From fw at deneb.enyo.de Wed May 1 15:43:26 2013 From: fw at deneb.enyo.de (Florian Weimer) Date: Wed, 01 May 2013 16:43:26 +0200 Subject: Phone hacking: the telco angle Message-ID: <87r4hq69rl.fsf@mid.deneb.enyo.de> I recently revisited parts of the phone hacking coverage (mainly related to the activities of NotW), and it seems that this was never framed as a security failure at the mobile phone operators who ran the network and provisioned the attacked services. Is there any explanation for this? From roger at hayter.org Wed May 1 19:48:57 2013 From: roger at hayter.org (Roger Hayter) Date: Wed, 1 May 2013 19:48:57 +0100 Subject: Phone hacking: the telco angle In-Reply-To: <87r4hq69rl.fsf@mid.deneb.enyo.de> References: <87r4hq69rl.fsf@mid.deneb.enyo.de> Message-ID: On 1 May 2013, at 15:43, Florian Weimer wrote: > I recently revisited parts of the phone hacking coverage (mainly > related to the activities of NotW), and it seems that this was never > framed as a security failure at the mobile phone operators who ran the > network and provisioned the attacked services. > > Is there any explanation for this? > > They told us we needed to set a PIN to make it secure. They, probably correctly, calculated that more people would be annoyed by having to set (and forget) a PIN than would be annoyed lack of security. So they didn't make it compulsory. Probably the right commercial decision at the time. Would still be the right one for me. DOI: I have forgotten my PIN. -- Roger Hayter From c.r.ritson at newcastle.ac.uk Thu May 2 11:19:44 2013 From: c.r.ritson at newcastle.ac.uk (C R Ritson) Date: Thu, 2 May 2013 10:19:44 +0000 Subject: Phone hacking: the telco angle In-Reply-To: References: <87r4hq69rl.fsf@mid.deneb.enyo.de> Message-ID: Not long after this became public I got a text from my phone company to say that they had noted that my voice pin was still unset/default and asking me to set it. I did (and probably can't remember it). Chris Ritson (Computing Officer and School Safety Officer) Room 707, Claremont Tower, EMAIL: C.R.Ritson at ncl.ac.uk School of Computing Science, PHONE: +44 191 222 8175 Newcastle University, FAX : +44 191 222 8232 Newcastle upon Tyne, UK NE1 7RU. WEB : http://www.cs.ncl.ac.uk/ >-----Original Message----- >From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto- >bounces at chiark.greenend.org.uk] On Behalf Of Roger Hayter >Sent: 01 May 2013 19:49 >To: UK Cryptography Policy Discussion Group >Subject: Re: Phone hacking: the telco angle > > > > > > >On 1 May 2013, at 15:43, Florian Weimer wrote: > >> I recently revisited parts of the phone hacking coverage (mainly >> related to the activities of NotW), and it seems that this was never >> framed as a security failure at the mobile phone operators who ran the >> network and provisioned the attacked services. >> >> Is there any explanation for this? >> >> > >They told us we needed to set a PIN to make it secure. They, probably >correctly, calculated that more people would be annoyed by having to set >(and forget) a PIN than would be annoyed lack of security. So they didn't >make it compulsory. Probably the right commercial decision at the time. >Would still be the right one for me. DOI: I have forgotten my PIN. > > > > >-- > >Roger Hayter From chris-ukcrypto at lists.skipnote.org Thu May 2 12:50:04 2013 From: chris-ukcrypto at lists.skipnote.org (Chris Edwards) Date: Thu, 2 May 2013 12:50:04 +0100 (BST) Subject: Phone hacking: the telco angle In-Reply-To: References: <87r4hq69rl.fsf@mid.deneb.enyo.de> Message-ID: On Wed, 1 May 2013, Roger Hayter wrote: > They told us we needed to set a PIN to make it secure. They, probably > correctly, calculated that more people would be annoyed by having to set There's a difference between retrieving voicemail on the handset itself, versus being able to dial in and access it from any phone (which I gather is what the newspapers were abusing). Back in the day, I recall Orange would only allow access from the handset, UNLESS a PIN was set, in which case access was allowed from anywhere. I imagine most of their customers never knew about the remote access option, never set a pin, yet weren't vulnerable. From lists at internetpolicyagency.com Thu May 2 14:06:13 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Thu, 2 May 2013 14:06:13 +0100 Subject: Phone hacking: the telco angle In-Reply-To: References: <87r4hq69rl.fsf@mid.deneb.enyo.de> Message-ID: In article , Chris Edwards writes >> They told us we needed to set a PIN to make it secure. They, probably >> correctly, calculated that more people would be annoyed by having to set > >There's a difference between retrieving voicemail on the handset itself, >versus being able to dial in and access it from any phone (which I gather >is what the newspapers were abusing). > >Back in the day, I recall Orange would only allow access from the handset, >UNLESS a PIN was set, in which case access was allowed from anywhere. > >I imagine most of their customers never knew about the remote access >option, never set a pin, yet weren't vulnerable. Most people probably found out about "remote" access when they went abroad - I don't think any of the networks trusted (and some probably didn't get, at least in the early days) CLI delivered to them. The sort of people whose PIN might be hacked are very likely to have gone abroad at some stage. -- Roland Perry From james at cloud9.co.uk Thu May 2 11:19:15 2013 From: james at cloud9.co.uk (James Fidell) Date: Thu, 02 May 2013 11:19:15 +0100 Subject: Best practice for federated authentication and authorisation? Message-ID: <51823DA3.2020707@cloud9.co.uk> I'm currently looking for some sort of definition of best practice for implementing federated authentication and authorisation systems, but struggling to find much. What I'm looking at is an application that uses Gmail/Facebook/Twitter etc. for authentication via a bespoke intermediate ("cloud-based") registration service and then does access control by verifying claims with another bespoke cloud-based system. Can anyone point me to any documents that discuss best practice for implementation of such a system? I'm thinking that handling all transactions over HTTPS really isn't sufficient for this and that they should all be at least time-stamped, digitally signed and use both client and server certificates for HTTPS, but if I'm being overly paranoid, or not paranoid enough, it would be useful to know :) Thanks, James From roger at hayter.org Thu May 2 15:46:58 2013 From: roger at hayter.org (Roger Hayter) Date: Thu, 2 May 2013 15:46:58 +0100 Subject: Phone hacking: the telco angle In-Reply-To: References: <87r4hq69rl.fsf@mid.deneb.enyo.de> Message-ID: <9FA9C983-6B19-4CA5-90F7-1FEEBD5FBB16@hayter.org> On 2 May 2013, at 12:50, Chris Edwards wrote: > On Wed, 1 May 2013, Roger Hayter wrote: > >> They told us we needed to set a PIN to make it secure. They, probably >> correctly, calculated that more people would be annoyed by having to set > > There's a difference between retrieving voicemail on the handset itself, > versus being able to dial in and access it from any phone (which I gather > is what the newspapers were abusing). > > Back in the day, I recall Orange would only allow access from the handset, > UNLESS a PIN was set, in which case access was allowed from anywhere. > > I imagine most of their customers never knew about the remote access > option, never set a pin, yet weren't vulnerable. > Well, on O2 I was given remote access enabled by default 10+ years ago, with a default PIN of 0000. And I got the email saying they were going to disable remote access unless I set a new PIN a couple of years back when the scandal became more intense. -- Roger Hayter From nicholas.cole at gmail.com Tue May 7 10:43:42 2013 From: nicholas.cole at gmail.com (Nicholas Cole) Date: Tue, 7 May 2013 10:43:42 +0100 Subject: FAQ on UK law Message-ID: Dear List, Is there an FAQ anywhere on the state of UK law as it relates to the development of cryptography and software that uses cryptography? I've read the Crypto Law Survey: http://www.cryptolaw.org and the rules surrounding domestic use are very clear. What is much less clear is the question of "export". Does, for example, hosting a piece of software like PuTTY or ssh or gnupg on a UK-based website count as "export"? What about providing support for such software? Unlike the Americans, who seem to have specific regulations for Open Source Software, I can't see anything comparable in UK law. There was a flurry of activity around this in the late 1990s, and things seem to have cooled down since, but clarity still seems to be lacking! Nicholas -------------- next part -------------- An HTML attachment was scrubbed... URL: From clive at davros.org Tue May 7 11:29:55 2013 From: clive at davros.org (Clive D.W. Feather) Date: Tue, 7 May 2013 11:29:55 +0100 Subject: FAQ on UK law In-Reply-To: References: Message-ID: <20130507102955.GA81557@davros.org> Nicholas Cole said: > What is much less clear is the question of "export". Does, for example, > hosting a piece of software like PuTTY or ssh or gnupg on a UK-based > website count as "export"? What about providing support for such software? The European Court, in case C-101/01 ("Lindqvist") decided that there is no 'transfer [of data] to a third country' within the meaning of Article 25 of Directive 95/46 where an individual in a Member State loads personal data onto an internet page which is stored with his hosting provider which is established in that State or in another Member State, thereby making those data accessible to anyone who connects to the internet, including people in a third country. In other words, putting material on a web site is not exporting it as far as the Data Protection Act is concerned. Whether this would be accepted as precedence by a UK court on an export control matter is another question. (Yes, I am an academic laywer. No, this is not legal advice.) -- Clive D.W. Feather | If you lie to the compiler, Email: clive at davros.org | it will get its revenge. Web: http://www.davros.org | - Henry Spencer Mobile: +44 7973 377646 From fjmd1a at gmail.com Tue May 7 14:56:50 2013 From: fjmd1a at gmail.com (Francis Davey) Date: Tue, 7 May 2013 14:56:50 +0100 Subject: FAQ on UK law In-Reply-To: <20130507102955.GA81557@davros.org> References: <20130507102955.GA81557@davros.org> Message-ID: 2013/5/7 Clive D.W. Feather > > The European Court, in case C-101/01 ("Lindqvist") decided that > > there is no 'transfer [of data] to a third country' within the meaning > of Article 25 of Directive 95/46 where an individual in a Member State > loads personal data onto an internet page which is stored with his > hosting provider which is established in that State or in another > Member State, thereby making those data accessible to anyone who > connects to the internet, including people in a third country. > > In other words, putting material on a web site is not exporting it as far > as the Data Protection Act is concerned. Whether this would be accepted as > precedence by a UK court on an export control matter is another question. I'm sceptical as to whether Lindqvist has any relevance. The case concerned whether there had been a "transfer" of personal data by Bodil Lindqvist within the meaning of Article 25 of the data protection directive. I can immediately think of two reasons why it does not help us: [1] It concerns two different readings "transfer" v "export" that appear in very different legal frameworks. I suspect that interpretation of one does not help with the other. [2] A close reading of Lindqvist suggests it is not as helpful as one might think at first sight. The CJEU seems to think that because she did not herself carry out the transfer - it was done by the web hosting service she was using - that was OK. I suspect a court (mindful that Bodil Lindqvist faced criminal charges for blogging that someone she knew at church had a sprained ankle inter alia) wanted to make sure the web was legally possible by making a much nicer distinction than most of us would be happy to live with. There's a little bit of help in the underlying EU export control legislation. Article 2(b) of Council Regulation 1334/2000 says: "export" shall mean: ... (iii) transmission of software or technology by electronic media, fax or telephone to a destination outside the Community; this applies to oral transmission of technology by telephone only where the technology is contained in a document the relevant part of which is read out over the telephone, or is described over the telephone in such a way as to achieve substantially the same result; So, it would appear that hosting export controlled software would be an export if it were downloaded outside the jurisdiction. I cannot see how offering support could be. But, I'm not a specialist software export lawyer. Although this is roughly my field, I haven't researched the point, so this is just how it appears to me off the top of my head. -- Francis Davey -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at CasparBowden.net Tue May 7 14:57:20 2013 From: lists at CasparBowden.net (Caspar Bowden (lists)) Date: Tue, 07 May 2013 14:57:20 +0100 Subject: FAQ on UK law In-Reply-To: <20130507102955.GA81557@davros.org> References: <20130507102955.GA81557@davros.org> Message-ID: <51890840.9000601@CasparBowden.net> On 07/05/13 11:29, Clive D.W. Feather wrote: > Nicholas Cole said: >> What is much less clear is the question of "export". Does, for example, >> hosting a piece of software like PuTTY or ssh or gnupg on a UK-based >> website count as "export"? What about providing support for such software? > The European Court, in case C-101/01 ("Lindqvist") decided that > > there is no 'transfer [of data] to a third country' within the meaning > of Article 25 of Directive 95/46 where an individual in a Member State > loads personal data onto an internet page which is stored with his > hosting provider which is established in that State or in another > Member State, thereby making those data accessible to anyone who > connects to the internet, including people in a third country. > > In other words, putting material on a web site is not exporting it as far > as the Data Protection Act is concerned. Whether this would be accepted as > precedence by a UK court on an export control matter is another question. > > (Yes, I am an academic laywer. No, this is not legal advice.) (Hi Clive) (/pace/ original question wasn't about personal data & DP but crypto export control) that's not the ICO's interpretation 1.3.4 In the case of Bodil Lindqvist v Kammaraklagaren (2003) (Case C-101/01), the European Court of Justice held that there was no transfer of personal data to a third country where an individual loaded personal data onto an internet page in a Member State using a internet hosting provider in that Member State, even though the page was accessible via the internet by people based in a third country. Instead, a transfer was only deemed to have taken place *where the internet page was actually accessed* by a person located in a third country. In practice, data are often loaded onto the internet with the intention that the data be accessed in a third country, and, as this will usually lead to a transfer, the principle in the Lindqvist case will not apply in such circumstances. However, in situations where there is no intention to transfer the data to a third country and no transfer is deemed to have taken place as the information has not been accessed in a third country (ie. the eighth principle does not apply), data controllers will still need to ensure that the processing complies with all of the other principles. In particular, data controllers must consider the requirement in the first data protection principle that the processing must be fair which may be contravened by making the data so widely accessible. (IANAL and this is not legal advice) In other words ICO is saying that even though ECJ was out-to-lunch on this aspect, they will get you on "fairness" principle if you try to take p!$$ CB -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at casparbowden.net Tue May 7 15:10:59 2013 From: lists at casparbowden.net (Caspar Bowden (lists)) Date: Tue, 07 May 2013 15:10:59 +0100 Subject: FAQ on UK law In-Reply-To: <20130507102955.GA81557@davros.org> References: <20130507102955.GA81557@davros.org> Message-ID: <51890B73.9070604@casparbowden.net> (sorry if duplicate - didn't see list echo) On 07/05/13 11:29, Clive D.W. Feather wrote: > Nicholas Cole said: >> What is much less clear is the question of "export". Does, for example, >> hosting a piece of software like PuTTY or ssh or gnupg on a UK-based >> website count as "export"? What about providing support for such software? > The European Court, in case C-101/01 ("Lindqvist") decided that > > there is no 'transfer [of data] to a third country' within the meaning > of Article 25 of Directive 95/46 where an individual in a Member State > loads personal data onto an internet page which is stored with his > hosting provider which is established in that State or in another > Member State, thereby making those data accessible to anyone who > connects to the internet, including people in a third country. > > In other words, putting material on a web site is not exporting it as far > as the Data Protection Act is concerned. Whether this would be accepted as > precedence by a UK court on an export control matter is another question. > > (Yes, I am an academic laywer. No, this is not legal advice.) (Hi Clive) (/pace/ original question wasn't about personal data & DP but crypto export control) that's not the ICO's interpretation 1.3.4 In the case of Bodil Lindqvist v Kammaraklagaren (2003) (Case C-101/01), the European Court of Justice held that there was no transfer of personal data to a third country where an individual loaded personal data onto an internet page in a Member State using a internet hosting provider in that Member State, even though the page was accessible via the internet by people based in a third country. Instead, a transfer was only deemed to have taken place *where the internet page was actually accessed* by a person located in a third country. In practice, data are often loaded onto the internet with the intention that the data be accessed in a third country, and, as this will usually lead to a transfer, the principle in the Lindqvist case will not apply in such circumstances. However, in situations where there is no intention to transfer the data to a third country and no transfer is deemed to have taken place as the information has not been accessed in a third country (ie. the eighth principle does not apply), data controllers will still need to ensure that the processing complies with all of the other principles. In particular, data controllers must consider the requirement in the first data protection principle that the processing must be fair which may be contravened by making the data so widely accessible. (IANAL and this is not legal advice) In other words ICO is saying that even though ECJ was out-to-lunch on this aspect, they will get you on "fairness" principle if you try to take p!