What is a "communication" (was Re: sorry, but ...
Peter Fairbrother
zenadsl6186 at zen.co.uk
Sun Aug 12 00:08:12 BST 2012
On 10/08/12 11:39, Tom Thomson wrote:
>
>> -----Original Message----- From:
>> ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
>> bounces at chiark.greenend.org.uk] On Behalf Of Charles Lindsey Sent:
>> 09 August 2012 22:20 To: UK Cryptography Policy Discussion Group
>> Subject: Re: What is a "communication" (was Re: sorry, but ...
>>
>> On Thu, 09 Aug 2012 13:33:04 +0100, Peter Fairbrother
>> <zenadsl6186 at zen.co.uk> wrote:
>>
>>> For the sake of any doubt, I are talking here about a situation
>>> where eg a Policeman is searching for traffic data and
>>> incidentally sees message content as part of that search; and
>>> any further uses that data may then be put to, for example as
>>> intelligence or as evidence.
>>
>> But the "conduct" of Plod in this case is not covered by either
>> (a) or (b) in:
>>
>> (5) References in this Act to the interception of a communication
>> in the course of its transmission by means of a postal service or
>> telecommunication system do not include references to--- (a) any
>> conduct that takes place in relation only to so much of the
>> communication as consists in any traffic data comprised in or
>> attached to a communication (whether by the sender or otherwise)
>> for the purposes of any postal service or telecommunication system
>> by means of which it is being or may be transmitted; or (b) any
>> such conduct, in connection with conduct falling within paragraph
>> (a), as gives a person who is neither the sender nor the intended
>> recipient only so much access to a communication as is necessary
>> for the purpose
>>
>> because it takes place in relation to a portion of the
>> communication which does not consist of traffic data and it was
>> not necessary to see that message content because he could/should
>> have averted his eyes (aka used a properly designed filter) when he
>> came to it.
>>
>> Only if it could be demonstrated that designing such a filter was
>> truly impossible could it be claimed that his conduct was
>> "necessary". Otherwise, it WAS interception, and he had no warrant
>> to legitimise it.
>>
>>> [1] no interception at all took place, even though they saw
>>> content; see 5(a) above, and below.
>>
>> No, he is not covered at all by 5(a).
Sorry, my mistake. Meant 5(b), of course.
>> There is a slight possibility that he might be covered by 5(b), but
>> he would have to justify that.
When, and who to?
>>> BTW, that "necessarily" is also the "necessary" in the final
>>> line of 2(5). They cannot find secondary traffic data in a mass
>>> of content without looking at that content, it's simply not
>>> possible.
>>
>> Isn't it? Negatives are notoriously difficult to prove.
Maybe we are on different pages - I am, initially at least, just saying
that in order to filter traffic data from the stream he has to look at
the stream, in order to filter it.
Whether a computer filter or a human does the filtering, the raw
unfiltered feed has to be looked at. Plod cannot filter it without
looking at it, it is impossible.
Now some prefiltering which does not see content is perhaps possible on
an internet feed, eg if you are looking for Facebook traffic data then
you should not look at traffic to Lloyds bank or mywebsite, which can be
identified by traffic data in the packet headers.
Now I guess Plod might want to look at traffic to/from mywebsite in
order to find traffic data. That does contain some traffic which is not
generally available - I use private URLs for this, and eg sometimes
place family ancestry data there for my family, but not the world, to see.
I might use other means to communicate with others though, including
maybe steganographic messaging (I don't, but I might) - however if I did
there would be no traffic data in my communications with
mywebsiteserver, whether I used private URLs or steganographic means.
Any traffic data would flow on other channels.
But I might be forgetful someday, and leave some traffic data in my
communications with mywebsiteserver. So maybe Plod would feel justified
in passing my traffic beyond the first traffic-data based prefilter.
Another question here, is traffic between me and mywebsiteserver a
communication? Between the webcam I set up in the PM's toilet and my
computer?
