From igb at batten.eu.org  Thu Aug 11 12:23:57 2011
From: igb at batten.eu.org (Ian Batten)
Date: Thu, 11 Aug 2011 12:23:57 +0100
Subject: Facebook/Twitter etc "bans"
Message-ID: <6B9A1A91-B954-4D02-B7DB-0D6625F50287@batten.eu.org>

The Prime Minister says:

> Mr Speaker, everyone watching these horrific actions will be stuck by how they were organised via social media.
> 
> Free flow of information can be used for good. But it can also be used for ill.
> 
> And when people are using social media for violence we need to stop them.
> 
> So we are working with the Police, the intelligence services and industry to look at whether it would be right to stop people communicating via these websites and services when we know they are plotting violence, disorder and criminality.
> 

It would be interesting to speculate how this might work.

ian



From lists at internetpolicyagency.com  Thu Aug 11 14:21:43 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Thu, 11 Aug 2011 14:21:43 +0100
Subject: Facebook/Twitter etc "bans"
In-Reply-To: <6B9A1A91-B954-4D02-B7DB-0D6625F50287@batten.eu.org>
References: <6B9A1A91-B954-4D02-B7DB-0D6625F50287@batten.eu.org>
Message-ID: <kNighdknd9QOFAHQ@perry.co.uk>

In article <6B9A1A91-B954-4D02-B7DB-0D6625F50287 at batten.eu.org>, Ian 
Batten <igb at batten.eu.org> writes
>> Mr Speaker, everyone watching these horrific actions will be stuck by how they were organised via social media.
>>
>> Free flow of information can be used for good. But it can also be used for ill.
>>
>> And when people are using social media for violence we need to stop them.
>>
>> So we are working with the Police, the intelligence services and industry to look at whether it would be right to stop people communicating
>>via these websites and services when we know they are plotting violence, disorder and criminality.
>
>It would be interesting to speculate how this might work.

Confiscating their Smartphones would be a start. But stopping them from 
buying a new one is much more difficult. Apart from doing targeted 
surveillance, how do they enforce bans against alleged hackers from 
Shetland accessing the Internet while on bail?

What can we learn from banning people from driving (given the prevalence 
of car analogies).
-- 
Roland Perry


From amidgley at gmail.com  Thu Aug 11 16:00:36 2011
From: amidgley at gmail.com (Adrian Midgley)
Date: Thu, 11 Aug 2011 16:00:36 +0100
Subject: Facebook/Twitter etc "bans"
In-Reply-To: <6B9A1A91-B954-4D02-B7DB-0D6625F50287@batten.eu.org>
References: <6B9A1A91-B954-4D02-B7DB-0D6625F50287@batten.eu.org>
Message-ID: <CAN2jWyjSfq4fEYjda0nj0QQr1e48vuQJJLWx029ty91p+HC2jA@mail.gmail.com>

On 11 August 2011 12:23, Ian Batten <igb at batten.eu.org> wrote:

>> So we are working with the Police, the intelligence services and industry to look at whether it would be right to stop people communicating via these websites and services when we know they are plotting violence, disorder and criminality.

RIPA already gives powers at least sufficient for reading their comms.
Surely it is more useful to read, and record, them and be inside their
decision-action loops and able to intercept them on the ground than
....

Perhaps it was conscious disinformation.
-- 
Adrian Midgley?? http://www.defoam.net/


From Andrew.Cormack at ja.net  Thu Aug 11 13:54:30 2011
From: Andrew.Cormack at ja.net (Andrew Cormack)
Date: Thu, 11 Aug 2011 12:54:30 +0000
Subject: Facebook/Twitter etc "bans"
In-Reply-To: <6B9A1A91-B954-4D02-B7DB-0D6625F50287@batten.eu.org>
References: <6B9A1A91-B954-4D02-B7DB-0D6625F50287@batten.eu.org>
Message-ID: <61E52F3A5532BE43B0211254F13883AE0BA1CC@EXC001>




> -----Original Message-----
> From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
> bounces at chiark.greenend.org.uk] On Behalf Of Ian Batten
> Sent: 11 August 2011 12:24
> To: UK Cryptography Policy Discussion Group
> Subject: Facebook/Twitter etc "bans"
> 
> The Prime Minister says:
> 
> > Mr Speaker, everyone watching these horrific actions will be stuck by
> how they were organised via social media.
> >
> > Free flow of information can be used for good. But it can also be
> used for ill.
> >
> > And when people are using social media for violence we need to stop
> them.
> >
> > So we are working with the Police, the intelligence services and
> industry to look at whether it would be right to stop people
> communicating via these websites and services when we know they are
> plotting violence, disorder and criminality.
> >
> 
> It would be interesting to speculate how this might work.
> 
> ian
> 

According to the BBC, some clue being displayed by Phil Wilson, Labour MP for Sedgefield:

"Social media not the prob. In Middle East it's used 2 bring down dictators here its used 2 coordinate looting. Its the users not the medium."

Andrew


From bdm at fenrir.org.uk  Thu Aug 11 14:43:13 2011
From: bdm at fenrir.org.uk (Brian Morrison)
Date: Thu, 11 Aug 2011 14:43:13 +0100
Subject: Facebook/Twitter etc "bans"
In-Reply-To: <6B9A1A91-B954-4D02-B7DB-0D6625F50287@batten.eu.org>
References: <6B9A1A91-B954-4D02-B7DB-0D6625F50287@batten.eu.org>
Message-ID: <20110811144313.00001ef8@surtees.fenrir.org.uk>

On Thu, 11 Aug 2011 12:23:57 +0100
Ian Batten <igb at batten.eu.org> wrote:

> The Prime Minister says:
> 
> > Mr Speaker, everyone watching these horrific actions will be stuck
> > by how they were organised via social media.
> > 
> > Free flow of information can be used for good. But it can also be
> > used for ill.
> > 
> > And when people are using social media for violence we need to stop
> > them.
> > 
> > So we are working with the Police, the intelligence services and
> > industry to look at whether it would be right to stop people
> > communicating via these websites and services when we know they are
> > plotting violence, disorder and criminality.
> > 
> 
> It would be interesting to speculate how this might work.
> 

I suspect that they will discover it is nearly impossible, and that the
effect of these communications is actually far less than has been
suggested.

-- 

Brian Morrison


From ukcrypto at sourcetagged.ian.co.uk  Thu Aug 11 17:40:53 2011
From: ukcrypto at sourcetagged.ian.co.uk (Ian Mason)
Date: Thu, 11 Aug 2011 17:40:53 +0100
Subject: Facebook/Twitter etc "bans"
In-Reply-To: <CAN2jWyjSfq4fEYjda0nj0QQr1e48vuQJJLWx029ty91p+HC2jA@mail.gmail.com>
References: <6B9A1A91-B954-4D02-B7DB-0D6625F50287@batten.eu.org>
	<CAN2jWyjSfq4fEYjda0nj0QQr1e48vuQJJLWx029ty91p+HC2jA@mail.gmail.com>
Message-ID: <1BE4D2AA-01B5-47B2-AE05-2B65AAA77612@sourcetagged.ian.co.uk>


On 11 Aug 2011, at 16:00, Adrian Midgley wrote:

> On 11 August 2011 12:23, Ian Batten <igb at batten.eu.org> wrote:
>
>>> So we are working with the Police, the intelligence services and  
>>> industry to look at whether it would be right to stop people  
>>> communicating via these websites and services when we know they  
>>> are plotting violence, disorder and criminality.
>
> RIPA already gives powers at least sufficient for reading their comms.
> Surely it is more useful to read, and record, them and be inside their
> decision-action loops and able to intercept them on the ground than
> ....
>
> Perhaps it was conscious disinformation.
> -- 
> Adrian Midgley   http://www.defoam.net/
>

The police have been putting out announcements about this, one of  
which I quote in its entirety here:

> Metropolitan Police Statement following rumours on Social Media
> Thursday 11th of August 2011
>
> ?We are aware of rumours circulating on social networks which are  
> untrue, unhelpful and intended to increase tension between  
> communities. Those involved in the violent disorder and thefts over  
> the past few days are not from any single race, religion or  
> community group. This is unnecessary and we urge people to stop  
> using recent events as an opportunity to cause unrest.
>
> ?We are pleased to see that communities are coming together as one  
> to reject the scenes of criminality we have seen over the past few  
> days
>
> ?The police and other authorities are tackling those involved and  
> are taking firm action in order to prevent crime, protect  
> communities and bring those involved before the courts.
>
> Anyone with information should call our incident room on 020 8345  
> 4142. Alternatively you can call the Crimestoppers charity  
> anonymously on 0800 555 111.

Note the "We are aware of rumours circulating on social networks which  
are untrue, unhelpful and intended to increase tension between  
communities.".  What they are alluding to is rumours circulating after  
the fatal shooting by the police of Mark Duggan. Notice that they  
don't talk of the use of social networks to plan rioting/looting.

Immediately after the shooting of Mark Duggan the police version of  
events centred on the facts that a police officer has been injured, a  
bullet recovered from his radio and a "non-police issue handgun" had  
been recovered at the scene. There was an implication in police  
briefings that Duggan had shot at police and been killed in self  
defence. What we know know is that a "planned" arrest was conducted in  
an incompetent fashion and the police managed to accidentally shoot  
themselves and kill a man who may well have been completely innocent  
of any aggression towards the police. I find it difficult to treat  
this as anything other than deliberate 'spin', particularly in the  
light of previous similar events such as the Stockwell shooting where  
the police have been seen to have been not merely economical with the  
truth but damn right miserly.

It seems to me that the police, and by extension the politician's  
concerns, are about controlling the desire of the common man to get to  
the truth in the face of an officialdom that is no longer trusted or  
believed. Consequentially I'm deeply suspicious of any moves to  
restrict people's access to communication in the name of maintaining  
law and order.

If for one moment I believed that the suggestion was to  
proportionately control dissemination of plans for criminal activity I  
would support it, but it isn't and I don't.

Ian

From roger at hayter.org  Thu Aug 11 22:20:44 2011
From: roger at hayter.org (Roger Hayter)
Date: Thu, 11 Aug 2011 22:20:44 +0100
Subject: Facebook/Twitter etc "bans"
In-Reply-To: <CAN2jWyjSfq4fEYjda0nj0QQr1e48vuQJJLWx029ty91p+HC2jA@mail.gmail.com>
References: <6B9A1A91-B954-4D02-B7DB-0D6625F50287@batten.eu.org>
	<CAN2jWyjSfq4fEYjda0nj0QQr1e48vuQJJLWx029ty91p+HC2jA@mail.gmail.com>
Message-ID: <q7ScyCBseEROFA86@kalahari.uninhabited.net>

In message 
<CAN2jWyjSfq4fEYjda0nj0QQr1e48vuQJJLWx029ty91p+HC2jA at mail.gmail.com>, 
Adrian Midgley <amidgley at gmail.com> writes
>On 11 August 2011 12:23, Ian Batten <igb at batten.eu.org> wrote:
>
>>> So we are working with the Police, the intelligence services and 
>>>industry to look at whether it would be right to stop people 
>>>communicating via these websites and services when we know they are 
>>>plotting violence, disorder and criminality.
>
>RIPA already gives powers at least sufficient for reading their comms.
>Surely it is more useful to read, and record, them and be inside their
>decision-action loops and able to intercept them on the ground than
>....
>
>Perhaps it was conscious disinformation.


