Who trusts a black box? (was RE: Mastering the Internet

Caspar Bowden ukcrypto at chiark.greenend.org.uk
Thu May 7 13:07:21 BST 2009 

>From: ukcrypto-admin@chiark.greenend.org.uk [mailto:ukcrypto-admin@chiark.=
greenend.org.uk] On Behalf Of Charles Lindsey
...
>In the case of GHCQ, there is NO public scrutiny, and if you want to move
>to another provider of National Secirity Services you have to change your
>domicile to a more liberal country (if you can find one).

Thought people would be interested in the earliest reference I can find to =
"black-box" in this context (see Sunday Times story 4/7/99 at end - gratefu=
l for earlier refs. See also http://www.fipr.org/publications/hoover.html)

Changed subject line to focus on the question of who trusts, because what I=
 had in mind in using the term in 1999 was to connote that if the operation=
 of the box was to be opaque to the ISP, then this ought to have regulatory=
 consequences. It is what I had in mind when I argued during RIPA in 2000 t=
hat the Interception Commissioner ought to have a right to "reliable and ve=
rifiable technical means" of fulfilling his duties (i.e. getting to the bot=
tom of whatever is going on).

A suitable amendment was put, and Bassam accepted the principle to deflect =
a vote
http://www.publications.parliament.uk/pa/ld199900/ldhansrd/vo000619/text/00=
619-04.htm
"Amendment No. 50A aims to respond to concerns that some people have expres=
sed relating to the practical difficulty for the interception commissioner =
in carrying out his duties in the face of what we would all agree are consi=
derable technical complexities relating to interception systems. The commis=
sioner's role in that regard is clearly important and any difficulties he e=
ncountered in checking the use made of the system would be of tremendous co=
ncern to us all.
It would therefore seem sensible to include in the Bill provision for notic=
es to specify or describe a requirement along the lines of the amendment. I=
 trust that noble Lords will be patient with us while we consider how best =
to word it. We take the point made in the amendment and I can give an assur=
ance and a commitment today that we shall give the issue careful considerat=
ion and return to it at Report stage"

However when Bach later introduced the govt. amendment, he hoodwinked the H=
ouse.
http://www.publications.parliament.uk/pa/ld199900/ldhansrd/vo000712/text/00=
712-17.htm#00712-17_spnew0
"The noble Lord, Lord Phillips of Sudbury, spoke to Amendment No. 50A durin=
g the debate in Committee, an amendment which would have enabled notices to=
 specify what should be done to provide the commissioner with reliable and =
verifiable technical means of fulfilling his duties. I am sure that the nob=
le Lord will be pleased to hear that this amendment goes wider than that"

But the actual effect of this amendment was to provide a reason not to dest=
roy intercepts if the Commissioner might need to look at them. It provides =
no mechanism for the Commissioner to insist on technical features in black-=
boxes sufficient for the Commissioner (in his opinion) to trust their opera=
tion.

That's aside from the question of whether a Commissioner as currently const=
ructed can be up to the job anyway (with current modus operandi of rummagin=
g in filing cabinets informed by helpful explanations from the jolly dedica=
ted chaps he is "overseeing").

--
Caspar Bowden


Net operators fear becoming unpaid spies
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Sunday Times 4/7/99
http://www.sunday-times.co.uk/news/pages/sti/99/07/04/stiinnnws01003.html?1=
046120
(dead URL and Times archive seems to have gap 1985-2000)

THE internet community is to protest to the Home Office on Tuesday over pro=
posed e-mail and phone-tapping laws they say will turn internet service pro=
viders (ISPs) into unpaid spies, writes Sean Hargrave.

Representatives from the Internet Service Providers' Association (Ispa) are=
 to meet a delegation of Home Office officials to clarify key parts of a co=
nsultation paper that paves the way for a new Interception of Communication=
s Act. The present act became law in 1985, before the advent of e-mail and =
web browsing, and industry and government agree the legislation needs to be=
 updated.

Ispa says the loose wording of the consultation paper will make ISPs legall=
y responsible for maintaining "an interception capability" for police and i=
ntelligence services.

Tim Pearson, chairman of Ispa, says the government should not expect net co=
mpanies to spy on their customers at the drop of a hat.

"What do they want from us?" he says. "Do they want a junction point where =
they can plug in their computers and tap an e-mail account, or do they want=
 us to do it for them?

"If it's the latter, which is not out of the question, they've got no idea =
of how much work that would entail. If they are expecting us to listen in t=
o a feed to, say, a large business, and pick out one person's e-mail traffi=
c then they've got no idea of how much hard work that will be.

"It would turn ISPs into foot soldiers of the intelligence forces. It would=
 mean an ISP's core competence would no longer be in providing communicatio=
n services for customers but in untangling those networks for the police."

The concern is mirrored in the organisation's pan-European body, Euro-Ispa.
Joe McNamee, a spokesman, says: "They just don't realise that tapping a pho=
ne is nothing like tapping somebody's online communications.

"People can now live their lives online - shopping, buying stocks, talking =
to friends, watching the news and carrying out research - and so tapping in=
to that is far more intrusive than a phone tap."

The net community says the consultation paper should have included improved=
 checks and balances to ensure people are not mistakenly tapped and those w=
ho are put under surveillance are informed after the investigation. However=
, no such improved safeguards have been offered.

There is also the question of cost. The Home Office is expecting ISPs to pr=
ovide and maintain the equipment needed to intercept online communications,=
 while the police will be expected to pick up the cost of individual invest=
igations. Civil-liberties groups are opposed to the consultation paper, not=
 only on the traditional ground of intrusion, but because the new act will =
still require warrants to be signed by the home secretary, rather than a ju=
dge.

"The proposals put us in the uncomfortable position of potentially followin=
g Russia's draconian lead," says Caspar Bowden, head of the Foundation for =
Information Policy Research. "The replacement for the KGB, the FSB, has put=
 a black box in every ISP, which they can use to tap e-mail accounts. It's =
a terrible violation of human rights."

The Home Office says it is not introducing new powers, but rather updating =
existing legislation. It does, however, admit that the proposals could cost=
 an ISP many thousands of pounds.

The consultation paper can be found at www.homeoffice.gov.uk. Responses to =
the document can be e-mailed to ioca@homeoffice.gsi.gov.uk

More information about the ukcrypto mailing list