$$ CB -------------- next part -------------- An HTML attachment was scrubbed... URL: From zenadsl6186 at zen.co.uk Tue May 7 20:02:39 2013 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Tue, 07 May 2013 20:02:39 +0100 Subject: FAQ on UK law In-Reply-To: References: Message-ID: <51894FCF.6040701@zen.co.uk> On 07/05/13 10:43, Nicholas Cole wrote: > Dear List, > > Is there an FAQ anywhere on the state of UK law as it relates to the > development of cryptography and software that uses cryptography? > > I've read the Crypto Law Survey: > > http://www.cryptolaw.org > > and the rules surrounding domestic use are very clear. > > What is much less clear is the question of "export". Does, for example, > hosting a piece of software like PuTTY or ssh or gnupg on a UK-based > website count as "export"? I don't know, technically (see Lindqvist) but I suspect "they" could make it so if they really wanted to. IANAL though. However there is the GSN exception (as amended) in the Dual-use Regulations Schedules for software "in the public domain", so even if it is export, hosting open-source code goes is lawful. Note that "in the public domain" has nothing to do with copyright or IP law here:. ""In the public domain", as it applies herein, means "technology" or "software" which has been made available without restrictions upon its further dissemination (copyright restrictions do not remove "technology" or "software" from being "in the public domain")." > What about providing support for such software? Again I don't know, technically, whether it counts as export - but I think the GTN (as amended) would allow it: { GENERAL TECHNOLOGY NOTE (GTN) (To be read in conjunction with section E of Categories 1 to 9.) The export of "technology" which is "required" for the "development", "production" or "use" of goods controlled in Categories 1 to 9, is controlled according to the provisions of Categories 1 to 9. "Technology" "required" for the "development", "production" or "use" of goods under control remains under control even when applicable to non-controlled goods. Controls do not apply to that "technology" which is the minimum necessary for the installation, operation, maintenance (checking) and repair of those goods which are not controlled or whose export has been authorised. N.B.: This does not release such "technology" specified in 1E002.e., 1E002.f., 8E002.a. and 8E002.b. [ that's stealth radar absorbers, some high-tech alloys and ceramics, submarine noise reduction technology ] Controls on "technology" transfer do not apply to information "in the public domain", to "basic scientific research" or to the minimum necessary information for patent applications. } However even if the GTN doesn't cover providing support I doubt you are likely to get done for it unless you are helping Al Quaida, when "they" would probably bring terrorist offence charges anyway. > Unlike the Americans, who seem to have specific regulations > for Open Source Software, I can't see anything comparable in UK law. The US does not fully implement the GTN and GTN parts of the Wassenaar, specifically the "in the public domain" part. Cryptography software is covered by the Cryptography Note, Supplement No. 1 to part 774, Category 5, part 2, Note 3. For open-source stuff you are, in theory, required to inform BIS before export, but I don't think many people actually do. I don't know anything about US law regarding providing support for open-source crypto, sorry. > There was a flurry of activity around this in the late 1990s, and > things seem to have cooled down since, but clarity still seems to be > lacking! Yes (if you include RIPA in 2000), not much has actually happened since then. There have been a some subtle changes though, it's hard to keep up. Wassenaar rev. 2008 made a few changes, eg key lengths for some commercial crypto, electronic export became specifically included whereas it wasn't clearly included before, but didn't change the "public domain" exemptions. -- Peter Fairbrother From pwt at iosis.co.uk Wed May 8 10:56:36 2013 From: pwt at iosis.co.uk (Peter Tomlinson) Date: Wed, 08 May 2013 10:56:36 +0100 Subject: practical homomorphic encryption (allegedly) Message-ID: <518A2154.4070004@iosis.co.uk> Have received a link to the following article: IBM takes a big new step in cryptography: practical homomorphic encryption http://nakedsecurity.sophos.com/2013/05/05/ibm-takes-big-new-step-in-cryptography/ by Paul Ducklin on May 5, 2013 IBM just released an open source software package called HELib. The HE stands for homomorphic encryption. Although it doesn't sound terribly sexy or impressive, HELib is actually an interesting and important milestone in cryptography. HE is also a surprisingly relevant topic right now, with our ever-increasing attraction to cloud computing. Peter From igb at batten.eu.org Wed May 8 13:42:56 2013 From: igb at batten.eu.org (Ian Batten) Date: Wed, 8 May 2013 13:42:56 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring Message-ID: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> http://www.bbc.co.uk/news/uk-politics-22449209 You have to wonder at the people the BBC talks to: > "The problem stems from the way that the fixed internet has been designed," said Prof Rahim Tafazolli, director of Surrey University's Centre for Communications Systems Research. > > "Many people can share a single IP address and the IP address may be dynamic - meaning there's a new address issued each time they log on - while a communication traverses across different networks. It can be difficult to link all these addresses and trace them back to the origin. > > "One possible solution would be to find a way to associate a person's internet use with a fixed and unique number such as their mobile number or a device's MAC [media access control] address. > > "But that would require changes in the way addresses are allocated on the internet and changes would need to be adopted internationally because we couldn't just change it in the UK." > Yeah. You mean "IPv6 would be a good idea", I think. ian -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at casparbowden.net Wed May 8 14:45:01 2013 From: lists at casparbowden.net (Caspar Bowden (lists)) Date: Wed, 08 May 2013 14:45:01 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> Message-ID: <518A56DD.2050703@casparbowden.net> On 05/08/13 13:42, Ian Batten wrote: > > http://www.bbc.co.uk/news/uk-politics-22449209 > > You have to wonder at the people the BBC talks to: > >> "The problem stems from the way that the fixed internet has been >> designed," said Prof Rahim Tafazolli, director of Surrey University's >> Centre for Communications Systems Research. >> >> "Many people can share a single IP address and the IP address may be >> dynamic - meaning there's a new address issued each time they log on >> - while a communication traverses across different networks. It can >> be difficult to link all these addresses and trace them back to the >> origin. >> Moreover it is not a bug, it *is* a feature... http://tools.ietf.org/html/rfc3022 "Traditional NAT can be viewed as providing a privacy mechanism..." >> "One possible solution would be to find a way to associate a person's >> internet use with a fixed and unique number such as their mobile >> number or a device's MAC [media access control] address. >> >> "But that would require changes in the way addresses are allocated on >> the internet and changes would need to be adopted internationally >> because we couldn't just change it in the UK." >> > Yeah. You mean "IPv6 would be a good idea", I think. Somebody should tell Surrey about http://tools.ietf.org/html/rfc4941 For next few hours you can see the most appalling load of biased tosh towards end of http://www.bbc.co.uk/iplayer/episode/b01sfxqc/Daily_Politics_07_05_2013/ Would be good if BBC got some complaints that viewers left clueless of: - substance of IP issue, - that EU DRD made-in-Britain, - preservation/retention dichotomy - ISC refuses hear evidence from outside govt. (unlike Aus, Can, US counterparts) Absence of above context makes charge of LibDem irresponsibility a Charter-breaching issue of political bias Caspar -------------- next part -------------- An HTML attachment was scrubbed... URL: From jj.gray at shc.qinetiq-tim.com Wed May 8 14:03:52 2013 From: jj.gray at shc.qinetiq-tim.com (JJ Gray) Date: Wed, 08 May 2013 14:03:52 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> Message-ID: <518A4D38.2040103@shc.qinetiq-tim.com> On 08/05/2013 13:42, Ian Batten wrote: > > http://www.bbc.co.uk/news/uk-politics-22449209 > > You have to wonder at the people the BBC talks to: >> "One possible solution would be to find a way to associate a person's internet use with a fixed and unique number such as their mobile number or a device's MAC [media access control] address. People who redefine the term "fixed and unique"? JJ From nicholas.cole at gmail.com Wed May 8 16:42:15 2013 From: nicholas.cole at gmail.com (Nicholas Cole) Date: Wed, 8 May 2013 16:42:15 +0100 Subject: FAQ on UK law In-Reply-To: <51894FCF.6040701@zen.co.uk> References: <51894FCF.6040701@zen.co.uk> Message-ID: On Tue, May 7, 2013 at 8:02 PM, Peter Fairbrother wrote: > On 07/05/13 10:43, Nicholas Cole wrote: > >> Dear List, >> >> Is there an FAQ anywhere on the state of UK law as it relates to the >> development of cryptography and software that uses cryptography? >> >> I've read the Crypto Law Survey: >> >> http://www.cryptolaw.org >> >> and the rules surrounding domestic use are very clear. >> >> What is much less clear is the question of "export". Does, for example, >> hosting a piece of software like PuTTY or ssh or gnupg on a UK-based >> website count as "export"? >> > > I don't know, technically (see Lindqvist) but I suspect "they" could make > it so if they really wanted to. IANAL though. > > However there is the GSN exception (as amended) in the Dual-use > Regulations Schedules for software "in the public domain", so even if it is > export, hosting open-source code goes is lawful. > > All I can find is this: https://www.gov.uk/export-of-cryptographic-items which doesn't mention Open Source at all, but does list some restrictions that would make it all too easy to be in contravention of the guidance, since all four need to apply. Am I missing some other document? N. -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter at pmsommer.com Wed May 8 13:49:35 2013 From: peter at pmsommer.com (Peter Sommer) Date: Wed, 08 May 2013 13:49:35 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> Message-ID: <518A49DF.7080109@pmsommer.com> Well, they did talk to me, as I am cited in the "Analysis" section, and I am quite happy with how they were represented my view. But I agree that that the main article is a rather a mess. Peter Sommer On 08/05/2013 13:42, Ian Batten wrote: > > http://www.bbc.co.uk/news/uk-politics-22449209 > > You have to wonder at the people the BBC talks to: > >> "The problem stems from the way that the fixed internet has been >> designed," said Prof Rahim Tafazolli, director of Surrey University's >> Centre for Communications Systems Research. >> >> "Many people can share a single IP address and the IP address may be >> dynamic - meaning there's a new address issued each time they log on >> - while a communication traverses across different networks. It can >> be difficult to link all these addresses and trace them back to the >> origin. >> >> "One possible solution would be to find a way to associate a person's >> internet use with a fixed and unique number such as their mobile >> number or a device's MAC [media access control] address. >> >> "But that would require changes in the way addresses are allocated on >> the internet and changes would need to be adopted internationally >> because we couldn't just change it in the UK." >> > Yeah. You mean "IPv6 would be a good idea", I think. > > ian > - -------------- next part -------------- An HTML attachment was scrubbed... URL: From zenadsl6186 at zen.co.uk Wed May 8 23:53:51 2013 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Wed, 08 May 2013 23:53:51 +0100 Subject: FAQ on UK law In-Reply-To: References: <51894FCF.6040701@zen.co.uk> Message-ID: <518AD77F.5060007@zen.co.uk> On 08/05/13 16:42, Nicholas Cole wrote: > > > > On Tue, May 7, 2013 at 8:02 PM, Peter Fairbrother > wrote: > > On 07/05/13 10:43, Nicholas Cole wrote: > > Dear List, > > Is there an FAQ anywhere on the state of UK law as it relates to the > development of cryptography and software that uses cryptography? > > I've read the Crypto Law Survey: > > http://www.cryptolaw.org > > and the rules surrounding domestic use are very clear. > > What is much less clear is the question of "export". Does, for > example, > hosting a piece of software like PuTTY or ssh or gnupg on a UK-based > website count as "export"? > > > I don't know, technically (see Lindqvist) but I suspect "they" could > make it so if they really wanted to. IANAL though. > > However there is the GSN exception (as amended) in the Dual-use > Regulations Schedules for software "in the public domain", so even > if it is export, hosting open-source code goes is lawful. > > > > All I can find is this: > > https://www.gov.uk/export-of-cryptographic-items > > which doesn't mention Open Source at all, but does list some > restrictions that would make it all too easy to be in contravention of > the guidance, since all four need to apply. Am I missing some other > document? The GSN, or General Software Note. Export control law comes from many places and covers many things - eg torture equipment, drugs which could be used for lethal injection, military goods, radioactive materials, high-tech stuff, cryptographic software, hardware and knowledge, WMD stuff, and more. Crypto export comes under the EU Dual-use Regulation, part of which is the EU Dual-Use List which unsurprisingly lists stuff which is export controlled under the EU Dual-Use Regulation. The EU Dual-use Regulation was originally transposed into UK law as a Schedule to an Order under the Export Control Act - but the EU Regulation acts directly now. For our convenience the gubbmint prepare an updated combined list of everything which is export controlled (except some WMD stuff): https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/184049/strategic-export-control-consolidated20130320.pdf The GSN appears on page 45, in the EU Dual-use part. GENERAL SOFTWARE NOTE (GSN) (This note overrides any control within section D of Categories 0 to 9.) Categories 0 to 9 of this list do not control "software" which is either: a. Generally available to the public by being: 1. Sold from stock at retail selling points, without restriction, by means of: a. Over-the-counter transactions; b. Mail order transactions; c. Electronic transactions; or d. Telephone order transactions; and 2. Designed for installation by the user without further substantial support by the supplier; or N.B. Entry a. of the General Software Note does not release "software" specified in Category 5 - Part 2 ("Information Security"). b. "In the public domain". You will note that entry a does not apply to crypto software, in relation to which it is replaced by the Cryptography note you mentioned above (which is part of the EU Dual-Use Regulation, and appears on page 191 of the combined lists). However entry b., software which is "In the public domain". _does_ apply to crypto software, specifically open-source software. "In the public domain" has a different meaning here to it's meaning in IP law - here it is defined to mean ""technology" or "software" which has been made available without restrictions upon its further dissemination (copyright restrictions do not remove "technology" or "software" from being "in the public domain")." IANAL. -- Peter Fairbrother From igb at batten.eu.org Thu May 9 14:30:48 2013 From: igb at batten.eu.org (Ian Batten) Date: Thu, 9 May 2013 14:30:48 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <518A56DD.2050703@casparbowden.net> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> Message-ID: <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> On 8 May 2013, at 14:45, Caspar Bowden (lists) wrote: >> Yeah. You mean "IPv6 would be a good idea", I think. > > Somebody should tell Surrey about http://tools.ietf.org/html/rfc4941 [[ I see, by the way, that BT are experimenting with NAT for their "Option 1" low-spend customers. Cats and pigeons. ]] RFC4941 doesn't completely remove the advantages of IPv6. Suppose, arguendo, that you think it's a good idea for people hosting webcontent to maintain logs such that it can later be determined who accessed that content (I don't, but as I say, arguendo). There are two problems that NAT causes that, plus a problem of composition. NAT boundaries often don't log the inside/outside translation. Endpoints very rarely log source ports, so the extra bits that NAT is using to extend the available address space are discarded in the log. And even if you have a complete trace of the NAT translation history and by some miracle you have a complete set of logs from the endpoint including source port numbers, you need to be able to correlate the two, which relies on both systems having accurate clocks. In the case of IPv6, you remove all those problems. There's no NAT, the source addresses will be logged complete, and you don't have anything left to correlate. An endpoint using RFC4941 won't present any problems if they're using a home broadband connection: the high-order 64 bits are unique to the location, so you get the same amount of information you would get if the broadband connection were using NAT. An endpoint using RFC4941 won't present any problems if they're mobile: the network will probably issue /64s associated with each SIM, and therefore messing about with the low-order bits (even if it doesn't result in the connection dropping) still provides a 1:1 mapping between SIMs and logs. So even with 4941, IPv6 networks would provide law enforcement with the same information that they would be able to get today if the mobile networks implemented perfectly logged NAT and the endpoints all logged port numbers. Where RFC4941 does provide privacy is if you're taking your laptop from IETF meeting to IETF meeting, oh, sorry, from Starbucks to Starbucks, it prevents correlation of the low-order bits to link users together. But current IPv4 spying doesn't address that issue either. So IPv6 would maintain spook capability, even if 4941 were deployed widely (and it is: Windows and OSX both use it on mobile devices, although it appears iOS and Android don't). ian -------------- next part -------------- An HTML attachment was scrubbed... URL: From pwt at iosis.co.uk Fri May 10 09:29:58 2013 From: pwt at iosis.co.uk (Peter Tomlinson) Date: Fri, 10 May 2013 09:29:58 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org><518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> Message-ID: <518CB006.8000604@iosis.co.uk> On 09/05/2013 14:30, Ian Batten wrote: > [[ I see, by the way, that BT are experimenting with NAT for their > "Option 1" low-spend customers. Cats and pigeons. ]] > > Report about that on Out-Law: http://www.out-law.com/en/articles/2013/may/individuals-can-be-identified-despite-ip-address-sharing-bt-says/ Individuals can be identified despite IP address sharing, BT says The use of Internet Protocol (IP) address sharing technology will not prevent individuals from being identified as the perpetrators of illegal online activity, BT has claimed.09 May 2013 The internet service provider (ISP) has announced that it is currently piloting technology called Carrier-Grade Network Address Translation (CGNAT) that will see as many as nine different customers share the same IP address. BT said it is trialling CGNAT in a bid to make the most efficient use of existing "IPv4 internet address", which are currently "running out", before new "IPv6 addresses become widely adopted". Doing so will enable fixed-line internet customers to stay connected, it said. Data protection law specialist Kathryn Wynn of Pinsent Masons, the law firm behind Out-Law.com, said that there were privacy implications to IP address sharing that BT, and other ISPs that want to conduct similar trials, would have to consider. (more if you follow the link) Peter From lists at internetpolicyagency.com Fri May 10 11:42:19 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Fri, 10 May 2013 11:42:19 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <518CB006.8000604@iosis.co.uk> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> Message-ID: <+3KGvzLL8MjRFASR@perry.co.uk> In article <518CB006.8000604 at iosis.co.uk>, Peter Tomlinson writes >The internet service provider (ISP) has announced that it is currently >piloting technology called Carrier-Grade Network Address Translation >(CGNAT) that will see as many as nine different customers share the >same IP address. Mobile networks use carrier-grade NAT as well, so the technique is well understood. >BT said it is trialling CGNAT in a bid to make the most efficient use >of existing "IPv4 internet address", which are currently "running out", >before new "IPv6 addresses become widely adopted". Doing so will enable >fixed-line internet customers to stay connected, it said. God forbid they roll out IPv6 instead :( -- Roland Perry From igb at batten.eu.org Fri May 10 15:03:54 2013 From: igb at batten.eu.org (Ian Batten) Date: Fri, 10 May 2013 15:03:54 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <+3KGvzLL8MjRFASR@perry.co.uk> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> Message-ID: <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> On 10 May 2013, at 11:42, Roland Perry wrote: > In article <518CB006.8000604 at iosis.co.uk>, Peter Tomlinson writes >> The internet service provider (ISP) has announced that it is currently piloting technology called Carrier-Grade Network Address Translation (CGNAT) that will see as many as nine different customers share the same IP address. > > Mobile networks use carrier-grade NAT as well, so the technique is well understood. > >> BT said it is trialling CGNAT in a bid to make the most efficient use of existing "IPv4 internet address", which are currently "running out", before new "IPv6 addresses become widely adopted". Doing so will enable fixed-line internet customers to stay connected, it said. > > God forbid they roll out IPv6 instead :( Of course, they'd need a CGNAT (I've never really understood how that differs from plain NAT) solution there, because most of the Intertubes aren't accessible with pure IPv6. ian From lists at internetpolicyagency.com Fri May 10 15:32:07 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Fri, 10 May 2013 15:32:07 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> Message-ID: In article <240765A6-2F22-424A-869E-0A8A22977670 at batten.eu.org>, Ian Batten writes >>> BT said it is trialling CGNAT in a bid to make the most efficient use of existing "IPv4 internet address", which are currently "running >>>out", before new "IPv6 addresses become widely adopted". Doing so will enable fixed-line internet customers to stay connected, it said. >> >> God forbid they roll out IPv6 instead :( > >Of course, they'd need a CGNAT (I've never really understood how that >differs from plain NAT) It doesn't differ, other than being "industrial grade". And obviously being in the carrier's network rather than beyond their end-point and in the user's network. But these are trivial differences. >solution there, because most of the Intertubes aren't accessible with >pure IPv6. That's an entirely separate matter, and one addressed by other kludgy technologies disjoint from NAT such as Teredo. Although one of them (not very popular I think) is called NAT-TP. Basically, the people who specified IPv6 screwed up, big time, in not making it backwards compatible. They've got all sorts of excuses, that only geeks who understand products, but not product management, would relate to. As ZDNet reported in 2010: "I can't do better than to quote, Leslie Daigle, Chief Internet Technology Officer for the Internet Society, who admitted at a June 2009 meeting that "IPv6's lack of real backwards compatibility for IPv4 was [its] single critical failure." One of the reasons I like Leslie is that she tells things the way they are. -- Roland Perry From Andrew.Cormack at ja.net Fri May 10 13:49:57 2013 From: Andrew.Cormack at ja.net (Andrew Cormack) Date: Fri, 10 May 2013 12:49:57 +0000 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <+3KGvzLL8MjRFASR@perry.co.uk> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> Message-ID: <61E52F3A5532BE43B0211254F13883AE97FBB9D1@EXC001> > -----Original Message----- > From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto- > bounces at chiark.greenend.org.uk] On Behalf Of Roland Perry > Sent: 10 May 2013 11:42 > To: ukcrypto at chiark.greenend.org.uk > Subject: Re: BBC News - 'Fresh proposals' planned over cyber-monitoring > > In article <518CB006.8000604 at iosis.co.uk>, Peter Tomlinson > writes > >The internet service provider (ISP) has announced that it is currently > >piloting technology called Carrier-Grade Network Address Translation > >(CGNAT) that will see as many as nine different customers share the > >same IP address. > > Mobile networks use carrier-grade NAT as well, so the technique is well > understood. And the static mappings between port ranges and customers might arguably be covered by the current Data Retention Regs? And anyway represent only a similar volume of logs to current DHCP. That might explain the "may not need legislation" comment? As opposed to some