No subject
Fri Sep 3 00:05:41 BST 2010
the bottle-neck in this process. The last time I=92ve checked (April 2009) =
the
slowest bit in the process was getting all the required paperwork and
approvals, the time waiting for the human operator to gather the data and t=
o
respond. In cases where somebody=92s life was endangered an investigator wo=
uld
sill have to wait minimum of 30min to get location data. While the process
is well defined, and all the approvals are necessary, it could benefit from
automation. As far as I am aware the police have automated access to
subscriber data only, while all other data needs to be requested by the
Single Point of Contact.
>> I have set-up an on-line
>> questionnaire which aims to evaluate different approaches that
>> police and other public authorities could use to gather data faster
>> while respecting privacy.
>hmmm... unless I went through it too fast, it suggested just two
>approaches. One was the high-cost, high-risk data warehousing approach
>that the government has floated from time to time; and a second vaguely
>described method which sounded like one of the information theoretic
>privacy preserving database access systems... a triumph of carbon
>emissions over common sense :(
You are right these are two main approaches discussed. If somebody would
like to propose another alternative I would be happy to discuss. I am not
one of the conspiracy theorists and I think that the current system works
well, but could be faster. However, the government is about to change the
process that works towards a more intrusive approach. This is my motivation
for seeking an alternative. I agree that an ordinary information theoretic
privacy preserving approach is a triumph of carbon emission over common
sense, for this reason I suggest hiding identity of the suspect not among
the whole population, but in a group of a thousand or so identities.
For example:
The list of telephone numbers owned by any given telephony provider is
public. This is required for the call routing to work properly.
Consequently, the investigators could request from a given CSP a list of al=
l
active telephone numbers. Wanting to request traffic data for a given numbe=
r
the investigators (or the SPoC) could randomly choose 999 other telephone
numbers from the list, and this way request a thousand records to be
included in a round of a given private information retrieval protocol. As
you have said the ISP=92s systems are very efficient and a query requesting=
a
thousand records would most likely take just a fraction more time than a
query requesting one record. Then processing of these records by a
privacy-preserving protocol would most likely take just a minute or two.
Investigators frequently use data from CSPs and other 3rd parties, however,
from the perspective of computing these requests are seldom. Thus, in my
opinion few request per week that are going to take two minutes more to
process are not a large price to pay in order to increase privacy of all th=
e
parties involved.
> BTW: you might usefully discuss the retrieval system here, or point
> at papers -- since there's still a lot of people here with relevant
> knowledge of such mechanisms.
Here is a link to a paper I am currently working on:
http://www.evidence-acquisition.org/surveyitems/Minimising_Collateral_Damag=
e.doc
It is not yet finalised but so I would be grateful for any feedback.
As a response to a question asked by one of the respondents I would like to
reassure members of the group that this is purely academic research and I a=
m
not intending to sell the solution described. All previous work that I base
my research at, as well as my work is in the public domain.
Many thanks,
Zbigniew Kwecka
--0016363b9a58fed52a04908f0010
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
<p class=3D"MsoNormal"><span lang=3D"EN-GB">Richard, thank you for the resp=
onse. Also,
many thanks to everybody who has taken part in the survey.<br>
<br>
>> =A0 =A0and other information available to selected public<br>
>> =A0 =A0authorities under the voluntary disclosure mechanism of
the Data<br>
>> =A0 =A0Protection Act,<br>
<br>
>seldom -- and the Home Office encourages ISPs to tell them when they ar=
e<br>
>asked for data under the DPA, so that the asker can be re-educated!<br>
<br>
My apologies for making the introduction a little bit confusing. I wanted i=
t to
be =93catchy=94 and short so I mainly mentioned ISPs, however, the same app=
lies to
other Communication Service Providers that are covered under RIPA. Accordin=
g to
senior police officers the forces routinely use location data from mobile c=
ommunication
providers during their investigations. I have also mentioned DPA since the
system can be used for data acquisition from any 3rd party, <span style=3D"=
mso-spacerun:yes">=A0</span>CSPs, but also employers, banks, etc.</span></p=
>
<p class=3D"MsoNormal"><span lang=3D"EN-GB"><br>
>> =A0 =A0but the current techniques for gathering data from<br>
>> =A0 =A0third-parties=A0(Internet Service Providers,
employers, etc.)=A0are<br>
>> =A0 =A0slow<br>
<br>
