Mastering the Internet

Peter Fairbrother ukcrypto at chiark.greenend.org.uk
Sun, 03 May 2009 17:28:55 +0100 

Roland Perry wrote:
> In article <49FD858F.8030105@zen.co.uk>, Peter Fairbrother
> <zenadsl6186@zen.co.uk> writes
>> "Mastering the Internet" is a GCHQ program said to involve the
>> installation of black boxes at ISPs. Apparently several £100 millions
>> of contracts have been awarded.
>>
>>
>> http://www.timesonline.co.uk/tol/news/politics/article6211101.ece
> 
> As is almost inevitable in press articles they start off talking about
> Interception of content, before reverting to what's probably the actual
> thing going on: monitoring comms data. Towards the end it relents:
> 
>         "Although the paper [work] does not say it, its clear
>         implication is that those kinds of probes should be extended to
>         cover the entire population for the purposes of monitoring
>         communications data,2 said the industry source.

How is it limited to comms data?

> 
>> http://www.theregister.co.uk/2009/05/03/gchq_mti/
>>
>>
>> Surely this is illegal under RIPA? Or is there a later law legalising it?
>>
>> My El Reg comments reproduced:
>>
>> The secretary of state may make an order under s.12 of RIPA for the
>> inclusion of such interception "black boxes" - but the order has to be
>> laid before Parliament and approved by a resolution of each House.
>>
>> If this has not happened - and it hasn't - then any ISP installing a
>> "black box" will be acting illegally.
> 
> An order is only required if the CSP resists a polite request to install
> a permanent intercept capability.
> 
> It's not illegal to install one, just [currently] to operate it without
> warrants to extract content from communications.

Isn't be covered by 2(2)(a), modification [..] "as to make some or all 
of the contents of the communication available, while being transmitted, 
to a person other than the sender or intended recipient of the 
communication"?

Are the bytes made available to GCHQ  going to be somehow (?) 
technically limited to comms data and not content by the ISPs/network 
operators?

Note that it's the bytes which are made available, rather than any bytes 
which are actually looked at, which is the definition. I can't see that 
happening, but maybe.

Otherwise, putting a black box on the network will make all the bytes, 
including content, available to GCHQ.

And putting that black box in, unless you are required to do so by a 
Statutory Order eg under s.12, is illegal interception.


Afaics there are no "if"s, "and"s or "but"s about it. GCHQ simply 
promising to only look at comms data (unless they have a relevant 
warrant) doesn't change anything, content is made available to them.

There is a mechanism to change this state of affairs, in s.12, and it 
involves Parliament itself, so I can't see any reasonable Court saying 
otherwise.



 > [...]

(I haven't read the consultation yet either - but it seems to be pure 
publicity fluff, a communication with no content. So that's all right 
then, it's legal to look at it under 2(5)  :)


-- Peter Fairbrother