PRISM && Excited Guardianista

Peter Fairbrother zenadsl6186 at zen.co.uk
Tue Jun 11 15:41:46 BST 2013 

Hi Caspar, how's self-employment?

Sorry for the delay in replying, everything seems to have broken at once 
and I'm just catching up fixing it.



First a bit of context: requesting that a specific interception be 
carried out is RIPA ss.1(1) interception when the request is made in the 
UK, no matter where to rest of the interception takes place, see ss.2(4).

Whether receiving unrequested interception product is RIPA ss.1(1) 
interception is unclear. Requesting/receiving  traffic or comms data 
isn't interception.

The following relates to whether a request for interception is legal.




If the UK want to ask the US to make an interception or to request 
intercepted content they can, under 5(1)(b).

{" (b) the making, in accordance with an international mutual assistance 
agreement, of a request for the provision of such assistance in 
connection with, or in the form of, an interception of communications as 
may be so described; "}

It would require a warrant, which could be a "blanket" s.8(4) 
certificated warrant if sender or recipient is outside the UK; and it 
can be a "senior official" who signs it, doesn't need to be under the 
hand of the SoS. SoS has to sign the certificate, but the certificate 
can be used for many warrants.


If the UK want to give intercepted content to the US they can, under 
5(1)(c).

{" (c) the provision, in accordance with an international mutual 
assistance agreement, to the competent authorities of a country or 
territory outside the United Kingdom of any such assistance in 
connection with, or in the form of, an interception of communications as 
may be so described; "}

Again it needs a warrant, can be 8(4) if sender or recipient is outside 
the UK.




There is also a different system, ss.4(1) used for intra-EU assistance. 
  As the subject has to be outside the UK I assume ss.4(1) is mostly 
about requesting data from other countries, and it couldn't normally be 
used for eg requesting data on UK citizens in the UK:

{" (1)Conduct by any person (“the interceptor”) consisting in the 
interception of a communication in the course of its transmission by 
means of a telecommunication system is authorised by this section if—

(a)the interception is carried out for the purpose of obtaining 
information about the communications of a person who, or who the 
interceptor has reasonable grounds for believing, is in a country or 
territory outside the United Kingdom;

(b)the interception relates to the use of a telecommunications service 
provided to persons in that country [...]

(c)the person who provides that service [...] is required by the law of 
that country or territory to carry out, secure or facilitate the 
interception in question;

(d) the situation is one in relation to which such further conditions as 
may be prescribed by regulations made by the Secretary of State are 
required to be satisfied before conduct may be treated as authorised by 
virtue of this subsection; [...] "}

Further conditions as in paragraph d, are in:

The Regulation of Investigatory Powers (Conditions for the Lawful 
Interception of Persons outside the United Kingdom) Regulations 2004:

{" 3  For the purposes of section 4(1)(d) of the Regulation of 
Investigatory Powers Act 2000, the following conditions are prescribed—

(a)the interception is carried out for the purposes of a criminal 
investigation;

(b)the criminal investigation is being carried out in a country or 
territory that is party to an international agreement designated for the 
purposes of section 1(4) of that Act. "}

So ss.4(1) could not be used for requesting US interception product, as 
no UK-US agreement has been designated for the purposes of ss.1(4), see 
below. Also, a warrant, order or equivalent instrument has to be 
required under the treaty.



If an EU country asks the UK for a domestic UK interception, I think the 
SoS has to issue a UK warrant.


And then there's ss.1(4), which is a bit unusual. It's not really in a 
sensible place in RIPA, comes from nowhere and goes nowhere. I think it 
has something to do with the EU agreement:

The Convention on Mutual Assistance in Criminal Matters between the 
Member States of the European Union established by Council Act of 29th 
May 2000 (2000/C197/01)

as mentioned in

The Regulation of Investigatory Powers (Designation of an International 
Agreement) Order 2004.

Well it definitely does have something to do with that Agreement, as 
that's the only Agreement which has been designated under ss.1(4), and 
ss.1(4) (but not ss.4(1)) only applies to agreements which have been so 
designated.

All ss.1(4) does is place a duty on the SoS to ensure that requests made 
to foreign countries are properly made.



On 09/06/13 21:37, Caspar Bowden (lists) wrote:
> Thanks Peter, those bits of RIPA were on mu to do list to rummage
>
> On 06/09/13 20:06, Peter Fairbrother wrote:
>> ...
>> it shall be the duty of the Secretary of State to secure that no
>> request for assistance in accordance with the agreement is made on
>> behalf of a person in the United Kingdom to the competent authorities
>> of a country or territory outside the United Kingdom except with
>> lawful authority.
>
> I wonder what kinds of lawful authority there can be ?

That's in the next subsection, ss.1(5), and is the same as for 
interception in general.

>> Not that it would be much of a duty anyway (eg a ss 8(4) warrant would
>> be lawful authority).
>
> Would it ? Maybe, but v. helpful if you can spell out if you can see how
> that fits (maybe trivial)

Yes, as above: it falls under ss.1(5)

5) Conduct has lawful authority for the purposes of this section if, and 
only if— [...]

(b)it takes place in accordance with a warrant under section 5 (“an 
interception warrant”); or

>
>> but if the SoS doesn't designate an agreement,
>
> Which bit is that?

ss.1(4)(c):

{" (c)is designated for the purposes of this subsection by an order made 
by the Secretary of State, "}

>
>> there is no duty on him, and designating an agreement does nothing else.
>>
>> I wonder, have any orders designating a UK-US agreement under ss.1(4)
>> been made?
>
> Aha. Anyone else? where would one look for that ?
>>
>> Nope, just an EU-wide one.
>
> And where is that ?

see above
>
> Sorry if these obvious just overloaded right now

no prob


-- Peter Fairbrother

More information about the ukcrypto mailing list