of the v6 variants, and traditional, non-CG, NAT, where you might have to log a lot more dynamic mappings from address/port to user; potentially as many as one for every TCP connection. Lots more logs, lots more hardware, and synchronised times even more critical :( Andrew > >BT said it is trialling CGNAT in a bid to make the most efficient use > >of existing "IPv4 internet address", which are currently "running > out", > >before new "IPv6 addresses become widely adopted". Doing so will > enable > >fixed-line internet customers to stay connected, it said. > > God forbid they roll out IPv6 instead :( > -- > Roland Perry From Andrew.Cormack at ja.net Fri May 10 17:49:16 2013 From: Andrew.Cormack at ja.net (Andrew Cormack) Date: Fri, 10 May 2013 16:49:16 +0000 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> Message-ID: <61E52F3A5532BE43B0211254F13883AE97FBC26F@EXC001> > -----Original Message----- > From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto- > bounces at chiark.greenend.org.uk] On Behalf Of Ian Batten > Sent: 10 May 2013 15:04 > To: UK Cryptography Policy Discussion Group > Subject: Re: BBC News - 'Fresh proposals' planned over cyber-monitoring > > > On 10 May 2013, at 11:42, Roland Perry > wrote: > > > In article <518CB006.8000604 at iosis.co.uk>, Peter Tomlinson > writes > >> The internet service provider (ISP) has announced that it is > currently piloting technology called Carrier-Grade Network Address > Translation (CGNAT) that will see as many as nine different customers > share the same IP address. > > > > Mobile networks use carrier-grade NAT as well, so the technique is > well understood. > > > >> BT said it is trialling CGNAT in a bid to make the most efficient > use of existing "IPv4 internet address", which are currently "running > out", before new "IPv6 addresses become widely adopted". Doing so will > enable fixed-line internet customers to stay connected, it said. > > > > God forbid they roll out IPv6 instead :( > > Of course, they'd need a CGNAT (I've never really understood how that > differs from plain NAT) solution there, because most of the Intertubes > aren't accessible with pure IPv6. > > ian My colleague explained it as CG means better management etc. as well as more robust performance. It's also supposed to incorporate features that make it likely the world will keep working if there are multiple NATs in a chain or if applications make unjustified (but usually correct in an end-to-end world) assumptions about the allocation of addresses and ports. See draft RFC4787 (http://tools.ietf.org/html/draft-ietf-behave-lsn-requirements-10), for example. It seems you may also end up using different algorithms for allocating ports: e.g. the BT system seems to do *static* allocation of a few thousand ports to each user so, for example 127.0.0.1:1-5000 will always be Andrew whereas 127.0.0.1:5001-10000 will always be Ian. Matching a connection to a user is therefore trivial, with almost no logs :-) Whereas on the consumer/business NATs I've had to deal with the addresses and ports may be allocated dynamically on demand as each TCP connection comes in, so you have massive logs and a big time-sync problem (ah, see REQ14 of the RFC draft!) I *think* the static approach also means that Ian can run out of port mappings without affecting Andrew, whereas on a dynamic NAT once we all together approach 65536 mappings, we all together start failing. I guess that's also a nice feature if you're a service provider. Nice to be sent off to read RFCs and discover I can still understand them, BTW ;-) Andrew From bdm at fenrir.org.uk Fri May 10 16:09:58 2013 From: bdm at fenrir.org.uk (Brian Morrison) Date: Fri, 10 May 2013 16:09:58 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> Message-ID: <20130510160958.38ee1700@peterson.fenrir.org.uk> On Fri, 10 May 2013 15:32:07 +0100 Roland Perry wrote: > As ZDNet reported in 2010: "I can't do better than to quote, Leslie > Daigle, Chief Internet Technology Officer for the Internet Society, who > admitted at a June 2009 meeting that "IPv6's lack of real backwards > compatibility for IPv4 was [its] single critical failure." > > One of the reasons I like Leslie is that she tells things the way they > are. It is surprising that the original design choices didn't get this right, but I suppose that IPv4 address exhaustion was just a future possibility when this was being done. -- Brian Morrison From igb at batten.eu.org Sat May 11 15:48:21 2013 From: igb at batten.eu.org (Ian Batten) Date: Sat, 11 May 2013 15:48:21 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> Message-ID: > > That's an entirely separate matter, and one addressed by other kludgy technologies disjoint from NAT such as Teredo. > > Although one of them (not very popular I think) is called NAT-TP. http://tools.ietf.org/html/rfc6146 looks more promising. > > Basically, the people who specified IPv6 screwed up, big time, in not making it backwards compatible. They've got all sorts of excuses, that only geeks who understand products, but not product management, would relate to. It would be interesting to understand what such a protocol would look like. The basic problem surely is that if you have two address spaces, one larger than the other, you can't have a 1:1 mapping between the two (and to do so would defeat the object of making the address space larger). ian From igb at batten.eu.org Sat May 11 15:49:30 2013 From: igb at batten.eu.org (Ian Batten) Date: Sat, 11 May 2013 15:49:30 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <61E52F3A5532BE43B0211254F13883AE97FBB9D1@EXC001> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <61E52F3A5532BE43B0211254F13883AE97FBB9D1@EXC001> Message-ID: On 10 May 2013, at 13:49, Andrew Cormack wrote: > > And the static mappings between port ranges and customers might arguably be covered by the current Data Retention Regs? And anyway represent only a similar volume of logs to current DHCP. That might explain the "may not need legislation" comment? But surely the problem would be that the actual services don't log source port numbers, and therefore even if you have the NAT mappings, you don't know which of the users who happened to be on a particular IP number was the user in question without the source port? ian From lists at internetpolicyagency.com Sat May 11 17:24:11 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Sat, 11 May 2013 17:24:11 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <20130510160958.38ee1700@peterson.fenrir.org.uk> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <20130510160958.38ee1700@peterson.fenrir.org.uk> Message-ID: In article <20130510160958.38ee1700 at peterson.fenrir.org.uk>, Brian Morrison writes >> As ZDNet reported in 2010: "I can't do better than to quote, Leslie >> Daigle, Chief Internet Technology Officer for the Internet Society, who >> admitted at a June 2009 meeting that "IPv6's lack of real backwards >> compatibility for IPv4 was [its] single critical failure." >> >> One of the reasons I like Leslie is that she tells things the way they >> are. > >It is surprising that the original design choices didn't get this >right, but I suppose that IPv4 address exhaustion was just a future >possibility when this was being done. I think they were aiming for a "big bang" change from IPv4 to IPv6, rather than the gradual transition which was inevitable. -- Roland Perry From lists at internetpolicyagency.com Sat May 11 17:26:11 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Sat, 11 May 2013 17:26:11 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> Message-ID: <$SQWGVwjEnjRFAgJ@perry.co.uk> In article , Ian Batten writes >> Basically, the people who specified IPv6 screwed up, big time, in not making it backwards compatible. They've got all sorts of excuses, that >>only geeks who understand products, but not product management, would relate to. > >It would be interesting to understand what such a protocol would look like. The basic problem surely is that if you have two address spaces, >one larger than the other, you can't have a 1:1 mapping between the two (and to do so would defeat the object of making the address space >larger). All that was necessary was making the bottom 0.1% (or whatever) of IPv6 map onto the old IPv4 space. -- Roland Perry From ben at links.org Sat May 11 19:06:42 2013 From: ben at links.org (Ben Laurie) Date: Sat, 11 May 2013 19:06:42 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <$SQWGVwjEnjRFAgJ@perry.co.uk> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> Message-ID: On 11 May 2013 17:26, Roland Perry wrote: > In article , Ian Batten > writes > >>> Basically, the people who specified IPv6 screwed up, big time, in not >>> making it backwards compatible. They've got all sorts of excuses, that >>> only geeks who understand products, but not product management, would >>> relate to. >> >> >> It would be interesting to understand what such a protocol would look >> like. The basic problem surely is that if you have two address spaces, >> one larger than the other, you can't have a 1:1 mapping between the two >> (and to do so would defeat the object of making the address space >> larger). > > > All that was necessary was making the bottom 0.1% (or whatever) of IPv6 map > onto the old IPv4 space. Oh yeah? So how would an IPv4 machine address the remaining space? From lists at internetpolicyagency.com Sat May 11 20:06:31 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Sat, 11 May 2013 20:06:31 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> Message-ID: In article , Ben Laurie writes >> All that was necessary was making the bottom 0.1% (or whatever) of IPv6 map >> onto the old IPv4 space. > >Oh yeah? So how would an IPv4 machine address the remaining space? They wouldn't, but all IPv6 subscribers would intrinsically be able to see all the existing IPv4 space. If people wanted to see IPv6 space as well, they'd have the incentive to upgrade. -- Roland Perry From Andrew.Cormack at ja.net Sat May 11 17:21:28 2013 From: Andrew.Cormack at ja.net (Andrew Cormack) Date: Sat, 11 May 2013 16:21:28 +0000 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <61E52F3A5532BE43B0211254F13883AE97FBB9D1@EXC001> Message-ID: <61E52F3A5532BE43B0211254F13883AE97FBD2B4@EXC001> > -----Original Message----- > From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto- > bounces at chiark.greenend.org.uk] On Behalf Of Ian Batten > Sent: 11 May 2013 15:50 > To: UK Cryptography Policy Discussion Group > Subject: Re: BBC News - 'Fresh proposals' planned over cyber-monitoring > > > On 10 May 2013, at 13:49, Andrew Cormack wrote: > > > > > And the static mappings between port ranges and customers might > arguably be covered by the current Data Retention Regs? And anyway > represent only a similar volume of logs to current DHCP. That might > explain the "may not need legislation" comment? > > But surely the problem would be that the actual services don't log > source port numbers, and therefore even if you have the NAT mappings, > you don't know which of the users who happened to be on a particular IP > number was the user in question without the source port? > > ian > Errr. Good point :-( Andrew From zenadsl6186 at zen.co.uk Sat May 11 22:03:42 2013 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Sat, 11 May 2013 22:03:42 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> Message-ID: <518EB22E.8090907@zen.co.uk> On 11/05/13 19:06, Ben Laurie wrote: > On 11 May 2013 17:26, Roland Perry wrote: >> In article, Ian Batten >> writes >> >>>> Basically, the people who specified IPv6 screwed up, big time, in not >>>> making it backwards compatible. They've got all sorts of excuses, that >>>> only geeks who understand products, but not product management, would >>>> relate to. >>> >>> >>> It would be interesting to understand what such a protocol would look >>> like. The basic problem surely is that if you have two address spaces, >>> one larger than the other, you can't have a 1:1 mapping between the two >>> (and to do so would defeat the object of making the address space >>> larger). >> >> >> All that was necessary was making the bottom 0.1% (or whatever) of IPv6 map >> onto the old IPv4 space. > > Oh yeah? So how would an IPv4 machine address the remaining space? > > Reserve say two bytes of IPv4 space for IPv6 - so eg 144.134.x.x.x.x.x.x.x.x is an IPv6 address, and anything which does not begin 144.134 is an IPv4 space. Getting an IPv4 machine to address the extra space is forward compatibility, not backward compatibility, and it wasn't built into IPv4 software or RFCs. But then, no other mechanism for forward compatibility, necessary to address a larger space, was. -- Peter Fairbrother From chl at clerew.man.ac.uk Sun May 12 09:25:16 2013 From: chl at clerew.man.ac.uk (Charles Lindsey) Date: Sun, 12 May 2013 09:25:16 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> Message-ID: On Sat, 11 May 2013 20:06:31 +0100, Roland Perry wrote: > In article > , > Ben Laurie writes > >>> All that was necessary was making the bottom 0.1% (or whatever) of >>> IPv6 map >>> onto the old IPv4 space. >> >> Oh yeah? So how would an IPv4 machine address the remaining space? But I thought IPv6 did reserve a batch of numbers that would map into the IPv4 space (but not at the "bottom" of the IPv6 range). -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Web: http://www.cs.man.ac.uk/~chl Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 From fw at deneb.enyo.de Sun May 12 10:07:04 2013 From: fw at deneb.enyo.de (Florian Weimer) Date: Sun, 12 May 2013 11:07:04 +0200 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: (Charles Lindsey's message of "Sun, 12 May 2013 09:25:16 +0100") References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> Message-ID: <87ppww36tj.fsf@mid.deneb.enyo.de> * Charles Lindsey: > But I thought IPv6 did reserve a batch of numbers that would map into > the IPv4 space (but not at the "bottom" of the IPv6 range). There are at least three different reserved /96 prefixes for mapping IPv4 addresses. Except for the deprecated ::/96 prefix, these mappings are incompatible with the IPv6 address architecture and its requirements on the structure of global unicast addresses, so their use on the IPv6 Internet is not permitted. From fw at deneb.enyo.de Sun May 12 10:12:21 2013 From: fw at deneb.enyo.de (Florian Weimer) Date: Sun, 12 May 2013 11:12:21 +0200 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: (Ian Batten's message of "Sat, 11 May 2013 15:49:30 +0100") References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <61E52F3A5532BE43B0211254F13883AE97FBB9D1@EXC001> Message-ID: <87k3n436kq.fsf@mid.deneb.enyo.de> * Ian Batten: > But surely the problem would be that the actual services don't log > source port numbers, and therefore even if you have the NAT > mappings, you don't know which of the users who happened to be on a > particular IP number was the user in question without the source > port? Most folks who actually need to track requests back to originating devices started logging source port numbers in, uhm, 2000 or so. Actually, if you don't log source IP addresses but not source ports, it's a strong indicator that you have no business justification for logging the source IP addresses, which makes the whole exercise questionable from a data protection POV. From zenadsl6186 at zen.co.uk Sun May 12 15:39:42 2013 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Sun, 12 May 2013 15:39:42 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <87ppww36tj.fsf@mid.deneb.enyo.de> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> <87ppww36tj.fsf@mid.deneb.enyo.de> Message-ID: <518FA9AE.5070106@zen.co.uk> On 12/05/13 10:07, Florian Weimer wrote: > * Charles Lindsey: > >> But I thought IPv6 did reserve a batch of numbers that would map into >> the IPv4 space (but not at the "bottom" of the IPv6 range). > > There are at least three different reserved /96 prefixes for mapping > IPv4 addresses. Except for the deprecated ::/96 prefix, these > mappings are incompatible with the IPv6 address architecture and its > requirements on the structure of global unicast addresses, so their > use on the IPv6 Internet is not permitted. I thought the 64:ff9b prefix was routable in IPv6? Mind, I think IPv6 is a horrible kludge with no advantages (apart from the larger address space, which could easily be done with a small extension to IPv4) over IPv4, and should be aborted. Of course IPv4 is a bit of a kludge too, especially nowadays as the original model has been distorted because of the lack of address space - NT is not natural, and assigning port ranges to subscribers breaks something, if only the notional "ip address is for a machine, port is a process on that machine" model - but at least it works. Is the IPv4 240./8 range still reserved? Just start all IPv4e (IPv4 extended) addresses with that and make them 10 bytes long, it won't break much. Hmmm, is 64 (or more realistically 48) bits enough for the routing prefix? -- Peter Fairbrother From chl at clerew.man.ac.uk Sun May 12 17:22:36 2013 From: chl at clerew.man.ac.uk (Charles Lindsey) Date: Sun, 12 May 2013 17:22:36 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <87ppww36tj.fsf@mid.deneb.enyo.de> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> <87ppww36tj.fsf@mid.deneb.enyo.de> Message-ID: On Sun, 12 May 2013 10:07:04 +0100, Florian Weimer wrote: > * Charles Lindsey: > >> But I thought IPv6 did reserve a batch of numbers that would map into >> the IPv4 space (but not at the "bottom" of the IPv6 range). > > There are at least three different reserved /96 prefixes for mapping > IPv4 addresses. Except for the deprecated ::/96 prefix, these > mappings are incompatible with the IPv6 address architecture and its > requirements on the structure of global unicast addresses, so their > use on the IPv6 Internet is not permitted. > That looks like a total shambles. How have they managed to reserve space in the IPv6 range, and at the same time not made it legal? And is there no way such a facility could be added at this late stage? -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Web: http://www.cs.man.ac.uk/~chl Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 From fw at deneb.enyo.de Sun May 12 20:15:06 2013 From: fw at deneb.enyo.de (Florian Weimer) Date: Sun, 12 May 2013 21:15:06 +0200 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: (Charles Lindsey's message of "Sun, 12 May 2013 17:22:36 +0100") References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> <87ppww36tj.fsf@mid.deneb.enyo.de> Message-ID: <87obcgnh6t.fsf@mid.deneb.enyo.de> * Charles Lindsey: > On Sun, 12 May 2013 10:07:04 +0100, Florian Weimer > wrote: > >> * Charles Lindsey: >> >>> But I thought IPv6 did reserve a batch of numbers that would map into >>> the IPv4 space (but not at the "bottom" of the IPv6 range). >> >> There are at least three different reserved /96 prefixes for mapping >> IPv4 addresses. Except for the deprecated ::/96 prefix, these >> mappings are incompatible with the IPv6 address architecture and its >> requirements on the structure of global unicast addresses, so their >> use on the IPv6 Internet is not permitted. > That looks like a total shambles. How have they managed to reserve > space in the IPv6 range, and at the same time not made it legal? It seems I was mistaken. As Peter pointed out, valid global unicast addresses can be formed from the 64:ff9b::/96 prefix. The ::ffff/96 prefix would work for that, too. It's still bad that there are three different prefixes to choose from. There's also a /48 prefix under 2002::/16 for every IPv4 address, but that's a different transition mechanism which goes into the opposite direction (sort of). All this is quite confusing, smells like potential firewall evasion, and generally encourages broad packet filtering. > And is there no way such a facility could be added at this late > stage? You cannot improve IPv6 by adding new features, you have to remove existing ones. That's the only way to get a useful protocol out of it. From igb at batten.eu.org Sun May 12 23:30:38 2013 From: igb at batten.eu.org (Ian Batten) Date: Sun, 12 May 2013 23:30:38 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <$SQWGVwjEnjRFAgJ@perry.co.uk> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> Message-ID: On 11 May 2013, at 17:26, Roland Perry wrote: > In article , Ian Batten writes >>> Basically, the people who specified IPv6 screwed up, big time, in not making it backwards compatible. They've got all sorts of excuses, that >>> only geeks who understand products, but not product management, would relate to. >> >> It would be interesting to understand what such a protocol would look like. The basic problem surely is that if you have two address spaces, >> one larger than the other, you can't have a 1:1 mapping between the two (and to do so would defeat the object of making the address space >> larger). > > All that was necessary was making the bottom 0.1% (or whatever) of IPv6 map onto the old IPv4 space. If only someone had thought to insert a paragraph into RFC 2373, fifteen years ago, defining an IPv6 address whose first 80 bits is zero, following by 16 bits of one, as being an IPv4 address mapping into the IPv6 space, and thought to call them, oh, I don't know, an "IPv4-mapped IPv6 address". They could have inserted it between sections 2.5.3 and 2.5.5, perhaps, and made things much easier. ian From igb at batten.eu.org Mon May 13 08:46:37 2013 From: igb at batten.eu.org (Ian Batten) Date: Mon, 13 May 2013 08:46:37 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <518FA9AE.5070106@zen.co.uk> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> <87ppww36tj.fsf@mid.deneb.enyo.de> <518FA9AE.5070106@zen.co.uk> Message-ID: On 12 May 2013, at 15:39, Peter Fairbrother wrote: > On 12/05/13 10:07, Florian Weimer wrote: >> * Charles Lindsey: >> >>> But I thought IPv6 did reserve a batch of numbers that would map into >>> the IPv4 space (but not at the "bottom" of the IPv6 range). >> >> There are at least three different reserved /96 prefixes for mapping >> IPv4 addresses. Except for the deprecated ::/96 prefix, these >> mappings are incompatible with the IPv6 address architecture and its >> requirements on the structure of global unicast addresses, so their >> use on the IPv6 Internet is not permitted. > > I thought the 