wrote: > Hi, I have been charged for failing to comply with a Section 49 notice. > I declined to divulge my passphrase at my first interview in August > 2006. Twenty-one months later, and when Part 3 of the RIPA act was in > force, requiring the disclosure of encryption keys, I was served with a > Section 49 Notice. This was impossible for me to comply with as it had > been 20 months since I last used my passphrase and as a result, I have > forgotten the passphrase simply because I have not used it in such a > long time. > > I personally consider this an abuse of process as I am at a distinct > disadvantaged considering 20 months have alapsed and only now, I am > expected to recall the passphrase. Whereas if I was served with the > notice in more efficient manner, remembering the passphrase is very > likely. I would be grateful if anyone can assist me with any help. My > email is jaffy1229@yahoo.co.uk It's not an abuse of process in the legal sense, but the circumstances of delay help to make plausible a defence under section 53, i.e. a defence that the key was not effectively in your possession when the section 49 notice was served because you had by then forgotten the passphrase and could not use or provide the key. An alternative approach, perhaps now out of time, is to provide the encrypted key and wait for a further s 49 notice demanding the passphrase for access to it. Non-compliance with that notice is more straight-forwardly subject to the defence of having forgotten the passphrase. Either way, if you submit sufficient evidence to raise the issue of forgetting the passphrase by way of defence, then it is for the prosecution to prove beyond reasonable doubt that you haven't forgotten it. A formal statement from you describing the circumstances (i.e. date of last use, your passphrase policy to show how forgettable your passphrases are, reasons why you haven't needed to use the key for 20 months, other relevant circumstances) would seem sufficient evidence to throw the burden of proof on to the prosecution. They could try to find evidence that you had recently used the key (e.g. that you had replied to a message encrypted using the corresponding public key); but short of that, it isn't an easy burden of proof for the prosecution to discharge. But you could still do with a clued-up criminal lawyer. Try talking to Liberty. Nicholas -- Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Mobile 07715 419728 (+44 7715 419728) PGP public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From ukcrypto at chiark.greenend.org.uk Thu May 22 15:27:37 2008 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Thu, 22 May 2008 15:27:37 +0100 Subject: Charged for failing to comply with a Section 49 Notice (RIPA Part 3) In-Reply-To: <48357784.1000006@ernest.net> References: <12317.19785.qm@web25805.mail.ukl.yahoo.com>, <48357784.1000006@ernest.net> Message-ID: <483590E9.6562.1964ADD@davidh.spidacom.co.uk> On 22 May 2008 at 14:39, Nicholas Bohm wrote: > It's not an abuse of process in the legal sense, I don't recall RIP being touted as being retrospective, though it is quite pososble that the rascals in Westminster and the officals who pull their strings failed to mention this. In the absence of that it seems to me that this outrageous law can only apply to things stolen after the First of October 2007, but I am often wrong. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Thu May 22 16:47:51 2008 From: ukcrypto at chiark.greenend.org.uk (Nicholas Bohm) Date: Thu, 22 May 2008 16:47:51 +0100 Subject: Charged for failing to comply with a Section 49 Notice (RIPA Part 3) In-Reply-To: <483590E9.6562.1964ADD@davidh.spidacom.co.uk> References: <12317.19785.qm@web25805.mail.ukl.yahoo.com>, <48357784.1000006@ernest.net> <483590E9.6562.1964ADD@davidh.spidacom.co.uk> Message-ID: <483595A7.4060009@ernest.net> David Hansen wrote: > On 22 May 2008 at 14:39, Nicholas Bohm wrote: > >> It's not an abuse of process in the legal sense, > > I don't recall RIP being touted as being retrospective, though it is > quite pososble that the rascals in Westminster and the officals who > pull their strings failed to mention this. In the absence of that it > seems to me that this outrageous law can only apply to things stolen > after the First of October 2007, but I am often wrong. I haven't looked at this point, but in any case if the notice was given after the relevant date, it presumably applies to a key in the possession of the recipient of the notice immediately before it was given. Nicholas -- Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Mobile 07715 419728 (+44 7715 419728) PGP public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From ukcrypto at chiark.greenend.org.uk Thu May 22 16:47:13 2008 From: ukcrypto at chiark.greenend.org.uk (ken) Date: Thu, 22 May 2008 16:47:13 +0100 Subject: Home Office data grab In-Reply-To: <4833E3F7.8000806@batten.eu.org> References: <114b9bdc0805202352u98c666tf4a80f50c4bbefe7@mail.gmail.com> <4833E3F7.8000806@batten.eu.org> Message-ID: <48359581.6000206@bbk.ac.uk> Ian G Batten wrote: > Stop Common Purpose wrote: >> Sounds like Comm