What is a "communication" (was Re: sorry, but ...

Caspar Bowden (travelling) tharg at gmx.net
Wed Aug 1 11:24:06 BST 2012 

On 07/31/2012 09:54 PM, Roland Perry wrote:
> In article <5017D91C.1050209 at gmx.net>, "Caspar Bowden (travelling)" 
> <tharg at gmx.net> writes
>> It always seemed to me that "communication" had to be interpreted as 
>> a transmission of information at an arbitrary *logical* layer of the 
>> stack(s) - it might mean an e-mail, or a web page, or an IM, or a 
>> phone call, or an SMS etc. If a hacker was communicating by 
>> port-knocking, it might mean a datagram.
>>
>> So the interpretation of communication w.r.t. to whether something is 
>> internal or external, would not be affected by e.g. whether any 
>> dropped packets as part of an email message were received by a random 
>> router outside the UK (and perhaps "made available" to a engineer 
>> looking at a log file), but whether the (intended) sender and 
>> receiver are both in the UK.
>
> How do we extend that theory to the situation where there are many 
> receivers in many countries, 

In ***theory***, it should be that if all the recipients are inside the 
UK, then it's internal, but if at least one intended recipient is 
outside UK, then its external, but...

> and when no-one (barring the intermediary such as Facebook knows who 
> the receivers are, and only really dodgy stuff like geo-location by IP 
> address can determine where they are?

So that is one of the the things I wanted to get at with the amendments 
resulting in the Bassam letter. What that told us (in 2000) is in 
practice if the bits flow over an "external trunk" they are fair game, 
because of the vast wiggle-room provided, for the external interception 
apparatus (and can be exploited provided that they haven't been obtained 
"seeking" to evade the requirement for an ordinary warrant)

That's why this internal/external discussion is all angel-on-pinhead 
stuff IMHO. There doesn't seem to be any legal or policy impediment to 
regarding all bits that flow outside the UK as up for grabs by GCHQ (if 
they are caught by filters associated with *some* certificated warrant  
- for any of the usual triple of interception purposes - for external 
interception. And certificated warrants specify "factors" not persons 
targeted). Only the IoCC would be in a position to know or object, and 
he hasn't written publicly about external stuff since 1986, apart from 
what I have appended from the 2009 Report about Liberty & Others vs. UK 2008

For comparison, it looks like the NSA had to work much harder (up until 
9/11) to exclude *collection* of Americans' traffic (no doubt using such 
stuff as geo-IP), because FISA promised protection by nationality (but 
since Protect America 2007 and FISAAA 2008, the doctrine of collect 
first, worry about who is American later, became legitimized)

see http://publicintelligence.net/binney-nsa-declaration/

Caspar

IoCC 2009 Annual Report
http://www.ipt-uk.com/docs/4458_HC%20341%20Intercept.pdf

ECHR decision: Liberty v. UK

2.11     In paragraph 2.13 of my Annual Report for 2008 I highlighted 
the fact
that in July 2008 the European Court of Human Rights handed down judgment
in Liberty v. UK. The complaint was about interception of communications,
allegedly contrary to Article 8 of the Convention. The challenge related 
to the
way in which external interception was conducted under the previous 
legislation,
the Interception of Communications Act 1985 (IOCA). IOCA was replaced by
the Regulation of Investigatory Powers Act 2000 (RIPA) which was 
introduced to
take proper account of human rights and which contains additional 
foreseeability
requirements. The Home Office confirmed that they were considering whether
any additional measures were required in light of the Strasbourg judgment,
i.e., whether RIPA and the existing interception Code of Practice 
rectify legal
deficiencies identified by the European Court of Human Rights.

2.12     Whilst the Home Office believes that the issues raised in the 
Liberty case
have, to a large extent, already been addressed by the implementation of 
RIPA
and the Code, it has decided to make some changes. Following receipt of 
legal
advice it intends making a small number of amendments to the Code: chapter 5
(covering RIPA section 8(4) interception warrants) and chapter 6 
(safeguards).
These deal with how, post-interception, material gathered under warrant 
comes
to be examined, including giving a better indication of the filtering of 
extraneous
material via automated systems. The proposed revised draft Code of 
Practice was
issued by the Home Office for consultation on 12 March 2010 with a 
deadline for
responses of 7 June 2010.

More information about the ukcrypto mailing list