64:ff9b prefix was routable in IPv6? Isn't the idea that you use IPv4 embedded in IPv6 until you reach a dual-stack machine, and switch out to IPv4 at that point? There's going to have to be some sort of NAT at that stage whatever happens, in order for the return packet to get back. > Mind, I think IPv6 is a horrible kludge with no advantages (apart from the larger address space, which could easily be done with a small extension to IPv4) over IPv4, and should be aborted. I simply don't understand this argument. What is IPv6, if not IPv4 with a small extension for a larger address space (and you say that as though it's not terribly important)? TCP and UDP go over IPv6 unchanged, for example. Why would introducing an extension to IPv4 which would be entirely incompatible (it would require a different sized packet header, for example) by any easier than introducing IPv6? What's the sticking point in IPv6 which makes it harder? > > Is the IPv4 240./8 range still reserved? Just start all IPv4e (IPv4 extended) addresses with that and make them 10 bytes long, it won't break much. Aside from every single IPv4 application, router, software stack and analyser. How do you propose, for example, dealing with every piece of code that uses sockaddr_in, every router that assumes the size of the IP header and every routing table everywhere? ian From Andrew.Cormack at ja.net Mon May 13 10:09:51 2013 From: Andrew.Cormack at ja.net (Andrew Cormack) Date: Mon, 13 May 2013 09:09:51 +0000 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> Message-ID: <61E52F3A5532BE43B0211254F13883AE97FBE29B@EXC001> > -----Original Message----- > From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto- > bounces at chiark.greenend.org.uk] On Behalf Of Ian Batten > Sent: 12 May 2013 23:31 > To: UK Cryptography Policy Discussion Group > Subject: Re: BBC News - 'Fresh proposals' planned over cyber-monitoring > > > On 11 May 2013, at 17:26, Roland Perry > wrote: > > > In article , Ian > Batten writes > >>> Basically, the people who specified IPv6 screwed up, big time, in > not making it backwards compatible. They've got all sorts of excuses, > that > >>> only geeks who understand products, but not product management, > would relate to. > >> > >> It would be interesting to understand what such a protocol would > look like. The basic problem surely is that if you have two address > spaces, > >> one larger than the other, you can't have a 1:1 mapping between the > two (and to do so would defeat the object of making the address space > >> larger). > > > > All that was necessary was making the bottom 0.1% (or whatever) of > IPv6 map onto the old IPv4 space. > > If only someone had thought to insert a paragraph into RFC 2373, > fifteen years ago, defining an IPv6 address whose first 80 bits is > zero, following by 16 bits of one, as being an IPv4 address mapping > into the IPv6 space, and thought to call them, oh, I don't know, an > "IPv4-mapped IPv6 address". They could have inserted it between > sections 2.5.3 and 2.5.5, perhaps, and made things much easier. > > ian If I remember correctly (and it was a *very* long time ago) one of the aims of v6 was to reduce the size of routing tables by bringing a bit of structure to address allocations. Doesn't mapping v4 addresses into part of the v6 space mean that the v6 table has to be at least as big as the v4 one from day one? That may be less of an issue nowadays (the v6 designers presumably had in mind the memory limits/costs of routers twenty years ago) but it may be one reason why they chose a clean break. Andrew -- Andrew Cormack Chief Regulatory Adviser, Janet t: +44 1235 822302 b: https://community.ja.net/blogs/regulatory-developments Janet(UK) is a trading name of Jisc Collections and Janet Limited, a not-for-profit company which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire, OX11 0SG. VAT No. 614944238 From lists at internetpolicyagency.com Mon May 13 15:42:56 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Mon, 13 May 2013 15:42:56 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <61E52F3A5532BE43B0211254F13883AE97FBE29B@EXC001> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> <61E52F3A5532BE43B0211254F13883AE97FBE29B@EXC001> Message-ID: In article <61E52F3A5532BE43B0211254F13883AE97FBE29B at EXC001>, Andrew Cormack writes >If I remember correctly (and it was a *very* long time ago) one of the >aims of v6 was to reduce the size of routing tables by bringing a bit >of structure to address allocations. Doesn't mapping v4 addresses into >part of the v6 space mean that the v6 table has to be at least as big >as the v4 one from day one? But if you are routing v4 and v6 at the same time (who will be the first to be brave enough to turn off their v4 capability altogether), then you have to have both routing tables on hand anyway. -- Roland Perry From igb at batten.eu.org Mon May 13 16:01:26 2013 From: igb at batten.eu.org (Ian Batten) Date: Mon, 13 May 2013 16:01:26 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <61E52F3A5532BE43B0211254F13883AE97FBE29B@EXC001> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> <61E52F3A5532BE43B0211254F13883AE97FBE29B@EXC001> Message-ID: On 13 May 2013, at 10:09, Andrew Cormack wrote: > Doesn't mapping v4 addresses into part of the v6 space mean that the v6 table has to be at least as big as the v4 one from day one? Well, for some value of "at least as big". If, for example, you have an IPv4 default route, then ::ffff/96 only has one route. If you have a sparse set of routing tables for IPv4, then ::ffff/96 will have exactly as many routing entries as there are v4 routes. And in any event, a fully populated IPv4 routing table with a separate forwarding entry for every /32 --- which is much, much denser than reality --- only requires 16GB of RAM. In the context of core routers, that's neither here nor there, and becoming less here and less there with every passing day. ian From zenadsl6186 at zen.co.uk Mon May 13 16:35:11 2013 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Mon, 13 May 2013 16:35:11 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> <87ppww36tj.fsf@mid.deneb.enyo.de> <518FA9AE.5070106@zen.co.uk> Message-ID: <5191082F.9060209@zen.co.uk> On 13/05/13 08:46, Ian Batten wrote: > > On 12 May 2013, at 15:39, Peter Fairbrother > wrote: > >> On 12/05/13 10:07, Florian Weimer wrote: >>> * Charles Lindsey: >>> >>>> But I thought IPv6 did reserve a batch of numbers that would >>>> map into the IPv4 space (but not at the "bottom" of the IPv6 >>>> range). >>> >>> There are at least three different reserved /96 prefixes for >>> mapping IPv4 addresses. Except for the deprecated ::/96 prefix, >>> these mappings are incompatible with the IPv6 address >>> architecture and its requirements on the structure of global >>> unicast addresses, so their use on the IPv6 Internet is not >>> permitted. >> >> I thought the 64:ff9b prefix was routable in IPv6? > > Isn't the idea that you use IPv4 embedded in IPv6 until you reach a > dual-stack machine, and switch out to IPv4 at that point? There's > going to have to be some sort of NAT at that stage whatever happens, > in order for the return packet to get back. It's not my idea, it's part of IPv6 (which I am complaining about). >> Mind, I think IPv6 is a horrible kludge with no advantages (apart >> from the larger address space, which could easily be done with a >> small extension to IPv4) over IPv4, and should be aborted. > > I simply don't understand this argument. What is IPv6, if not IPv4 > with a small extension for a larger address space (and you say that > as though it's not terribly important)? This is of course essential - but is IPv6 the best way to get it? I don't think so. Does IPv6 have any other benefits? I don't think so. There were to be some routing benefits, but time has pretty much erased those. Universal encryption? Not happening. I can't think of anything else? > TCP and UDP go over IPv6 > unchanged, for example. Why would introducing an extension to IPv4 > which would be entirely incompatible (it would require a different > sized packet header, for example) IPv4 packet headers are not fixed size - there is a "header length" field. It is trivial to add the extra probably 8 or 16 bytes. > by any easier than introducing > IPv6? What's the sticking point in IPv6 which makes it harder? >> >> Is the IPv4 240./8 range still reserved? Just start all IPv4e (IPv4 >> extended) addresses with that and make them 10 bytes long, it won't >> break much. > > Aside from every single IPv4 application, router, software stack and > analyser. How do you propose, for example, dealing with every piece > of code that uses sockaddr_in, Use the 8 normally zero bytes at the end? Of course, no matter what you do, you will have to make some changes in order to get a bigger address space. There is no way around that. It's just that with something like IPv4e the total changes are smaller, and it's backwards compatible. > every router that assumes the size of the IP header I didn't think they were allowed, but I don't know much about backbone hardware. > and every routing table everywhere? The router looks at the first byte of the "to" address, if it's 240 then it uses the new, more logical addition to the table. (more logical in that eg major hosting companies, ISPs, and other major backbone destinations get a single block of IPv4e address beginning with 240.a.b.c.x.x.x.x.x.x.x.x. The abc bytes are assigned by ICANN or someone, the remaining 8 x bytes by the major destination) I don't claim to know much about internet backbone, or that IPv4e is a fully-baked idea - but I don't have any respect for IPv6. Or HTML5, or RFCs for that matter. -- Peter Fairbrother > > ian > > > From fw at deneb.enyo.de Mon May 13 18:45:08 2013 From: fw at deneb.enyo.de (Florian Weimer) Date: Mon, 13 May 2013 19:45:08 +0200 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: (Ian Batten's message of "Mon, 13 May 2013 08:46:37 +0100") References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> <87ppww36tj.fsf@mid.deneb.enyo.de> <518FA9AE.5070106@zen.co.uk> Message-ID: <87d2suu63f.fsf@mid.deneb.enyo.de> * Ian Batten: > I simply don't understand this argument. What is IPv6, if not IPv4 > with a small extension for a larger address space (and you say that > as though it's not terribly important)? If you look at typical IPv6 textbooks, they give you a long list of advantages: * larger address space * simplified address structure * universal reachability of all end devices * protocol header optimized for efficient forwarding * more flexibility due to scoped addresses * improved security through IPsec * smaller routing tables due to aggregation * stateless auto-configuration * automatic renumbering between different provider aggregates * no broadcasts * improved multicast * built-in mobility * better for QoS with flow labels A lot of that turned out to be totally undesirable, often for security reasons. For example, if the network is stateless, it cannot prevent source address spoofing?it cannot keep state that tells it which network port is associated with which address or set of addresses. Similarly, I don't think we want our fridges to be reachable from the public Internet at large, just because it happens to have an IPv4 address for our own (personal) use. > TCP and UDP go over IPv6 unchanged, for example. Stateless, RFC-compliant UDP servers are rather difficult to build with IPv6. (We didn't get that right with IPv4 first, either.) Getting to the TCP/UDP header is quite different, too. It can even be in a completely different packet. From fw at deneb.enyo.de Mon May 13 20:41:16 2013 From: fw at deneb.enyo.de (Florian Weimer) Date: Mon, 13 May 2013 21:41:16 +0200 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <61E52F3A5532BE43B0211254F13883AE97FBE29B@EXC001> (Andrew Cormack's message of "Mon, 13 May 2013 09:09:51 +0000") References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> <61E52F3A5532BE43B0211254F13883AE97FBE29B@EXC001> Message-ID: <87wqr2k6qr.fsf@mid.deneb.enyo.de> * Andrew Cormack: > If I remember correctly (and it was a *very* long time ago) one of > the aims of v6 was to reduce the size of routing tables by bringing > a bit of structure to address allocations. Doesn't mapping v4 > addresses into part of the v6 space mean that the v6 table has to be > at least as big as the v4 one from day one? Uhm, correct. > That may be less of an issue nowadays (the v6 designers presumably > had in mind the memory limits/costs of routers twenty years ago) but > it may be one reason why they chose a clean break. These days, you'd probably extract the IPv4 address and look it up using the IPv4 forwarding engine because most IPv6 routers have that as well. But that's entirely hypothetical. (IPv6 routing table sizes with hundreds of thousands of prefixes is still a bit tricky if you want to forward hundreds of millions of packets per second on a single router.) From colinthomson1 at o2.co.uk Mon May 13 19:24:08 2013 From: colinthomson1 at o2.co.uk (Tom Thomson) Date: Mon, 13 May 2013 19:24:08 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> Message-ID: <000a01ce5007$0fe71a40$2fb54ec0$@o2.co.uk> While anyone whose income depends on all their customers being able to get to them, and has the man in the street as his customer, has a massive incentive not to upgrade until all the ISPs have upgraded because the man in the street uses whatever his ISP sticks him with. M. Roland Perry wrote:- In article , Ben Laurie writes >> All that was necessary was making the bottom 0.1% (or whatever) of >> IPv6 map onto the old IPv4 space. > >Oh yeah? So how would an IPv4 machine address the remaining space? They wouldn't, but all IPv6 subscribers would intrinsically be able to see all the existing IPv4 space. If people wanted to see IPv6 space as well, they'd have the incentive to upgrade. -- Roland Perry From lists at internetpolicyagency.com Mon May 13 21:17:17 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Mon, 13 May 2013 21:17:17 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <5191082F.9060209@zen.co.uk> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> <87ppww36tj.fsf@mid.deneb.enyo.de> <518FA9AE.5070106@zen.co.uk> <5191082F.9060209@zen.co.uk> Message-ID: In article <5191082F.9060209 at zen.co.uk>, Peter Fairbrother writes >(more logical in that eg major hosting companies, ISPs, and other major >backbone destinations get a single block of IPv4e address beginning >with 240.a.b.c.x.x.x.x.x.x.x.x. The abc bytes are assigned by ICANN or >someone, That would be one of the Regional Internet Registries. >the remaining 8 x bytes by the major destination) -- Roland Perry From lists at internetpolicyagency.com Mon May 13 21:21:08 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Mon, 13 May 2013 21:21:08 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <000a01ce5007$0fe71a40$2fb54ec0$@o2.co.uk> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> <000a01ce5007$0fe71a40$2fb54ec0$@o2.co.uk> Message-ID: In article <000a01ce5007$0fe71a40$2fb54ec0$@o2.co.uk>, Tom Thomson writes >While anyone whose income depends on all their customers being able to get >to them, and has the man in the street as his customer, has a massive >incentive not to upgrade until all the ISPs have upgraded because the man in >the street uses whatever his ISP sticks him with. You are several years behind the curve, when it comes to provisioning large sites (with many men in the street as customers) to be IPv6 enabled. ps Please don't top-post. >Roland Perry wrote:- > > In article >, >Ben Laurie writes > >>> All that was necessary was making the bottom 0.1% (or whatever) of >>> IPv6 map onto the old IPv4 space. >> >>Oh yeah? So how would an IPv4 machine address the remaining space? > >They wouldn't, but all IPv6 subscribers would intrinsically be able to see >all the existing IPv4 space. > >If people wanted to see IPv6 space as well, they'd have the incentive to >upgrade. >-- >Roland Perry > > > -- Roland Perry From igb at batten.eu.org Mon May 13 22:30:01 2013 From: igb at batten.eu.org (Ian Batten) Date: Mon, 13 May 2013 22:30:01 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <87d2suu63f.fsf@mid.deneb.enyo.de> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> <87ppww36tj.fsf@mid.deneb.enyo.de> <518FA9AE.5070106@zen.co.uk> <87d2suu63f.fsf@mid.deneb.enyo.de> Message-ID: On 13 May 2013, at 18:45, Florian Weimer wrote: > > Similarly, I don't think we want our fridges to be reachable from the > public Internet at large, just because it happens to have an IPv4 > address for our own (personal) use. I don't buy that argument. It's trivially easy for routers to have a default-block firewall rule with outbound state tracking, which mimics the security semantics of NAT. > pass out quick on ip.tun1 from any to any keep state > block in quick on ip.tun1 from any to any That does, however, permit those of us that do want access to our internal machines to do so as well. NAT and firewalling are different, and using the one as a hacky way of doing the other is assuming that everyone's requirement for both run in lockstep. ian From fw at deneb.enyo.de Tue May 14 20:38:31 2013 From: fw at deneb.enyo.de (Florian Weimer) Date: Tue, 14 May 2013 21:38:31 +0200 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: (Ian Batten's message of "Mon, 13 May 2013 22:30:01 +0100") References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> <87ppww36tj.fsf@mid.deneb.enyo.de> <518FA9AE.5070106@zen.co.uk> <87d2suu63f.fsf@mid.deneb.enyo.de> Message-ID: <87txm5cpxk.fsf@mid.deneb.enyo.de> * Ian Batten: > On 13 May 2013, at 18:45, Florian Weimer wrote: >> >> Similarly, I don't think we want our fridges to be reachable from the >> public Internet at large, just because it happens to have an IPv4 >> address for our own (personal) use. > > I don't buy that argument. It's trivially easy for routers to have > a default-block firewall rule with outbound state tracking, which > mimics the security semantics of NAT. And with such filtering, end-to-end reachability between arbitrary devices who haven't got a previous relationship is just not possible. >> pass out quick on ip.tun1 from any to any keep state >> block in quick on ip.tun1 from any to any > > That does, however, permit those of us that do want access to our > internal machines to do so as well. True, but applications still have to work around filters. IPv6, when eventually deployed, will not provide much simplification (except for protocols which are actively hostile towards NAT, but upgrading them to IPv6 will often be difficult, due to embedded addresses etc.). From igb at batten.eu.org Wed May 15 16:13:25 2013 From: igb at batten.eu.org (Ian Batten) Date: Wed, 15 May 2013 16:13:25 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <87txm5cpxk.fsf@mid.deneb.enyo.de> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> <87ppww36tj.fsf@mid.deneb.enyo.de> <518FA9AE.5070106@zen.co.uk> <87d2suu63f.fsf@mid.deneb.enyo.de> <87txm5cpxk.fsf@mid.deneb.enyo.de> Message-ID: <9289AE42-B208-467C-B032-418E8C1DD1B9@batten.eu.org> On 14 May 2013, at 20:38, Florian Weimer wrote: > * Ian Batten: > >> On 13 May 2013, at 18:45, Florian Weimer wrote: >>> >>> Similarly, I don't think we want our fridges to be reachable from the >>> public Internet at large, just because it happens to have an IPv4 >>> address for our own (personal) use. >> >> I don't buy that argument. It's trivially easy for routers to have >> a default-block firewall rule with outbound state tracking, which >> mimics the security semantics of NAT. > > And with such filtering, end-to-end reachability between arbitrary > devices who haven't got a previous relationship is just not possible. Sorry, could you explain that? How does NAT differ from stateful firewalling? ian From lists at internetpolicyagency.com Sat May 18 11:34:55 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Sat, 18 May 2013 11:34:55 +0100 Subject: BBC Moneybox - contactless hiccups Message-ID: "Some Marks and Spencer customers have told the BBC of cases where the chain's contactless payment terminals have taken money from cards other than the ones intended for payment. "Card are supposed to be within about 4cm of the front of the contactless terminal to work. "But some customers say payments have been taken from cards while in purses and wallets at much greater distances. http://www.bbc.co.uk/news/business-22545804 -- Roland Perry From pwt at iosis.co.uk Sat May 18 14:03:51 2013 From: pwt at iosis.co.uk (Peter Tomlinson) Date: Sat, 18 May 2013 14:03:51 +0100 Subject: BBC Moneybox - contactless hiccups In-Reply-To: References: Message-ID: <51977C37.30104@iosis.co.uk> Well, it all depends... ... on how much power the card needs to function ... on how much power the terminal actually radiates (sic, its a magnetic field thing). I'm copying this to Chris Stanford who runs the ISO/IEC JTC1/SC17/WG8 UK Panel for Contactless cards. Peter Peter Tomlinson On 18/05/2013 11:34, Roland Perry wrote: > "Some Marks and Spencer customers have told the BBC of cases > where the chain's contactless payment terminals have taken money > from cards other than the ones intended for payment. > > "Card are supposed to be within about 4cm of the front of the > contactless terminal to work. > > "But some customers say payments have been taken from cards > while in purses and wallets at much greater distances. > > http://www.bbc.co.uk/news/business-22545804 From dfawcus+lists-ukcrypto at employees.org Sun May 19 19:04:53 2013 From: dfawcus+lists-ukcrypto at employees.org (Derek Fawcus) Date: Sun, 19 May 2013 11:04:53 -0700 Subject: BBC Moneybox - contactless hiccups In-Reply-To: <51977C37.30104@iosis.co.uk> References: <51977C37.30104@iosis.co.uk> Message-ID: <20130519180453.GA16759@banjo.employees.org> On Sat, May 18, 2013 at 02:03:51pm +0100, Peter Tomlinson wrote: > (sic, its a magnetic field thing). So, does that mean we now need to have mu-metal lined wallets? From david at jellybaby.net Sun May 19 22:39:28 2013 From: david at jellybaby.net (David Walters) Date: Sun, 19 May 2013 22:39:28 +0100 Subject: BBC Moneybox - contactless hiccups In-Reply-To: <20130519180453.GA16759@banjo.employees.org> References: <51977C37.30104@iosis.co.uk> <20130519180453.GA16759@banjo.employees.org> Message-ID: On Sun, May 19, 2013 at 7:04 PM, Derek Fawcus wrote: > On Sat, May 18, 