sorry, but ...

Peter Fairbrother zenadsl6186 at zen.co.uk
Wed Jul 25 13:36:59 BST 2012 

Hi Caspar, long time no see.

On 25/07/12 09:03, Caspar Bowden (travelling) wrote:
>
> Hi Peter
>
> On 07/25/2012 12:35 AM, Peter Fairbrother wrote:
>>> stream, and it's looking for traffic data in traffic that's to let's say
>>> the Facebook or Twitter or googlemail or WoW or Habbo sites.
>
> (AFAIK Facebook say they fall under Irish jurisdiction for their EU
> users w.r.t DP law at least)
>
>>> These are afaik all hosted in the US, but they have strong UK
>>> connections.
>>>
>>> Let's suppose both Alice and Bob are in the UK. Now suppose Alice sends
>>> Bob a message through facebook, or another of the US social media sites.
>>>
>>> The black box sees and finds the traffic data concerned with Alice's
>>> message, quite lawfully under the new bill - and the traffic data it
>>> sees tells it it's an external communication, a message to a server
>>> outside the UK.
>
> AFAIK the last word (but grateful for any later ref) we have on HMG's
> understanding is from 4th July 2000 (this was in response to FIPR
> probing amendments about the new "domestic trawling" warrant in S.16(3),
> misleadingly placed in a section called "Safeguards").

> In theory, what defines internal/external is whether the communication
> (at whatever protocol level) is "received" in the UK (rather than where
> a server is located), but in practice this doesn't matter


Could you say why it doesn't matter? That's not clear to me. Thx.
>
> http://www.fipr.org/rip/Bassam%20reply%20to%20Phillips%20on%20S.15.3.htm/
> (worth reading whole thing and context at
> http://www.fipr.org/rip/#Overlapping)

Lord Bassam:
I confirm what I said in the House, that a communication from one point 
in the British Islands to another point in the British Islands is 
'internal' even if its route takes it outside the British Islands.

[...]

and
Lord Bassam:
> Communications that originate and are received in the UK are always
> "internal";

So says Lord Bassam. But I very much doubt that he had Facebook in mind 
when he said that, so even if he was correct (he wasn't[1]), or if what 
he said had any legal significance because he said it, it doesn't apply 
to the Facebook situation.

And so as ever we are left with the plain wording of the law:

RIPA S.20: “external communication” means a communication sent or 
received outside the British Islands;

When Alice sends her message to Bob via Facebook in Eire, is her 
communication received by Facebook?

I'd say it was, and I can't see a dozen Judges disagreeing.

She might for instance be sending it to Facebook so Bob and Chas could 
see it, or all her friends could see it - does it make any difference if 
only one person can see it ?


Note this situation is different to an IP packet passing through a third 
country - it is harder to say then that the communication is received by 
the router (although the packet obviously is).

If she is sending her communication to Facebook then it's an external 
communication, and it can be intercepted, including content, under an 
8(4) warrant.


So what can "they" do under an 8(4) warrant? They can look for keywords, 
they can look at it all - about the only thing they can't do is sort 
through it for communications to or from a particular person.

Except of course they can do that too, if the SoS signs a RIPA S,16(3) 
certificate which allows it. That certificate can apply to an 
individual, to some individuals who fit a particular description, to 
groups, or the whole population - there is no limitation to the number 
of people named or described in the certificate.

(neither is there a limit to the duration of a 16(3) certificate. Also, 
the certificate which turns an ordinary warrant into a S.8(4) warrant 
does not have a limited life either. The warrant does, but the 
certificate does not. How many SoS's have we had since 2000? It would 
only take two signatures from any one of them... )


> as is well known, some of these will go abroad en route and
> so be carried on primarily external trunks. It is _not possible to
> intercept the external communications on the trunk without intercepting
> the internal communications as well.>>>_
>
>
>>> Now suppose a SoS has signed a blanket warrant to allow the
>>> black-box-operating-agency, hereinafter BlackBoxHQ, to intercept all
>>> external communications (which he can do with a single stroke of the pen
>>> under RIPA 8(4)).
>>>
>>> BlackBoxHQ can see that Alice's message to Bob next door is in it's
>>> first step actually a message to a server in the US, and thus an
>>> external communication - and then BlackBoxHQ can look at Alice's
>>> message's _content_, not just it's traffic data.
>
> Yes, but FWIW (from Bassam letter)
>
> <<<This selection is in practice designed to collect /external/
> communications that fit the descriptions in the certificate. It is
> therefore not likely to catch many internal communications. It would of
> course be unlawful to /seek/ to catch internal communications in the
> absence of an overlapping warrant or a certificate complying with clause
> 15(3).>>>
> (original is italicized)
>
> This was the most arcane controversy of RIPA (apart from Pt.3) and it
> proved impossible to get media interest. But given the IoCC has never
> commented on certificated warrants since the first report after IoCA, we
> have no idea how diligent he may be at ensuring that nobody is "seeking"
> to catch internal communications in this way.


I think you are missing my point. What Bassam is talking about here is 
whether internal communications get swept up in a search for external 
communications.

The issue I was addressing is intercepting external communications, and 
Lord Bassam's words are not relevant to that - he simply assumes it's ok.

>
> There is a nastier legal problem, which I call "how do they know there
> is a pearl inside the oyster, unless they have already looked inside" -
> this is (badly) explained in the briefing notes at
> /http://www.fipr.org/rip/#Overlapping.

Yes, that's confusing and sometimes wrong.

/It seemed to me the first IoCC
> fudged this point in his invention of "overlapping warrants", and it has
> never been cleared up or referred to publicly since.

I don't think they have them anymore?

The grounds for a certifying a warrant are much broader now - so broad 
that any restrictions they might impose are almost meaningless.

They also have S. 16(3) certificates instead if they want to target 
individuals, or groups (or everybody, if they want).

So I don't think they need them anymore either.


-- Peter

[1] an email is sent to two people, one in the UK, one abroad. The 
traffic from the sender to the mail server is a single communication. It 
is external because it is received by person two abroad, even though it 
is received by person one in the UK - however it "originated and will be 
received in the UK" and should therefore be internal according to LB.

There are several other circumstances where the statement 
"Communications that originate and are received in the UK are always 
"internal" would be just plain wrong, and inconsistent with the 
definition “external communication” means a communication sent or 
received outside the British Islands; - unless of course when he uses 
"internal" he means something other than "not external", the apparently 
relevent definition.

  It is almost
> exactly analogous to the issue that later created the tremendous furore
> in US about "warrantless wiretapping", with the difference that US law
> protects its own citizens categorically by nationality (which was
> tougher to wriggle out of - until 2007/8 - than internal/external
> distinction). There is some kind of irony (not sure what kind) that
> Bassam's note was written on (US) Independence Day ;-)
>
> Caspar
>
> /
>
> /

More information about the ukcrypto mailing list