There is already a system for the instant,  progressive, selective 
shutting out of users from the mobile phone networks.  A quoted reason 
for this is network overload, and reserving the system for officials, 
but this could have been dealt with by prioritisation rather than 
exclusion.  Equally, they have CleanFeed (or whatever) which can be used 
by BT and its downstream customers to block IP addresses, presumably 
instantly.  So they have the machinery to block both mobile and fixed 
line Internet messages.  They would no doubt find this more important in 
large political demonstrations rather than local looting where, as you 
say, it may be more useful to know where people are going.
-- 

Roger Hayter


From igb at batten.eu.org  Thu Aug 11 19:05:29 2011
From: igb at batten.eu.org (Ian Batten)
Date: Thu, 11 Aug 2011 19:05:29 +0100
Subject: Facebook/Twitter etc "bans"
In-Reply-To: <kNighdknd9QOFAHQ@perry.co.uk>
References: <6B9A1A91-B954-4D02-B7DB-0D6625F50287@batten.eu.org>
	<kNighdknd9QOFAHQ@perry.co.uk>
Message-ID: <A8078455-A9F4-4DF2-A4C7-C3F27D65C008@batten.eu.org>


On 11 Aug 2011, at 14:21, Roland Perry wrote:

> I
> Confiscating their Smartphones would be a start. But stopping them from buying a new one is much more difficult. Apart from doing targeted surveillance, how do they enforce bans against alleged hackers from Shetland accessing the Internet while on bail?

I don't think the idea was that it would be a punishment, rather than it would done preemptively on areas, or groups, or something before matters kicked off.  It's silly either way, but I suppose we should focus on the right sort of silly.\


ian

From Ross.Anderson at cl.cam.ac.uk  Fri Aug 12 08:20:28 2011
From: Ross.Anderson at cl.cam.ac.uk (Ross Anderson)
Date: Fri, 12 Aug 2011 08:20:28 +0100
Subject: Facebook/Twitter etc "bans"
Message-ID: <E1Qrm2e-0005zE-1f@mta0.cl.cam.ac.uk>

Adrian:

> Surely it is more useful to read, and record, them and be inside their
> decision-action loops and able to intercept them on the ground

I was fascinated to read that the RAF supplied three helicopters to
the police to help them track events.

I wonder whether these were tactical sigint units. Modern kit can
break A5/1 in tens of milliseconds, allowing real-time decryption of
all the channels in a cell, and with directional antennas an airborne
monitor can hoover up the traffic from quite a few cells at once.

What you really need is to know where the looters are headed now, not
where they were yesterday once Blackberry hand over the logs. 
Real-time traffic analysis, including location analysis, of everyone
in London, is much better done from an airborne platform than by 
serving paperwork on dozens of different communications service
providers

Ross


From lists at internetpolicyagency.com  Fri Aug 12 08:38:48 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Fri, 12 Aug 2011 08:38:48 +0100
Subject: Facebook/Twitter etc "bans"
In-Reply-To: <A8078455-A9F4-4DF2-A4C7-C3F27D65C008@batten.eu.org>
References: <6B9A1A91-B954-4D02-B7DB-0D6625F50287@batten.eu.org>
	<kNighdknd9QOFAHQ@perry.co.uk>
	<A8078455-A9F4-4DF2-A4C7-C3F27D65C008@batten.eu.org>
Message-ID: <5K4XAX6IiNROFAsA@perry.co.uk>

In article <A8078455-A9F4-4DF2-A4C7-C3F27D65C008 at batten.eu.org>, Ian 
Batten <igb at batten.eu.org> writes
>I don't think the idea was that it would be a punishment, rather than
>it would done preemptively on areas, or groups, or something before
>matters kicked off.

Sounds like a classic "white hat" vs "black hat" exercise. Switch off 
the guys with black hats and leave those with white hats to go about 
their business as normal.

We've seen this before when it comes to people trying to pretend they 
are over 18, or pretend they are under 18 (for different reasons, of 
course). If only you could reliably sort people into the right 
hat-wearing group it'd be simple.
-- 
Roland Perry


From benjamin at py-soft.co.uk  Fri Aug 12 17:11:09 2011
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Fri, 12 Aug 2011 17:11:09 +0100
Subject: Facebook/Twitter etc "bans"
In-Reply-To: <1BE4D2AA-01B5-47B2-AE05-2B65AAA77612@sourcetagged.ian.co.uk>
References: <6B9A1A91-B954-4D02-B7DB-0D6625F50287@batten.eu.org>
	<CAN2jWyjSfq4fEYjda0nj0QQr1e48vuQJJLWx029ty91p+HC2jA@mail.gmail.com>
	<1BE4D2AA-01B5-47B2-AE05-2B65AAA77612@sourcetagged.ian.co.uk>
Message-ID: <CAPqDu0O9jYWC8QdgdHrpEnrYtWvEBbb8DbaL3_NiWiO1OQbpBA@mail.gmail.com>

On 11 August 2011 17:40, Ian Mason <ukcrypto at sourcetagged.ian.co.uk> wrote:
> Immediately after the shooting of Mark Duggan the police version of events
> centred on the facts that a police officer has been injured, a bullet
> recovered from his radio and a "non-police issue handgun" had been recovered
> at the scene.

While fashionable to blame the police, the blame seems to rest
squarely with the IPCC for this[1]:

    Mark Duggan death: IPCC 'may have misled journalists'

    The police watchdog said there was no evidence Mr Duggan had fired at police
    The police watchdog has admitted it may have misled journalists
into believing police shooting victim Mark Duggan fired at officers
before he was killed.
    [...]

Ben

[1] http://www.bbc.co.uk/news/uk-england-london-14510329


From zenadsl6186 at zen.co.uk  Fri Aug 12 22:15:42 2011
From: zenadsl6186 at zen.co.uk (Peter Fairbrother)
Date: Fri, 12 Aug 2011 22:15:42 +0100
Subject: Facebook/Twitter etc "bans"
In-Reply-To: <E1Qrm2e-0005zE-1f@mta0.cl.cam.ac.uk>
References: <E1Qrm2e-0005zE-1f@mta0.cl.cam.ac.uk>
Message-ID: <4E4597FE.1080807@zen.co.uk>

Ross Anderson wrote:
> Adrian:
> 
>> Surely it is more useful to read, and record, them and be inside their
>> decision-action loops and able to intercept them on the ground
> 
> I was fascinated to read that the RAF supplied three helicopters to
> the police to help them track events.
> 
> I wonder whether these were tactical sigint units. Modern kit can
> break A5/1 in tens of milliseconds, allowing real-time decryption of
> all the channels in a cell, and with directional antennas an airborne
> monitor can hoover up the traffic from quite a few cells at once.
> 
> What you really need is to know where the looters are headed now, not
> where they were yesterday once Blackberry hand over the logs. 

Blackberry handing over logs, and the Police looking at them, would be 
legal of course, under RIPA S.1(5)(c).

BlackBerry Messenger archives open for inspection
http://www.theregister.co.uk/2011/08/09/bbm_riots/

However,as an aside, beginning with a quote from the above:

"When we asked RIM about this, the company provided the following 
statement: "Similar to other technology providers we comply with the 
Regulation of Investigatory Powers Act and co-operate fully with the 
Home Office and UK police forces" ? so one can be reasonably certain 
that even if it wasn't logging everything before, it is now."


But surely that would be illegal?

Starting to log traffic so that the Police can see the logs would 
undoubtedly be interception (either monitoring traffic or modifying the 
system or more probably both) and it would not be lawful under 3(3) afaics -

"(b)it takes place for purposes connected with the provision or 
operation of that service or with the enforcement, in relation to that 
service, of any enactment relating to the use of postal services or 
telecommunications services."



> Real-time traffic analysis, including location analysis, of everyone
> in London, is much better done from an airborne platform than by 
> serving paperwork on dozens of different communications service
> providers.

Unless the helicopters big enough to carry a signal analysis staff they 
would need to forward their electronic take elsewhere.

I expect the actual traffic analysis being done by helicopter is more to 
identify suspected looters and track them - more in keeping with Plod's 
vision, and probably just as effective.

-- Peter Fairbrother

> Ross
> 
> 



From lists at internetpolicyagency.com  Fri Aug 12 22:28:01 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Fri, 12 Aug 2011 22:28:01 +0100
Subject: Facebook/Twitter etc "bans"
In-Reply-To: <4E4597FE.1080807@zen.co.uk>
References: <E1Qrm2e-0005zE-1f@mta0.cl.cam.ac.uk> <4E4597FE.1080807@zen.co.uk>
Message-ID: <XBSsiJEhrZROFAIM@perry.co.uk>

In article <4E4597FE.1080807 at zen.co.uk>, Peter Fairbrother 
<zenadsl6186 at zen.co.uk> writes
>http://www.theregister.co.uk/2011/08/09/bbm_riots/
>
>However,as an aside, beginning with a quote from the above:
>
>"When we asked RIM about this, the company provided the following 
>statement: "Similar to other technology providers we comply with the 
>Regulation of Investigatory Powers Act and co-operate fully with the 
>Home Office and UK police forces" ? so one can be reasonably certain 
>that even if it wasn't logging everything before, it is now."
>
>But surely that would be illegal?
>
>Starting to log traffic so that the Police can see the logs would 
>undoubtedly be interception (either monitoring traffic or modifying the 
>system or more probably both) and it would not be lawful under 3(3) 
>afaics

I think there's a danger here of conflating traffic data and content. 
You can log traffic data without it being an interception.
-- 
Roland Perry


From Andrew.Cormack at ja.net  Sun Aug 14 17:03:45 2011
From: Andrew.Cormack at ja.net (Andrew Cormack)
Date: Sun, 14 Aug 2011 16:03:45 +0000
Subject: Facebook/Twitter etc "bans"
In-Reply-To: <XBSsiJEhrZROFAIM@perry.co.uk>
References: <E1Qrm2e-0005zE-1f@mta0.cl.cam.ac.uk>
	<4E4597FE.1080807@zen.co.uk> <XBSsiJEhrZROFAIM@perry.co.uk>
Message-ID: <61E52F3A5532BE43B0211254F13883AE0BBD62@EXC001>

> -----Original Message-----
> From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
> bounces at chiark.greenend.org.uk] On Behalf Of Roland Perry
> Sent: 12 August 2011 22:28
> To: ukcrypto at chiark.greenend.org.uk
> Subject: Re: Facebook/Twitter etc "bans"
> 
> In article <4E4597FE.1080807 at zen.co.uk>, Peter Fairbrother
> <zenadsl6186 at zen.co.uk> writes
> >http://www.theregister.co.uk/2011/08/09/bbm_riots/
> >
> >However,as an aside, beginning with a quote from the above:
> >
> >"When we asked RIM about this, the company provided the following
> >statement: "Similar to other technology providers we comply with the
> >Regulation of Investigatory Powers Act and co-operate fully with the
> >Home Office and UK police forces" ? so one can be reasonably certain
> >that even if it wasn't logging everything before, it is now."
> >
> >But surely that would be illegal?
> >
> >Starting to log traffic so that the Police can see the logs would
> >undoubtedly be interception (either monitoring traffic or modifying
> the
> >system or more probably both) and it would not be lawful under 3(3)
> >afaics
> 
> I think there's a danger here of conflating traffic data and content.
> You can log traffic data without it being an interception.
> --
> Roland Perry

If I'm reading it correctly RIPA s22(4)(a) may allow the police to order future collection of traffic data (but not content): "if the operator is not already in possession of the data, to obtain the data". I've never heard of that power being used, so maybe I've misunderstood and it just refers to fetching existing comms data from somewhere else?