2013 at 02:03:51pm +0100, Peter Tomlinson wrote: >> (sic, its a magnetic field thing). > > So, does that mean we now need to have mu-metal lined wallets? That or tin foil it seems - http://rfidiot.org/#RFID_Blocking From fearghas at gmail.com Sun May 19 23:00:59 2013 From: fearghas at gmail.com (Fearghas McKay) Date: Sun, 19 May 2013 23:00:59 +0100 Subject: BBC Moneybox - contactless hiccups In-Reply-To: <20130519180453.GA16759@banjo.employees.org> References: <51977C37.30104@iosis.co.uk> <20130519180453.GA16759@banjo.employees.org> Message-ID: <57621A3A-56C8-4517-B41E-6DFEB0314A98@gmail.com> On 19 May 2013, at 19:04, Derek Fawcus wrote: > So, does that mean we now need to have mu-metal lined wallets? Like your passport holder :-) that probably has room for cards already? f From David_Biggins at usermgmt.com Sun May 19 20:49:29 2013 From: David_Biggins at usermgmt.com (David Biggins) Date: Sun, 19 May 2013 20:49:29 +0100 Subject: BBC Moneybox - contactless hiccups In-Reply-To: References: Message-ID: I've seen reports that Marks & Spencer have seen cases of payment being simultaneously taken from a normal C&P card and a nearby swipe. To the extent that they have raised refunds for the duplicate payments... Pret a Manger have apparently seen similar issues. http://www.telegraph.co.uk/finance/personalfinance/10066187/Marks-and-Sp encer-customer-fears-over-contactless-payments.html http://www.dailymail.co.uk/news/article-2326793/M-amp-S-customers-pay-tw ice-contactless-payment-cards--despite-standing-foot-till.html Dave. (Long time no see). > -----Original Message----- > From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto- > bounces at chiark.greenend.org.uk] On Behalf Of Roland Perry > Sent: 18 May 2013 11:35 AM > To: ukcrypto at chiark.greenend.org.uk > Subject: BBC Moneybox - contactless hiccups > > "Some Marks and Spencer customers have told the BBC of cases > where the chain's contactless payment terminals have taken money > from cards other than the ones intended for payment. > > "Card are supposed to be within about 4cm of the front of the > contactless terminal to work. > > "But some customers say payments have been taken from cards > while in purses and wallets at much greater distances. > > http://www.bbc.co.uk/news/business-22545804 > -- > Roland Perry > From David_Biggins at usermgmt.com Sun May 19 20:50:53 2013 From: David_Biggins at usermgmt.com (David Biggins) Date: Sun, 19 May 2013 20:50:53 +0100 Subject: Apologies for the previous top post. Message-ID: D. -------------- next part -------------- An HTML attachment was scrubbed... URL: From igb at batten.eu.org Mon May 20 09:09:56 2013 From: igb at batten.eu.org (Ian Batten) Date: Mon, 20 May 2013 09:09:56 +0100 Subject: BBC Moneybox - contactless hiccups In-Reply-To: References: Message-ID: On 19 May 2013, at 20:49, "David Biggins" wrote: > I've seen reports that Marks & Spencer have seen cases of payment being > simultaneously taken from a normal C&P card and a nearby swipe. Aside from problems with the hardware, that's also a problem with the PoS software. Surely it never makes sense to take payment twice? ian From lists at internetpolicyagency.com Mon May 20 10:36:50 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Mon, 20 May 2013 10:36:50 +0100 Subject: BBC Moneybox - contactless hiccups In-Reply-To: <57621A3A-56C8-4517-B41E-6DFEB0314A98@gmail.com> References: <51977C37.30104@iosis.co.uk> <20130519180453.GA16759@banjo.employees.org> <57621A3A-56C8-4517-B41E-6DFEB0314A98@gmail.com> Message-ID: In article <57621A3A-56C8-4517-B41E-6DFEB0314A98 at gmail.com>, Fearghas McKay writes >> So, does that mean we now need to have mu-metal lined wallets? > >Like your passport holder :-) that probably has room for cards already I wonder if it helps (to avoid these false transactions) if you have more than one contactless card in your wallet. Or does the system then simply charge both of them? What if the contactless credit card is adjacent to an Oyster or ITSO card in your wallet? -- Roland Perry From chris-ukcrypto at lists.skipnote.org Mon May 20 10:49:44 2013 From: chris-ukcrypto at lists.skipnote.org (Chris Edwards) Date: Mon, 20 May 2013 10:49:44 +0100 (BST) Subject: BBC Moneybox - contactless hiccups In-Reply-To: References: <51977C37.30104@iosis.co.uk> <20130519180453.GA16759@banjo.employees.org> <57621A3A-56C8-4517-B41E-6DFEB0314A98@gmail.com> Message-ID: On Mon, 20 May 2013, Roland Perry wrote: > What if the contactless credit card is adjacent to an Oyster or ITSO card in > your wallet? $workplace uses a mifare card based entry system (wave your wallet containing card at door reader). Last year, I started frequently having problems opening doors. Then I realised this was due to my bank having issued a new visa card, which has the "pay-by-wave" logo (looks a bit like a WiFi symbol). Removing this visa card from my wallet reinstated by ability to open doors. I had some idea the protocols specifically catered for multiple cards, and that the door card reader would be able to "select" the card it wants to talk to. But if so, this doesn't seem to work very well (for me). From lists at internetpolicyagency.com Mon May 20 13:34:51 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Mon, 20 May 2013 13:34:51 +0100 Subject: BBC Moneybox - contactless hiccups In-Reply-To: References: <51977C37.30104@iosis.co.uk> <20130519180453.GA16759@banjo.employees.org> <57621A3A-56C8-4517-B41E-6DFEB0314A98@gmail.com> Message-ID: In article , Chris Edwards writes >> What if the contactless credit card is adjacent to an Oyster or ITSO card in >> your wallet? > >$workplace uses a mifare card based entry system (wave your wallet >containing card at door reader). Last year, I started frequently having >problems opening doors. Then I realised this was due to my bank having >issued a new visa card, which has the "pay-by-wave" logo (looks a bit like >a WiFi symbol). Removing this visa card from my wallet reinstated by >ability to open doors. > >I had some idea the protocols specifically catered for multiple cards, and >that the door card reader would be able to "select" the card it wants to >talk to. But if so, this doesn't seem to work very well (for me). It's never worked for me (in either direction) trying to unscramble an Oyster with something else. I suspect a field trip is in order... (and while I'm at it I can see if LRT buses accept my Paywave Paypal debit card or not - from the publicity material it's ambiguous). -- Roland Perry From ukcrypto at sourcetagged.ian.co.uk Mon May 20 14:07:23 2013 From: ukcrypto at sourcetagged.ian.co.uk (Ian Mason) Date: Mon, 20 May 2013 14:07:23 +0100 Subject: BBC Moneybox - contactless hiccups In-Reply-To: References: <51977C37.30104@iosis.co.uk> <20130519180453.GA16759@banjo.employees.org> <57621A3A-56C8-4517-B41E-6DFEB0314A98@gmail.com> Message-ID: <7C9B2A54-C019-4870-AB2D-733233690DB2@sourcetagged.ian.co.uk> On May 20, 2013, at 10:49 AM, Chris Edwards wrote: > On Mon, 20 May 2013, Roland Perry wrote: > >> What if the contactless credit card is adjacent to an Oyster or >> ITSO card in >> your wallet? > > $workplace uses a mifare card based entry system (wave your wallet > containing card at door reader). Last year, I started frequently > having > problems opening doors. Then I realised this was due to my bank > having > issued a new visa card, which has the "pay-by-wave" logo (looks a > bit like > a WiFi symbol). Removing this visa card from my wallet reinstated by > ability to open doors. > > I had some idea the protocols specifically catered for multiple > cards, and > that the door card reader would be able to "select" the card it > wants to > talk to. But if so, this doesn't seem to work very well (for me). > > There are several collision avoidance mechanisms for RFID cards. The commonest uses a tree walk strategy where the reader gradually enumerates the possible serial number space by repeatedly transmitting a request for cards with a defined serial number prefix to reply and lengthening the prefix at every attempt. It would look something like this: Reader Tx: Any cards there? Reader Rx: Reader Tx: Any cards with a serial number starting '0' there? Reader Rx: Reader Tx: Any cards with a serial number starting '1' there? Reader Rx: Reader Tx: Any cards with a serial number starting '10' there? Reader Rx: Reader Tx: Any cards with a serial number starting '11' there? Reader Rx: Reader Tx: Any cards with a serial number starting '110' there? Reader Rx: This is card 11011001... This method has the undesirable property that it leaks all but the last bit of the serial number of the card it is reading. This being leaked by the reader (which will have a much higher transmit power than the card) it can be read at much greater distances than replies from cards. Using it implies that for a system to be even trivially secure, the systems security must not rely on the cards serial number being secret. This might seem obvious, but I've seen smart card systems that do rely on serial number secrecy. An alternative collision mechanism is good old ALOHA and slotted ALOHA, as used in ethernet's great granddaddy at the University of Hawaii. This is a classic backoff and retransmit protocol and has all the problems of those style protocols in high traffic/crowded airspace situations. I don't know which mechanism contactless payment cards use. Using either one there is still a race for cards to reply and a possibility that for implementations that stop trying once they have received a single complete reply that a particular card may always be singled out, either by serial number priority or differing choices (or accuracy) of retransmission timers. Note that both protocols make it possible to enumerate all cards in range and then it would be an application flaw, as opposed to a reader flaw, that allowed two cards to be charged for the same transaction. It seems obvious to me that a POS system that detected two or more cards ought to ask for human intervention to resolve which card to choose but perhaps it wasn't obvious to the designers of these particular systems. Ian From clive at davros.org Mon May 20 15:40:13 2013 From: clive at davros.org (Clive D.W. Feather) Date: Mon, 20 May 2013 15:40:13 +0100 Subject: BBC Moneybox - contactless hiccups In-Reply-To: <7C9B2A54-C019-4870-AB2D-733233690DB2@sourcetagged.ian.co.uk> References: <51977C37.30104@iosis.co.uk> <20130519180453.GA16759@banjo.employees.org> <57621A3A-56C8-4517-B41E-6DFEB0314A98@gmail.com> <7C9B2A54-C019-4870-AB2D-733233690DB2@sourcetagged.ian.co.uk> Message-ID: <20130520144013.GB48009@davros.org> Ian Mason said: > There are several collision avoidance mechanisms for RFID cards. Cambridgeshire Libraries has an automated checkout system that uses some kind of RFID tags in the book. I've tried putting a stack of 6 books on the reader and it found all of them. -- Clive D.W. Feather | If you lie to the compiler, Email: clive at davros.org | it will get its revenge. Web: http://www.davros.org | - Henry Spencer Mobile: +44 7973 377646 From igb at batten.eu.org Mon May 20 15:51:16 2013 From: igb at batten.eu.org (Ian Batten) Date: Mon, 20 May 2013 15:51:16 +0100 Subject: BBC Moneybox - contactless hiccups In-Reply-To: <7C9B2A54-C019-4870-AB2D-733233690DB2@sourcetagged.ian.co.uk> References: <51977C37.30104@iosis.co.uk> <20130519180453.GA16759@banjo.employees.org> <57621A3A-56C8-4517-B41E-6DFEB0314A98@gmail.com> <7C9B2A54-C019-4870-AB2D-733233690DB2@sourcetagged.ian.co.uk> Message-ID: <6ADEBBD9-F7B5-4825-90EB-29AA642B0FB0@batten.eu.org> On 20 May 2013, at 14:07, Ian Mason wrote: > > On May 20, 2013, at 10:49 AM, Chris Edwards wrote: > >> On Mon, 20 May 2013, Roland Perry wrote: >> >>> What if the contactless credit card is adjacent to an Oyster or ITSO card in >>> your wallet? >> >> $workplace uses a mifare card based entry system (wave your wallet >> containing card at door reader). Last year, I started frequently having >> problems opening doors. Then I realised this was due to my bank having >> issued a new visa card, which has the "pay-by-wave" logo (looks a bit like >> a WiFi symbol). Removing this visa card from my wallet reinstated by >> ability to open doors. >> >> I had some idea the protocols specifically catered for multiple cards, and >> that the door card reader would be able to "select" the card it wants to >> talk to. But if so, this doesn't seem to work very well (for me). >> >> > > There are several collision avoidance mechanisms for RFID cards. The commonest uses a tree walk strategy where the reader gradually enumerates the possible serial number space by repeatedly transmitting a request for cards with a defined serial number prefix to reply and lengthening the prefix at every attempt. [...] > This method has the undesirable property that it leaks all but the last bit of the serial number of the card it is reading. Surely it only leaks the common initial substring? Yes, in the limit that is, as you say, n-1 bits of an n bit serial, but on average it will be substantially less than that, depending on how the serial numbers are allocated. ian From dfawcus+lists-ukcrypto at employees.org Mon May 20 15:51:54 2013 From: dfawcus+lists-ukcrypto at employees.org (Derek Fawcus) Date: Mon, 20 May 2013 07:51:54 -0700 Subject: BBC Moneybox - contactless hiccups In-Reply-To: References: <51977C37.30104@iosis.co.uk> <20130519180453.GA16759@banjo.employees.org> Message-ID: <20130520145154.GA78125@banjo.employees.org> On Sun, May 19, 2013 at 10:39:28pm +0100, David Walters wrote: > That or tin foil it seems - http://rfidiot.org/#RFID_Blocking I took a simpler, although slower approach, after 3 sets of instructions, I finally received a new NatWest Debit/ATM card without that 'wireless' logo. From lists at internetpolicyagency.com Mon May 20 16:01:48 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Mon, 20 May 2013 16:01:48 +0100 Subject: BBC Moneybox - contactless hiccups In-Reply-To: <20130520144013.GB48009@davros.org> References: <51977C37.30104@iosis.co.uk> <20130519180453.GA16759@banjo.employees.org> <57621A3A-56C8-4517-B41E-6DFEB0314A98@gmail.com> <7C9B2A54-C019-4870-AB2D-733233690DB2@sourcetagged.ian.co.uk> <20130520144013.GB48009@davros.org> Message-ID: <9o62ojKcrjmRFAq8@perry.co.uk> In article <20130520144013.GB48009 at davros.org>, Clive D.W. Feather writes >> There are several collision avoidance mechanisms for RFID cards. > >Cambridgeshire Libraries has an automated checkout system that uses some >kind of RFID tags in the book. I've tried putting a stack of 6 books on the >reader and it found all of them. I'd expect collision detection to work well for RFID chips of the kind used in products, but the ones in transaction cards do seem to interfere with each other. They also have a very short time to complete the transaction. -- Roland Perry From david at jellybaby.net Mon May 20 15:42:39 2013 From: david at jellybaby.net (David Walters) Date: Mon, 20 May 2013 15:42:39 +0100 Subject: BBC Moneybox - contactless hiccups In-Reply-To: <20130520144013.GB48009@davros.org> References: <51977C37.30104@iosis.co.uk> <20130519180453.GA16759@banjo.employees.org> <57621A3A-56C8-4517-B41E-6DFEB0314A98@gmail.com> <7C9B2A54-C019-4870-AB2D-733233690DB2@sourcetagged.ian.co.uk> <20130520144013.GB48009@davros.org> Message-ID: On Mon, May 20, 2013 at 3:40 PM, Clive D.W. Feather wrote: > Cambridgeshire Libraries has an automated checkout system that uses some > kind of RFID tags in the book. I've tried putting a stack of 6 books on the > reader and it found all of them. If it is anything like the system used by Barnet libraries then it needs a minimum separation between books so doesn't work very well with children's picture books. From pwt at iosis.co.uk Mon May 20 16:14:06 2013 From: pwt at iosis.co.uk (Peter Tomlinson) Date: Mon, 20 May 2013 16:14:06 +0100 Subject: BBC Moneybox - contactless hiccups In-Reply-To: <7C9B2A54-C019-4870-AB2D-733233690DB2@sourcetagged.ian.co.uk> References: <51977C37.30104@iosis.co.uk><20130519180453.GA16759@banjo.employees.org><57621A3A-56C8-4517-B41E-6DFEB0314A98@gmail.com> <7C9B2A54-C019-4870-AB2D-733233690DB2@sourcetagged.ian.co.uk> Message-ID: <519A3DBE.1090207@iosis.co.uk> (1) I agree that charging the customer twice **for the same transaction** is an application flaw in the POS device - and it smacks of a major error in POS device certification (may also be a breach of the Merchant Agreement if it really happened - but that it did happen might be an urban myth). But maybe it was actually something different (see point (3) below). (2) One (and its an obvious one) difficulty with collision avoidance by interrogating the cards is the time that it takes - a major point about contactless EMV payment is transaction speed. A less obvious difficulty is that the terminals don't (as far as I know) have any way for the customer to be asked which card should be used, so assistance would have to be sent for when a collision is detected - and no store trying to speed things up (customer proposition) and keep costs down (merchant proposition) will want that to happen.. (3) If another report is true (that a customer with no intention of paying for anything gets charged just because he/she is nearby), then there will have to be (a) reduction of the strength of the terminal's RF field, (b) adjustment of the shape of the terminal's RF field (which is generated by a coil), and (c) adjustment to the layout of the point of sale area so that those who don't want to pay are kept away until its their turn. One of the worse cases will be if customer A is at the terminal and customer B waiting in line to pay gets charged for customer A's purchase while customer A walks away without paying (because the terminal says the transaction is complete). Reminds me of passport control where you wait to be called forward... I'm expecting a forthcoming debit card renewal to result in my getting a card with contactless technology as well as contact. Must line my wallet with kitchen foil (no tin foil to hand)... Peter On 20/05/2013 14:07, Ian Mason wrote: > There are several collision avoidance mechanisms for RFID cards. The > commonest uses a tree walk strategy where the reader gradually > enumerates the possible serial number space by repeatedly transmitting > a request for cards with a defined serial number prefix to reply and > lengthening the prefix at every attempt. It would look something like > this: > > Reader Tx: Any cards there? > Reader Rx: > Reader Tx: Any cards with a serial number starting '0' there? > Reader Rx: > Reader Tx: Any cards with a serial number starting '1' there? > Reader Rx: > Reader Tx: Any cards with a serial number starting '10' there? > Reader Rx: > Reader Tx: Any cards with a serial number starting '11' there? > Reader Rx: > Reader Tx: Any cards with a serial number starting '110' there? > Reader Rx: This is card 11011001... > > This method has the undesirable property that it leaks all but the > last bit of the serial number of the card it is reading. This being > leaked by the reader (which will have a much higher transmit power > than the card) it can be read at much greater distances than replies > from cards. Using it implies that for a system to be even trivially > secure, the systems security must not rely on the cards serial number > being secret. This might seem obvious, but I've seen smart card > systems that do rely on serial number secrecy. > > An alternative collision mechanism is good old ALOHA and slotted > ALOHA, as used in ethernet's great granddaddy at the University of > Hawaii. This is a classic backoff and retransmit protocol and has all > the problems of those style protocols in high traffic/crowded airspace > situations. > > I don't know which mechanism contactless payment cards use. Using > either one there is still a race for cards to reply and a possibility > that for implementations that stop trying once they have received a > single complete reply that a particular card may always be singled > out, either by serial number priority or differing choices (or > accuracy) of retransmission timers. > > Note that both protocols make it possible to enumerate all cards in > range and then it would be an application flaw, as opposed to a reader > flaw, that allowed two cards to be charged for the same transaction. > It seems obvious to me that a POS system that detected two or more > cards ought to ask for human intervention to resolve which card to > choose but perhaps it wasn't obvious to the designers of these > particular systems. > > Ian > > From tony.naggs at googlemail.com Mon May 20 15:44:03 2013 From: tony.naggs at googlemail.com (Tony Naggs) Date: Mon, 20 May 2013 15:44:03 +0100 Subject: BBC Moneybox - contactless hiccups In-Reply-To: References: <51977C37.30104@iosis.co.uk> <20130519180453.GA16759@banjo.employees.org> <57621A3A-56C8-4517-B41E-6DFEB0314A98@gmail.com> Message-ID: On 20 May 2013 10:49, Chris Edwards wrote: > On Mon, 20 May 2013, Roland Perry wrote: > >> What if the contactless credit card is adjacent to an Oyster or ITSO card in >> your wallet? > > $workplace uses a mifare card based entry system (wave your wallet > containing card at door reader). Last year, I started frequently having > problems opening doors. Then I realised this was due to my bank having > issued a new visa card, which has the "pay-by-wave" logo (looks a bit like > a WiFi symbol). Removing this visa card from my wallet reinstated by > ability to open doors. > > I had some idea the protocols specifically catered for multiple cards, and > that the door card reader would be able to "select" the card it wants to > talk to. But if so, this doesn't seem to work very well (for me). Many door locks simply try to read the unique Id (UID) of a card, & search for it in an access rights table. The ones I've encountered are unable to cope with multiple cards presented together. Credit & debit cards may have random or fixed Ids, and the card function is identified by further information on the card. If there are multiple cards a terminal could simply charge the card it identifies with credit/debit functionality - this may still not be the expected behaviour. -- Tony From lists at internetpolicyagency.com Tue May 21 08:15:09 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Tue, 21 May 2013 08:15:09 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <518CB006.8000604@iosis.co.uk> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> Message-ID: <7pSno5H97xmRFALz@perry.co.uk> In article <518CB006.8000604 at iosis.co.uk>, Peter Tomlinson writes >Report about that on Out-Law: > >http://www.out-law.com/en/articles/2013/may/individuals-can-be-identifie >d-despite-ip-address-sharing-bt-says/ > >Individuals can be identified despite IP address sharing, BT says > >The use of Internet Protocol (IP) address sharing technology will not >prevent individuals from being identified as the perpetrators of >illegal online activity, BT has claimed.09 May 2013 > >The internet service provider (ISP) has announced that it is currently >piloting technology called Carrier-Grade Network Address Translation >(CGNAT) that will see as many as nine different customers share the >same IP address. And an article looking more deeply into the technical details of CGNs, in this context: http://www.potaroo.net/ispcol/2013-05/cgns.html -- Roland Perry From k.brown at bbk.ac.uk Tue May 21 15:52:21 2013 From: k.brown at bbk.ac.uk (k.brown at bbk.ac.uk) Date: Tue, 21 May 2013 15:52:21 +0100 Subject: Fwd: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> <87ppww36tj.fsf@mid.deneb.enyo.de> <518FA9AE.5070106@zen.co.uk> <87d2suu63f.fsf@mid.deneb.enyo.de> Message-ID: On 13 May 2013 18:45, Florian Weimer wrote: > If you look at typical IPv6 textbooks, they give you a long list of > advantages: > > * larger address space > * simplified address structure > * universal reachability of all end devices > * protocol header optimized for efficient forwarding > * more flexibility due to scoped addresses > * improved security through IPsec > * smaller routing tables due to aggregation > * stateless auto-configuration > * automatic renumbering between different provider aggregates > * no broadcasts > * improved multicast > * built-in mobility > * better for QoS with flow labels > > A lot of that turned out to be totally undesirable... And those that were desirable were really only problems for people who write software for routers. Not for end users. Or even people who run computers for end users. Or even people who configure networkds for people who run computers for end users. And they have pretty much been solved in the last twenty years by those people who write software for routers. And "simplified address structure" is only true if you are writing software for routers. To everybody else IPv4 looks simpler because its just about possible for the average person to remember four decimal numbers in a row, most people can't hold eight 4-digit hex numbers in their head, which means they can't *read* them, which means they are basically machine-readable-only for the average punter. Basic nerdview mistake. Describing things from the point of view of an insider, so making it harder for anyone without the rignt background to follow. (Other classic bits of nerdview in this field might include eduroam, Freeradius and Shibboleth installation documentation - you can only understand them if you already know how to do it; and everybody who does know how to do it can't see why its so hard for everyone else to follow ;-) OK. some things are fine described from an insider point of view. I used to do IOgens for IBM mainframes (about 25 years ago). It didn't matter that none of it made sense to anyone who didn't have at least about three years of system programming experience, a good idea of how channel io worked, knew their way round a control block or twenty, and ideally was pretty good at JCL, JES2/3, dump reading, and 370 assembler as well. Because no-one who didn't fit that description was likely to ever get near an IOgen. But IP addresses have escaped. They are out of the box. They aren't quite general knowledge (though I'd guess that at least a quarter of the people who drink in my local have at least some idea of what they are) but they have certainly got out into the world of PC support and help desks and cable TV. And IPv6, unless it is *completely* invisible, will make a lot of people's lives harder at that sort of level. So we hang on untill it is completely invisible. The time to decide to convert end-user PC networks and domestic WiFi to IPv6 is the day you find its already been done for you and you didn't notice. -- Ken Brown From jim at openrightsgroup.org Tue May 21 16:05:16 2013 From: jim at openrightsgroup.org (Jim Killock) Date: Tue, 21 May 2013 16:05:16 +0100 Subject: ORGCon 2013 June 8 London Message-ID: <5C3FE521-D90C-4FAC-A429-43C41E8B612E@openrightsgroup.org> Hi all, Hopefully you know about ORGCon 2013 http://orgcon.openrightsgroup.org/ - but in case you don't it has a lot to offer you all. Hope to see some of you there! Jim A sample: http://orgcon.openrightsgroup.org/2013/programme Snoopers' Charter: What's the situation now? -Jim Killock, ORG Executive Director - Peter Sommer - Others TBC Digital Arms Trade -Hauke Gierow, Reporters without Borders -Eric King, Privacy International Regulating Code - Ian Brown and Chris Marsden on their book and its conclusions How to wiretap the Cloud (without anybody noticing) -Caspar Bowden, independant privacy expert Speaking on the threat of the US FISAA (Foreign Intelligence Surveillance Ammendments Act) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From lists at internetpolicyagency.com Tue May 21 21:22:09 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Tue, 21 May 2013 21:22:09 +0100 Subject: Fwd: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <+3KGvzLL8MjRFASR@perry.co.uk> <240765A6-2F22-424A-869E-0A8A22977670@batten.eu.org> <$SQWGVwjEnjRFAgJ@perry.co.uk> <87ppww36tj.fsf@mid.deneb.enyo.de> <518FA9AE.5070106@zen.co.uk> <87d2suu63f.fsf@mid.deneb.enyo.de> Message-ID: In article , "k.brown at bbk.ac.uk" writes >IP addresses have escaped. They are out of the box. And in the recent Queen's Speech! -- Roland Perry From jon+ukcrypto at unequivocal.co.uk Tue May 21 18:09:23 2013 From: jon+ukcrypto at unequivocal.co.uk (Jon Ribbens) Date: Tue, 21 May 2013 18:09:23 +0100 Subject: BBC Moneybox - contactless hiccups In-Reply-To: <519A3DBE.1090207@iosis.co.uk> References: <7C9B2A54-C019-4870-AB2D-733233690DB2@sourcetagged.ian.co.uk> <519A3DBE.1090207@iosis.co.uk> Message-ID: <20130521170923.GD20185@snowy.squish.net> On Mon, May 20, 2013 at 04:14:06PM +0100, Peter Tomlinson wrote: > (1) I agree that charging the customer twice **for the same > transaction** is an application flaw in the POS device - and it smacks > of a major error in POS device certification (may also be a breach of > the Merchant Agreement if it really happened - but that it did happen > might be an urban myth). I've personally seen a POS machine print me a "declined" receipt for a transaction that was actually approved. From zenadsl6186 at zen.co.uk Wed May 22 00:03:09 2013 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Wed, 22 May 2013 00:03:09 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <7pSno5H97xmRFALz@perry.co.uk> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> Message-ID: <519BFD2D.5070102@zen.co.uk> On 21/05/13 08:15, Roland Perry wrote: > In article <518CB006.8000604 at iosis.co.uk>, Peter Tomlinson > writes >> Report about that on Out-Law: >> >> http://www.out-law.com/en/articles/2013/may/individuals-can-be-identifie >> d-despite-ip-address-sharing-bt-says/ >> >> Individuals can be identified despite IP address sharing, BT says >> >> The use of Internet Protocol (IP) address sharing technology will not >> prevent individuals from being identified as the perpetrators of >> illegal online activity, BT has claimed.09 May 2013 >> >> The internet service provider (ISP) has announced that it is currently >> piloting technology called Carrier-Grade Network Address Translation >> (CGNAT) that will see as many as nine different customers share the >> same IP address. > > And an article looking more deeply into the technical details of CGNs, > in this context: > > http://www.potaroo.net/ispcol/2013-05/cgns.html Hmmm - suppose I download a game which takes an hour (or a day) to play, and want to see the result. Will the ISP keep the 5-tuple NAT active? Of course throwaway dongles, unsecured WIFI, free public wifi, TOR, and so on need no mention here. But I wonder if Her Majesty knows about them? Does anyone know the history of how and why telephone logs became fair game for Plod? I mean. it's not obvious that Plod should have pretty much unrestricted access to comms data logs anyway. Even then there is a big difference between telephone logs and internet logs, which are much more revealing. -- Peter Fairbrother From lists at internetpolicyagency.com Wed May 22 09:26:34 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Wed, 22 May 2013 09:26:34 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <519BFD2D.5070102@zen.co.uk> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> Message-ID: In article <519BFD2D.5070102 at zen.co.uk>, Peter Fairbrother writes >Of course throwaway dongles, unsecured WIFI, free public wifi, TOR, and >so on need no mention here. But I wonder if Her Majesty knows about >them? Her government does. But it's never a good argument that you should give up picking the low-hanging fruit, just because there's some harder to reach fruit elsewhere. >Does anyone know the history of how and why telephone logs became fair >game for Plod? I could write a book about it. Did you watch 'Endeavour' (the 'Morse' prequel). I've not seen the whole series yet, but they've done reverse-DQ phone numbers in two of the plots so far. >I mean. it's not obvious that Plod should have pretty much unrestricted >access to comms data logs anyway. There's two elements to this. One is whether the access is required at all (and checking who a suspect has been in contact with is normally regarded as a legitimate investigative technique), the other is to what extent it's "pretty much unrstricted". I won't re-run the RIPA [vs DPA 29(3)] debate for the nth time. >Even then there is a big difference between telephone logs and internet >logs, which are much more revealing. Which is why there's the tailpiece in RIPA s2(9) -- Roland Perry From lists at internetpolicyagency.com Wed May 22 09:28:42 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Wed, 22 May 2013 09:28:42 +0100 Subject: BBC Moneybox - contactless hiccups In-Reply-To: <20130521170923.GD20185@snowy.squish.net> References: <7C9B2A54-C019-4870-AB2D-733233690DB2@sourcetagged.ian.co.uk> <519A3DBE.1090207@iosis.co.uk> <20130521170923.GD20185@snowy.squish.net> Message-ID: <4iiXqBM6GInRFAyC@perry.co.uk> In article <20130521170923.GD20185 at snowy.squish.net>, Jon Ribbens writes >> (1) I agree that charging the customer twice **for the same >> transaction** is an application flaw in the POS device - and it smacks >> of a major error in POS device certification (may also be a breach of >> the Merchant Agreement if it really happened - but that it did happen >> might be an urban myth). > >I've personally seen a POS machine print me a "declined" receipt >for a transaction that was actually approved. And last week I had a Debit Card transaction "declined", when what they meant was "we can't seem to contact your bank at the moment, so hard luck". But I suppose they'd say it was the POS machine declining to take the card, not the bank declining to authorise the funds. They really should have two different expressions for that. -- Roland Perry From ukcrypto at sourcetagged.ian.co.uk Wed May 22 18:24:52 2013 From: ukcrypto at sourcetagged.ian.co.uk (Ian Mason) Date: Wed, 22 May 2013 18:24:52 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> Message-ID: <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> On May 22, 2013, at 9:26 AM, Roland Perry wrote: > In article <519BFD2D.5070102 at zen.co.uk>, Peter Fairbrother > writes >> Of course throwaway dongles, unsecured WIFI, free public wifi, TOR, >> and so on need no mention here. But I wonder if Her Majesty knows >> about them? > > Her government does. But it's never a good argument that you should > give up picking the low-hanging fruit, just because there's some > harder to reach fruit elsewhere. > >> Does anyone know the history of how and why telephone logs became >> fair game for Plod? > > I could write a book about it. > > Did you watch 'Endeavour' (the 'Morse' prequel). I've not seen the > whole series yet, but they've done reverse-DQ phone numbers in two > of the plots so far. > >> I mean. it's not obvious that Plod should have pretty much >> unrestricted access to comms data logs anyway. > > There's two elements to this. One is whether the access is required > at all (and checking who a suspect has been in contact with is > normally regarded as a legitimate investigative technique), the > other is to what extent it's "pretty much unrstricted". I can state from personal direct knowledge that in the early 90's that one non-metropolitan police force had unfettered online access access to BT's reverse-DQ and unlisted number databases. In the instance I directly observed no procedure or justification was required - just physical access to the terminal connected to BT (which in this case was situated in a suite of offices normally used as a major incident room alongside a PNC terminal and one connected to a database of all electoral rolls - both with similar lack of access controls or procedures). > > I won't re-run the RIPA [vs DPA 29(3)] debate for the nth time. > >> Even then there is a big difference between telephone logs and >> internet logs, which are much more revealing. > > Which is why there's the tailpiece in RIPA s2(9) > > -- > Roland Perry > From zenadsl6186 at zen.co.uk Wed May 22 22:42:17 2013 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Wed, 22 May 2013 22:42:17 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> Message-ID: <519D3BB9.3060403@zen.co.uk> On 22/05/13 09:26, Roland Perry wrote: > In article <519BFD2D.5070102 at zen.co.uk>, Peter Fairbrother > writes >> Of course throwaway dongles, unsecured WIFI, free public wifi, TOR, >> and so on need no mention here. But I wonder if Her Majesty knows >> about them? > > Her government does. But it's never a good argument that you should give > up picking the low-hanging fruit, just because there's some harder to > reach fruit elsewhere. That's true enough, but if they use the end of catching the harder-to-reach fruit in order to justify the means, but those means will not let them reach that fruit ... >> Does anyone know the history of how and why telephone logs became fair >> game for Plod? > > I could write a book about it. I'd read it. > Did you watch 'Endeavour' (the 'Morse' prequel). I've not seen the whole > series yet, but they've done reverse-DQ phone numbers in two of the > plots so far. I don't have a TV. (people think that's strange - it was my birthday yesterday, and my sister asked if I wanted a TV for a present, as she has every year for the last ten years - but I don't want one in the house, I'd just sit and watch it and get nothing done). >> I mean. it's not obvious that Plod should have pretty much >> unrestricted access to comms data logs anyway. > > There's two elements to this. One is whether the access is required at > all (and checking who a suspect has been in contact with is normally > regarded as a legitimate investigative technique), A legitimate investigative technique, most likely - but that does not mean we must make it possible, especially at any cost. -- Peter Fairbrother > the other is to what extent it's "pretty much unrstricted". > > I won't re-run the RIPA [vs DPA 29(3)] debate for the nth time. > >> Even then there is a big difference between telephone logs and >> internet logs, which are much more revealing. > > Which is why there's the tailpiece in RIPA s2(9) > From zenadsl6186 at zen.co.uk Wed May 22 23:12:44 2013 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Wed, 22 May 2013 23:12:44 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> Message-ID: <519D42DC.5080800@zen.co.uk> On 22/05/13 18:24, Ian Mason wrote: > > On May 22, 2013, at 9:26 AM, Roland Perry wrote: > >> In article <519BFD2D.5070102 at zen.co.uk>, Peter Fairbrother >> writes >> Did you watch 'Endeavour' (the 'Morse' prequel). I've not seen the >> whole series yet, but they've done reverse-DQ phone numbers in two of >> the plots so far. >> >>> I mean. it's not obvious that Plod should have pretty much >>> unrestricted access to comms data logs anyway. >> >> There's two elements to this. One is whether the access is required at >> all (and checking who a suspect has been in contact with is normally >> regarded as a legitimate investigative technique), the other is to >> what extent it's "pretty much unrstricted". > > I can state from personal direct knowledge that in the early 90's that > one non-metropolitan police force had unfettered online access access to > BT's reverse-DQ and unlisted number databases. In the instance I > directly observed no procedure or justification was required - just > physical access to the terminal connected to BT (which in this case was > situated in a suite of offices normally used as a major incident room > alongside a PNC terminal and one connected to a database of all > electoral rolls - both with similar lack of access controls or procedures). That's good and bad security - good because access would be broadly limited to policemen who could enter the room, bad because there would be no logging of who asked. For the "bad old days", it's not that bad. Limiting access to policemen, preferably at least sergeant level, and logging of who asked, and why (with occasional for-real checkups) is probably all that is needed for RDQs and electoral roll enquiries. They are not really very intrusive. It's when they get into more intrusive matters. like phone and internet logs, that more severe restrictions are warranted. The intrusion is different, and more severe - so why not more severe restrictions? Like a Court-issued warrant? That would cos for the Court time, but it would be balanced by not needing to go through a SPOC for most enquiries. Might even end up cheaper - suppose Plod get a warrant, costs ?800, and get a list of 50 people the suspect called. If a SPOC RDQ enquiry costs ?20, a non-SPOC RDQ enquiry costs ?2, and a SPOC log enquiry costs ?100, that's a saving of ?200 overall (I have no idea of the actual costs, but I hope the point is made). IMO, conflating RDQs and accesses to usage logs was one of the worst aspects of RIPA (after enforced key reveals). Or maybe it was done to hide an enormous number of access log requests. (Hmm - a while ago I called 999 about a fire, and the operator asked if I was calling from , which I had not told her - do they pay for that RDQ service? Is it different from investigative RDQs? I can't imagine there is a SPOC involved for a 999 call.) -- Peter Fairbrother From lists at internetpolicyagency.com Thu May 23 15:22:52 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Thu, 23 May 2013 15:22:52 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <519D3BB9.3060403@zen.co.uk> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <519D3BB9.3060403@zen.co.uk> Message-ID: In article <519D3BB9.3060403 at zen.co.uk>, Peter Fairbrother writes >>> Of course throwaway dongles, unsecured WIFI, free public wifi, TOR, >>> and so on need no mention here. But I wonder if Her Majesty knows >>> about them? >> >> Her government does. But it's never a good argument that you should give >> up picking the low-hanging fruit, just because there's some harder to >> reach fruit elsewhere. > >That's true enough, but if they use the end of catching the >harder-to-reach fruit in order to justify the means, but those means >will not let them reach that fruit ... Perhaps you are making the mistake of thinking that the worst crimes are committed by the cleverest people? April Jones and Tia Sharp might disagree (to quote only two recent examples). >> Did you watch 'Endeavour' (the 'Morse' prequel). I've not seen the whole >> series yet, but they've done reverse-DQ phone numbers in two of the >> plots so far. > >I don't have a TV. For Morse there are the books to read. Or use the "catch-up" services on the Interweb. >I don't want one in the house, I'd just sit and watch it and get >nothing done The more that things can be viewed later, the less I watch. Getting a VCR (in the early 80's) cut my viewing considerably. In the last month (and despite having the biggest and best TV ever) all I've managed to watch regularly are Endeavour and Dr Who. >>> I mean. it's not obvious that Plod should have pretty much >>> unrestricted access to comms data logs anyway. >> >> There's two elements to this. One is whether the access is required at >> all (and checking who a suspect has been in contact with is normally >> regarded as a legitimate investigative technique), > >A legitimate investigative technique, most likely - but that does not >mean we must make it possible, especially at any cost. I think we must make it possible when it's necessary. Cue RIPA debate, cont'd p94. -- Roland Perry From lists at internetpolicyagency.com Thu May 23 15:31:14 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Thu, 23 May 2013 15:31:14 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <519D42DC.5080800@zen.co.uk> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> <519D42DC.5080800@zen.co.uk> Message-ID: In article <519D42DC.5080800 at zen.co.uk>, Peter Fairbrother writes >It's when they get into more intrusive matters. like phone and internet >logs, that more severe restrictions are warranted. The intrusion is >different, and more severe - so why not more severe restrictions? Like >a Court-issued warrant? > >That would cos for the Court time, but it would be balanced by not >needing to go through a SPOC for most enquiries. > >Might even end up cheaper - suppose Plod get a warrant, costs ?800, and >get a list of 50 people the suspect called. If a SPOC RDQ enquiry costs >?20, a non-SPOC RDQ enquiry costs ?2, and a SPOC log enquiry costs >?100, that's a saving of ?200 overall (I have no idea of the actual >costs, but I hope the point is made). Briefly, the issue is that when it's really important (for example an estranged father rings his ex-wife to say he's committing suicide and taking the children with him, now) then court orders are too slow. And if every request required the police and the telco to physically attend court (which is likely to be some distance