Child abuse unit paying for data

Richard Clayton ukcrypto at chiark.greenend.org.uk
Wed, 21 Jan 2009 12:25:27 +0000 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <MpeuoMkBsudJFAlH@perry.co.uk>, Roland Perry <lists@internetp
olicyagency.com> writes

>That story raises an interesting issue - RIPA is all about providing 
>information regarding *offenders*, 

Yes, and the story seems to be pretty much all about that.

It sounds as if CEOP hasn't correctly budgeted for their "reverse
directory lookup" requests (and presumably some other, more intrusive
requests for comms data such as lists of emails sent/received)...

... this is a little surprising because the cost recovery regime has
been in place for over a decade (and CEOP is much younger than that).

It should perhaps be noted that the Home Office money being put in for
data retention purposes is generally tied to agreements with the ISPs
(and telcos) for rapid and cheap access to data.  viz: it's about SLAs
and reducing access costs.

>and does very little to facilitate 
>enquiries about *victims*. 

nonsense ...  you can issue s22 notices for victim information under
several headings:

  (b) for the purpose of preventing or detecting crime or of preventing
      disorder; 
  (d) in the interests of public safety; 
  (e) for the purpose of protecting public health; 
  (g) for the purpose, in an emergency, of preventing death or injury or
      any damage to a person’s physical or mental health, or of
      mitigating any injury or damage to a person’s physical or mental
      health; or 

>There was a small change proposed to allow 
>police to demand information to identify dead bodies (eg by doing a 
>reverse DQ on the phone in their pocket), which wasn't allowed before, 
>because being found dead is not of itself a crime.

correct, and it is too late to prevent that death; so the original set
of reasons wasn't sufficient.

However, if you find a child dead from being abused, then a crime will
have taken place -- and hence CEOP can inquire about the victim

>Therefore the requests for data are probably being made under the DPA 
>s29(3) provisions. 

Groundless speculation :(

>If that's the case, the situation is more complicated 
>because ISPs are not *compelled* to produce the data, but have to make a 
>judgement about whether there are sufficient grounds, as well as whether 
>such assistance should be charged for.

If they are using DPA s29(2), then the ISP will report CEOP to the Home
Office unit with a request for them to be re-educated. They might well
also make a formal complaint to the Interception Commissioner since the
Code of Practice will be being ignored.

Since you're just guessing, I suggest you apologise for the slur on
CEOP's character !

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSXcUN5oAxkTY1oPiEQIzSACffgslsxtNUyuW1fKE9dmgV0vQcZ8AoP1Z
wAUI8iSmFNfoS0fzoEEIPqpI
=4vmf
-----END PGP SIGNATURE-----