Andrew


From zenadsl6186 at zen.co.uk  Sun Aug 14 23:34:18 2011
From: zenadsl6186 at zen.co.uk (Peter Fairbrother)
Date: Sun, 14 Aug 2011 23:34:18 +0100
Subject: Facebook/Twitter etc "bans"
In-Reply-To: <61E52F3A5532BE43B0211254F13883AE0BBD62@EXC001>
References: <E1Qrm2e-0005zE-1f@mta0.cl.cam.ac.uk>	<4E4597FE.1080807@zen.co.uk>
	<XBSsiJEhrZROFAIM@perry.co.uk>
	<61E52F3A5532BE43B0211254F13883AE0BBD62@EXC001>
Message-ID: <4E484D6A.3090707@zen.co.uk>

Andrew Cormack wrote:

>> In article <4E4597FE.1080807 at zen.co.uk>, Peter Fairbrother 
>> <zenadsl6186 at zen.co.uk> writes

>>> Logging traffic so that the Police can see the logs would
>>> undoubtedly be interception (either monitoring traffic or
>>> modifying the system or more probably both) and it would not
>>> be lawful under 3(3) afaics

> If I'm reading it correctly RIPA s22(4)(a) may allow the police to
> order future collection of traffic data (but not content): "if the
> operator is not already in possession of the data, to obtain the
> data". I've never heard of that power being used, so maybe I've
> misunderstood and it just refers to fetching existing comms data from
> somewhere else?

AFAICS it includes ordering the collection of future data - after all 
the orders are dated and last 4 weeks, and can be renewed, so that may 
well be the intention - and indeed I think it has in the past been used 
for that purpose.

However since the ISPs started to keep traffic/comms data anyway, there 
isn't a great deal of point now.


There are a raft of regulations about the use of s.22(4), which may
have made using it in that way a little problematic.


-- Peter Fairbrother



From lists at internetpolicyagency.com  Mon Aug 15 09:50:27 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Mon, 15 Aug 2011 09:50:27 +0100
Subject: Facebook/Twitter etc "bans"
In-Reply-To: <61E52F3A5532BE43B0211254F13883AE0BBD62@EXC001>
References: <E1Qrm2e-0005zE-1f@mta0.cl.cam.ac.uk> <4E4597FE.1080807@zen.co.uk>
	<XBSsiJEhrZROFAIM@perry.co.uk>
	<61E52F3A5532BE43B0211254F13883AE0BBD62@EXC001>
Message-ID: <p89zdCiT3NSOFAV9@perry.co.uk>

In article <61E52F3A5532BE43B0211254F13883AE0BBD62 at EXC001>, Andrew 
Cormack <Andrew.Cormack at ja.net> writes
>If I'm reading it correctly RIPA s22(4)(a) may allow the police to 
>order future collection of traffic data (but not content): "if the 
>operator is not already in possession of the data, to obtain the data". 
>I've never heard of that power being used, so maybe I've misunderstood 
>and it just refers to fetching existing comms data from somewhere else?

I've always understood it to mean "turn on logging if you have it", but 
not having to install anything new - which is covered by the wording "A 
notice must not place a CSP under a duty to do anything which is not 
reasonably practicable for the CSP to do." in the Code of Practice.

And it continues: "CSPs cannot necessarily or reasonably edit or bespoke 
their systems to take account of every possible variation of what may be 
specified in notices." These are referring back to 22(7) in the Act.
-- 
Roland Perry


From igb at batten.eu.org  Mon Aug 15 09:57:59 2011
From: igb at batten.eu.org (Ian Batten)
Date: Mon, 15 Aug 2011 09:57:59 +0100
Subject: Recovery of "Deleted" Email
Message-ID: <BF6C6F5D-EDEE-4EE6-832E-5069A977D3C3@batten.eu.org>

I was asked this question yesterday:

If two people, communicating via ordinary commercial webmail services, exchange unencrypted email, and they both then delete the messages using the normal deletion facilities the providers' usual interfaces offer, how recoverable are the messages by a discovery motion?

His contention was that, for practical purposes, a sufficiently resourced adversary all email is discoverable indefinitely, or, alternatively, you cannot know that it is not discoverable at any specific point in time.  

My suspicion is that commercial providers don't take their whole email float to tape, and therefore "at some point" (where that point is ill-defined) the email will not be recoverable even with forensic tools, so the position is "you cannot know when, but it will become non-discoverable within a year or so of notional deletion".  I'm assuming that service providers buy disk on demand, so over time "older" storage will fill and overwrite deleted items.    But I may well be being naive.

ian

From peter at pmsommer.com  Mon Aug 15 10:30:59 2011
From: peter at pmsommer.com (Peter Sommer)
Date: Mon, 15 Aug 2011 10:30:59 +0100
Subject: Recovery of "Deleted" Email
In-Reply-To: <BF6C6F5D-EDEE-4EE6-832E-5069A977D3C3@batten.eu.org>
References: <BF6C6F5D-EDEE-4EE6-832E-5069A977D3C3@batten.eu.org>
Message-ID: <4E48E753.5020308@pmsommer.com>

On 15/08/2011 09:57, Ian Batten wrote:
> I was asked this question yesterday:
>
> If two people, communicating via ordinary commercial webmail services, exchange unencrypted email, and they both then delete the messages using the normal deletion facilities the providers' usual interfaces offer, how recoverable are the messages by a discovery motion?


In the UK we use the word "disclosure" rather than the US "discovery".

Rather than looking at pure technical feasibility you need to start with 
the legal obligations, which for civil purposes appear at CPR 31: 
http://www.justice.gov.uk/guidance/courts-and-tribunals/courts/procedure-rules/civil/contents/parts/part31.htm#IDAALGT

There is only an obligation to list something as available for 
disclosure if the document is in the control of the party. There is also 
a proportionality test: to the issues in the case and to cost.

Standard disclosure ? what documents are to be disclosed
31.6

Standard disclosure requires a party to disclose only ?

(a) the documents on which he relies; and

(b) the documents which ?

(i) adversely affect his own case;

(ii) adversely affect another party?s case; or

(iii) support another party?s case; and

(c) the documents which he is required to disclose by a relevant 
practice direction.

Duty of search
31.7

(1) When giving standard disclosure, a party is required to make a 
reasonable search for documents falling within rule 31.6(b) or (c).

(2) The factors relevant in deciding the reasonableness of a search 
include the following ?

(a) the number of documents involved;

(b) the nature and complexity of the proceedings;

(c) the ease and expense of retrieval of any particular document; and

(d) the significance of any document which is likely to be located 
during the search.

(3) Where a party has not searched for a category or class of document 
on the grounds that to do so would be unreasonable, he must state this 
in his disclosure statement and identify the category or class of document


But there may be arguments, depending on the precise circumstances, 
about why certain emails likely to have existed, have been deleted.

There may also be an opportunity to obtain the emails, or see if they 
exist, via a Norwich Pharmacal Order. However enforcement might be 
tricky of the email provider does not have a presence in UK 
jurisdiction. And in any event you would also need to show that the 
email provider was somehow a participant, albeit innocent, in the 
circumstances surrounding the litigation. (Can be done in piracy cases 
where IP addresses are sought from an ISP as the ISP is facilitating the 
publication/distribution; rather more difficult with pure email)


Peter Sommer

On 15/08/2011 09:57, Ian Batten wrote:
> I was asked this question yesterday:
>
> If two people, communicating via ordinary commercial webmail services, exchange unencrypted email, and they both then delete the messages using the normal deletion facilities the providers' usual interfaces offer, how recoverable are the messages by a discovery motion?
>
> His contention was that, for practical purposes, a sufficiently resourced adversary all email is discoverable indefinitely, or, alternatively, you cannot know that it is not discoverable at any specific point in time.
>
> My suspicion is that commercial providers don't take their whole email float to tape, and therefore "at some point" (where that point is ill-defined) the email will not be recoverable even with forensic tools, so the position is "you cannot know when, but it will become non-discoverable within a year or so of notional deletion".  I'm assuming that service providers buy disk on demand, so over time "older" storage will fill and overwrite deleted items.    But I may well be being naive.
>
> ian
>
>
> -----
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 10.0.1392 / Virus Database: 1520/3834 - Release Date: 08/14/11
>
>
>


-- 
THE INFORMATION CONTAINED IN THIS E-MAIL IS CONFIDENTIAL AND LEGALLY PRIVILEGED.  IT IS INTENDED ONLY FOR THE ADDRESSEE NAMED ABOVE. IF YOU ARE NOT THE ADDRESSEE ANY DISTRIBUTION, COPYING OR DISCLOSURE OF THIS E-MAIL IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED IT IN ERROR PLEASE NOTIFY THE SENDER BY E-MAIL IMMEDIATELY AND DESTROY THE ORIGINAL



From clive at davros.org  Mon Aug 15 12:52:22 2011
From: clive at davros.org (Clive D.W. Feather)
Date: Mon, 15 Aug 2011 12:52:22 +0100
Subject: Recovery of "Deleted" Email
In-Reply-To: <4E48E753.5020308@pmsommer.com>
References: <BF6C6F5D-EDEE-4EE6-832E-5069A977D3C3@batten.eu.org>
	<4E48E753.5020308@pmsommer.com>
Message-ID: <20110815115222.GC34309@davros.org>

Peter Sommer said:
> There may also be an opportunity to obtain the emails, or see if they 
> exist, via a Norwich Pharmacal Order. However enforcement might be 
> tricky of the email provider does not have a presence in UK 
> jurisdiction. And in any event you would also need to show that the 
> email provider was somehow a participant, albeit innocent, in the 
> circumstances surrounding the litigation. (Can be done in piracy cases 
> where IP addresses are sought from an ISP as the ISP is facilitating the 
> publication/distribution; rather more difficult with pure email)

Huh?

The ISP is not facilitating the publication/distribution, at least not in any
sense implying reponsibility. ISP policy has been not to contest a Norwich
Pharmacal order for identity; there is no admission of any involvement
other than completely innocent technical activity. They are, however, a
party where "without certain action on their part the infringements could
never have been committed" (to quote Lord Reith) and thus a valid subject
for such an order. The distinction is against "a person who las no other
connection with the wrong than that he was a spectator or has some document
relating to it in his possession"; discovery can't be ordered against such
a person.

In Ian's question, the webmail operator surely comes into the first class
and not the second.

However, I don't think the precedent in Norwich Pharmacal stretches that
far. In paragraph 100 Lord Cross writes "In the first place, there is a
clear distinction between simply asking for the name of a person whom you
wish to make a defendant and asking for evidence. This case has nothing to
do with the collection of evidence.". In other words (in my opinion) a
Norwich Pharamcal order can *only* be for the disclosure of identity, and
nothing more.

By the way:

> In the UK we use the word "disclosure" rather than the US "discovery".

The House of Lords used both terms.

<http://www.bailii.org/uk/cases/UKHL/1973/6.html>

-- 
Clive D.W. Feather          | If you lie to the compiler,
Email: clive at davros.org     | it will get its revenge.
Web: http://www.davros.org  |   - Henry Spencer
Mobile: +44 7973 377646


From clive at davros.org  Mon Aug 15 10:35:16 2011
From: clive at davros.org (Clive D.W. Feather)
Date: Mon, 15 Aug 2011 10:35:16 +0100
Subject: Recovery of "Deleted" Email
In-Reply-To: <BF6C6F5D-EDEE-4EE6-832E-5069A977D3C3@batten.eu.org>
References: <BF6C6F5D-EDEE-4EE6-832E-5069A977D3C3@batten.eu.org>
Message-ID: <20110815093516.GB34309@davros.org>

Ian Batten said:
> If two people, communicating via ordinary commercial webmail services, exchange unencrypted email, and they both then delete the messages using the normal deletion facilities the providers' usual interfaces offer, how recoverable are the messages by a discovery motion?
> 
> His contention was that, for practical purposes, a sufficiently resourced adversary all email is discoverable indefinitely, or, alternatively, you cannot know that it is not discoverable at any specific point in time.  
> 
> My suspicion is that commercial providers don't take their whole email float to tape, and therefore "at some point" (where that point is ill-defined) the email will not be recoverable even with forensic tools, so the position is "you cannot know when, but it will become non-discoverable within a year or so of notional deletion".  I'm assuming that service providers buy disk on demand, so over time "older" storage will fill and overwrite deleted items.    But I may well be being naive.