from the telco's HQ) and then be required to respond to a non-urgent request in a week rather than a month, then the costs would spiral out of control (for all parties involved). >(Hmm - a while ago I called 999 about a fire, and the operator asked if >I was calling from , which I had not told her - do they pay >for that RDQ service? Is it different from investigative RDQs? I can't >imagine there is a SPOC involved for a 999 call.) The emergency services are allowed to know where people are calling from (including mobiles, which is why so many these days have GPS because that's a USA requirement). Perhaps you'd rather wait for them to get a court order?? -- Roland Perry From ukcrypto at sourcetagged.ian.co.uk Thu May 23 18:50:34 2013 From: ukcrypto at sourcetagged.ian.co.uk (Ian Mason) Date: Thu, 23 May 2013 18:50:34 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <519D42DC.5080800@zen.co.uk> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> <519D42DC.5080800@zen.co.uk> Message-ID: <3547A7DF-53AF-444F-B042-C6C05385142E@sourcetagged.ian.co.uk> On May 22, 2013, at 11:12 PM, Peter Fairbrother wrote: > On 22/05/13 18:24, Ian Mason wrote: >> >> On May 22, 2013, at 9:26 AM, Roland Perry wrote: >> >>> In article <519BFD2D.5070102 at zen.co.uk>, Peter Fairbrother >>> writes > > [snip] > That's good and bad security - good because access would be broadly > limited to policemen who could enter the room, bad because there > would be no logging of who asked. For the "bad old days", it's not > that bad. I'm not convinced that the 'bad old days' have gone away. I find little difference in the actual attitudes of coppers that I talk to socially nowadays to the ones I used to share curry and beer with back then. > > Limiting access to policemen, preferably at least sergeant level, > and logging of who asked, and why (with occasional for-real > checkups) is probably all that is needed for RDQs and electoral roll > enquiries. They are not really very intrusive. The heaviest users of these will be enquiry officers - usually DCs and PCs. Bear in mind that nowadays there are many civilian staff inside police stations - largely invisible to the general public. These are not limited to obviously clerical roles (e.g. I've come across at least one civilian evidence/exhibits 'officer'). In the case in point I was present as a non-police civilian and had free access to the incident room in question for several weeks - often outside office hours when it was not in operational use. Interestingly, the actual cases I have heard of where staff were disciplined/prosecuted for improper use of police records have often, possibly even primarily, been civilian staff and have often been to exactly the kinds of records we're discussing. They may be less intrusive but they are the ones that often have the most value outside of legitimate police work - i.e. are most likely to be abused for non- policing reasons. > > It's when they get into more intrusive matters. like phone and > internet logs, that more severe restrictions are warranted. The > intrusion is different, and more severe - so why not more severe > restrictions? Like a Court-issued warrant? > > That would cos for the Court time, but it would be balanced by not > needing to go through a SPOC for most enquiries. > > Might even end up cheaper - suppose Plod get a warrant, costs ?800, > and get a list of 50 people the suspect called. If a SPOC RDQ > enquiry costs ?20, a non-SPOC RDQ enquiry costs ?2, and a SPOC log > enquiry costs ?100, that's a saving of ?200 overall (I have no idea > of the actual costs, but I hope the point is made). > > > IMO, conflating RDQs and accesses to usage logs was one of the worst > aspects of RIPA (after enforced key reveals). > > Or maybe it was done to hide an enormous number of access log > requests. > > > (Hmm - a while ago I called 999 about a fire, and the operator asked > if I was calling from , which I had not told her - do > they pay for that RDQ service? Is it different from investigative > RDQs? I can't imagine there is a SPOC involved for a 999 call.) > This has been SOP for quite a while now. There are no separate charges for this, they are bundled into the charges made to the emergency services for the basic provision of 999 services and charges made to telcos that don't run their own 999 operators. It's very different from investigative RDQs, the database of addresses is supplied to the 999 operators and is automatically linked to any incoming call. The address is automatically passed to the emergency services with the call hand-off. I've only been involved at the very periphery of this - providing addresses for a database that was being passed up the line - so I can't comment on the access control arrangements at the 999 operator end. Investigative RDQs are explicit enquiries (one off and bulk) and are supposed to meet a minimum level of necessity before being made. I can't remember the exact wording used for the level of necessity and am too lazy to go and look it up. I can say, from experience, that what ought to be assessed on necessity often turns into an assessment of expedience once in the hands of the police. In marginal cases the assessment won't be 'is this necessary' but 'can we get away with it'. This might seem a jaundiced view, but it's based on my personal observations of real police officers, on real operations that used exactly the kind of widespread surveillance and access to records that regularly concern us here. Make no mistake, the operations were necessary and legitimate but some of the individual things I saw happen weren't necessary or legitimate and some were even driven by idle curiosity - the latter meaning that I can tell you that the armoured car the prime minister is driven around in has the Ministry of Transport as its registered keeper. The fact that the prime minister's car's registration plate was within eyeball range of someone with access to a PNC terminal will suggest that I'm highly limited in telling you any specifics of the particular operation in question. > -- Peter Fairbrother From ben at liddicott.com Thu May 23 20:26:46 2013 From: ben at liddicott.com (Ben Liddicott) Date: Thu, 23 May 2013 20:26:46 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> <519D42DC.5080800@zen.co.uk> Message-ID: <519E6D76.8060203@liddicott.com> On 23/05/2013 15:31, Roland Perry wrote: > > Briefly, the issue is that when it's really important (for example an > estranged father rings his ex-wife to say he's committing suicide and > taking the children with him, now) then court orders are too slow. > > And if every request required the police and the telco to physically > attend court (which is likely to be some distance from the telco's HQ) > and then be required to respond to a non-urgent request in a week > rather than a month, then the costs would spiral out of control (for > all parties involved). > Well, that's a good summary of the argument, but not actually a good reason, and it's not actually what happens. It's not what happens because the vast majority of such requests are for things which could perfectly well have waited to the next working day and been dealt with in bulk. It's not a good reason firstly because there is no technical reason why a court order has to be slow. IANAL, but AFAIK a court order or warrant can be given by telephone, fax or email if need be - I don't believe there is any legal requirement for the judge to be in the same room as the petitioner - and if there is, why not just change that rule for emergencies? Even if it was the case that court orders are too slow, there is no reason not to have a post-request review requirement like the US Federal FISA courts. It is impossible to avoid the conclusion that the reason for removing review altogether (as opposed to having an emergency procedure plus a post-request review) is because the authorities intend to vastly expand the volume of such requests they make. >> (Hmm - a while ago I called 999 about a fire, and the operator asked >> if I was calling from , which I had not told her - do >> they pay for that RDQ service? Is it different from investigative >> RDQs? I can't imagine there is a SPOC involved for a 999 call.) > > The emergency services are allowed to know where people are calling > from (including mobiles, which is why so many these days have GPS > because that's a USA requirement). Perhaps you'd rather wait for them > to get a court order?? Well the EU have recently mandated that from (2014 I think or maybe 2016?) all new cars sold in the EU must have both GPS and mobile network connectivity so that in the event of an accident they can automatically summon the emergency services, just in case the occupants are unable to. Of course to make a difference all of the following would have to be true: a) the occupants are so badly injured that they are unable to summon help. b) they are in too remote an area to encounter passers-by who can summon help c) yet paradoxically they close enough to urban centres that the emergency services can arrive before they die of their injuries. It is obvious that while this could happen, it will occur a most few times in any given year in the entire EU, and shave a fraction of a percentage point off the road accident death rate. And for this benefit we are about to give the authorities the ability to access to a complete history of every journey we make, as soon as they decide that we need a firmware upgrade to, e.g. "better plan the transport system" or "implement a personal carbon ration", or whatever excuse they think they can slide past us. (c.f. access to NHS data sicut nunc). If it saves a single life it /isn't /worth it. If the police are able to persuade the telco that it is an emergency, then there is an exception in the DPA for that, and the telco will no doubt want to follow up as to the end result as part of their ISO27001 controls. If they cannot persuade the telco, then *Yes* they should get a court order. If it is so urgent, then it is urgent enough to wake up a judge. Cheers! Ben -------------- next part -------------- An HTML attachment was scrubbed... URL: From fjmd1a at gmail.com Thu May 23 20:32:52 2013 From: fjmd1a at gmail.com (Francis Davey) Date: Thu, 23 May 2013 20:32:52 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <519E6D76.8060203@liddicott.com> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> <519D42DC.5080800@zen.co.uk> <519E6D76.8060203@liddicott.com> Message-ID: 2013/5/23 Ben Liddicott > > Well, that's a good summary of the argument, but not actually a good > reason, and it's not actually what happens. > > It's not what happens because the vast majority of such requests are for > things which could perfectly well have waited to the next working day and > been dealt with in bulk. > > It's not a good reason firstly because there is no technical reason why a > court order has to be slow. IANAL, but AFAIK a court order or warrant can > be given by telephone, fax or email if need be - I don't believe there is > any legal requirement for the judge to be in the same room as the > petitioner - and if there is, why not just change that rule for emergencies? > You can get an order over the telephone. There's a 24/7 "duty judge" system that means you can always get a judge (possibly out of bed) for an urgent order. Clearly you have to have a pretty good reason to do that but the system is there. If this was going to happen a lot then I am sure the court service could (if it was told to) set up a system that made this work. -- Francis Davey -------------- next part -------------- An HTML attachment was scrubbed... URL: From ben at liddicott.com Thu May 23 22:32:32 2013 From: ben at liddicott.com (Ben Liddicott) Date: Thu, 23 May 2013 22:32:32 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> <519D42DC.5080800@zen.co.uk> <519E6D76.8060203@liddicott.com> Message-ID: <519E8AF0.7060605@liddicott.com> On 23/05/2013 20:32, Francis Davey wrote: > 2013/5/23 Ben Liddicott > > > > Well, that's a good summary of the argument, but not actually a > good reason, and it's not actually what happens. > > It's not what happens because the vast majority of such requests > are for things which could perfectly well have waited to the next > working day and been dealt with in bulk. > > It's not a good reason firstly because there is no technical > reason why a court order has to be slow. IANAL, but AFAIK a court > order or warrant can be given by telephone, fax or email if need > be - I don't believe there is any legal requirement for the judge > to be in the same room as the petitioner - and if there is, why > not just change that rule for emergencies? > > > You can get an order over the telephone. There's a 24/7 "duty judge" > system that means you can always get a judge (possibly out of bed) for > an urgent order. Clearly you have to have a pretty good reason to do > that but the system is there. > > If this was going to happen a lot then I am sure the court service > could (if it was told to) set up a system that made this work. > So the reality is if you have an emergency, you have two officers on the phone: Officer 1 gets on to the ISP and says "I need some info urgently, court order is on it's way. Can you look it up and have it ready to give as soon as the order comes through?" The chap at the ISP does so, looks up the info and has it ready. Officer 2 gets on to the Judge and says " I need a court order for this...". As soon as the order is given, the word is passed to officer 1 along with (presumably) some reference number. ISP chap hands over info. This happens in parallel, and in reality the court order plus request takes barely longer than the request alone. If that's the case, what is the real reason these new abilities are being asked for? Are the people who insist they are necessary lying or merely ignorant? Why aren't they being called on it? Hmm... Cheers, anyway. Ben -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at internetpolicyagency.com Thu May 23 22:43:59 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Thu, 23 May 2013 22:43:59 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <519E6D76.8060203@liddicott.com> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> <519D42DC.5080800@zen.co.uk> <519E6D76.8060203@liddicott.com> Message-ID: In article <519E6D76.8060203 at liddicott.com>, Ben Liddicott writes >>And if every request required the police and the telco to physically >>attend court (which is likely to be some distance from the telco's HQ) >>and then be required to respond to a non-urgent request in a week >>rather than a month, then the costs would spiral out of control (for >>all parties involved). > >Well, that's a good summary of the argument, but not actually a good >reason, and it's not actually what happens. > >It's not what happens because the vast majority of such requests are >for things which could perfectly well have waited to the next working >day and been dealt with in bulk. Of course the vast majority can wait until the next day (or even the next week), but the other aspects remain. Unless you think it's a good idea for these court orders to be issued without any comment from the telcos about the practicality, and any more than a rubber stamp from the judge regarding the necessity. >It's not a good reason firstly because there is no technical reason why >a court order has to be slow. IANAL, but AFAIK a court order or warrant >can be given by telephone, fax or email if need be - I don't believe >there is any legal requirement for the judge to be in the same room as >the petitioner - and if there is, why not just change that rule for >emergencies? You seem to be wanting a special "telecoms court" to deal with these things both quickly and by remote participation. The volume of enquiries (which are overwhelmingly reverse-DQ) would be challenging to accommodate. >If the police are able to persuade the telco that it is an emergency, >then there is an exception in the DPA for that There's no DPA 1998 exemption for "life at risk/preventing injury", whereas DPA 1984 had 34(8). It was also initially overlooked in RIPA (I think it was amended fairly recently), because the police were only able to get information if investigating a crime, and being in danger isn't a crime. -- Roland Perry From lists at internetpolicyagency.com Thu May 23 23:02:01 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Thu, 23 May 2013 23:02:01 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <519E8AF0.7060605@liddicott.com> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> <519D42DC.5080800@zen.co.uk> <519E6D76.8060203@liddicott.com> <519E8AF0.7060605@liddicott.com> Message-ID: In article <519E8AF0.7060605 at liddicott.com>, Ben Liddicott writes >So the reality is if you have an emergency, you have two officers on >the phone: > >Officer 1 gets on to the ISP and says "I need some info urgently, court >order is on it's way. Can you look it up and have it ready to give as >soon as the order comes through?" The chap at the ISP does so, looks up >the info and has it ready. >Officer 2 gets on to the Judge and says " I need a court order for >this...".? As soon as the order is given, the word is passed to officer >1 along with (presumably) some reference number. ISP chap hands over >info. > >This happens in parallel, and in reality the court order plus request >takes barely longer than the request alone. > >If that's the case, what is the real reason these new abilities are >being asked for? What "new abilities" are these? [1] The system which was decided upon (and known as RIPA) isn't that much different from the above, and involves verbal authorisations, followed by paperwork as soon as you get a Superintendent out of bed. A question for the lawyers here: In practice, can someone in the force control room really ring up a judge themselves (no other intermediaries) in the middle of the night? What sort of standard of proof would the judge want that the request was genuine and necessary? [1] The BBC is talking about new forms of data being logged (specifically de-anonymising carrier grade NAT), not new routes to obtain disclosure. It seems to me unrealistic to expect BT's broadband customers, who are about to be stuck behind CGNAT, to become untraceable overnight; and while BT could log the mappings on their own accord I suspect they want a change in the law (or at least some kind of official 'notice') to give regulatory certainty and to keep their shareholders happy that they aren't spending money unnecessarily. -- Roland Perry From ben at liddicott.com Thu May 23 23:52:38 2013 From: ben at liddicott.com (Ben Liddicott) Date: Thu, 23 May 2013 23:52:38 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> <519D42DC.5080800@zen.co.uk> <519E6D76.8060203@liddicott.com> Message-ID: <519E9DB6.2080907@liddicott.com> On 23/05/2013 22:43, Roland Perry wrote: > In article <519E6D76.8060203 at liddicott.com>, Ben Liddicott > writes > >>And if every request required the police and the telco to physically > >>attend court (which is likely to be some distance from the telco's > HQ) >>and then be required to respond to a non-urgent request in a > week >>rather than a month, then the costs would spiral out of control > (for >>all parties involved). >> >> Well, that's a good summary of the argument, but not actually a good >> reason, and it's not actually what happens. >> >> It's not what happens because the vast majority of such requests are >> for things which could perfectly well have waited to the next working >> day and been dealt with in bulk. > > Of course the vast majority can wait until the next day (or even the > next week), but the other aspects remain. Unless you think it's a good > idea for these court orders to be issued without any comment from the > telcos about the practicality, and any more than a rubber stamp from > the judge regarding the necessity. I am really not sure what your point about "practicality" is here. I am sure a court order can be given in terms such as "as far as reasonably practicable". In any case the judges who give the orders, and the people who ask for them, will be well versed in what is practical. This is a nothing-nothing objection. As to the rubber stamp objection: The fact that the request is seen by a person means that person can make enquiries either before or after granting the request - which makes all the difference. Who knows when a judge or Magistrate will suddenly decide to ask a lot of questions? They sometimes do, presumably just as a spot-check. Judicial review will find few abusive requests because abusive requests which might be made, will simply not be made. Even post-hoc reviews like the FISA courts will have that effect. But if the request will be fulfilled automatically and reviewed by no-one at all, ever, why not put in unnecessary, marginally necessary, fishing-trip, or purely abusive requests? Why not look up your ex-girlfriend's new boyfriend's internet habits? Again, if it is so damn important, then it is worthwhile spending a twenty minutes justifying it: If there isn't time before, justify it afterwards. But if the request doesn't justify twenty minutes of a coppers' wages, why does it justify abolishing the privacy of the entire nation? >> It's not a good reason firstly because there is no technical reason >> why a court order has to be slow. IANAL, but AFAIK a court order or >> warrant can be given by telephone, fax or email if need be - I don't >> believe there is any legal requirement for the judge to be in the >> same room as the petitioner - and if there is, why not just change >> that rule for emergencies? > > You seem to be wanting a special "telecoms court" to deal with these > things both quickly and by remote participation. The volume of > enquiries (which are overwhelmingly reverse-DQ) would be challenging > to accommodate. It would be valuable to have an independent party see the requests - either before, or afterwards - and determine how many of them were actually justified. I suspect rather less than all of them. > There's no DPA 1998 exemption for "life at risk/preventing injury", > whereas DPA 1984 had 34(8). It was also initially overlooked in RIPA > (I think it was amended fairly recently), because the police were only > able to get information if investigating a crime, and being in danger > isn't a crime. Killing one's children