sorry, but ...
Caspar Bowden (travelling)
tharg at gmx.net
Wed Jul 25 09:03:08 BST 2012
On 07/25/2012 12:35 AM, Peter Fairbrother wrote:
>> stream, and it's looking for traffic data in traffic that's to let's say
>> the Facebook or Twitter or googlemail or WoW or Habbo sites.
(AFAIK Facebook say they fall under Irish jurisdiction for their EU
users w.r.t DP law at least)
>> These are afaik all hosted in the US, but they have strong UK
>> Let's suppose both Alice and Bob are in the UK. Now suppose Alice sends
>> Bob a message through facebook, or another of the US social media sites.
>> The black box sees and finds the traffic data concerned with Alice's
>> message, quite lawfully under the new bill - and the traffic data it
>> sees tells it it's an external communication, a message to a server
>> outside the UK.
AFAIK the last word (but grateful for any later ref) we have on HMG's
understanding is from 4th July 2000 (this was in response to FIPR
probing amendments about the new "domestic trawling" warrant in S.16(3),
misleadingly placed in a section called "Safeguards").
In theory, what defines internal/external is whether the communication
(at whatever protocol level) is "received" in the UK (rather than where
a server is located), but in practice this doesn't matter
(worth reading whole thing and context at
How do 8(3) and 15(3) interlock with clause 5(6)?/
<<<Clause 5(6) allows, under the authority of an interception warrant,
all such conduct as it is necessary to undertake in order to do what the
warrant expressly authorises. This conduct can include the interception
of communications - whether external or internal - not identified by the
warrant. But such interception must be the minimum necessary to achieve
the object of the warrant, and must be proportionate to that object. The
clause applies equally to warrants complying with clause 8(1) and (3).
In the latter case _it could, for example, make lawful the interception
of internal communications where these mixed with external
communications on a trunk used mainly for external purposes_.
Communications that originate and are received in the UK are always
"internal"; as is well known, some of these will go abroad en route and
so be carried on primarily external trunks. It is _not possible to
intercept the external communications on the trunk without intercepting
the internal communications as well.>>>_
>> Now suppose a SoS has signed a blanket warrant to allow the
>> black-box-operating-agency, hereinafter BlackBoxHQ, to intercept all
>> external communications (which he can do with a single stroke of the pen
>> under RIPA 8(4)).
>> BlackBoxHQ can see that Alice's message to Bob next door is in it's
>> first step actually a message to a server in the US, and thus an
>> external communication - and then BlackBoxHQ can look at Alice's
>> message's _content_, not just it's traffic data.
Yes, but FWIW (from Bassam letter)
<<<This selection is in practice designed to collect /external/
communications that fit the descriptions in the certificate. It is
therefore not likely to catch many internal communications. It would of
course be unlawful to /seek/ to catch internal communications in the
absence of an overlapping warrant or a certificate complying with clause
(original is italicized)
This was the most arcane controversy of RIPA (apart from Pt.3) and it
proved impossible to get media interest. But given the IoCC has never
commented on certificated warrants since the first report after IoCA, we
have no idea how diligent he may be at ensuring that nobody is "seeking"
to catch internal communications in this way.
There is a nastier legal problem, which I call "how do they know there
is a pearl inside the oyster, unless they have already looked inside" -
this is (badly) explained in the briefing notes at
/http://www.fipr.org/rip/#Overlapping. /It seemed to me the first IoCC
fudged this point in his invention of "overlapping warrants", and it has
never been cleared up or referred to publicly since. It is almost
exactly analogous to the issue that later created the tremendous furore
in US about "warrantless wiretapping", with the difference that US law
protects its own citizens categorically by nationality (which was
tougher to wriggle out of - until 2007/8 - than internal/external
distinction). There is some kind of irony (not sure what kind) that
Bassam's note was written on (US) Independence Day ;-)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ukcrypto