Email churns a *lot* - from memory, at Demon the mean lifetime of a
message in the mailstore was 2 to 3 days, meaning that 30% to 50% of the
files would be less than a day old. In that environment, backups are
largely useless. Instead, you keep email on highly reliable filesystems and
pray that you don't get hit by the thousand-year error that destroys every
copy of a file.

I have no idea if that's current practice, but it still feels to me like
the best approach.

-- 
Clive D.W. Feather          | If you lie to the compiler,
Email: clive at davros.org     | it will get its revenge.
Web: http://www.davros.org  |   - Henry Spencer
Mobile: +44 7973 377646


From jon+ukcrypto at unequivocal.co.uk  Mon Aug 15 11:01:38 2011
From: jon+ukcrypto at unequivocal.co.uk (Jon Ribbens)
Date: Mon, 15 Aug 2011 11:01:38 +0100
Subject: Recovery of "Deleted" Email
In-Reply-To: <BF6C6F5D-EDEE-4EE6-832E-5069A977D3C3@batten.eu.org>
References: <BF6C6F5D-EDEE-4EE6-832E-5069A977D3C3@batten.eu.org>
Message-ID: <20110815100138.GJ30491@snowy.squish.net>

On Mon, Aug 15, 2011 at 09:57:59AM +0100, Ian Batten wrote:
> I was asked this question yesterday:
> 
> If two people, communicating via ordinary commercial webmail
> services, exchange unencrypted email, and they both then delete the
> messages using the normal deletion facilities the providers' usual
> interfaces offer, how recoverable are the messages by a discovery
> motion?

A discovery motion against who? If it's against one of the
correspondents then it seems to me that the messages are immediately
unrecoverable. There is nothing either of them can do to retrieve
the messages.

> His contention was that, for practical purposes, a sufficiently
> resourced adversary all email is discoverable indefinitely, or,
> alternatively, you cannot know that it is not discoverable at any
> specific point in time.  

If the discovery motion is against the webmail provider then,
unless the webmail provider has a specific system in place to
archive deleted messages for a period of time, then to all intents
and purposes I would think that the messages are immediately gone.

Unless we're talking about some kind of implausible Jack Bauer "the
nuclear bomb in a major city is about to explode and the location's
in the email" situation, nobody is going to take the entire webmail
system off-line and trawl through thousands of gibabytes of data
looking for some specific message.


From peter at pmsommer.com  Mon Aug 15 14:58:51 2011
From: peter at pmsommer.com (Peter Sommer)
Date: Mon, 15 Aug 2011 14:58:51 +0100
Subject: Recovery of "Deleted" Email
In-Reply-To: <20110815115222.GC34309@davros.org>
References: <BF6C6F5D-EDEE-4EE6-832E-5069A977D3C3@batten.eu.org>	<4E48E753.5020308@pmsommer.com>
	<20110815115222.GC34309@davros.org>
Message-ID: <4E49261B.7030405@pmsommer.com>

Norwich Pharmacal is a 1974 House of Lords case.

CPR31 refers to "Disclosure" and PD31B,  which came into force in 
October 2010,  covers "Disclosure of Electronic Documents"

"Facilitating" does not mean "responsibility".  Indeed if it did then 
the appropriate route would be to join the third party with the 
information to the action as as a joint tortfeasor.  The whole point is 
that a NPO can be made, at the discretion of the judge, if the object of 
the order is likely to have information without which the main action 
cannot succeed,  the information is not available elsewhere,  and it is 
in the interests of justice.

But NPOs are a side issue in the circumstances Ian Batten was raising;  
I just thought I ought to dispose of it in case some-one thought that it 
might assist.


Peter Sommer




From fjmd1a at gmail.com  Mon Aug 15 14:08:10 2011
From: fjmd1a at gmail.com (Francis Davey)
Date: Mon, 15 Aug 2011 14:08:10 +0100
Subject: Recovery of "Deleted" Email
In-Reply-To: <4E48E753.5020308@pmsommer.com>
References: <BF6C6F5D-EDEE-4EE6-832E-5069A977D3C3@batten.eu.org>
	<4E48E753.5020308@pmsommer.com>
Message-ID: <CAEWR3kv+yNa8CeaFy84iqPYC4WKu4JpxudEK-_21a7DkRZN=fw@mail.gmail.com>

I think there's some confusion about the role of a Norwich Pharmacal Order.

NPO's are an exceptional remedy used to obtain pre-action disclosure
against a person who will not be a party to any subsequent claim.

Once a claim has been issued, things are different. The court then has
a power to make an order for disclosure against non-parties in a
broader range of circumstances than it would for an NPO. The relevant
rule is 31.17:

http://www.justice.gov.uk/guidance/courts-and-tribunals/courts/procedure-rules/civil/contents/parts/part31.htm#IDAWKTIC

As you will see there is no requirement for being caught up in the
action or facilitating or whatever as there migh tbe with an NPO.

Note that the duty of  "disclosure" is a duty to state whether a
document exists or has existed:

http://www.justice.gov.uk/guidance/courts-and-tribunals/courts/procedure-rules/civil/contents/parts/part31.htm#IDAALGT

This point is often missed - to my exasperation sometimes. You may be
under a duty to disclose documents that you have deleted - and rule
31.17 gives one example of why that might be useful because, while no
order for inspection would be made against you (logically because you
no longer have the document) it may still be obtainable.

So, the court has ample powers to get hold of a document if you really need it.

Francis


From igb at batten.eu.org  Mon Aug 15 16:25:58 2011
From: igb at batten.eu.org (Ian Batten)
Date: Mon, 15 Aug 2011 16:25:58 +0100
Subject: Recovery of "Deleted" Email
In-Reply-To: <20110815093516.GB34309@davros.org>
References: <BF6C6F5D-EDEE-4EE6-832E-5069A977D3C3@batten.eu.org>
	<20110815093516.GB34309@davros.org>
Message-ID: <B8DF0EE9-CF2F-4897-A65C-063F16F2C771@batten.eu.org>


On 15 Aug 11, at 1035, Clive D.W. Feather wrote:
> 
> Email churns a *lot* - from memory, at Demon the mean lifetime of a
> message in the mailstore was 2 to 3 days, meaning that 30% to 50% of the
> files would be less than a day old. 

Although to be fair, back in the day that was a POP3 environment where the users downloaded the mail and deleted it from the server automatically (most POP3 client follow a RETR with a DELE unless you take special measures).  It will be different in either a webmail or an IMAP environment in which the users' primary copies reside on the server.

ian



From Ian.Johnson at uwe.ac.uk  Mon Aug 15 18:19:09 2011
From: Ian.Johnson at uwe.ac.uk (Ian Johnson)
Date: Mon, 15 Aug 2011 18:19:09 +0100
Subject: Recovery of "Deleted" Email
In-Reply-To: <B8DF0EE9-CF2F-4897-A65C-063F16F2C771@batten.eu.org>
References: <BF6C6F5D-EDEE-4EE6-832E-5069A977D3C3@batten.eu.org>
	<20110815093516.GB34309@davros.org>
	<B8DF0EE9-CF2F-4897-A65C-063F16F2C771@batten.eu.org>
Message-ID: <3CA1ACB7-A543-4E93-AE6F-7CD77AFA2B22@uwe.ac.uk>

As a very long term demon customer (since 95). I'm still using pop. Until adsl I used pure smtp for mail. Since pop3. As I collect mail on many devices, my main server is configured to download & delete, all of my other devices to just download. 

Ian 

--
irj at acm.org


On 15 Aug 2011, at 16:26, "Ian Batten" <igb at batten.eu.org> wrote:

> 
> On 15 Aug 11, at 1035, Clive D.W. Feather wrote:
>> 
>> Email churns a *lot* - from memory, at Demon the mean lifetime of a
>> message in the mailstore was 2 to 3 days, meaning that 30% to 50% of the
>> files would be less than a day old. 
> 
> Although to be fair, back in the day that was a POP3 environment where the users downloaded the mail and deleted it from the server automatically (most POP3 client follow a RETR with a DELE unless you take special measures).  It will be different in either a webmail or an IMAP environment in which the users' primary copies reside on the server.
> 
> ian
> 
> 
> 



From rich at annexia.org  Mon Aug 15 17:38:50 2011
From: rich at annexia.org (Richard W.M. Jones)
Date: Mon, 15 Aug 2011 17:38:50 +0100
Subject: Recovery of "Deleted" Email
In-Reply-To: <BF6C6F5D-EDEE-4EE6-832E-5069A977D3C3@batten.eu.org>
References: <BF6C6F5D-EDEE-4EE6-832E-5069A977D3C3@batten.eu.org>
Message-ID: <20110815163850.GA17853@annexia.org>

On Mon, Aug 15, 2011 at 09:57:59AM +0100, Ian Batten wrote:
> I was asked this question yesterday:

> If two people, communicating via ordinary commercial webmail
> services, exchange unencrypted email, and they both then delete the
> messages using the normal deletion facilities the providers' usual
> interfaces offer, how recoverable are the messages by a discovery
> motion?
> 
> His contention was that, for practical purposes, a sufficiently
> resourced adversary all email is discoverable indefinitely, or,
> alternatively, you cannot know that it is not discoverable at any
> specific point in time.
[...]

When I wrote/helped to admin one of the lesser known UK webmail
services, it worked like I describe below.  Whether or not this is how
all webmail services work, I have no idea.  There's quite a lot of
information available about how gmail works: look for descriptions of
"Google File System" as a start.

The email system I worked on:

There were three implementations of the email service.  The first was
based on Lotus Notes, and I won't go into that horror.

The second implementation stored the emails themselves as BLOBs in a
regular SQL database.  We also extracted metadata from the emails
(IIRC it was: From, To, Subject, CC, Date), and stored those
separately in another SQL table.

The database was stored on identical mirrored database servers, each
server having mirrored disks (RAID1 or similar).  Thus in theory there
were 4 copies of each piece of data.  In addition, the whole database
was backed up regularly using a tape library, on regular DDS-4.  I
don't recall how long the full rotation of the backups were, but it
would have been something of the order of months and under a year.

When an email was deleted in the UI, it was deleted from the SQL
database virtually instantly (before the user would have seen the next
web page load).  The SQL database replication would have happened
within a few seconds, so the mirror would also be deleted pretty much
instantaneously.  The data itself probably still existed on disk or in
SQL logs, but was pretty much unrecoverable from there without
forensic tools.

It turned out (rather obviously in hindsight) that storing emails as
BLOBs is both hugely expensive and very slow.  In the third
implementation of the webmail service we migrated all of the email off
the database into a regular ext2 (or ext3??) filesystem.  The file
servers were SCSI disks arranged in RAID 5 using Linux softraid with a
number of hot and cold spares.

The email was stored in qmail Maildir format directories, one per user
per mailbox.  The SQL database still contained metadata fields (To,
From, Subject etc).

In the third impl, deleting a message in the UI would delete both the
disk file and the SQL metadata.  The disk file would probably have
been more easily recoverable using a forensic tool, but also the rate
of writes to these disks was very high and I doubt that deleted emails
would have been recoverable for very long.

The tape backup still existed, and in theory could have been
recovered.  *However* I don't think we ever went to the backup for any
law enforcement requests.  I don't think we would have done unless it
was an extraordinarily serious case, because the only way we could
have done it (for the second impl) would be to sever the SQL mirrors,
and restore the backup onto one of those mirrors (because we didn't
have enough storage to restore it anywhere else).

For the third impl I'm less certain because I wasn't directly involved
in those backups, but they might have been able to restore individual
files.

