Government black boxes will 'collect every email'

Richard Clayton ukcrypto at chiark.greenend.org.uk
Fri, 7 Nov 2008 15:29:04 +0000 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <Pine.SOC.4.64.0811071250520.509@bowling.cent.gla.ac.uk>,
Chris Edwards <chris@eng.gla.ac.uk> writes

>Richard Clayton wrote:
>
>| as we've discussed here before, what's content at one level of the stack
>| is traffic data at the next one .... so provided your "black boxes" are
>| able to pick protocols apart it's "turtles all the way down"
>
>Yep discussed before here (and thanks for the useful insight).
>
>  http://www.chiark.greenend.org.uk/pipermail/ukcrypto/2008-October/085585.html
>
>I would have thought though that there's still some distinction between 
>deep inspection to extract certain stuff (like the WoW virtual coords) 
>then throwing away the rest, versus recording entire content.

today, there certainly is ... and I believe that you'd need primary
legislation to change that....

hmm... we're talking about a Bill!  Join the dots!

>Roland Perry wrote:
>
>| This is not a surprise (either the fact you mention, or the conflation 
>| with intercepting content). Surely the outline of this has been 
>| available for years| in the Data Retention Directive. More recently in 
>| the consultation:
>| 
>| http://www.homeoffice.gov.uk/documents/cons-2008-transposition
>
>My reading of the consultation is basically that UK ISPs will be expected 
>to retain traffic data for 12 months.  Access to this would normally be 
>via a standard RIPA notice.

by law enforcement yes, RIP s22.  For a civil action a Norwich Pharmacal
order (did Lord Woolf rename those?) would be appropriate.

>By contrast however, there appears to be this *other* proposal where the 
>data is held in some sort of huge central govt database.  

yes -- the original plan (AIUI) was for the Comms Data Bill to have been
published in draft last spring, consulted upon, and then it would all
move forward together.  Delays in the Bill process -- and the necessity
to meet an EU timetable for implementation of data retention -- has
meant that business as usual continues, with consequent further spending
on the "old" system

>Not sure how access to the data would be regulated.  At a guess, RIPA 
>would need to be modified or replaced.

I'd expect to see some new definitions for comms data...  and indeed I
think that would be desirable in any case.

One of the things, for example, that could be sorted out is that
currently subscriber inquiries are subject to the same regulatory regime
(self-authorisation) as the most intrusive of comms data inquiries...
that is not good :(  Further, RIP has a catch-all "and anything else not
content" into which a whole lot of complicated cases fall (is a PIN for
accessing voice messages "comms data" ... at the moment I think it comes
under that regime because the definitions of "content" don't include it)

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSRRewJoAxkTY1oPiEQJGDgCg3qW1VIklBCmtSu9L48jMl315KxcAn2Mo
NiIdRY7z10g6JyC2TQLhRxLR
=d+EG
-----END PGP SIGNATURE-----