BBC News - 'Fresh proposals' planned over cyber-monitoring
Ben Liddicott
ben at liddicott.com
Thu May 23 20:26:46 BST 2013
On 23/05/2013 15:31, Roland Perry wrote:
>
> Briefly, the issue is that when it's really important (for example an
> estranged father rings his ex-wife to say he's committing suicide and
> taking the children with him, now) then court orders are too slow.
>
> And if every request required the police and the telco to physically
> attend court (which is likely to be some distance from the telco's HQ)
> and then be required to respond to a non-urgent request in a week
> rather than a month, then the costs would spiral out of control (for
> all parties involved).
>
Well, that's a good summary of the argument, but not actually a good
reason, and it's not actually what happens.
It's not what happens because the vast majority of such requests are for
things which could perfectly well have waited to the next working day
and been dealt with in bulk.
It's not a good reason firstly because there is no technical reason why
a court order has to be slow. IANAL, but AFAIK a court order or warrant
can be given by telephone, fax or email if need be - I don't believe
there is any legal requirement for the judge to be in the same room as
the petitioner - and if there is, why not just change that rule for
emergencies?
Even if it was the case that court orders are too slow, there is no
reason not to have a post-request review requirement like the US Federal
FISA courts.
It is impossible to avoid the conclusion that the reason for removing
review altogether (as opposed to having an emergency procedure plus a
post-request review) is because the authorities intend to vastly expand
the volume of such requests they make.
>> (Hmm - a while ago I called 999 about a fire, and the operator asked
>> if I was calling from <my address>, which I had not told her - do
>> they pay for that RDQ service? Is it different from investigative
>> RDQs? I can't imagine there is a SPOC involved for a 999 call.)
>
> The emergency services are allowed to know where people are calling
> from (including mobiles, which is why so many these days have GPS
> because that's a USA requirement). Perhaps you'd rather wait for them
> to get a court order??
Well the EU have recently mandated that from (2014 I think or maybe
2016?) all new cars sold in the EU must have both GPS and mobile network
connectivity so that in the event of an accident they can automatically
summon the emergency services, just in case the occupants are unable to.
Of course to make a difference all of the following would have to be true:
a) the occupants are so badly injured that they are unable to summon help.
b) they are in too remote an area to encounter passers-by who can summon
help
c) yet paradoxically they close enough to urban centres that the
emergency services can arrive before they die of their injuries.
It is obvious that while this could happen, it will occur a most few
times in any given year in the entire EU, and shave a fraction of a
percentage point off the road accident death rate. And for this benefit
we are about to give the authorities the ability to access to a complete
history of every journey we make, as soon as they decide that we need a
firmware upgrade to, e.g. "better plan the transport system" or
"implement a personal carbon ration", or whatever excuse they think they
can slide past us. (c.f. access to NHS data sicut nunc).
If it saves a single life it /isn't /worth it.
If the police are able to persuade the telco that it is an emergency,
then there is an exception in the DPA for that, and the telco will no
doubt want to follow up as to the end result as part of their ISO27001
controls. If they cannot persuade the telco, then *Yes* they should get
a court order. If it is so urgent, then it is urgent enough to wake up a
judge.
Cheers!
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20130523/f132da65/attachment.html>
More information about the ukcrypto
mailing list