Mastering the Internet

Roland Perry ukcrypto at chiark.greenend.org.uk
Sun, 3 May 2009 15:13:11 +0100 

In article <49FD858F.8030105@zen.co.uk>, Peter Fairbrother
<zenadsl6186@zen.co.uk> writes
>"Mastering the Internet" is a GCHQ program said to involve the
>installation of black boxes at ISPs. Apparently several =A3100 millions
>of contracts have been awarded.
>
>
>http://www.timesonline.co.uk/tol/news/politics/article6211101.ece

As is almost inevitable in press articles they start off talking about
Interception of content, before reverting to what's probably the actual
thing going on: monitoring comms data. Towards the end it relents:

        "Although the paper [work] does not say it, its clear
        implication is that those kinds of probes should be extended to
        cover the entire population for the purposes of monitoring
        communications data,2 said the industry source.

>http://www.theregister.co.uk/2009/05/03/gchq_mti/
>
>
>Surely this is illegal under RIPA? Or is there a later law legalising it=
?
>
>My El Reg comments reproduced:
>
>The secretary of state may make an order under s.12 of RIPA for the
>inclusion of such interception "black boxes" - but the order has to be
>laid before Parliament and approved by a resolution of each House.
>
>If this has not happened - and it hasn't - then any ISP installing a
>"black box" will be acting illegally.

An order is only required if the CSP resists a polite request to install
a permanent intercept capability.

It's not illegal to install one, just [currently] to operate it without
warrants to extract content from communications.

But wasn't there originally a proposal that would (if put through
Parliament) legalise the use of such black boxes to feed a central
warehouse?  But if the central warehouse idea has been dropped, all
that's happening is the CSPs would be using a similar capability to
construct their own logs (which is legal even today).

The legal focus then moves to what is necessary to permit LEAs to obtain
disclosure of those logs (on a selective basis). I've still not had time
to read it, but isn't that what the current consultation is about?

The "wild card" is perhaps whether or not GCHQ will be able to monitor
[but not gather all into a warehouse] just comms data live through the
taps (a bit like a RIPA authorisation). Does the consultation document
say anything about that?
--=20
Roland Perry