I don't think the question of deleted emails ever came up in any law
enforcement request that I can remember.

Rich.


From rich at annexia.org  Mon Aug 15 17:41:56 2011
From: rich at annexia.org (Richard W.M. Jones)
Date: Mon, 15 Aug 2011 17:41:56 +0100
Subject: Recovery of "Deleted" Email
In-Reply-To: <20110815163850.GA17853@annexia.org>
References: <BF6C6F5D-EDEE-4EE6-832E-5069A977D3C3@batten.eu.org>
	<20110815163850.GA17853@annexia.org>
Message-ID: <20110815164156.GA18154@annexia.org>


Is there a reason why the greylisting to this mailing list has such
silly settings?  For a start it forgets (IP, From) pairs after some
time, something that you should *never* do.

2011-08-15 17:38:54 1Qt0Be-0004iB-LN == ukcrypto at chiark.greenend.org.uk R=dnslookup T=remote_smtp defer (-44): SMTP error from remote mail server after RCPT TO:<ukcrypto at chiark.greenend.org.uk>: host mx-relay.chiark.greenend.org.uk [212.13.197.229]: 450 Site not yet trusted, try later [Irritated]


Rich.


From fw at deneb.enyo.de  Mon Aug 15 20:27:48 2011
From: fw at deneb.enyo.de (Florian Weimer)
Date: Mon, 15 Aug 2011 21:27:48 +0200
Subject: Recovery of "Deleted" Email
In-Reply-To: <20110815100138.GJ30491@snowy.squish.net> (Jon Ribbens's message
	of "Mon, 15 Aug 2011 11:01:38 +0100")
References: <BF6C6F5D-EDEE-4EE6-832E-5069A977D3C3@batten.eu.org>
	<20110815100138.GJ30491@snowy.squish.net>
Message-ID: <87aabazd8r.fsf@mid.deneb.enyo.de>

* Jon Ribbens:

> If the discovery motion is against the webmail provider then,
> unless the webmail provider has a specific system in place to
> archive deleted messages for a period of time, then to all intents
> and purposes I would think that the messages are immediately gone.

"Immediately" is rather unlikely.  In many systems, deleted data is
just marked as deleted and not yet physically overwritten.

In addition, providers offering multiple gigabytes of free mail
storage are not likely to optimize for message deletion.  For small
messages, it might make sense to compress many of them together in a
single data block.


From jon+ukcrypto at unequivocal.co.uk  Tue Aug 16 11:45:22 2011
From: jon+ukcrypto at unequivocal.co.uk (Jon Ribbens)
Date: Tue, 16 Aug 2011 11:45:22 +0100
Subject: Recovery of "Deleted" Email
In-Reply-To: <87aabazd8r.fsf@mid.deneb.enyo.de>
References: <BF6C6F5D-EDEE-4EE6-832E-5069A977D3C3@batten.eu.org>
	<20110815100138.GJ30491@snowy.squish.net>
	<87aabazd8r.fsf@mid.deneb.enyo.de>
Message-ID: <20110816104522.GP30491@snowy.squish.net>

On Mon, Aug 15, 2011 at 09:27:48PM +0200, Florian Weimer wrote:
> * Jon Ribbens:
> > If the discovery motion is against the webmail provider then,
> > unless the webmail provider has a specific system in place to
> > archive deleted messages for a period of time, then to all intents
> > and purposes I would think that the messages are immediately gone.
> 
> "Immediately" is rather unlikely.  In many systems, deleted data is
> just marked as deleted and not yet physically overwritten.

Obviously. However my point was that the location of where that email
data was on which disk may well be [near-]instantaneously lost, and
that in a situation where you have thousands of gigabytes of
constantly-changing data to search through to find it, recovering it
may be, to all intents and purposes, unachievable.


From tugwilson at gmail.com  Mon Aug 22 19:44:30 2011
From: tugwilson at gmail.com (John Wilson)
Date: Mon, 22 Aug 2011 19:44:30 +0100
Subject: Shopping centre uses mobile phone data to "monitor visitor levels"
Message-ID: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>

I noticed this sign on London today
https://plus.google.com/108026745568270153735/posts/VF8hLKRkX4q

Any idea precisely what they are collecting?


John Wilson


From tony.naggs at googlemail.com  Mon Aug 22 22:22:09 2011
From: tony.naggs at googlemail.com (Tony Naggs)
Date: Mon, 22 Aug 2011 14:22:09 -0700
Subject: Shopping centre uses mobile phone data to "monitor visitor levels"
In-Reply-To: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>
References: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>
Message-ID: <CAK0b=2eppT1C1u-S2niDg507zZSqoqiinH-ERgnxqsvwUZxS1Q@mail.gmail.com>

Sounds like what is done at som shopping Malls, I think maybe Bluewater was
mentioned before. (I apologise for not digging out references, but I'm out
about writing from my mobile phone.)

Basically the mobile network signalling within the shopping mall is
monitored (using software defined radio hardware & open source software).
When a phone registers with a network it gets a temporary device ids (a
TIMSI if I remember correctly), and these are recorded so the the Mall
owners can gather statistics on the routes people take through the mall, how
long they spend in stores, at the food court, etc.. and see how in Mall
events such as fashion shows, Santa's grotto etc affect behaviour. They
should not at any point have any information that would identify actual
people.

ttfn,
Tony
On 22 Aug 2011 13:20, "John Wilson" <tugwilson at gmail.com> wrote:
> I noticed this sign on London today
> https://plus.google.com/108026745568270153735/posts/VF8hLKRkX4q
>
> Any idea precisely what they are collecting?
>
>
> John Wilson
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20110822/73a253e4/attachment.htm>

From ml11009 at adreyer.com  Mon Aug 22 23:17:03 2011
From: ml11009 at adreyer.com (A. Dreyer (ukcrypto))
Date: Mon, 22 Aug 2011 23:17:03 +0100
Subject: Shopping centre uses mobile phone data to "monitor visitor levels"
In-Reply-To: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>
References: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>
Message-ID: <4E52D55F.8040405@adreyer.com>

On 22/08/11 19:44, John Wilson wrote:
> I noticed this sign on London today
> https://plus.google.com/108026745568270153735/posts/VF8hLKRkX4q
> 
> Any idea precisely what they are collecting?
> 
> 
> John Wilson

The picture also shows that they can't print their own address correctly
on public display...

(according to http://www.landsecurities.com/contact-us it is "5 Strand")


Achim Dreyer
Network Security Consultant


From tugwilson at gmail.com  Tue Aug 23 08:52:46 2011
From: tugwilson at gmail.com (John Wilson)
Date: Tue, 23 Aug 2011 08:52:46 +0100
Subject: Shopping centre uses mobile phone data to "monitor visitor levels"
In-Reply-To: <CAK0b=2eppT1C1u-S2niDg507zZSqoqiinH-ERgnxqsvwUZxS1Q@mail.gmail.com>
References: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>
	<CAK0b=2eppT1C1u-S2niDg507zZSqoqiinH-ERgnxqsvwUZxS1Q@mail.gmail.com>
Message-ID: <CAJkBBXWebKn54DRw9LdyWk_9-dJn0m9d2fJD2C2VtZbKidvtng@mail.gmail.com>

On 22 August 2011 22:22, Tony Naggs <tony.naggs at googlemail.com> wrote:
> Sounds like what is done at som shopping Malls, I think maybe Bluewater was
> mentioned before. (I apologise for not digging out references, but I'm out
> about writing from my mobile phone.)
>
> Basically the mobile network signalling within the shopping mall is
> monitored (using software defined radio hardware & open source software).
> When a phone registers with a network it gets a temporary device ids (a
> TIMSI if I remember correctly), and these are recorded so the the Mall
> owners can gather statistics on the routes people take through the mall, how
> long they spend in stores, at the food court, etc.. and see how in Mall
> events such as fashion shows, Santa's grotto etc affect behaviour. They
> should not at any point have any information that would identify actual
> people.


So they are collecting very fine grained location data for individual
phones. No doubt the towers log the information which would let you
turn a TIMISI into a telephone number. Handy if there's a riot.

I wonder how long the mall keeps the data

John Wilson


From james2 at jfirth.net  Tue Aug 23 10:22:32 2011
From: james2 at jfirth.net (James Firth)
Date: Tue, 23 Aug 2011 10:22:32 +0100
Subject: Shopping centre uses mobile phone data to "monitor visitor levels"
In-Reply-To: <CAJkBBXWebKn54DRw9LdyWk_9-dJn0m9d2fJD2C2VtZbKidvtng@mail.gmail.com>
References: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>	<CAK0b=2eppT1C1u-S2niDg507zZSqoqiinH-ERgnxqsvwUZxS1Q@mail.gmail.com>
	<CAJkBBXWebKn54DRw9LdyWk_9-dJn0m9d2fJD2C2VtZbKidvtng@mail.gmail.com>
Message-ID: <001901cc6176$4d464db0$e7d2e910$@net>

> So they are collecting very fine grained location data for individual
> phones. No doubt the towers log the information which would let you
> turn a TIMISI into a telephone number. Handy if there's a riot.
> 

Isn't this capture of traffic data, and doesn't this require informed
consent.  ICO says:

"However, to obtain valid informed consent, the subscriber or user should be
given enough clear information for them to have a broad appreciation of how
the data is going to be used and the consequences of consenting to such use
(see the first principle in the guide to data protection). In light of this,
the service provider will not be able to rely on a blanket 'catch all'
statement on a bill or a website but must get specific informed consent..."

http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communication
s/the_guide/traffic_data.aspx

And isn't such a sign a real-world equivalent of a "blanket 'catch all'"...

James Firth




From tugwilson at gmail.com  Tue Aug 23 14:31:38 2011
From: tugwilson at gmail.com (John Wilson)
Date: Tue, 23 Aug 2011 14:31:38 +0100
Subject: Shopping centre uses mobile phone data to "monitor visitor levels"
In-Reply-To: <001901cc6176$4d464db0$e7d2e910$@net>
References: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>
	<CAK0b=2eppT1C1u-S2niDg507zZSqoqiinH-ERgnxqsvwUZxS1Q@mail.gmail.com>
	<CAJkBBXWebKn54DRw9LdyWk_9-dJn0m9d2fJD2C2VtZbKidvtng@mail.gmail.com>
	<001901cc6176$4d464db0$e7d2e910$@net>
Message-ID: <CAJkBBXVE47umpLTARCsmrErJcCOcRxFDn0RuL0z50-Zz_5miEQ@mail.gmail.com>

On 23 August 2011 10:22, James Firth <james2 at jfirth.net> wrote:
>> So they are collecting very fine grained location data for individual
>> phones. No doubt the towers log the information which would let you
>> turn a TIMISI into a telephone number. Handy if there's a riot.
>>
>
> Isn't this capture of traffic data, and doesn't this require informed
> consent. ?ICO says:
>
> "However, to obtain valid informed consent, the subscriber or user should be
> given enough clear information for them to have a broad appreciation of how
> the data is going to be used and the consequences of consenting to such use
> (see the first principle in the guide to data protection). In light of this,
> the service provider will not be able to rely on a blanket 'catch all'
> statement on a bill or a website but must get specific informed consent..."
>
> http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communication
> s/the_guide/traffic_data.aspx
>
> And isn't such a sign a real-world equivalent of a "blanket 'catch all'"...


It would appear so.

However, that guidance applies to traffic capture by a service
provider. Land Securities are not providing the telecommunications
service here. They are intercepting the traffic. Would RIPA apply in
this case?

