PRISM && Excited Guardianista

Caspar Bowden (lists) lists at casparbowden.net
Tue Jun 11 21:14:16 BST 2013 

Very helpful. Thanks Peter

CB

On 06/11/13 15:41, Peter Fairbrother wrote:
> Hi Caspar, how's self-employment?
>
> Sorry for the delay in replying, everything seems to have broken at 
> once and I'm just catching up fixing it.
>
>
>
> First a bit of context: requesting that a specific interception be 
> carried out is RIPA ss.1(1) interception when the request is made in 
> the UK, no matter where to rest of the interception takes place, see 
> ss.2(4).
>
> Whether receiving unrequested interception product is RIPA ss.1(1) 
> interception is unclear. Requesting/receiving  traffic or comms data 
> isn't interception.
>
> The following relates to whether a request for interception is legal.
>
>
>
>
> If the UK want to ask the US to make an interception or to request 
> intercepted content they can, under 5(1)(b).
>
> {" (b) the making, in accordance with an international mutual 
> assistance agreement, of a request for the provision of such 
> assistance in connection with, or in the form of, an interception of 
> communications as may be so described; "}
>
> It would require a warrant, which could be a "blanket" s.8(4) 
> certificated warrant if sender or recipient is outside the UK; and it 
> can be a "senior official" who signs it, doesn't need to be under the 
> hand of the SoS. SoS has to sign the certificate, but the certificate 
> can be used for many warrants.
>
>
> If the UK want to give intercepted content to the US they can, under 
> 5(1)(c).
>
> {" (c) the provision, in accordance with an international mutual 
> assistance agreement, to the competent authorities of a country or 
> territory outside the United Kingdom of any such assistance in 
> connection with, or in the form of, an interception of communications 
> as may be so described; "}
>
> Again it needs a warrant, can be 8(4) if sender or recipient is 
> outside the UK.
>
>
>
>
> There is also a different system, ss.4(1) used for intra-EU 
> assistance.  As the subject has to be outside the UK I assume ss.4(1) 
> is mostly about requesting data from other countries, and it couldn't 
> normally be used for eg requesting data on UK citizens in the UK:
>
> {" (1)Conduct by any person (“the interceptor”) consisting in the 
> interception of a communication in the course of its transmission by 
> means of a telecommunication system is authorised by this section if—
>
> (a)the interception is carried out for the purpose of obtaining 
> information about the communications of a person who, or who the 
> interceptor has reasonable grounds for believing, is in a country or 
> territory outside the United Kingdom;
>
> (b)the interception relates to the use of a telecommunications service 
> provided to persons in that country [...]
>
> (c)the person who provides that service [...] is required by the law 
> of that country or territory to carry out, secure or facilitate the 
> interception in question;
>
> (d) the situation is one in relation to which such further conditions 
> as may be prescribed by regulations made by the Secretary of State are 
> required to be satisfied before conduct may be treated as authorised 
> by virtue of this subsection; [...] "}
>
> Further conditions as in paragraph d, are in:
>
> The Regulation of Investigatory Powers (Conditions for the Lawful 
> Interception of Persons outside the United Kingdom) Regulations 2004:
>
> {" 3  For the purposes of section 4(1)(d) of the Regulation of 
> Investigatory Powers Act 2000, the following conditions are prescribed—
>
> (a)the interception is carried out for the purposes of a criminal 
> investigation;
>
> (b)the criminal investigation is being carried out in a country or 
> territory that is party to an international agreement designated for 
> the purposes of section 1(4) of that Act. "}
>
> So ss.4(1) could not be used for requesting US interception product, 
> as no UK-US agreement has been designated for the purposes of ss.1(4), 
> see below. Also, a warrant, order or equivalent instrument has to be 
> required under the treaty.
>
>
>
> If an EU country asks the UK for a domestic UK interception, I think 
> the SoS has to issue a UK warrant.
>
>
> And then there's ss.1(4), which is a bit unusual. It's not really in a 
> sensible place in RIPA, comes from nowhere and goes nowhere. I think 
> it has something to do with the EU agreement:
>
> The Convention on Mutual Assistance in Criminal Matters between the 
> Member States of the European Union established by Council Act of 29th 
> May 2000 (2000/C197/01)
>
> as mentioned in
>
> The Regulation of Investigatory Powers (Designation of an 
> International Agreement) Order 2004.
>
> Well it definitely does have something to do with that Agreement, as 
> that's the only Agreement which has been designated under ss.1(4), and 
> ss.1(4) (but not ss.4(1)) only applies to agreements which have been 
> so designated.
>
> All ss.1(4) does is place a duty on the SoS to ensure that requests 
> made to foreign countries are properly made.
>
>
>
> On 09/06/13 21:37, Caspar Bowden (lists) wrote:
>> Thanks Peter, those bits of RIPA were on mu to do list to rummage
>>
>> On 06/09/13 20:06, Peter Fairbrother wrote:
>>> ...
>>> it shall be the duty of the Secretary of State to secure that no
>>> request for assistance in accordance with the agreement is made on
>>> behalf of a person in the United Kingdom to the competent authorities
>>> of a country or territory outside the United Kingdom except with
>>> lawful authority.
>>
>> I wonder what kinds of lawful authority there can be ?
>
> That's in the next subsection, ss.1(5), and is the same as for 
> interception in general.
>
>>> Not that it would be much of a duty anyway (eg a ss 8(4) warrant would
>>> be lawful authority).
>>
>> Would it ? Maybe, but v. helpful if you can spell out if you can see how
>> that fits (maybe trivial)
>
> Yes, as above: it falls under ss.1(5)
>
> 5) Conduct has lawful authority for the purposes of this section if, 
> and only if— [...]
>
> (b)it takes place in accordance with a warrant under section 5 (“an 
> interception warrant”); or
>
>>
>>> but if the SoS doesn't designate an agreement,
>>
>> Which bit is that?
>
> ss.1(4)(c):
>
> {" (c)is designated for the purposes of this subsection by an order 
> made by the Secretary of State, "}
>
>>
>>> there is no duty on him, and designating an agreement does nothing 
>>> else.
>>>
>>> I wonder, have any orders designating a UK-US agreement under ss.1(4)
>>> been made?
>>
>> Aha. Anyone else? where would one look for that ?
>>>
>>> Nope, just an EU-wide one.
>>
>> And where is that ?
>
> see above
>>
>> Sorry if these obvious just overloaded right now
>
> no prob
>
>
> -- Peter Fairbrother
>
>

More information about the ukcrypto mailing list