sorry, but ...

Caspar Bowden (travelling) tharg at gmx.net
Wed Jul 25 09:03:08 BST 2012 

Hi Peter

On 07/25/2012 12:35 AM, Peter Fairbrother wrote:
>> stream, and it's looking for traffic data in traffic that's to let's say
>> the Facebook or Twitter or googlemail or WoW or Habbo sites.

(AFAIK Facebook say they fall under Irish jurisdiction for their EU 
users w.r.t DP law at least)

>> These are afaik all hosted in the US, but they have strong UK 
>> connections.
>>
>> Let's suppose both Alice and Bob are in the UK. Now suppose Alice sends
>> Bob a message through facebook, or another of the US social media sites.
>>
>> The black box sees and finds the traffic data concerned with Alice's
>> message, quite lawfully under the new bill - and the traffic data it
>> sees tells it it's an external communication, a message to a server 
>> outside the UK.

AFAIK the last word (but grateful for any later ref) we have on HMG's 
understanding is from 4th July 2000 (this was in response to FIPR 
probing amendments about the new "domestic trawling" warrant in S.16(3), 
misleadingly placed in a section called "Safeguards").

In theory, what defines internal/external is whether the communication 
(at whatever protocol level) is "received" in the UK (rather than where 
a server is located), but in practice this doesn't matter

http://www.fipr.org/rip/Bassam%20reply%20to%20Phillips%20on%20S.15.3.htm/
(worth reading whole thing and context at 
http://www.fipr.org/rip/#Overlapping)

How do 8(3) and 15(3) interlock with clause 5(6)?/

<<<Clause 5(6) allows, under the authority of an interception warrant, 
all such conduct as it is necessary to undertake in order to do what the 
warrant expressly authorises. This conduct can include the interception 
of communications - whether external or internal - not identified by the 
warrant. But such interception must be the minimum necessary to achieve 
the object of the warrant, and must be proportionate to that object. The 
clause applies equally to warrants complying with clause 8(1) and (3). 
In the latter case _it could, for example, make lawful the interception 
of internal communications where these mixed with external 
communications on a trunk used mainly for external purposes_. 
Communications that originate and are received in the UK are always 
"internal"; as is well known, some of these will go abroad en route and 
so be carried on primarily external trunks. It is _not possible to 
intercept the external communications on the trunk without intercepting 
the internal communications as well.>>>_


>> Now suppose a SoS has signed a blanket warrant to allow the
>> black-box-operating-agency, hereinafter BlackBoxHQ, to intercept all
>> external communications (which he can do with a single stroke of the pen
>> under RIPA 8(4)).
>>
>> BlackBoxHQ can see that Alice's message to Bob next door is in it's
>> first step actually a message to a server in the US, and thus an
>> external communication - and then BlackBoxHQ can look at Alice's
>> message's _content_, not just it's traffic data.

Yes, but FWIW (from Bassam letter)

<<<This selection is in practice designed to collect /external/ 
communications that fit the descriptions in the certificate. It is 
therefore not likely to catch many internal communications. It would of 
course be unlawful to /seek/ to catch internal communications in the 
absence of an overlapping warrant or a certificate complying with clause 
15(3).>>>
(original is italicized)

This was the most arcane controversy of RIPA (apart from Pt.3) and it 
proved impossible to get media interest. But given the IoCC has never 
commented on certificated warrants since the first report after IoCA, we 
have no idea how diligent he may be at ensuring that nobody is "seeking" 
to catch internal communications in this way.

There is a nastier legal problem, which I call "how do they know there 
is a pearl inside the oyster, unless they have already looked inside" - 
this is (badly) explained in the briefing notes at 
/http://www.fipr.org/rip/#Overlapping. /It seemed to me the first IoCC 
fudged this point in his invention of "overlapping warrants", and it has 
never been cleared up or referred to publicly since. It is almost 
exactly analogous to the issue that later created the tremendous furore 
in US about "warrantless wiretapping", with the difference that  US law 
protects its own citizens categorically by nationality (which was 
tougher to wriggle out of - until 2007/8 - than internal/external 
distinction). There is some kind of irony (not sure what kind) that 
Bassam's note was written on (US) Independence Day ;-)

Caspar

/

/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20120725/abe96fce/attachment.html>

More information about the ukcrypto mailing list