What do you think about communications data collection and storage?

[John Lamb]

On Mon, Apr 27, 2009 at 09:53:35PM +0100, Roland Perry wrote:
> All the other sorts of comms data seem pretty well defined to me (the 
> from/to/when stuff that's wrapped around the content).
> 
> Or did you mean "make clearer which *subset* of comms data, measures 
> such as data retention apply to"??

On page 24 (the 30th page of the PDF) there is a section which says:

"An overseas web-based e-mail account, for example, may be accessed
using networks provided by many different UK companies.  Fragmentation
will make operations run by public authorities much slower: it will take
longer to find and piece together the data needed to identify and build
up a picture of a suspect, or establish the location of a missing
person."

How can you identify the *person* accessing an overseas webmail account
without using DPI? You need to look at the username POSTed when they log
in, and the cookie data if they are already logged in; otherwise a user
could log into their webmail at home, take their laptop to the office
and continue their session. 

This is what they are talking about when they mention collecting third
party data. They want a DPI box at your ISP logging your facebook
messages, your forum posts, your webmail sessions, your tweets, your
skype calls...  

Phorm will be pleased.

John