BBC News - 'Fresh proposals' planned over cyber-monitoring

Wed May 22 23:12:44 BST 2013

On 22/05/13 18:24, Ian Mason wrote:
>
> On May 22, 2013, at 9:26 AM, Roland Perry wrote:
>
>> In article <519BFD2D.5070102 at zen.co.uk>, Peter Fairbrother
>> <zenadsl6186 at zen.co.uk> writes

>> Did you watch 'Endeavour' (the 'Morse' prequel). I've not seen the
>> whole series yet, but they've done reverse-DQ phone numbers in two of
>> the plots so far.
>>
>>> I mean. it's not obvious that Plod should have pretty much
>>> unrestricted access to comms data logs anyway.
>>
>> There's two elements to this. One is whether the access is required at
>> all (and checking who a suspect has been in contact with is normally
>> regarded as a legitimate investigative technique), the other is to
>> what extent it's "pretty much unrstricted".
>
> I can state from personal direct knowledge that in the early 90's that
> one non-metropolitan police force had unfettered online access access to
> BT's reverse-DQ and unlisted number databases. In the instance I
> directly observed no procedure or justification was required - just
> physical access to the terminal connected to BT (which in this case was
> situated in a suite of offices normally used as a major incident room
> alongside a PNC terminal and one connected to a database of all
> electoral rolls - both with similar lack of access controls or procedures).

That's good and bad security - good because access would be broadly 
limited to policemen who could enter the room, bad because there would 
be no logging of who asked. For the "bad old days", it's not that bad.

Limiting access to policemen, preferably at least sergeant level, and 
logging of who asked, and why (with occasional for-real checkups) is 
probably all that is needed for RDQs and electoral roll enquiries. They 
are not really very intrusive.

It's when they get into more intrusive matters. like phone and internet 
logs, that more severe restrictions are warranted. The intrusion is 
different, and more severe - so why not more severe restrictions? Like a 
Court-issued warrant?

That would cos for the Court time, but it would be balanced by not 
needing to go through a SPOC for most enquiries.

Might even end up cheaper - suppose Plod get a warrant, costs £800,  and 
get a list of 50 people the suspect called. If a SPOC RDQ enquiry costs 
£20, a non-SPOC RDQ enquiry costs £2, and a SPOC log enquiry costs £100, 
that's a saving of £200 overall (I have no idea of the actual costs, but 
I hope the point is made).

IMO, conflating RDQs and accesses to usage logs was one of the worst 
aspects of RIPA (after enforced key reveals).

Or maybe it was done to hide an enormous number of access log requests.

(Hmm - a while ago I called 999 about a fire, and the operator asked if 
I was calling from <my address>, which I had not told her - do they pay 
for that RDQ service? Is it different from investigative RDQs? I can't 
imagine there is a SPOC involved for a 999 call.)

-- Peter Fairbrother