RIPA authorisations consultation response - no use of encryption ?
M J D Brown
mjdb at dorevale.demon.co.uk
Mon Nov 9 18:38:19 GMT 2009
Another question:
Though the obtaining of material for law enforcement purposes is exempt
from the usual Data Protection Act rules about otaining, processing, and
storing, is it the case that there is no duty of care about safeguarding
the personal data against unauthorised or inadvertent/improper
disclosure?
Mike.
----- Original Message -----
From: "IPTV" <iptv at gn.apc.org>
To: "UK Cryptography Policy Discussion Group"
<ukcrypto at chiark.greenend.org.uk>
Sent: Sunday, November 08, 2009 5:48 PM
Subject: RIPA authorisations consultation response - no use of
encryption ?
The law enforcement community/CSP are pretty much in the Dark Ages.
Professionally (as an expert witness) I have seen
and examined voluminous amounts RIPA s22 data
disclosures of communication data, call data and cellsite information.
The almost invariable practice is to sent data,
unencrypted, as CSV or XLS files. From CSP to
SPOC, and then on to everyone else. Only one
CSP routinely provides some encryption when
downloading data, but this is not preserved at the next stage.
As you might expect, the idea of generating and
sending hashes or another form of digital
signature to certify the integrity of the data has not found any hold.
When I made the obvious points to the Home
Office, the response was that it wasn't Chief Constables top priority.
--
More information about the ukcrypto
mailing list