John Wilson


From tony.naggs at googlemail.com  Tue Aug 23 15:22:58 2011
From: tony.naggs at googlemail.com (Tony Naggs)
Date: Tue, 23 Aug 2011 07:22:58 -0700
Subject: Shopping centre uses mobile phone data to "monitor visitor levels"
In-Reply-To: <CAK0b=2e2aeNcOQtTC8UBf4+mjCM2qq=bUp0RX7kzJR+8oJWOug@mail.gmail.com>
References: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>
	<CAK0b=2eppT1C1u-S2niDg507zZSqoqiinH-ERgnxqsvwUZxS1Q@mail.gmail.com>
	<CAJkBBXWebKn54DRw9LdyWk_9-dJn0m9d2fJD2C2VtZbKidvtng@mail.gmail.com>
	<CAK0b=2e2aeNcOQtTC8UBf4+mjCM2qq=bUp0RX7kzJR+8oJWOug@mail.gmail.com>
Message-ID: <CAK0b=2f65JNiAayYijTRB79NHRJAcV20SCMFkH2QcykR6bAMBw@mail.gmail.com>

The Mall should only have transient knowledge of the TIMSI, only so long as
it sees the base station & mobile device maintaining their registration.
(Every 10 minutes or so if I remember correctly.) Then the system can log
that visitor N appeared at time X, and spent Y minutes in the Mall.

The number of mobile phone visitors can then be used as a proxy for footfall
in the Mall, and the property company can justify the rent it charges. No
personal or identifying data is needed.

Regards,
Tony
On 23 Aug 2011 08:53, "John Wilson" <tugwilson at gmail.com> wrote:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20110823/0c33e8fe/attachment.htm>

From k.brown at bbk.ac.uk  Tue Aug 23 14:41:12 2011
From: k.brown at bbk.ac.uk (k.brown at bbk.ac.uk)
Date: Tue, 23 Aug 2011 14:41:12 +0100
Subject: Shopping centre uses mobile phone data to "monitor visitor levels"
In-Reply-To: <001901cc6176$4d464db0$e7d2e910$@net>
References: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>
	<CAK0b=2eppT1C1u-S2niDg507zZSqoqiinH-ERgnxqsvwUZxS1Q@mail.gmail.com>
	<CAJkBBXWebKn54DRw9LdyWk_9-dJn0m9d2fJD2C2VtZbKidvtng@mail.gmail.com>
	<001901cc6176$4d464db0$e7d2e910$@net>
Message-ID: <CAJ0hfovHjrhzA3+5m4XHxn5cn5yoQf3AZ_3ptDQR82sAA7WbqQ@mail.gmail.com>

> Isn't this capture of traffic data

According to that link "Traffic data means any data which is
processed: to convey a communication on an electronic communications
network; or for the billing in respect of that communication"

Base station polling doesn't actually convey communications nor is it
used for billing. So I guess its not traffic data.

OK the same equipment that captures the polls and the TIMSIs might
also be used to tell if a phone call is in progress, which is  traffic
data, but you'd have to show that they are doing that.


From james2 at jfirth.net  Tue Aug 23 16:28:51 2011
From: james2 at jfirth.net (James Firth)
Date: Tue, 23 Aug 2011 16:28:51 +0100
Subject: Shopping centre uses mobile phone data to "monitor visitor levels"
In-Reply-To: <CAJ0hfovHjrhzA3+5m4XHxn5cn5yoQf3AZ_3ptDQR82sAA7WbqQ@mail.gmail.com>
References: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>	<CAK0b=2eppT1C1u-S2niDg507zZSqoqiinH-ERgnxqsvwUZxS1Q@mail.gmail.com>	<CAJkBBXWebKn54DRw9LdyWk_9-dJn0m9d2fJD2C2VtZbKidvtng@mail.gmail.com>	<001901cc6176$4d464db0$e7d2e910$@net>
	<CAJ0hfovHjrhzA3+5m4XHxn5cn5yoQf3AZ_3ptDQR82sAA7WbqQ@mail.gmail.com>
Message-ID: <002001cc61a9$5d7f68a0$187e39e0$@net>

> > Isn't this capture of traffic data
> 
> According to that link "Traffic data means any data which is
> processed: to convey a communication on an electronic communications
> network; or for the billing in respect of that communication"
> 
> Base station polling doesn't actually convey communications nor is it
> used for billing. So I guess its not traffic data.
> 
> OK the same equipment that captures the polls and the TIMSIs might
> also be used to tell if a phone call is in progress, which is  traffic
> data, but you'd have to show that they are doing that.

After a tip from @antonyslumbers via Twitter it seems Path Intelligence have
a prior association with Land Securities:
http://www.pathintelligence.com/en/blog/81-measuring-event-effectiveness-

Path Intelligence make some brave assertions, such as:
"In developing FootPathT we have ensured that you cannot, at any time, be
personally identified as a result of your travel through premises in which
FootPathT operates."

http://www.pathintelligence.com/en/products/footpath/privacy

James Firth



From chris-ukcrypto at lists.skipnote.org  Tue Aug 23 14:08:17 2011
From: chris-ukcrypto at lists.skipnote.org (Chris Edwards)
Date: Tue, 23 Aug 2011 14:08:17 +0100 (BST)
Subject: Shopping centre uses mobile phone data to "monitor visitor levels"
In-Reply-To: <CAK0b=2eppT1C1u-S2niDg507zZSqoqiinH-ERgnxqsvwUZxS1Q@mail.gmail.com>
References: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>
	<CAK0b=2eppT1C1u-S2niDg507zZSqoqiinH-ERgnxqsvwUZxS1Q@mail.gmail.com>
Message-ID: <E1QvqiJ-0001XM-7U@skipnote.org>

On Mon, 22 Aug 2011, Tony Naggs wrote:

| When a phone registers with a network it gets a temporary device ids (a
| TIMSI if I remember correctly), and these are recorded so the the Mall
| owners can gather statistics on the routes people take through the mall, how
| long they spend in stores, at the food court, etc.

Yep.  This is old news, and as I understand it, only works for 2G (GSM).  
Anyone using 3G (UMTS) can't be tracked so easily.

OK, you may not get a 3G signal in all the places you'd like, but "malls" are 
often pretty well covered...


From tugwilson at gmail.com  Tue Aug 23 17:14:46 2011
From: tugwilson at gmail.com (John Wilson)
Date: Tue, 23 Aug 2011 17:14:46 +0100
Subject: Shopping centre uses mobile phone data to "monitor visitor levels"
In-Reply-To: <002001cc61a9$5d7f68a0$187e39e0$@net>
References: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>
	<CAK0b=2eppT1C1u-S2niDg507zZSqoqiinH-ERgnxqsvwUZxS1Q@mail.gmail.com>
	<CAJkBBXWebKn54DRw9LdyWk_9-dJn0m9d2fJD2C2VtZbKidvtng@mail.gmail.com>
	<001901cc6176$4d464db0$e7d2e910$@net>
	<CAJ0hfovHjrhzA3+5m4XHxn5cn5yoQf3AZ_3ptDQR82sAA7WbqQ@mail.gmail.com>
	<002001cc61a9$5d7f68a0$187e39e0$@net>
Message-ID: <CAJkBBXV5=maJPGiW5up6d1Rq86iN1AdVY5nU6u+xmsdzNfXhGQ@mail.gmail.com>

On 23 August 2011 16:28, James Firth <james2 at jfirth.net> wrote:
> After a tip from @antonyslumbers via Twitter it seems Path Intelligence have
> a prior association with Land Securities:
> http://www.pathintelligence.com/en/blog/81-measuring-event-effectiveness-
>
> Path Intelligence make some brave assertions, such as:
> "In developing FootPathT we have ensured that you cannot, at any time, be
> personally identified as a result of your travel through premises in which
> FootPathT operates."
>
> http://www.pathintelligence.com/en/products/footpath/privacy

Path Intelligence Ltd also don't appear to be on the Data Protection
Public Register. Now it may be that what they collect isn't covered by
the DPA but it's pretty hard to run a business in the UK without
having to register.

John Wilson


From ukcrypto at sourcetagged.ian.co.uk  Tue Aug 23 22:25:35 2011
From: ukcrypto at sourcetagged.ian.co.uk (Ian Mason)
Date: Tue, 23 Aug 2011 22:25:35 +0100
Subject: Shopping centre uses mobile phone data to "monitor visitor levels"
In-Reply-To: <CAJ0hfovHjrhzA3+5m4XHxn5cn5yoQf3AZ_3ptDQR82sAA7WbqQ@mail.gmail.com>
References: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>
	<CAK0b=2eppT1C1u-S2niDg507zZSqoqiinH-ERgnxqsvwUZxS1Q@mail.gmail.com>
	<CAJkBBXWebKn54DRw9LdyWk_9-dJn0m9d2fJD2C2VtZbKidvtng@mail.gmail.com>
	<001901cc6176$4d464db0$e7d2e910$@net>
	<CAJ0hfovHjrhzA3+5m4XHxn5cn5yoQf3AZ_3ptDQR82sAA7WbqQ@mail.gmail.com>
Message-ID: <6FC56DF7-77E1-4150-A391-58862AD0E8EF@sourcetagged.ian.co.uk>


On 23 Aug 2011, at 14:41, k.brown at bbk.ac.uk wrote:

>> Isn't this capture of traffic data
>
> According to that link "Traffic data means any data which is
> processed: to convey a communication on an electronic communications
> network; or for the billing in respect of that communication"
>
> Base station polling doesn't actually convey communications nor is it
> used for billing. So I guess its not traffic data.
>
> OK the same equipment that captures the polls and the TIMSIs might
> also be used to tell if a phone call is in progress, which is  traffic
> data, but you'd have to show that they are doing that.
>

Try a thought experiment here - remove the base station polling. Can  
the network now convey
communications to a handset, no it can't. Therefore base station  
polling is a necessary part of
"data which is processed: to convey a communication on an electronic  
communications
network". Thus base station polling is, by that definition, traffic  
data.

Ian


From james2 at jfirth.net  Wed Aug 24 16:18:21 2011
From: james2 at jfirth.net (James Firth)
Date: Wed, 24 Aug 2011 16:18:21 +0100
Subject: Shopping centre uses mobile phone data to "monitor visitor levels"
In-Reply-To: <E1QvqiJ-0001XM-7U@skipnote.org>
References: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>	<CAK0b=2eppT1C1u-S2niDg507zZSqoqiinH-ERgnxqsvwUZxS1Q@mail.gmail.com>
	<E1QvqiJ-0001XM-7U@skipnote.org>
Message-ID: <005701cc6271$0ff2d220$2fd87660$@net>

Chris Edwards:
> Yep.  This is old news, and as I understand it, only works for 2G
> (GSM).
> Anyone using 3G (UMTS) can't be tracked so easily.
> 
> OK, you may not get a 3G signal in all the places you'd like, but
> "malls" are
> often pretty well covered...


Something's bothering me - having worked in system design of GSM-related
tech (TETRA) I don't remember many circumstances where polling TXs from the
subscriber would be frequent-enough for real time monitoring in a small
geographic area like a shopping arcade. (It's 6 years since I last worked in
this area, mind).

Reading the blurb from Path Intelligence it reads to me on first scan as
though some kind of signature is being cribbed from the subscriber-base
station comms.  Given prevalence of always-on data for apps such as instant
messenger, social media etc and the large amount of polling and/or open
TCP/IP sessions this would make signature tracking more realistic.

I could be wrong in the above assumption, but if I'm right, I can't see how
this can legally be done without the consent of the network operator (IANAL,
personal opinion, etc).  If it is done in collusion with the networks, then
surely a local pico/femto-cell could be used to provide: (i) universal
indoor coverage; and, (ii) legal tracking...

Thoughts?

