'Today' considers data retention and IMP

Richard Clayton ukcrypto at chiark.greenend.org.uk
Sun, 11 Jan 2009 22:33:45 +0000 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <MySeuXhs6kaJFA81@perry.co.uk>, Roland Perry <lists@internetp
olicyagency.com> writes

>with at least a decade's experience of access to comms 
>data, it was decided that the provisions of the Data Retention Directive 
>were sufficiently useful, some of the time, to be worth it.

Are you sure it wasn't specific pressure groups within the LEAs seizing
the moment, post Madrid and post 7/7, to push forward their agenda
(which had stalled since the passing of ATCS in 2001).

It was also, of course, a dawning realisation that most future
investigations were going to cross country boundaries, and hence the
rest of Europe was going to have to do more. In the rest of Europe there
was (still is?) very limited data retention, and even less understanding
of what it is possible to do with this data.

The main point of the Directive is to produce a consistent retention
regime across the whole continent... if the foreigners hadn't messed
with the Home Office's pristine wording (and Clarke swallowed it, in the
interests in getting it adopted ASAP) then it would have made little
difference here in the UK.

> And 
>following on from that the same decisions about measures within IMP.

You're surely not suggesting that IMP is "worth it" ?

The centralised data base we have also seen before with the document
promoted by Mr Gaspar in late 2000. That gained very little traction
once exposed to the light of day ...

... the reason it looks more attractive to policymakers this time is
that the central database is being teamed with the DPI/Netflow data
collection scheme (what's a few billions spent, more or less).

The spooks have seen various little tricks done by the ISPs (and more
particularly the NSPs ["backbone networks"]) to track down some of the
wickedness on the Internet; and they want to be able to play too.

If they've done a realistic cost/benefit analysis then they must have
some spectacular benefits in mind -- will we like such a society?

>I don't think the intention is to trawl for "suspicious looking people", 
>rather than examining the activities of people specifically under 
>investigation. (I can hear people sharpening their pencils to tell me 
>this is a rather naive point of view, but the sheer volume of data and 
>lack of centralised police facilities to do the studies, would seem to 
>preclude it).

Once the centralised system is in place, it is only necessary to
consider it proportionate to permit "trawls" ("intersection attacks" as
they tend to be called in the traffic analysis literature) and the whole
game changes ...

... I find it hard to get people to understand the risks here. But
analogies can help:

As I understand it, a great many crimes are planned in pubs. We should
therefore have a law that whenever you place an order at the bar, your
name should be entered into a computerised log by the bartender -- along
with the names of all the people you're buying a round for. This will
give the police important information about the conspiracies behind many
crimes, often violent crimes. As an added benefit, combining the data
with the data from number-plate recognition systems will help with the
targeting of drunk drivers. Nothing to drink, nothing to fear!

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSWpzyZoAxkTY1oPiEQIU9wCfctA9v3CebiOO2Ld1vQLQnwarQcwAmgLy
YQEAzfbfVA5s/PapEyKr5tLV
=A9ZW
-----END PGP SIGNATURE-----