latest plans to monitor internet use in the UK

Fri Jun 15 21:41:49 BST 2012

Tom Thomson wrote:
> The met commissioner says this will help them conduct a war on crime, but I suspect he means a war on civil liberties.
> 
>> On Thu, 14 June 2012 09:21, Marcus Williamson wrote:
>>
>>> Currently the "How it would work" seems to be 404-ing..
>> Here's the link:
>> http://www.bbc.co.uk/news/uk-18434232

I don't get it.

Suppose my ISP records all the in/out IPs of every packet sent to /from 
me, and Alice's ISP does the same for Alice. I talk to Alice on a 
facebook forum.

How does this help show I talked to Alice?

(never mind ssl/tls on googlemail - hmm, can you send email to a 
googlemail address via ssl/tls web rather than via email?)

I'm looking at the filtering bit in the draft Act, and I can't 
understand what it's all about. Perhaps the authors don't know either, 
or perhaps they are doing a good job of obfuscation.

The data collection part, Part 1, says they can collect comms data - 
defined much the same as in RIPA - and 1(4) says: "Nothing in this Part 
authorises any conduct consisting in the interception of
communications in the course of their transmission by means of a
telecommunication system."

so, if it's the ISPs who collect only the same comms data, and dish the 
relevant dribbles out on demand/request while keeping the mass of data 
secure, it just means they collect a bit more, and keep it for however 
long - much the same overall though, no big difference (and there would 
be no need for an Act to make only those changes, they could be made 
under RIPA by SI).

A (the?) _really_ big problem would arise if comms data is made 
available en mass to the filtering operation, which may or may not be 
operated by the ISPs - afaics Schedule 1 and clause 20 mean the 
filtering could be operated by GCHQ, or whoever the Secretary wants to 
run it. The ISPs wouldn't have the option to refuse.

And I haven't seen anything which limits the scope of an authorisation 
to a set of premises, or a person, or whatever - so a single blanket 
authorisation might be enough for GCHQ to obtain all the comms data an 
ISP collects.

(and they did almost exactly that regarding intercepting semi-foreign 
comms, they issued a blanket warrant because the strict legal 
restriction on the scope of a warrant under RIPA only applied to comms 
where both the sender and recipient are in the UK)

Oh, it gets put through filters after CGHQ sweeps it up, and GCHQ's 
clients can only see filter product when properly authorised .. so 
that's okay then, not.

But as I said before, I don't get it. I don't understand what they are 
trying to do. I probably will, eventually, but not yet.

Thing is, afaict the draft Act allows them to do exactly that extremely 
nasty stuff - and that's the only reason I can see for having all the 
guff about filters in there, or indeed to have an Act at all.

-- Peter Fairbrother