PRISM && Excited Guardianista

Peter Fairbrother zenadsl6186 at zen.co.uk
Sun Jun 9 20:06:31 BST 2013 

On 08/06/13 11:41, Caspar Bowden (lists) wrote:

> Well, this CoE stuff doesn't deal with "national security" matters,
> doesn't mention FISA or FISAAA (or PAA) or comparable laws (to the
> extent there are any)

There's RIPA.

One section 8(4) warrant from the Foreign Secretary, and GCHQ can scoop 
up any and all "external" traffic (anything sent or received outside the 
UK).

Such a warrant could also require the networks to give them copies of 
all traffic entering or leaving the UK, including content; although 
historically they have preferred to collect it surreptitiously and 
largely without involving the communications providers by tapping 
microwave links and cables as they enter or leave the country.

Such a warrant could include the legal power to intercept all US 
internal internet and telephone traffic. So collecting it isn't a legal 
problem.



As to sharing the product, that's okay, see 4(1) (for the EU, needs no 
UK warrant) and 5(1)(c) (for everyone else- needs 8(4) warrant). GCHQ 
can obtain intercepted traffic from, or give intercepted traffic to NSA, 
no problem.


But as for requesting it-  well, there's RIPA subsection 1(4):
{
(4)Where the United Kingdom is a party to an international agreement which—

(a)relates to the provision of mutual assistance in connection with, or 
in the form of, the interception of communications,

(b)requires the issue of a warrant, order or equivalent instrument in 
cases in which assistance is given, and

(c)is designated for the purposes of this subsection by an order made by 
the Secretary of State,

it shall be the duty of the Secretary of State to secure that no request 
for assistance in accordance with the agreement is made on behalf of a 
person in the United Kingdom to the competent authorities of a country 
or territory outside the United Kingdom except with lawful authority.
}

Not that it would be much of a duty anyway (eg a ss 8(4) warrant would 
be lawful authority). but if the SoS doesn't designate an agreement, 
there is no duty on him, and designating an agreement does nothing else.

I wonder, have any orders designating a UK-US agreement under ss.1(4) 
been made?

Nope, just an EU-wide one.

-- Peter Fairbrother

More information about the ukcrypto mailing list