https - hopefully not too stupid a question

Ian Batten igb at
Tue Jun 19 10:26:12 BST 2012

On 19 Jun 2012, at 07:40, Roland Perry wrote:

> In article <E1F5CE85-8C36-4788-B3D8-B0E47F0CFC65 at>, Ian Batten <igb at> writes
>>> Are you sure the filter is being applied to "all data", and not just to "things which are mainly, but not entirely, traffic data". For
>>> example urls, or email headers, where depending on the context more or less of them is traffic data (and the remainder, content).
>> I can't decide, and I've read the section (and the explanatory notes) several times.
> Having read it through again just now, there may be a clue in the way that 'excess' (my expression) input data to the filtering process has to be destroyed. Destroying part of what you've logged, especially after being told to retain it all, and when a different public authority might turn up later with a different filter, makes no sense.

I agree, up to a point (playing devil's advocate)

The only reason you need to destroy the data after filtering is that it's data you otherwise have no right to have.  If it were logs and other communications data, you not only have a right to have it, but have an obligation to have it.

But it's not only content data which falls into that category.  What about trying to piece together communications data which spans multiple ISPs?  It's not clear to me who operates the Filtering Devices, but if they are government boxes, one interpretation would be that they allow law enforcement to obtain overly-broad communications data from ISP1 and ISP2, grind them through the filtering device (which now becomes a data mining box, rather than an in-line interception box) and yield some nugget of information for which they did have an authorisation.  The law enforcement entity has no right to the data from ISP1 and ISP2 other than as input to the filter, so has to destroy it afterwards.  It lives on in the vaults of the ISPs until it times out, but the law enforcement people don't have it for future examination.


More information about the ukcrypto mailing list