is a crime, and that was your example. Outside your example, suicide is no longer a crime, but I have no doubt whatsoever that the common-law defence of necessity would apply. I am not a lawyer so if you are and disagree professionally with that assessment please say so. From Andrew.Cormack at ja.net Fri May 24 11:27:37 2013 From: Andrew.Cormack at ja.net (Andrew Cormack) Date: Fri, 24 May 2013 10:27:37 +0000 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> <519D42DC.5080800@zen.co.uk> <519E6D76.8060203@liddicott.com> Message-ID: <61E52F3A5532BE43B0211254F13883AE97FD32E3@EXC001> > -----Original Message----- > From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto- > bounces at chiark.greenend.org.uk] On Behalf Of Roland Perry > Sent: 23 May 2013 22:44 > To: ukcrypto at chiark.greenend.org.uk > Subject: Re: BBC News - 'Fresh proposals' planned over cyber-monitoring > > >If the police are able to persuade the telco that it is an emergency, > >then there is an exception in the DPA for that > > There's no DPA 1998 exemption for "life at risk/preventing injury", > whereas DPA 1984 had 34(8). It was also initially overlooked in RIPA (I > think it was amended fairly recently), because the police were only > able > to get information if investigating a crime, and being in danger isn't > a > crime. > -- > Roland Perry I think the amendment is The Regulation of Investigatory Powers (Communications Data) (Additional Functions and Amendment) Order 2006 (SI 2006/1878) or The Regulation of Investigatory Powers (Communications Data) Order 2010 (SI 2010/480). The latter says: 2. The following additional purposes are specified for the purposes of section 22(2) of the Act (to the extent that they do not fall within paragraphs (a) to (g) of that provision)- (a)to assist investigations into alleged miscarriages of justice; (b)where a person ("P") has died or is unable to identify themselves because of a physical or mental condition- (i)to assist in identifying P, or (ii)to obtain information about P's next of kin or other persons connected with P or about the reason for P's death or condition. [http://www.legislation.gov.uk/uksi/2010/480/article/2/made] Andrew -- Andrew Cormack Chief Regulatory Adviser, Janet t: +44 1235 822302 b: https://community.ja.net/blogs/regulatory-developments Janet(UK) is a trading name of Jisc Collections and Janet Limited, a not-for-profit company which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire, OX11 0SG. VAT No. 614944238 From lists at internetpolicyagency.com Fri May 24 13:48:47 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Fri, 24 May 2013 13:48:47 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <61E52F3A5532BE43B0211254F13883AE97FD32E3@EXC001> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> <519D42DC.5080800@zen.co.uk> <519E6D76.8060203@liddicott.com> <61E52F3A5532BE43B0211254F13883AE97FD32E3@EXC001> Message-ID: In article <61E52F3A5532BE43B0211254F13883AE97FD32E3 at EXC001>, Andrew Cormack writes >> There's no DPA 1998 exemption for "life at risk/preventing injury", >>whereas DPA 1984 had 34(8). It was also initially overlooked in RIPA >>(I think it was amended fairly recently), because the police were >>only able to get information if investigating a crime, and being in >>danger isn't a crime. > >I think the amendment is The Regulation of Investigatory Powers (Communications Data) (Additional Functions and Amendment) Order 2006 (SI >2006/1878) or The Regulation of Investigatory Powers (Communications Data) Order 2010 (SI 2010/480). The latter says: > >2. The following additional purposes are specified for the purposes of section 22(2) of the Act (to the extent that they do not fall within >paragraphs (a) to (g) of that provision)- >(a)to assist investigations into alleged miscarriages of justice; >(b)where a person ("P") has died or is unable to identify themselves because of a physical or mental condition- >(i)to assist in identifying P, or >(ii)to obtain information about P's next of kin or other persons connected with P or about the reason for P's death or condition. > >[http://www.legislation.gov.uk/uksi/2010/480/article/2/made] As long ago as 2002 the police were complaining that they couldn't identify bodies by doing reverse-DQ on the mobile found on the body, because "being dead wasn't a crime". I don't see them making much progress on the "life at risk" element. -- Roland Perry From lists at internetpolicyagency.com Sat May 25 16:28:28 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Sat, 25 May 2013 16:28:28 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <519E6D76.8060203@liddicott.com> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> <519D42DC.5080800@zen.co.uk> <519E6D76.8060203@liddicott.com> Message-ID: In article <519E6D76.8060203 at liddicott.com>, Ben Liddicott writes >Well the EU have recently mandated that from (2014 I think or maybe >2016?) all new cars sold in the EU must have both GPS and mobile >network connectivity so that in the event of an accident they can >automatically summon the emergency services, just in case the occupants >are unable to. > >Of course to make a difference all of the following would have to be >true: >a) the occupants are so badly injured that they are unable to summon >help. Or they don't have a working phone within reach. >b) they are in too remote an area to encounter Or the incident could have happened in an urban area at 3am with no-one else about... >passers-by who can summon help (...Not all passers-by have phones, can see into that ditch after dark, or even want to get involved, sadly.) >c) yet paradoxically they close enough to urban centres that the >emergency services can arrive before they die of their injuries. ... or on a rural road that was still close enough to emergency services (I believe the Ambulance target of 19 minutes for life-threatening calls is "irrespective of location"). There are reasons why this may not be the best of proposals (can you say which draft Directive it's in, and who is lobbying against it from civil society?) but your list above is far too easily dismissed. -- Roland Perry From lists at internetpolicyagency.com Sat May 25 16:42:36 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Sat, 25 May 2013 16:42:36 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <519E9DB6.2080907@liddicott.com> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> <519D42DC.5080800@zen.co.uk> <519E6D76.8060203@liddicott.com> <519E9DB6.2080907@liddicott.com> Message-ID: In article <519E9DB6.2080907 at liddicott.com>, Ben Liddicott writes >> Of course the vast majority can wait until the next day (or even the >>next week), but the other aspects remain. Unless you think it's a good >>idea for these court orders to be issued without any comment from the >>telcos about the practicality, and any more than a rubber stamp from >>the judge regarding the necessity. > >I am really not sure what your point about "practicality" is here. I am >sure a court order can be given in terms such as "as far as reasonably >practicable". That's leaving too much to the discretion of the telco. They well decide it's not practicable to pay for a taxi and some overtime on a bank holiday weekend, for example. >In any case the judges who give the orders, and the people who ask for >them, will be well versed in what is practical. I doubt that. The current system of SPoCs works reasonably well, but they've been specially trained in this one aspect of police work, and do it all the time. Are we going to put judges on the same course? >As to the rubber stamp objection: The fact that the request is seen by >a person means that person can make enquiries either before or after >granting the request - which makes all the difference. I'm sure it does, but only after you've got the people who might answer the questions into the loop. >Who knows when a judge or Magistrate will suddenly decide to ask a lot >of questions? The police are quite capable of framing requests in such as way that they are very hard to turn down, unless there's some input from another party (eg the telco). They are also well known for asking for impossible things, which is why the SPoC scheme exists. I don't blame the police for that, life and telecoms is complicated these days and you can't expect them to be up to speed, especially when there's no technology basic training at all. >They sometimes do, presumably just as a spot-check. Judicial review >will find few abusive requests because abusive requests which might be >made, will simply not be made. Even post-hoc reviews like the FISA >courts will have that effect. But if the request will be fulfilled >automatically and reviewed by no-one at all, ever, why not put in >unnecessary, marginally necessary, fishing-trip, or purely abusive >requests? Why not look up your ex-girlfriend's new boyfriend's internet >habits? Those checks exist in the current system. >> There's no DPA 1998 exemption for "life at risk/preventing injury", >>whereas DPA 1984 had 34(8). It was also initially overlooked in RIPA >>(I think it was amended fairly recently), because the police were only >>able to get information if investigating a crime, and being in danger >>isn't a crime. > >Killing one's children is a crime, and that was your example. Is threatening to kill your children a crime? If you do it twice it's probably harassment, and I'm not aware that men who threaten to kill their wives in a domestic violence situation are prosecuted for "conspiracy to murder", or whatever it would be. >Outside your example, suicide is no longer a crime, but I have no doubt >whatsoever that the common-law defence of necessity would apply. I am >not a lawyer so if you are and disagree professionally with that >assessment please say so. That's not a DPA defence I've ever heard anyone trying to use. If it was that easy a loophole I'm sure it would have cropped up in the lengthy discussions on the subject of [comms data] disclosure. -- Roland Perry From k.brown at bbk.ac.uk Tue May 28 13:53:55 2013 From: k.brown at bbk.ac.uk (k.brown at bbk.ac.uk) Date: Tue, 28 May 2013 13:53:55 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> <519D42DC.5080800@zen.co.uk> <519E6D76.8060203@liddicott.com> <519E9DB6.2080907@liddicott.com> Message-ID: On 25 May 2013 16:42, Roland Perry wrote: > In article <519E9DB6.2080907 at liddicott.com>, Ben Liddicott > writes >> Who knows when a judge or Magistrate will suddenly decide to ask a lot of >> questions? > Is threatening to kill your children a crime? If you do it twice it's > probably harassment, and I'm not aware that men who threaten to kill their > wives in a domestic violence situation are prosecuted for "conspiracy to > murder", or whatever it would be. Threatening to kill anybody is a crime, though I imagine it would have to be a credible threat before a court woudl take notice, and not just "I wish you were dead" mutterings. It woudl be moew than just harrassment. Putting someone in fear for their life would have been an assault under the old common law I think even if you didn't physically attack them at all. I'm sure there are plenty of fancy new statutes to cover the same ground. (Not conspiracy though. Conspiracy needs more than one person). -- Ken Brown From fjmd1a at gmail.com Tue May 28 14:02:08 2013 From: fjmd1a at gmail.com (Francis Davey) Date: Tue, 28 May 2013 14:02:08 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> <519D42DC.5080800@zen.co.uk> <519E6D76.8060203@liddicott.com> <519E9DB6.2080907@liddicott.com> Message-ID: 2013/5/28 k.brown at bbk.ac.uk Threatening to kill anybody is a crime, though I imagine it would have > Contrary to section 16 of the Offences Against the Person Act 1861 http://www.legislation.gov.uk/ukpga/Vict/24-25/100/section/16 > to be a credible threat before a court woudl take notice, and not just > "I wish you were dead" mutterings. It woudl be moew than just > Yes. You have to intend that the victim fears the threat will be carried out. > harrassment. Putting someone in fear for their life would have been an > assault under the old common law I think even if you didn't physically > What my old lecturer called a "psychic assault" (which always made me think of D&D 1st ed psionic combat). Assault at common law still exists as an offence. > attack them at all. I'm sure there are plenty of fancy new statutes to > cover the same ground. (Not conspiracy though. Conspiracy needs more > than one person). Indeed, see section 1 of the Criminal Law Act 1977: http://www.legislation.gov.uk/ukpga/1977/45/section/1 You can't even attempt to conspire: http://www.legislation.gov.uk/ukpga/1981/47/section/1 -- Francis Davey -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at internetpolicyagency.com Tue May 28 14:37:01 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Tue, 28 May 2013 14:37:01 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> <519D42DC.5080800@zen.co.uk> <519E6D76.8060203@liddicott.com> <519E9DB6.2080907@liddicott.com> Message-ID: In article , Francis Davey writes >Threatening to kill anybody is a crime, though I imagine it would have > >Contrary to section 16 of the Offences Against the Person Act 1861 > >http://www.legislation.gov.uk/ukpga/Vict/24-25/100/section/16 >? >to be a credible threat before a court woudl take notice, and not just >?"I wish you were dead" mutterings. It woudl be moew than just > >Yes. You have to intend that the victim fears the threat will be >carried out. How does that work when the victim is your child that you haven't told you wish to kill (the only person who knows being the estranged wife). -- Roland Perry From fjmd1a at gmail.com Tue May 28 14:42:43 2013 From: fjmd1a at gmail.com (Francis Davey) Date: Tue, 28 May 2013 14:42:43 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> <519D42DC.5080800@zen.co.uk> <519E6D76.8060203@liddicott.com> <519E9DB6.2080907@liddicott.com> Message-ID: 2013/5/28 Roland Perry > >> > How does that work when the victim is your child that you haven't told you > wish to kill (the only person who knows being the estranged wife). Section 16 is *three* lines long and I linked to it. Why is it so hard for people just to read the statutory material? "*Threats to kill.* A person who without lawful excuse makes to another a threat, intending that that other would fear it would be carried out, to kill that other or a third person shall be guilty of an offence and liable on conviction on indictment to imprisonment for a term not exceeding ten years" The "victim" is the person to whom you make the threat. The threat is that you will kill someone (either the victim or someone else). So if X says to Y "I am going to kill Z" intending that Y will fear that X will indeed kill Z then the offence is made out. -- Francis Davey -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at internetpolicyagency.com Tue May 28 16:36:21 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Tue, 28 May 2013 16:36:21 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> <519D42DC.5080800@zen.co.uk> <519E6D76.8060203@liddicott.com> <519E9DB6.2080907@liddicott.com> Message-ID: In article , Francis Davey writes > >How does that work when the victim is your child that you haven't told >you wish to kill (the only person who knows being the estranged wife). > >Section 16 is *three* lines long and I linked to it. Why is it so hard >for people just to read the statutory material? Because we are corresponding by email, not the web. >"Threats to kill. > >A person who without lawful excuse makes to another a threat, intending >that that other would fear it would be carried out, to kill that other >or a third person shall be guilty of an offence and liable on >conviction on indictment to imprisonment for a term not exceeding ten >years"? > >The "victim" is the person to whom you make the threat. The threat is >that you will kill someone (either the victim or someone else). >So if X says to Y "I am going to kill Z" intending that Y will fear >that X will indeed kill Z then the offence is made out. Fair enough, but that wasn't clear from the earlier posting. ps Why is this statute rarely used when husbands threaten to kill their ex-partners, with the police relying instead upon harassment law. -- Roland Perry From fjmd1a at gmail.com Tue May 28 16:59:23 2013 From: fjmd1a at gmail.com (Francis Davey) Date: Tue, 28 May 2013 16:59:23 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> <519D42DC.5080800@zen.co.uk> <519E6D76.8060203@liddicott.com> <519E9DB6.2080907@liddicott.com> Message-ID: 2013/5/28 Roland Perry > > > Because we are corresponding by email, not the web. Bah. I think in 2013 I can expect the notorious Roland Perry to be able to look something up on the web. It is not as if the world wide web is rather new to you. I see that on ukcrypto I will have to quote the relevant statute rather than merely citing it. Fair enough, but that wasn't clear from the earlier posting. > That's why I make a practice of citing sources, so that people who want to know more can read more. > > ps Why is this statute rarely used when husbands threaten to kill their > ex-partners, with the police relying instead upon harassment law. I don't know. Ask the CPS. I suspect because it is much harder to prove. The prosecution will have to prove a specific intent that the victim fear that the threat will be carried out (i.e. that someone will be killed). A defendant might argue that he only meant the victim to fear they would be beaten to a pulp. Specific intent is also hard because if someone is *drunk* they may not be able to form a specific intent. -- Francis Davey -------------- next part -------------- An HTML attachment was scrubbed... URL: From ukcrypto at sourcetagged.ian.co.uk Tue May 28 17:21:41 2013 From: ukcrypto at sourcetagged.ian.co.uk (Ian Mason) Date: Tue, 28 May 2013 17:21:41 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> <519D42DC.5080800@zen.co.uk> <519E6D76.8060203@liddicott.com> <519E9DB6.2080907@liddicott.com> Message-ID: <22D7768C-504E-40E0-B30D-7E04893CC43C@sourcetagged.ian.co.uk> On May 28, 2013, at 4:59 PM, Francis Davey wrote: > > 2013/5/28 Roland Perry > > Because we are corresponding by email, not the web. > > Bah. I think in 2013 I can expect the notorious Roland Perry to be > able to look something up on the web. It is not as if the world wide > web is rather new to you. I see that on ukcrypto I will have to > quote the relevant statute rather than merely citing it. > > Fair enough, but that wasn't clear from the earlier posting. > > That's why I make a practice of citing sources, so that people who > want to know more can read more. > > > ps Why is this statute rarely used when husbands threaten to kill > their ex-partners, with the police relying instead upon harassment > law. > > I don't know. Ask the CPS. > > I suspect because it is much harder to prove. The prosecution will > have to prove a specific intent that the victim fear that the threat > will be carried out (i.e. that someone will be killed). A defendant > might argue that he only meant the victim to fear they would be > beaten to a pulp. > Yup, the case in point requires proof of intent whereas harassment is a matter of fact (i.e. a strict liability offence), towhit: http://www.legislation.gov.uk/ukpga/1997/40/section/1 > Prohibition of harassment. > (1)A person must not pursue a course of conduct? > (a)which amounts to harassment of another, and > (b)which he knows or ought to know amounts to harassment of the other. > (2)For the purposes of this section, the person whose course of > conduct is in question ought to know that it amounts to harassment > of another if a reasonable person in possession of the same > information would think the course of conduct amounted to harassment > of the other. > 2Offence of harassment. (1)A person who pursues a course of conduct in breach of section 1 is guilty of an offence. No mention of intent. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bdm at fenrir.org.uk Tue May 28 17:48:18 2013 From: bdm at fenrir.org.uk (Brian Morrison) Date: Tue, 28 May 2013 17:48:18 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> <519D42DC.5080800@zen.co.uk> <519E6D76.8060203@liddicott.com> <519E9DB6.2080907@liddicott.com> Message-ID: <20130528174818.00006dad@surtees.fenrir.org.uk> On Tue, 28 May 2013 16:59:23 +0100 Francis Davey wrote: > I think in 2013 I can expect the notorious Roland Perry to be able to > look something up on the web. Only where it advances his argument ;-) -- Brian Morrison From lists at internetpolicyagency.com Wed May 29 10:43:29 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Wed, 29 May 2013 10:43:29 +0100 Subject: BBC News - 'Fresh proposals' planned over cyber-monitoring In-Reply-To: <20130528174818.00006dad@surtees.fenrir.org.uk> References: <0FE7B584-58D3-401B-8BD6-E2D3AC61959A@batten.eu.org> <518A56DD.2050703@casparbowden.net> <6F128E16-D022-45C1-B25D-919FA9281FBF@batten.eu.org> <518CB006.8000604@iosis.co.uk> <7pSno5H97xmRFALz@perry.co.uk> <519BFD2D.5070102@zen.co.uk> <7B505DAF-FF7B-4204-92FA-14B983861E56@sourcetagged.ian.co.uk> <519D42DC.5080800@zen.co.uk> <519E6D76.8060203@liddicott.com> <519E9DB6.2080907@liddicott.com> <20130528174818.00006dad@surtees.fenrir.org.uk> Message-ID: In article <20130528174818.00006dad at surtees.fenrir.org.uk>, Brian Morrison writes >> I think in 2013 I can expect the notorious Roland Perry to be able to >> look something up on the web. > >Only where it advances his argument ;-) It certainly does no harm to quote extracts of a document one is referencing, if the extract supports one's case. It also helps guard against link-rot and paywalls, let alone (going back to my reply to Francis) avoiding making the assumption that everyone has always-on connectivity. Like this, for example: In the thread "Buckinghamshire CC ANPR cameras" someone asks: >I'd like to see some evidence that the registration plates on cars >driving past my house are personal data. Whose? And why? http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2007/wp136_en.pdf "a person may be identified directly by name or indirectly by a telephone number, a car registration number, a social security number, a passport number or by a combination of significant criteria which allows him to be recognized by narrowing down the group to which he belongs (age, occupation, place of residence, etc.)". -- Roland Perry