Mastering the Internet

Peter Fairbrother ukcrypto at chiark.greenend.org.uk
Tue, 05 May 2009 21:19:47 +0100 

Roland Perry wrote:
> In article <49FE8503.2060301@zen.co.uk>, Peter Fairbrother 
> <zenadsl6186@zen.co.uk> writes
>> ** If you send any content along the wire to the "black box" you are 
>> making it available to the box and whoever controls or has access to 
>> the box, and you are therefore intercepting. If there isn't a relevant 
>> warrant or Order in place, it's illegal, no matter who asks you 
>> (politely) to do it. **
> 
> I think we may have had this debate before.
> 
> What you describe is not "making available" until the data flows. 

Sigh. Flows where? To GCHQ. or along the wire to the box?

(hint - the answer is the second one. In the first case, even if the box 
isn't switched on, it's still interception, as long as GCHQ control the 
switch.)

> Otherwise our intercept-ready telephone exchanges would be illegal.

In the old days, before computers, BT would shoo everyone out of an 
exchange, and a special BT repairman executive type would come in and 
install the hardware.

I don't know how today's intercept-ready telephone exchanges work 
though. Who controls when data is sent?

If it's BT then it's legal; but if GCHQ control when data is sent then 
it wouldn't be legal, even if no data is flowing [1].


[1] except perhaps because of the existence of a relevant Order - ref. 
3(3)(b) last part. I'm assuming an Order is an "enactment", but I'm not 
sure whether it's an "enactment relating to the use of postal services 
or telecommunications services".

[...]
> The permanent intercept capability can be operated by the CSP. 

But it can't be operated or controlled by GCHQ/whoever without illegally 
intercepting, unless perhaps there is an order in place. That's the 
point I'm trying to make.


>>>  Nevertheless, you might want to have a look at: "Regulation of 
>>> Investigatory Powers (Maintenance of Interception Capability) Order .
>>> 2002" 2002/1931 which does seem to have gone through Parliament 
>>> despite  your earlier assertion that no such orders had been laid.
>>
>> That doesn't cover black boxes, not even nearly.
> 
> It does if a "black box" is the way that the permanent intercept 
> capability has to implemented to be effective at a specific CSP. If the 
> CSP disagrees, that's what the TAB is for as an appeals mechanism.


I'm pretty sure the installation of a black box can't be imposed under 
that Order, and it wouldn't get as far as the TAB. I'll re-read it 
though, after I finish designing a "black box".

(BTW, any idea what hardware would be needed to strip from: IP addresses 
from a OC-192, compare them with a list of IP addresses, and output the 
packets which don't match?)

-- Peter Fairbrother