James Firth



From chris-ukcrypto at lists.skipnote.org  Wed Aug 24 16:38:30 2011
From: chris-ukcrypto at lists.skipnote.org (Chris Edwards)
Date: Wed, 24 Aug 2011 16:38:30 +0100 (BST)
Subject: Shopping centre uses mobile phone data to "monitor visitor levels"
In-Reply-To: <005701cc6271$0ff2d220$2fd87660$@net>
References: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>
	<CAK0b=2eppT1C1u-S2niDg507zZSqoqiinH-ERgnxqsvwUZxS1Q@mail.gmail.com>
	<E1QvqiJ-0001XM-7U@skipnote.org> <005701cc6271$0ff2d220$2fd87660$@net>
Message-ID: <E1QwFXJ-0006Si-GQ@skipnote.org>

On Wed, 24 Aug 2011, James Firth wrote:

| Reading the blurb from Path Intelligence it reads to me on first scan as
| though some kind of signature is being cribbed from the subscriber-base
| station comms. 

[...]

| I can't see how this can legally be done without the consent of the 
| network operator

For 2G, this bit isn't encrypted, so can be sniffed.

The specific data gathered (TIMSI) clearly *not* *content*, so not 
interception under RIPA, if that's what you're thinking of.


From tugwilson at gmail.com  Wed Aug 24 17:09:55 2011
From: tugwilson at gmail.com (John Wilson)
Date: Wed, 24 Aug 2011 17:09:55 +0100
Subject: Shopping centre uses mobile phone data to "monitor visitor levels"
In-Reply-To: <E1QwFXJ-0006Si-GQ@skipnote.org>
References: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>
	<CAK0b=2eppT1C1u-S2niDg507zZSqoqiinH-ERgnxqsvwUZxS1Q@mail.gmail.com>
	<E1QvqiJ-0001XM-7U@skipnote.org>
	<005701cc6271$0ff2d220$2fd87660$@net>
	<E1QwFXJ-0006Si-GQ@skipnote.org>
Message-ID: <CAJkBBXXbQk7a5Nw3sUh=5Y3CKRcFRWDMrMXDp_GuKtWn1H7=UA@mail.gmail.com>

Path Intelligence say that they have consulted with "privacy
advocates" about their system I asked them who these were. Sharon
Biggar replied very promptly saying "we have spoken specifically to
EFF, Liberty International and the Information Commissioner".

I've never heard of Liberty International and I assume it's a typo for
Privacy International - I've asked for clarification.


John Wilson


From bdm at fenrir.org.uk  Wed Aug 24 17:14:14 2011
From: bdm at fenrir.org.uk (Brian Morrison)
Date: Wed, 24 Aug 2011 17:14:14 +0100
Subject: Shopping centre uses mobile phone data to "monitor visitor levels"
In-Reply-To: <005701cc6271$0ff2d220$2fd87660$@net>
References: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>
	<CAK0b=2eppT1C1u-S2niDg507zZSqoqiinH-ERgnxqsvwUZxS1Q@mail.gmail.com>
	<E1QvqiJ-0001XM-7U@skipnote.org>
	<005701cc6271$0ff2d220$2fd87660$@net>
Message-ID: <20110824171414.00001c71@surtees.fenrir.org.uk>

On Wed, 24 Aug 2011 16:18:21 +0100
"James Firth" <james2 at jfirth.net> wrote:

> Something's bothering me - having worked in system design of
> GSM-related tech (TETRA) I don't remember many circumstances where
> polling TXs from the subscriber would be frequent-enough for real
> time monitoring in a small geographic area like a shopping arcade.
> (It's 6 years since I last worked in this area, mind).

Some places were intending to use Bluetooth to detect visitors, if the
phone is set to discoverable then the MAC address can be tracked and
all restricted to about a 10m radius.

-- 

Brian Morrison


From igb at batten.eu.org  Wed Aug 24 19:04:41 2011
From: igb at batten.eu.org (Ian Batten)
Date: Wed, 24 Aug 2011 19:04:41 +0100
Subject: Shopping centre uses mobile phone data to "monitor visitor levels"
In-Reply-To: <E1QwFXJ-0006Si-GQ@skipnote.org>
References: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>
	<CAK0b=2eppT1C1u-S2niDg507zZSqoqiinH-ERgnxqsvwUZxS1Q@mail.gmail.com>
	<E1QvqiJ-0001XM-7U@skipnote.org>
	<005701cc6271$0ff2d220$2fd87660$@net>
	<E1QwFXJ-0006Si-GQ@skipnote.org>
Message-ID: <4270E19B-F921-48CF-A1EB-10C4D1A1AC5A@batten.eu.org>


On 24 Aug 2011, at 1638, Chris Edwards wrote:

> On Wed, 24 Aug 2011, James Firth wrote:
> 
> | Reading the blurb from Path Intelligence it reads to me on first scan as
> | though some kind of signature is being cribbed from the subscriber-base
> | station comms. 
> 
> [...]
> 
> | I can't see how this can legally be done without the consent of the 
> | network operator
> 
> For 2G, this bit isn't encrypted, so can be sniffed.
> 
> The specific data gathered (TIMSI) clearly *not* *content*, so not 
> interception under RIPA, if that's what you're thinking of.

I don't think sniffing random traffic data is legal, however, even if it isn't encrypted.  The  Wireless Telegraphy Act 1949 S.5(b)(i) would appear to apply:

> Any person who...otherwise than under the authority of the Postmaster General or in the
> course of his duty as a servant of the Crown, either--

>    (i) uses any wireless telegraphy apparatus with intent to obtain information
> as to the contents, sender or addressee of any message (whether sent by means
> of wireless telegraphy or not) which neither the person using the apparatus nor
> any person on whose behalf he is acting is authorised by the Postmaster
> General to receive; or
>  

ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20110824/ec51237b/attachment.htm>

From adrianhayter at gmail.com  Wed Aug 24 17:20:32 2011
From: adrianhayter at gmail.com (Adrian Hayter)
Date: Wed, 24 Aug 2011 17:20:32 +0100
Subject: Shopping centre uses mobile phone data to "monitor visitor levels"
In-Reply-To: <20110824171414.00001c71@surtees.fenrir.org.uk>
References: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>
	<CAK0b=2eppT1C1u-S2niDg507zZSqoqiinH-ERgnxqsvwUZxS1Q@mail.gmail.com>
	<E1QvqiJ-0001XM-7U@skipnote.org>
	<005701cc6271$0ff2d220$2fd87660$@net>
	<20110824171414.00001c71@surtees.fenrir.org.uk>
Message-ID: <9589972A-3D26-4B31-8692-A020466B2E9A@gmail.com>

On 24 Aug 2011, at 17:14, Brian Morrison wrote:

> Some places were intending to use Bluetooth to detect visitors, if the
> phone is set to discoverable then the MAC address can be tracked and
> all restricted to about a 10m radius.

Even assuming the majority of people did keep their phone's Bluetooth turned on, it wouldn't be a very accurate tracker of Android devices. Unless Google have made radical changes in the last year, I'm pretty sure you can't keep the phone discoverable for longer than 300 seconds. It was a massive problem for me last summer when I was tasked with creating a sort of tracking system with the Android phones. We had to result to rooting the darn things and installing a special service just to keep Bluetooth running.

-Adrian Hayter

From bdm at fenrir.org.uk  Wed Aug 24 20:55:12 2011
From: bdm at fenrir.org.uk (Brian Morrison)
Date: Wed, 24 Aug 2011 20:55:12 +0100
Subject: Shopping centre uses mobile phone data to "monitor visitor levels"
In-Reply-To: <9589972A-3D26-4B31-8692-A020466B2E9A@gmail.com>
References: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>
	<CAK0b=2eppT1C1u-S2niDg507zZSqoqiinH-ERgnxqsvwUZxS1Q@mail.gmail.com>
	<E1QvqiJ-0001XM-7U@skipnote.org>
	<005701cc6271$0ff2d220$2fd87660$@net>
	<20110824171414.00001c71@surtees.fenrir.org.uk>
	<9589972A-3D26-4B31-8692-A020466B2E9A@gmail.com>
Message-ID: <20110824205512.1576fd15@peterson.fenrir.org.uk>

On Wed, 24 Aug 2011 17:20:32 +0100
Adrian Hayter <adrianhayter at gmail.com> wrote:

> On 24 Aug 2011, at 17:14, Brian Morrison wrote:
> 
> > Some places were intending to use Bluetooth to detect visitors, if the
> > phone is set to discoverable then the MAC address can be tracked and
> > all restricted to about a 10m radius.
> 
> Even assuming the majority of people did keep their phone's Bluetooth turned
> on, it wouldn't be a very accurate tracker of Android devices. Unless
> Google have made radical changes in the last year, I'm pretty sure you
> can't keep the phone discoverable for longer than 300 seconds. It was
> a massive problem for me last summer when I was tasked with creating a
> sort of tracking system with the Android phones. We had to result to
> rooting the darn things and installing a special service just to keep
> Bluetooth running.

Yes, Android does at least try to reduce the security risks of leaving
BT devices discoverable, so it gets my vote for that. I also like
rooting Android devices, but to do it to then reduce the security is a
little unexpected.

I think the reason for using Bluetooth is that a discovery request is
nothing more than getting back a MAC address and so probably doesn't
contain any traffic data. How well it works in general I don't know,
but the systems I heard about appeared well before Android became as
popular as it has become.

-- 

Brian Morrison

bdm at fenrir dot org dot uk

   "Arguing with an engineer is like wrestling with a pig in the mud;
    after a while you realize you are muddy and the pig is enjoying it."
    
GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20110824/623d66cb/attachment.pgp>

From tugwilson at gmail.com  Wed Aug 24 21:29:08 2011
From: tugwilson at gmail.com (John Wilson)
Date: Wed, 24 Aug 2011 21:29:08 +0100
Subject: Shopping centre uses mobile phone data to "monitor visitor levels"
In-Reply-To: <CAJkBBXXbQk7a5Nw3sUh=5Y3CKRcFRWDMrMXDp_GuKtWn1H7=UA@mail.gmail.com>
References: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>
	<CAK0b=2eppT1C1u-S2niDg507zZSqoqiinH-ERgnxqsvwUZxS1Q@mail.gmail.com>
	<E1QvqiJ-0001XM-7U@skipnote.org>
	<005701cc6271$0ff2d220$2fd87660$@net>
	<E1QwFXJ-0006Si-GQ@skipnote.org>
	<CAJkBBXXbQk7a5Nw3sUh=5Y3CKRcFRWDMrMXDp_GuKtWn1H7=UA@mail.gmail.com>
Message-ID: <CAJkBBXUUOVUx0QqoJDRcLOusNo=64MRSvZdwcWO075uTf+F4Xg@mail.gmail.com>

On 24 August 2011 17:09, John Wilson <tugwilson at gmail.com> wrote:
> Path Intelligence say that they have consulted with "privacy
> advocates" about their system I asked them who these were. Sharon
> Biggar replied very promptly saying "we have spoken specifically to
> EFF, Liberty International and the Information Commissioner".
>
> I've never heard of Liberty International and I assume it's a typo for
> Privacy International - I've asked for clarification.


I have received clarification.

Apparently they consulted Liberty - odd choice!