There is in general no sender and intended recipient which both have
personhood status.
I digress.
Getting back to the point, or nearer anyway, I can't imagine Plod/GCHQ
saying, "hmm should we include mywebsite in our detailed searches? There
may be no traffic data there", but rather they would most likely say
"include mywebsite, it may have traffic data, and excluding it would be
far too fine-grained a prefilter to write - Hmmm, in general just pass
through everything unless we are sure it doesn't contain secondary
traffic data, because we are looking for secondary traffic data which
may be deliberately obscured or hidden."
And so, where do they draw the line? At Lloyds bank? That might be okay,
except Standard Chartered was just found to have been hiding
transactions and communictions with Iranians, so we want to look at
Standard Chartered, and who's tosqy that Lloysds is rosy cheeked and
shiny clean too?
So I can't really see where a prefilter operating only on packet traffic
data would have any function - Plod/GCHQ would want to look further, and
could show reason why almost any site or connection or link might be
passing messages to the bad guys, and they want at least the associated
traffic data.
Go on few levels, rinse and repeat, and you'll find that unless it's
actually spelled out that they can't look at content while looking for
traffic data in this or that situation, then they can look at content
for their filters.
So in order to see what the new bill actually means we have to see where
it's spelled out where they can't look at content.
And ooops, that's nowhere.
>>
> In addition to Charles' points above, there seems to me to be yet
> another problem if this content is used in investigations and/or in
> prosecutions since this will inevitably entail informing other
> police officers, and also crown prosecutors, solicitors, and
> barristers (or procurators fiscal, solicitors, and advocates
> elsewhere in the Kingdom) . Even if Charles were wrong (I don't for
> a moment imagine he is, but that's by the bye) and the content had
> not yet been intercepted, it would now be being made available to
> another party,
yes
and that making available is not an inevitable
> consequence of of obtaining the traffic data (since the policeman
> originally concerned is clearly capable of separating the traffic
> data and passing only that on to his superiors (or his juniors or
> colleagues or the prosecuting officials))
yes
so it is quite certainly an
> interception,
ah, exactly why please? The making available? Yes, that might make it an
interception.
and hence illegal since there is no warrant.
You may be right - but the "policeman originally concerned" (in reality
a GCHQ officer, I can't imagine anyone else is going to be appointed as
the filter-operating agency, with access to all the internet) can see
everything.
If he sees a murder or a terrorist attack being planned, would he be
expected to keep silent?
I doubt it. And Lord Bassam's comments as reported by Caspar would seem
to strongly suggest he would not.
Maybe they have some sort of intersecting warrants, issued post-facto,
to cover this situation? Hmm, that might limit it to "serious crime".
What if he sees someone was planning to do a fraud, or a burglary, or
shoplift, or break a window - or just be nasty to their grandma?
The real question is, What is really planned?
To answer that I think we have to look at capabilities rather than
intentions, as we do not know their intentions but we can get some idea
of their capabilities as expressed in Law. And it loks to mevery like
the capabilities asked for are pratty much " see everything, all the time.
Why is it okay for them to see traffic data but not content?
Historically it's just because telephone bills had lists of calls, and
Plod wanted to see them to help with their enquiries. There is no
natural right for Plod to see traffic data.
There is a natural right to _prevent_ Plod seeing message content, the
right to privacy. and it also applies to unnecessary looking at traffic
data, or anything else which is private which Plod do not need to do in
order to protect us from crime - we agree to a small invasion in our
privacy in order to benefit from the increased freedom from the
disadvantageous effects of crime policing brings.
The problem is in the accounting.
The invasion of privacy must be more than offset (yes, more than offset,
not just balanced - the natural right and condition is to privacy) by
the benefit that the better policing made possible by the invasion of
the right to privacy confers.
And I do not see that that is the case even now, and it will be much
less so when/after/if the new bill is passed.
-- Peter Fairbrother
More information about the ukcrypto
mailing list