>varies -- some of the automated systems at the large ISPs are very fast=
;<br>
>and the manual systems at the small ISPs can also be fast because the<b=
r>
>enquiry is unusual and is therefore promptly dealt with.</span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB">From my talks to police it look=
s that the electronic
system of ISPs are not the bottle-neck in this process. The last time I=92v=
e checked
(April 2009) the slowest bit in the process was getting all the required
paperwork and approvals, the time waiting for the human operator to gather =
the data
and to respond. In cases where somebody=92s life was endangered an investig=
ator would
sill have to wait minimum of 30min to get location data. While the process =
is
well defined, and all the approvals are necessary, it could benefit from
automation. As far as I am aware the police have automated access to subscr=
iber
data only, while all other data needs to be requested by the Single Point o=
f
Contact. </span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB"><br>
>> =A0 =A0I have set-up an on-line<br>
>> =A0 =A0questionnaire which aims to evaluate different approaches
that<br>
>>=A0 =A0police and other public authorities could use to gather
data faster<br>
>> =A0 =A0while respecting privacy.<br>
<br>
>hmmm... unless I went through it too fast, it suggested just two<br>
>approaches. One was the high-cost, high-risk data warehousing approach<=
br>
>that the government has floated from time to time; and a second vaguely=
<br>
>described method which sounded like one of the information theoretic<br=
>
>privacy preserving database access systems... =A0a triumph of carbon<br=
>
>emissions over common sense :(<br>
<br>
You are right these are two main approaches discussed. If somebody would li=
ke
to propose another alternative I would be happy to discuss. I am not one of=
the
conspiracy theorists and I think that the current system works well, but co=
uld
be faster. However, the government is about to change the process that work=
s towards
a more intrusive approach. This is my motivation for seeking an alternative=
. I
agree that an ordinary information theoretic privacy preserving approach is=
a
triumph of carbon emission over common sense, for this reason I suggest hid=
ing identity
of the suspect not among the whole population, but in a group of a thousand=
or
so identities. </span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB">For example:</span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB">The list of telephone numbers o=
wned by any
given telephony provider is public. This is required for the call routing t=
o
work properly. Consequently, the investigators could request from a given C=
SP a
list of all active telephone numbers. Wanting to request traffic data for a
given number the investigators (or the SPoC) could randomly choose 999 othe=
r
telephone numbers from the list, and this way request a thousand records to=
be included
in a round of a given private information retrieval protocol. As you have s=
aid
the ISP=92s systems are very efficient and a query requesting a thousand re=
cords
would most likely take just a fraction more time than a query requesting on=
e
record. Then processing of these records by a privacy-preserving protocol w=
ould
most likely take just a minute or two. Investigators frequently use data fr=
om
CSPs and other 3rd parties, however, from the perspective of computing thes=
e
requests are seldom. Thus, in my opinion few request per week that are goin=
g to
take two minutes more to process are not a large price to pay in order to
increase privacy of all the parties involved.</span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB"><br>
>=A0 =A0BTW: you might usefully discuss the retrieval system here, or
point<br>
=A0> =A0at papers -- since there's still a lot of people here with
relevant<br>
=A0> =A0knowledge of such mechanisms.<br>
<br>
Here is a link to a paper I am currently working on:</span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB"><a href=3D"http://www.evidence-=
acquisition.org/surveyitems/Minimising_Collateral_Damage.doc">http://www.ev=
idence-acquisition.org/surveyitems/Minimising_Collateral_Damage.doc</a></sp=
an></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB">It
is not yet finalised but so I would be grateful for any feedback.</span></p=
>
<p class=3D"MsoNormal"><span lang=3D"EN-GB"><br></span></p><p class=3D"MsoN=
ormal"><span lang=3D"EN-GB">As a response to a question asked by one of
the respondents I would like to reassure members of the group that this is =
purely
academic research and I am not intending to sell the solution described. Al=
l
previous work that I base my research at, as well as my work is in the publ=
ic
domain.=A0</span></p><p class=3D"MsoNormal"><span lang=3D"EN-GB"><br></span=
></p><p class=3D"MsoNormal"><span lang=3D"EN-GB">Many thanks,</span></p><p =
class=3D"MsoNormal"><span lang=3D"EN-GB"><br></span></p><p class=3D"MsoNorm=
al"><span lang=3D"EN-GB">Zbigniew Kwecka</span></p>
--0016363b9a58fed52a04908f0010--
More information about the ukcrypto
mailing list