John Wilson


From james2 at jfirth.net  Thu Aug 25 09:50:28 2011
From: james2 at jfirth.net (James Firth)
Date: Thu, 25 Aug 2011 09:50:28 +0100
Subject: Shopping centre uses mobile phone data to "monitor visitor levels"
In-Reply-To: <E1QwFXJ-0006Si-GQ@skipnote.org>
References: <CAJkBBXU-fL2Vf2oL0+4cwCuiZssAk1+8NEGWQ_ojpRfEXGWNWw@mail.gmail.com>	<CAK0b=2eppT1C1u-S2niDg507zZSqoqiinH-ERgnxqsvwUZxS1Q@mail.gmail.com>	<E1QvqiJ-0001XM-7U@skipnote.org>
	<005701cc6271$0ff2d220$2fd87660$@net>
	<E1QwFXJ-0006Si-GQ@skipnote.org>
Message-ID: <004001cc6304$0b35dc80$21a19580$@net>

> On Wed, 24 Aug 2011, James Firth wrote:
> 
> | Reading the blurb from Path Intelligence it reads to me on first scan
> as
> | though some kind of signature is being cribbed from the subscriber-
> base
> | station comms.
> 
> [...]
> 
> | I can't see how this can legally be done without the consent of the
> | network operator
> 
> For 2G, this bit isn't encrypted, so can be sniffed.
> 
> The specific data gathered (TIMSI) clearly *not* *content*, so not
> interception under RIPA, if that's what you're thinking of.

But the point I was making is that TIMSI would be too infrequent to provide
real-time tracking over a small geographic area (small area where the
subscriber unit remains registered with the same BS), making me sceptical
that this is indeed the method deployed.

James Firth



From zenadsl6186 at zen.co.uk  Mon Aug 29 11:18:42 2011
From: zenadsl6186 at zen.co.uk (Peter Fairbrother)
Date: Mon, 29 Aug 2011 11:18:42 +0100
Subject: British intelligence agency called in to break BlackBerry encryption
Message-ID: <4E5B6782.6020009@zen.co.uk>

http://www.zdnet.com/blog/igeneration/british-spy-agency-called-in-to-crack-blackberry-encryption/12281


"British intelligence service, MI5 has been drafted in to assist its 
sister service, GCHQ in cracking the BlackBerry encryption code"

Now GCHQ are the code boys and MI5 are supercops, and maybe Zdnet just 
got it the wrong way round.

Or maybe GCHQ are asking MI5 for help in collecting plaintext/ciphertext 
pairs in order to attempt a crack - MI5 get the plaintexts by seizing 
Blackberries (or more likely getting the ordinary cops to seize them) 
and reading the messages on them, and GCHQ gets the cipherexts by 
interception.


In order to access the content of messages, whether encrypted or not, 
CGHQ needs a warrant under RIPA.

These warrants come in two types, an ordinary warrant and a certificated 
warrant for when the communication is sent or received from abroad.

Ordinary warrants can only cover one person or one premises per warrant, 
but certificated warrants can include "fishing" warrants and cover large 
numbers of people and places.

The number of warrants issued is reported to Parliament annually, it's 
been about 1,500 - 2,000 or so for the last few years. It is unknown how 
many of them are certificated RIPA s.8(4) fishing warrants.



Looking at a Blackberry message from Yob Adam in Peckham to Rasta Bob in 
Brixton, the message is first encrypted and transmitted from Adam's 
Blackberry to RIM's servers in Paris, where it is decrypted. RIM then 
re-encrypt it and transmit it to Bob. Only link encryption is used, no 
end-to-end encryption.

So the two _transmissions_ are sent to or from Paris, even though the 
sender and intended recipient of the _message_ are both in the UK.

Unfortunately RIPA doesn't use the terms "transmission" or "message", it 
uses "communication"; and that term isn't well enough defined that 
someone couldn't say the transmission is a communication - and thus GCHQ 
can intercept it with an external warrant, which can include collection 
and examination of all traffic for fishing purposes.

Whether a Court would agree with that interpretation is perhaps unlikely 
- but it's not likely that it's ever going to be tested by a Court.


Of course GCHQ may not be relying on that interpretation. I have no 
evidence that they are - maybe they consider RIM in Paris to be a single 
premises, though again that might be legally dubious.

They may even be collecting Blackberry messages under ordinary warrants, 
one per perp, but if so the Home Secretary's fingers will be getting 
sore - she has to sign each warrant.

If there are no relevant warrants (and if Zdnet are right and GCHQ are 
intercepting en masse) then CGHQ would be behaving illegally. I don't 
think that's very likely, they would want some form of warrant even if 
it's a bit dubious legally to cover themselves. I'm just curious as to 
what that might be.



-- Peter Fairbrother



From tugwilson at gmail.com  Mon Aug 29 11:29:48 2011
From: tugwilson at gmail.com (John Wilson)
Date: Mon, 29 Aug 2011 11:29:48 +0100
Subject: British intelligence agency called in to break BlackBerry
	encryption
In-Reply-To: <4E5B6782.6020009@zen.co.uk>
References: <4E5B6782.6020009@zen.co.uk>
Message-ID: <CAJkBBXXob9qjxkkedjNPCPdmybNReArhH4LEs+xnZi+wu0XoYA@mail.gmail.com>

On 29 August 2011 11:18, Peter Fairbrother <zenadsl6186 at zen.co.uk> wrote:
> http://www.zdnet.com/blog/igeneration/british-spy-agency-called-in-to-crack-blackberry-encryption/12281
>
>
> "British intelligence service, MI5 has been drafted in to assist its sister
> service, GCHQ in cracking the BlackBerry encryption code"
>
> Now GCHQ are the code boys and MI5 are supercops, and maybe Zdnet just got
> it the wrong way round.
>
> Or maybe GCHQ are asking MI5 for help in collecting plaintext/ciphertext
> pairs in order to attempt a crack - MI5 get the plaintexts by seizing
> Blackberries (or more likely getting the ordinary cops to seize them) and
> reading the messages on them, and GCHQ gets the cipherexts by interception.


Why would they not just buy a couple of handsets and send as many
messages as they like back and forth? They'd get as many
plaintext/ciphertext pairs as they wanted and they wouldn't need a
RIPA warrant.

John Wilson


From fw at deneb.enyo.de  Tue Aug 30 20:07:04 2011
From: fw at deneb.enyo.de (Florian Weimer)
Date: Tue, 30 Aug 2011 21:07:04 +0200
Subject: British intelligence agency called in to break BlackBerry
	encryption
In-Reply-To: <4E5B6782.6020009@zen.co.uk> (Peter Fairbrother's message of
	"Mon, 29 Aug 2011 11:18:42 +0100")
References: <4E5B6782.6020009@zen.co.uk>
Message-ID: <87liuavhuv.fsf@mid.deneb.enyo.de>

* Peter Fairbrother:

> http://www.zdnet.com/blog/igeneration/british-spy-agency-called-in-to-crack-blackberry-encryption/12281

| Having said that, it is not clear whether Research in Motion has the
| encryption keys for BlackBerry Messenger ? knowing full well that it
| doesn?t for individual server setups.

How do they implement secure multicast without a trusted third party?
SSH-style leap-of-faith authentication?  This seems unlikely.  I'm
pretty sure RIM has key material.

Have we got transcripts of message exchanges which led to riots?  I
seriously doubt that the cryptography is the problem here, it's more
how the communication groups are set up, which makes interception
without keyword scanning or lots of data mining rather fruitless.


From bdm at fenrir.org.uk  Tue Aug 30 20:22:00 2011
From: bdm at fenrir.org.uk (Brian Morrison)
Date: Tue, 30 Aug 2011 20:22:00 +0100
Subject: British intelligence agency called in to break BlackBerry
	encryption
In-Reply-To: <87liuavhuv.fsf@mid.deneb.enyo.de>
References: <4E5B6782.6020009@zen.co.uk>
	<87liuavhuv.fsf@mid.deneb.enyo.de>
Message-ID: <20110830202200.12779f34@peterson.fenrir.org.uk>

On Tue, 30 Aug 2011 21:07:04 +0200
Florian Weimer <fw at deneb.enyo.de> wrote:

> Have we got transcripts of message exchanges which led to riots?  I
> seriously doubt that the cryptography is the problem here, it's more
> how the communication groups are set up, which makes interception
> without keyword scanning or lots of data mining rather fruitless.

I seriously wonder whether access to decrypted messages would help. If
the language used is anything like my children's conversations with
their friends using various online communications media then the forces
of Laura Norder are going to be looking at the words and scratching
their heads for some time.

-- 

Brian Morrison

bdm at fenrir dot org dot uk

   "Arguing with an engineer is like wrestling with a pig in the mud;
    after a while you realize you are muddy and the pig is enjoying it."
    
GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20110830/aa988ce2/attachment.pgp>

From marcus at connectotel.com  Tue Aug 30 20:37:02 2011
From: marcus at connectotel.com (Marcus Williamson)
Date: Tue, 30 Aug 2011 20:37:02 +0100
Subject: Tony Sale, Colossus computer conservationist, dies
Message-ID: <7ueq57d6af7t88rlmr8n8asvo1vemoboa9@4ax.com>


Tony Sale, Colossus computer conservationist, dies

http://www.bbc.co.uk/news/technology-14720180



From james2 at jfirth.net  Wed Aug 31 09:23:43 2011
From: james2 at jfirth.net (James Firth)
Date: Wed, 31 Aug 2011 09:23:43 +0100
Subject: nationwide interception of Facebook & webmail login
	credentials	in Tunisia
In-Reply-To: <967819.51174.qm@web110516.mail.gq1.yahoo.com>
References: <853336.29452.qm@web110513.mail.gq1.yahoo.com>
	<967819.51174.qm@web110516.mail.gq1.yahoo.com>
Message-ID: <003a01cc67b7$4c631620$e5294260$@net>

Passive PROFITS wrote:
> So Cert Patrol just picked up an SSL certificate switch for
> encrypted.google.com; here's the new SHA1 fingerprint I've got...
> 
> F1:BD:D4:59:78:7F:6B:EB:2F:4D:A8:72:E1:74:86:53:79:6B:3A:DD
> 
> Anyone confirm they've also had a switch - it's not impossible I'm
> under attack, having fairly recently discovered a MiTM attack in
> progress, some months ago (mainly due to a fluke; didn't have cert
> patrol then!).

Almost certainly unrelated, but this story yesterday made me think back to
the above...

Google users targeted by forged security certificate

Security researchers have discovered a forged internet security certificate
designed to allow hackers to spy on Google users' private emails and other
communications.

http://www.telegraph.co.uk/technology/google/8730785/Google-users-targeted-b
y-forged-security-certificate.html

James Firth



From richard at highwayman.com  Wed Aug 31 18:25:47 2011
From: richard at highwayman.com (Richard Clayton)
Date: Wed, 31 Aug 2011 18:25:47 +0100
Subject: British intelligence agency called in to break BlackBerry
	encryption
In-Reply-To: <4E5B6782.6020009@zen.co.uk>
References: <4E5B6782.6020009@zen.co.uk>
Message-ID: <9yacatLb6mXOFAu$@highwayman.com>

In article <4E5B6782.6020009 at zen.co.uk>, Peter Fairbrother
<zenadsl6186 at zen.co.uk> writes

>http://www.zdnet.com/blog/igeneration/british-spy-agency-called-in-to-crack-
>blackberry-encryption/12281
>
>"British intelligence service, MI5 has been drafted in to assist its 
>sister service, GCHQ in cracking the BlackBerry encryption code"
>
>Now GCHQ are the code boys and MI5 are supercops, and maybe Zdnet just 
>got it the wrong way round.

the article also said

    "in order to find those responsible for disseminating messages which
    perpetuated riots in London earlier this month."

But those messages were not encrypted but merely scrambled (the
Blackberry devices use Triple-DES... but all the handsets share the key,
so this is really not very much of a challenge)

Blackberry messages that go via a corporate server are encrypted
differently (the key is held by the corporate -- to the chagrin of India
and various Gulf states), but that wasn't the service that the kids on
the street were using.

>Looking at a Blackberry message from Yob Adam in Peckham to Rasta Bob in 
>Brixton, the message is first encrypted and transmitted from Adam's 
>Blackberry to RIM's servers in Paris,

I understand that the messages actually go via servers run by the telcos
(and that these are not in Paris)

-- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20110831/9d191a65/attachment.pgp>