Government black boxes will 'collect every email'

David Hansen ukcrypto at chiark.greenend.org.uk
Fri, 07 Nov 2008 18:41:13 -0000 

On 7 Nov 2008 at 16:01, Roland Perry wrote:

> I would like to see the "Subscriber details", aka Reverse-DQ, provisions
> completely separated from the remaining more intrusive comms data.

Sounds like a good idea. Perhaps some organisation with a clue and 
which is not having its strings pulled by others could come up with 
such a law. Something to regulate investigatory powers. Having come up 
with the current pile of stinking manure, the Home Office would be 
ineligible to draft this.

> I
> know that RIPA does this already, but it's not sufficiently obvious to
> the average commentator.

Yes and no.

As has been pointed out the "process" involved in all cases is that the 
organisation which demands the information is supposed to convince 
itself that it is necessary and proportional to demand the information. 
Ha, ha. Those with the information then say, "we are only obeying 
orders" and hand it over. I gather some of those with the information 
are so weak-kneed  that they let those wanting the information do what 
they want. This is the sort of organisation which doesn't think it 
worth telling their customers that they are to be used as guinea pigs 
for spyware companies.

Obviously there are some distinctions in what those who want the 
information can demand. The Egg Marketing Board could only demand some 
information after convincing itself this was necessary and 
proportional.

A law to regulate investigatory powers would have the features I have 
outlined before:

1) for the "subscriber details", victims would be notified after the 
event. This provides the necessary feedback mechanism to discourage 
"over-enthusiastic" activities by the police and also discourages 
communications companies from lying back and thinking of England as 
they do at the moment. The communications companies would obviously 
fight this, as it would reveal the extent of their complicity in 
violating people's privacy. There would also be an oversight mechanism, 
for which the current smug self-satisfied "regulators" need not apply.

2) for other items, a mechanism based on the far less intrusive 
physical intrusion system. While this system has many faults it does 
have some degree of public confidence. This would ensure a degree of 
external oversight before people's privacy was violated. Obviously 
notification after the event and proper oversight are at least as 
important in this situation.

Of course to do this the fools who came up with RIP have to be 
eliminated from having anything to do with coming up with something to 
regulate investigatory powers. Also the stupid "regulators" who fail to 
see the flaws of sentences like, IIRC, "The Security Service welcomes 
RIPA, having played a large part in writing it." need to be retired.



-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54